diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index d5c003f8b3223..6505a6ce16d7a 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -13,7 +13,7 @@ on: env: # Golang version to use across CI steps - GOLANG_VERSION: '1.19' + GOLANG_VERSION: '1.20' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -46,7 +46,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -70,13 +70,13 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1 + uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: version: v1.51.0 args: --timeout 10m --exclude SA5011 --verbose @@ -93,7 +93,7 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang @@ -149,7 +149,7 @@ jobs: path: test-results/ test-go-race: - name: Run unit tests with -race, for Go packages + name: Run unit tests with -race for Go packages runs-on: ubuntu-22.04 needs: - build-go @@ -160,7 +160,7 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang @@ -215,7 +215,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -263,11 +263,11 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup NodeJS uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: - node-version: '18.15.0' + node-version: '20.3.1' - name: Restore node dependency cache id: cache-dependencies uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 @@ -300,7 +300,7 @@ jobs: sonar_secret: ${{ secrets.SONAR_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Restore node dependency cache @@ -325,7 +325,7 @@ jobs: name: test-results path: test-results - name: Upload code coverage information to codecov.io - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: file: coverage.out - name: Perform static code analysis using SonarCloud @@ -361,7 +361,7 @@ jobs: runs-on: ubuntu-22.04 strategy: matrix: - k3s-version: [v1.26.0, v1.25.4, v1.24.3, v1.23.3] + k3s-version: [v1.27.2, v1.26.0, v1.25.4, v1.24.3] needs: - build-go env: @@ -379,7 +379,7 @@ jobs: GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -397,6 +397,7 @@ jobs: sudo mkdir -p $HOME/.kube && sudo chown -R runner $HOME/.kube sudo k3s kubectl config view --raw > $HOME/.kube/config sudo chown runner $HOME/.kube/config + sudo chmod go-r $HOME/.kube/config kubectl version - name: Restore go build cache uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 54ee690ceb378..284484e36d695 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 7d452ca362015..6abd84f4d33b2 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -58,14 +58,14 @@ jobs: image-digest: ${{ steps.image.outputs.digest }} steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.3.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} if: ${{ github.ref_type == 'tag'}} - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.3.0 if: ${{ github.ref_type != 'tag'}} - name: Setup Golang @@ -74,12 +74,12 @@ jobs: go-version: ${{ inputs.go-version }} - name: Install cosign - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 with: cosign-release: 'v2.0.0' - - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 + - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0 - name: Setup tags for container image as a CSV type run: | @@ -106,7 +106,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Login to Quay.io - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: quay.io username: ${{ secrets.quay_username }} @@ -114,7 +114,7 @@ jobs: if: ${{ inputs.quay_image_name && inputs.push }} - name: Login to GitHub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ghcr.io username: ${{ secrets.ghcr_username }} @@ -122,15 +122,22 @@ jobs: if: ${{ inputs.ghcr_image_name && inputs.push }} - name: Login to dockerhub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: username: ${{ secrets.docker_username }} password: ${{ secrets.docker_password }} if: ${{ inputs.docker_image_name && inputs.push }} + - name: Set up build args for container image + run: | + echo "GIT_TAG=$(if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)" >> $GITHUB_ENV + echo "GIT_COMMIT=$(git rev-parse HEAD)" >> $GITHUB_ENV + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV + echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV + - name: Build and push container image id: image - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 #v4.0.0 + uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 #v4.1.1 with: context: . platforms: ${{ inputs.platforms }} @@ -139,7 +146,12 @@ jobs: target: ${{ inputs.target }} provenance: false sbom: false - + build-args: | + GIT_TAG=${{env.GIT_TAG}} + GIT_COMMIT=${{env.GIT_COMMIT}} + BUILD_DATE=${{env.BUILD_DATE}} + GIT_TREE_STATE=${{env.GIT_TREE_STATE}} + - name: Sign container images run: | for signing_tag in $SIGNING_TAGS; do diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index c568e08710b32..e98ae27708263 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -25,7 +25,7 @@ jobs: image-tag: ${{ steps.image.outputs.tag}} platforms: ${{ steps.platforms.outputs.platforms }} steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Set image tag for ghcr run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-reuse.yaml with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.19 + go-version: 1.20 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -68,7 +68,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:latest ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.19 + go-version: 1.20 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: @@ -86,7 +86,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: ghcr.io/argoproj/argo-cd/argocd digest: ${{ needs.build-and-publish.outputs.image-digest }} @@ -104,7 +104,7 @@ jobs: if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.3.0 - run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments" env: TOKEN: ${{ secrets.TOKEN }} diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 41c0e55f24dc5..39a3808b4a56e 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.2.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} @@ -56,8 +56,15 @@ jobs: make manifests-local VERSION=${{ inputs.TARGET_VERSION }} git diff + - name: Generate version compatibility table + run: | + git stash + bash hack/update-supported-versions.sh + git add -u . + git stash pop + - name: Create pull request - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index d6dabc96b8c0b..020535d7b8afa 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -23,7 +23,7 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@cdafc664bf9b25678d4e6df76ff67b2fe21bb5d2 # v1.3.7 + - uses: thehanimo/pr-title-checker@0cf5902181e78341bb97bb06646396e5bd354b3f # v1.4.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration_path: ".github/pr-title-checker-config.json" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 839006ad96eb3..b504ba6424588 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ on: permissions: {} env: - GOLANG_VERSION: '1.19' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.20' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -23,7 +23,7 @@ jobs: with: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.19 + go-version: 1.20 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: @@ -38,7 +38,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator if: github.repository == 'argoproj/argo-cd' - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: quay.io/argoproj/argocd digest: ${{ needs.argocd-image.outputs.image-digest }} @@ -59,7 +59,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} @@ -88,7 +88,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Run GoReleaser - uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 + uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 id: run-goreleaser with: version: latest @@ -120,7 +120,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" provenance-name: "argocd-cli.intoto.jsonl" @@ -138,7 +138,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.2.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} @@ -149,7 +149,7 @@ jobs: go-version: ${{ env.GOLANG_VERSION }} - name: Install cosign - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 with: cosign-release: 'v2.0.0' @@ -211,7 +211,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.2.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} @@ -270,7 +270,7 @@ jobs: if: ${{ env.UPDATE_VERSION == 'true' }} - name: Create PR to update VERSION on master branch - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: Bump version in master title: "chore: Bump version in master" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 1f1a8c5b81a5b..224a550616dcb 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -30,12 +30,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 with: results_file: results.sarif results_format: sarif diff --git a/.github/workflows/update-snyk.yaml b/.github/workflows/update-snyk.yaml index 9e09a1d555b05..ca004f398df60 100644 --- a/.github/workflows/update-snyk.yaml +++ b/.github/workflows/update-snyk.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Build reports diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index 42b5cfea72e0e..981c5625f678e 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -13,6 +13,8 @@ ENV GOCACHE=/go-build-cache RUN apt-get install redis-server -y RUN go install github.com/mattn/goreman@latest +RUN chown -R gitpod:gitpod /go-build-cache + USER gitpod ENV ARGOCD_REDIS_LOCAL=true diff --git a/Dockerfile b/Dockerfile index d903804e3cff2..12c9ea8f4e6da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 AS builder +FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS builder RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:20.3.1@sha256:2f0b0c15f97441defa812268ee943bbfaaf666ea6cf7cac62ee3f127906b35c6 AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd @@ -113,7 +113,18 @@ COPY . . COPY --from=argocd-ui /src/dist/app /go/src/github.com/argoproj/argo-cd/ui/dist/app ARG TARGETOS ARG TARGETARCH -RUN GOOS=$TARGETOS GOARCH=$TARGETARCH make argocd-all +# These build args are optional; if not specified the defaults will be taken from the Makefile +ARG GIT_TAG +ARG BUILD_DATE +ARG GIT_TREE_STATE +ARG GIT_COMMIT +RUN GIT_COMMIT=$GIT_COMMIT \ + GIT_TREE_STATE=$GIT_TREE_STATE \ + GIT_TAG=$GIT_TAG \ + BUILD_DATE=$BUILD_DATE \ + GOOS=$TARGETOS \ + GOARCH=$TARGETARCH \ + make argocd-all #################################################################################################### # Final image diff --git a/Makefile b/Makefile index ec22c096c652a..4786ac88340f1 100644 --- a/Makefile +++ b/Makefile @@ -9,11 +9,13 @@ GEN_RESOURCES_CLI_NAME=argocd-resources-gen HOST_OS:=$(shell go env GOOS) HOST_ARCH:=$(shell go env GOARCH) +TARGET_ARCH?=linux/amd64 + VERSION=$(shell cat ${CURRENT_DIR}/VERSION) -BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') -GIT_COMMIT=$(shell git rev-parse HEAD) -GIT_TAG=$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi) -GIT_TREE_STATE=$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi) +BUILD_DATE:=$(if $(BUILD_DATE),$(BUILD_DATE),$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')) +GIT_COMMIT:=$(if $(GIT_COMMIT),$(GIT_COMMIT),$(shell git rev-parse HEAD)) +GIT_TAG:=$(if $(GIT_TAG),$(GIT_TAG),$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)) +GIT_TREE_STATE:=$(if $(GIT_TREE_STATE),$(GIT_TREE_STATE),$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)) VOLUME_MOUNT=$(shell if test "$(go env GOOS)" = "darwin"; then echo ":delegated"; elif test selinuxenabled; then echo ":delegated"; else echo ""; fi) KUBECTL_VERSION=$(shell go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev) @@ -283,7 +285,7 @@ controller: .PHONY: build-ui build-ui: - DOCKER_BUILDKIT=1 docker build -t argocd-ui --target argocd-ui . + DOCKER_BUILDKIT=1 docker build -t argocd-ui --platform=$(TARGET_ARCH) --target argocd-ui . find ./ui/dist -type f -not -name gitkeep -delete docker run -v ${CURRENT_DIR}/ui/dist/app:/tmp/app --rm -t argocd-ui sh -c 'cp -r ./dist/app/* /tmp/app/' @@ -294,7 +296,7 @@ ifeq ($(DEV_IMAGE), true) # the dist directory is under .dockerignore. IMAGE_TAG="dev-$(shell git describe --always --dirty)" image: build-ui - DOCKER_BUILDKIT=1 docker build --platform=linux/amd64 -t argocd-base --target argocd-base . + DOCKER_BUILDKIT=1 docker build --platform=$(TARGET_ARCH) -t argocd-base --target argocd-base . CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-server ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-application-controller @@ -302,10 +304,10 @@ image: build-ui ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-cmp-server ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-dex cp Dockerfile.dev dist - DOCKER_BUILDKIT=1 docker build --platform=linux/amd64 -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) -f dist/Dockerfile.dev dist + DOCKER_BUILDKIT=1 docker build --platform=$(TARGET_ARCH) -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) -f dist/Dockerfile.dev dist else image: - DOCKER_BUILDKIT=1 docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) . + DOCKER_BUILDKIT=1 docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) --platform=$(TARGET_ARCH) . endif @if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) ; fi @@ -457,6 +459,7 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local ARGOCD_IN_CI=$(ARGOCD_IN_CI) \ BIN_MODE=$(ARGOCD_BIN_MODE) \ ARGOCD_APPLICATION_NAMESPACES=argocd-e2e-external \ + ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES=argocd-e2e-external \ ARGOCD_E2E_TEST=true \ goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START} diff --git a/Procfile b/Procfile index 677a75e0da30d..2bb26a086fb1d 100644 --- a/Procfile +++ b/Procfile @@ -1,7 +1,7 @@ controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}" api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}" dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml" -redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi" +redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} docker.io/library/redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi" repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}" cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}" ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start' @@ -9,4 +9,4 @@ git-server: test/fixture/testrepos/start-git.sh helm-registry: test/fixture/testrepos/start-helm-registry.sh dev-mounter: [[ "$ARGOCD_E2E_TEST" != "true" ]] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}" -notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug" \ No newline at end of file +notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug" diff --git a/SECURITY.md b/SECURITY.md index 5563e3d11f903..9e2ba5c6ba542 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -65,9 +65,10 @@ We will publish security advisories using the feature to keep our community well-informed, and will credit you for your findings (unless you prefer to stay anonymous, of course). -Please report vulnerabilities by e-mail to the following address: +There are two ways to report a vulnerability to the Argo CD team: -* cncf-argo-security@lists.cncf.io +* By opening a draft GitHub security advisory: https://github.com/argoproj/argo-cd/security/advisories/new +* By e-mail to the following address: cncf-argo-security@lists.cncf.io ## Internet Bug Bounty collaboration diff --git a/USERS.md b/USERS.md index e3c74d15c499e..1e2e0981fbab5 100644 --- a/USERS.md +++ b/USERS.md @@ -25,6 +25,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Arctiq Inc.](https://www.arctiq.ca) 1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/) 1. [Axual B.V.](https://axual.com) +1. [Back Market](https://www.backmarket.com) 1. [Baloise](https://www.baloise.com) 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform) 1. [Beat](https://thebeat.co/en/) @@ -45,6 +46,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Celonis](https://www.celonis.com/) 1. [CERN](https://home.cern/) 1. [Chargetrip](https://chargetrip.com) +1. [Chainnodes](https://chainnodes.org) 1. [Chime](https://www.chime.com) 1. [Cisco ET&I](https://eti.cisco.com/) 1. [Cloud Posse](https://www.cloudposse.com/) @@ -83,6 +85,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Farfetch](https://www.farfetch.com) 1. [Faro](https://www.faro.com/) 1. [Fave](https://myfave.com) +1. [Flexport](https://www.flexport.com/) 1. [Flip](https://flip.id) 1. [Fonoa](https://www.fonoa.com/) 1. [freee](https://corp.freee.co.jp/en/company/) @@ -100,6 +103,8 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Glovo](https://www.glovoapp.com) 1. [GMETRI](https://gmetri.com/) 1. [Gojek](https://www.gojek.io/) +1. [GoTo](https://www.goto.com/) +1. [GoTo Financial](https://gotofinancial.com/) 1. [Greenpass](https://www.greenpass.com.br/) 1. [Gridfuse](https://gridfuse.com/) 1. [Groww](https://groww.in) @@ -153,6 +158,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Max Kelsen](https://www.maxkelsen.com/) 1. [MeDirect](https://medirect.com.mt/) 1. [Meican](https://meican.com/) +1. [Meilleurs Agents](https://www.meilleursagents.com/) 1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) 1. [Metanet](http://www.metanet.co.kr/en/) 1. [MindSpore](https://mindspore.cn) @@ -173,6 +179,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Objective](https://www.objective.com.br/) 1. [OCCMundial](https://occ.com.mx) 1. [Octadesk](https://octadesk.com) +1. [Olfeo](https://www.olfeo.com/) 1. [omegaUp](https://omegaUp.com) 1. [Omni](https://omni.se/) 1. [openEuler](https://openeuler.org) @@ -225,9 +232,11 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Sap Labs](http://sap.com) 1. [Sauce Labs](https://saucelabs.com/) 1. [Schwarz IT](https://jobs.schwarz/it-mission) +1. [SEEK](https://seek.com.au) 1. [SI Analytics](https://si-analytics.ai) 1. [Skit](https://skit.ai/) 1. [Skyscanner](https://www.skyscanner.net/) +1. [Smart Pension](https://www.smartpension.co.uk/) 1. [Smilee.io](https://smilee.io) 1. [Smood.ch](https://www.smood.ch/) 1. [Snapp](https://snapp.ir/) @@ -268,9 +277,11 @@ Currently, the following organizations are **officially** using Argo CD: 1. [ungleich.ch](https://ungleich.ch/) 1. [Unifonic Inc](https://www.unifonic.com/) 1. [Universidad Mesoamericana](https://www.umes.edu.gt/) +1. [Urbantz](https://urbantz.com/) 1. [Vectra](https://www.vectra.ai) 1. [Veepee](https://www.veepee.com) 1. [Viaduct](https://www.viaduct.ai/) +1. [VietMoney](https://vietmoney.vn/) 1. [Vinted](https://vinted.com/) 1. [Virtuo](https://www.govirtuo.com/) 1. [VISITS Technologies](https://visits.world/en) @@ -291,5 +302,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Yieldlab](https://www.yieldlab.de/) 1. [Youverify](https://youverify.co/) 1. [Yubo](https://www.yubo.live/) +1. [ZDF](https://www.zdf.de/) 1. [Zimpler](https://www.zimpler.com/) 1. [ZOZO](https://corp.zozo.com/) diff --git a/VERSION b/VERSION index 834f262953832..c8e38b614057b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.8.0 +2.9.0 diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 1350edcff0fad..245262fe184ac 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -43,6 +43,7 @@ import ( "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/db" + "github.com/argoproj/argo-cd/v2/util/glob" argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" @@ -57,6 +58,10 @@ const ( // https://github.com/argoproj-labs/argocd-notifications/blob/33d345fa838829bb50fca5c08523aba380d2c12b/pkg/controller/state.go#L17 NotifiedAnnotationKey = "notified.notifications.argoproj.io" ReconcileRequeueOnValidationError = time.Minute * 3 + + // LabelKeyAppSetInstance is the label key to use to uniquely identify the apps of an applicationset + // The ArgoCD applicationset name is used as the instance name + LabelKeyAppSetInstance = "argocd.argoproj.io/application-set-name" ) var ( @@ -69,16 +74,18 @@ var ( // ApplicationSetReconciler reconciles a ApplicationSet object type ApplicationSetReconciler struct { client.Client - Scheme *runtime.Scheme - Recorder record.EventRecorder - Generators map[string]generators.Generator - ArgoDB db.ArgoDB - ArgoAppClientset appclientset.Interface - KubeClientset kubernetes.Interface - utils.Policy + Scheme *runtime.Scheme + Recorder record.EventRecorder + Generators map[string]generators.Generator + ArgoDB db.ArgoDB + ArgoAppClientset appclientset.Interface + KubeClientset kubernetes.Interface + Policy argov1alpha1.ApplicationsSyncPolicy + EnablePolicyOverride bool utils.Renderer - - EnableProgressiveSyncs bool + ArgoCDNamespace string + ApplicationSetNamespaces []string + EnableProgressiveSyncs bool } // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets,verbs=get;list;watch;create;update;patch;delete @@ -121,7 +128,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque parametersGenerated = true - validateErrors, err := r.validateGeneratedApplications(ctx, desiredApplications, applicationSetInfo, req.Namespace) + validateErrors, err := r.validateGeneratedApplications(ctx, desiredApplications, applicationSetInfo) if err != nil { // While some generators may return an error that requires user intervention, // other generators reference external resources that may change to cause @@ -149,19 +156,28 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // appSyncMap tracks which apps will be synced during this reconciliation. appSyncMap := map[string]bool{} - if r.EnableProgressiveSyncs && applicationSetInfo.Spec.Strategy != nil { - applications, err := r.getCurrentApplications(ctx, applicationSetInfo) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) - } + if r.EnableProgressiveSyncs { + if applicationSetInfo.Spec.Strategy == nil && len(applicationSetInfo.Status.ApplicationStatus) > 0 { + log.Infof("Removing %v unnecessary AppStatus entries from ApplicationSet %v", len(applicationSetInfo.Status.ApplicationStatus), applicationSetInfo.Name) - for _, app := range applications { - appMap[app.Name] = app - } + err := r.setAppSetApplicationStatus(ctx, &applicationSetInfo, []argov1alpha1.ApplicationSetApplicationStatus{}) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to clear previous AppSet application statuses for %v: %w", applicationSetInfo.Name, err) + } + } else { + applications, err := r.getCurrentApplications(ctx, applicationSetInfo) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) + } - appSyncMap, err = r.performProgressiveSyncs(ctx, applicationSetInfo, applications, desiredApplications, appMap) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) + for _, app := range applications { + appMap[app.Name] = app + } + + appSyncMap, err = r.performProgressiveSyncs(ctx, applicationSetInfo, applications, desiredApplications, appMap) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) + } } } @@ -213,7 +229,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } - if r.Policy.Update() { + if utils.DefaultPolicy(applicationSetInfo.Spec.SyncPolicy, r.Policy, r.EnablePolicyOverride).AllowUpdate() { err = r.createOrUpdateInCluster(ctx, applicationSetInfo, validApps) if err != nil { _ = r.setApplicationSetStatusCondition(ctx, @@ -243,7 +259,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } - if r.Policy.Delete() { + if utils.DefaultPolicy(applicationSetInfo.Spec.SyncPolicy, r.Policy, r.EnablePolicyOverride).AllowDelete() { err = r.deleteInCluster(ctx, applicationSetInfo, desiredApplications) if err != nil { _ = r.setApplicationSetStatusCondition(ctx, @@ -403,7 +419,7 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context. // validateGeneratedApplications uses the Argo CD validation functions to verify the correctness of the // generated applications. -func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Context, desiredApplications []argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, namespace string) (map[int]error, error) { +func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Context, desiredApplications []argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet) (map[int]error, error) { errorsByIndex := map[int]error{} namesSet := map[string]bool{} for i, app := range desiredApplications { @@ -415,7 +431,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con continue } - proj, err := r.ArgoAppClientset.ArgoprojV1alpha1().AppProjects(namespace).Get(ctx, app.Spec.GetProject(), metav1.GetOptions{}) + proj, err := r.ArgoAppClientset.ArgoprojV1alpha1().AppProjects(r.ArgoCDNamespace).Get(ctx, app.Spec.GetProject(), metav1.GetOptions{}) if err != nil { if apierr.IsNotFound(err) { errorsByIndex[i] = fmt.Errorf("application references project %s which does not exist", app.Spec.Project) @@ -424,7 +440,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con return nil, err } - if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, namespace); err != nil { + if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, r.ArgoCDNamespace); err != nil { errorsByIndex[i] = fmt.Errorf("application destination spec is invalid: %s", err.Error()) continue } @@ -495,9 +511,13 @@ func (r *ApplicationSetReconciler) generateApplications(applicationSetInfo argov for _, a := range t { tmplApplication := getTempApplication(a.Template) + if tmplApplication.Labels == nil { + tmplApplication.Labels = make(map[string]string) + } + tmplApplication.Labels[LabelKeyAppSetInstance] = applicationSetInfo.Name for _, p := range a.Params { - app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate) + app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) if err != nil { log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). Error("error generating application from params") @@ -519,6 +539,14 @@ func (r *ApplicationSetReconciler) generateApplications(applicationSetInfo argov return res, applicationSetReason, firstError } +func ignoreNotAllowedNamespaces(namespaces []string) predicate.Predicate { + return predicate.Funcs{ + CreateFunc: func(e event.CreateEvent) bool { + return glob.MatchStringInList(namespaces, e.Object.GetNamespace(), false) + }, + } +} + func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProgressiveSyncs bool, maxConcurrentReconciliations int) error { if err := mgr.GetFieldIndexer().IndexField(context.TODO(), &argov1alpha1.Application{}, ".metadata.controller", func(rawObj client.Object) []string { // grab the job object, extract the owner... @@ -544,6 +572,7 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg MaxConcurrentReconciles: maxConcurrentReconciliations, }).For(&argov1alpha1.ApplicationSet{}). Owns(&argov1alpha1.Application{}, builder.WithPredicates(ownsHandler)). + WithEventFilter(ignoreNotAllowedNamespaces(r.ApplicationSetNamespaces)). Watches( &source.Kind{Type: &corev1.Secret{}}, &clusterSecretEventHandler{ @@ -671,7 +700,7 @@ func (r *ApplicationSetReconciler) deleteInCluster(ctx context.Context, applicat // settingsMgr := settings.NewSettingsManager(context.TODO(), r.KubeClientset, applicationSet.Namespace) // argoDB := db.NewDB(applicationSet.Namespace, settingsMgr, r.KubeClientset) // clusterList, err := argoDB.ListClusters(ctx) - clusterList, err := utils.ListClusters(ctx, r.KubeClientset, applicationSet.Namespace) + clusterList, err := utils.ListClusters(ctx, r.KubeClientset, r.ArgoCDNamespace) if err != nil { return fmt.Errorf("error listing clusters: %w", err) } @@ -732,7 +761,7 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte var validDestination bool // Detect if the destination is invalid (name doesn't correspond to a matching cluster) - if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, applicationSet.Namespace); err != nil { + if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, r.ArgoCDNamespace); err != nil { appLog.Warnf("The destination cluster for %s couldn't be found: %v", app.Name, err) validDestination = false } else { @@ -853,45 +882,21 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(ctx context.Context, a selected := true // default to true, assuming the current Application is a match for the given step matchExpression - allNotInMatched := true // needed to support correct AND behavior between multiple NotIn MatchExpressions - notInUsed := false // since we default to allNotInMatched == true, track whether a NotIn expression was actually used - for _, matchExpression := range step.MatchExpressions { - if matchExpression.Operator == "In" { - if val, ok := app.Labels[matchExpression.Key]; ok { - valueMatched := labelMatchedExpression(val, matchExpression) + if val, ok := app.Labels[matchExpression.Key]; ok { + valueMatched := labelMatchedExpression(val, matchExpression) - if !valueMatched { // none of the matchExpression values was a match with the Application'ss labels - selected = false - break - } - } else { - selected = false // no matching label key with In means this Application will not be included in the current step + if !valueMatched { // none of the matchExpression values was a match with the Application'ss labels + selected = false break } - } else if matchExpression.Operator == "NotIn" { - notInUsed = true // a NotIn selector was used in this matchExpression - if val, ok := app.Labels[matchExpression.Key]; ok { - valueMatched := labelMatchedExpression(val, matchExpression) - - if !valueMatched { // none of the matchExpression values was a match with the Application's labels - allNotInMatched = false - } - } else { - allNotInMatched = false // no matching label key with NotIn means this Application may still be included in the current step - } - } else { // handle invalid operator selection - log.Warnf("skipping AppSet rollingUpdate step Application selection for %q, invalid matchExpression operator provided: %q ", applicationSet.Name, matchExpression.Operator) - selected = false + } else if matchExpression.Operator == "In" { + selected = false // no matching label key with "In" operator means this Application will not be included in the current step break } } - if notInUsed && allNotInMatched { // check if all NotIn Expressions matched, if so exclude this Application - selected = false - } - if selected { appDependencyList[i] = append(appDependencyList[i], app.Name) if val, ok := appStepMap[app.Name]; ok { @@ -907,11 +912,20 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(ctx context.Context, a } func labelMatchedExpression(val string, matchExpression argov1alpha1.ApplicationMatchExpression) bool { - valueMatched := false + if matchExpression.Operator != "In" && matchExpression.Operator != "NotIn" { + log.Errorf("skipping AppSet rollingUpdate step Application selection, invalid matchExpression operator provided: %q ", matchExpression.Operator) + return false + } + + // if operator == In, default to false + // if operator == NotIn, default to true + valueMatched := matchExpression.Operator == "NotIn" + for _, value := range matchExpression.Values { if val == value { - valueMatched = true - break + // first "In" match returns true + // first "NotIn" match returns false + return matchExpression.Operator == "In" } } return valueMatched @@ -1044,7 +1058,12 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con } if currentAppStatus.Status == "Pending" { - if operationPhaseString == "Succeeded" && app.Status.OperationState.StartedAt.After(currentAppStatus.LastTransitionTime.Time) { + // check for successful syncs started less than 10s before the Application transitioned to Pending + // this covers race conditions where syncs initiated by RollingSync miraculously have a sync time before the transition to Pending state occurred (could be a few seconds) + if operationPhaseString == "Succeeded" && app.Status.OperationState.StartedAt.Add(time.Duration(10)*time.Second).After(currentAppStatus.LastTransitionTime.Time) { + if !app.Status.OperationState.StartedAt.After(currentAppStatus.LastTransitionTime.Time) { + log.Warnf("Application %v was synced less than 10s prior to entering Pending status, we'll assume the AppSet controller triggered this sync and update its status to Progressing", app.Name) + } log.Infof("Application %v has completed a sync successfully, updating its ApplicationSet status to Progressing", app.Name) currentAppStatus.LastTransitionTime = &now currentAppStatus.Status = "Progressing" @@ -1222,30 +1241,30 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica // with any new/changed Application statuses. func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error { needToUpdateStatus := false - for i := range applicationStatuses { - appStatus := applicationStatuses[i] - idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appStatus.Application) - if idx == -1 { - needToUpdateStatus = true - break - } - currentStatus := applicationSet.Status.ApplicationStatus[idx] - if currentStatus.Message != appStatus.Message || currentStatus.Status != appStatus.Status { - needToUpdateStatus = true - break + + if len(applicationStatuses) != len(applicationSet.Status.ApplicationStatus) { + needToUpdateStatus = true + } else { + for i := range applicationStatuses { + appStatus := applicationStatuses[i] + idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appStatus.Application) + if idx == -1 { + needToUpdateStatus = true + break + } + currentStatus := applicationSet.Status.ApplicationStatus[idx] + if currentStatus.Message != appStatus.Message || currentStatus.Status != appStatus.Status || currentStatus.Step != appStatus.Step { + needToUpdateStatus = true + break + } } } if needToUpdateStatus { - // fetch updated Application Set object before updating it namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name} - if err := r.Get(ctx, namespacedName, applicationSet); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil - } - return fmt.Errorf("error fetching updated application set: %v", err) - } + // rebuild ApplicationStatus from scratch, we don't need any previous status history + applicationSet.Status.ApplicationStatus = []argov1alpha1.ApplicationSetApplicationStatus{} for i := range applicationStatuses { applicationSet.Status.SetApplicationStatus(applicationStatuses[i]) } diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 0f433b7979d56..45a60237efcb8 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -65,8 +65,8 @@ func (g *generatorMock) GetRequeueAfter(appSetGenerator *v1alpha1.ApplicationSet return args.Get(0).(time.Duration) } -func (r *rendererMock) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool) (*v1alpha1.Application, error) { - args := r.Called(tmpl, params, useGoTemplate) +func (r *rendererMock) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) { + args := r.Called(tmpl, params, useGoTemplate, goTemplateOptions) if args.Error(1) != nil { return nil, args.Error(1) @@ -164,11 +164,14 @@ func TestExtractApplications(t *testing.T) { if cc.generateParamsError == nil { for _, p := range cc.params { + tmpApplication := getTempApplication(cc.template) + tmpApplication.Labels[LabelKeyAppSetInstance] = appSet.Name + if cc.rendererError != nil { - rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false). + rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). Return(nil, cc.rendererError) } else { - rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false). + rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). Return(&app, nil) expectedApps = append(expectedApps, app) } @@ -285,7 +288,21 @@ func TestMergeTemplateApplications(t *testing.T) { rendererMock := rendererMock{} - rendererMock.On("RenderTemplateParams", getTempApplication(cc.expectedMerged), cc.params[0], false). + appSet := &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{generator}, + Template: cc.template, + }, + } + + tmpApplication := getTempApplication(cc.expectedMerged) + tmpApplication.Labels[LabelKeyAppSetInstance] = appSet.Name + + rendererMock.On("RenderTemplateParams", tmpApplication, cc.params[0], false, []string(nil)). Return(&cc.expectedApps[0], nil) r := ApplicationSetReconciler{ @@ -299,17 +316,7 @@ func TestMergeTemplateApplications(t *testing.T) { KubeClientset: kubefake.NewSimpleClientset(), } - got, _, _ := r.generateApplications(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "namespace", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{generator}, - Template: cc.template, - }, - }, - ) + got, _, _ := r.generateApplications(*appSet) assert.Equal(t, cc.expectedApps, got) }) @@ -1808,13 +1815,14 @@ func TestValidateGeneratedApplications(t *testing.T) { Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, ArgoDB: &argoDBMock, + ArgoCDNamespace: "namespace", ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, } appSetInfo := v1alpha1.ApplicationSet{} - validationErrors, _ := r.validateGeneratedApplications(context.TODO(), cc.apps, appSetInfo, "namespace") + validationErrors, _ := r.validateGeneratedApplications(context.TODO(), cc.apps, appSetInfo) var errorMessages []string for _, v := range validationErrors { errorMessages = append(errorMessages, v.Error()) @@ -1915,7 +1923,8 @@ func TestReconcilerValidationErrorBehaviour(t *testing.T) { ArgoDB: &argoDBMock, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, - Policy: &utils.SyncPolicy{}, + Policy: v1alpha1.ApplicationsSyncPolicySync, + ArgoCDNamespace: "argocd", } req := ctrl.Request{ @@ -1998,6 +2007,339 @@ func TestSetApplicationSetStatusCondition(t *testing.T) { assert.Len(t, appSet.Status.Conditions, 3) } +func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alpha1.ApplicationsSyncPolicy, recordBuffer int, allowPolicyOverride bool) v1alpha1.Application { + + scheme := runtime.NewScheme() + err := v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + err = v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + defaultProject := v1alpha1.AppProject{ + ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, + Spec: v1alpha1.AppProjectSpec{SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "https://good-cluster"}}}, + } + appSet := v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "good-cluster","url": "https://good-cluster"}`), + }}, + }, + }, + }, + SyncPolicy: &v1alpha1.ApplicationSetSyncPolicy{ + ApplicationsSync: &applicationsSyncPolicy, + }, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "{{cluster}}", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{RepoURL: "https://github.com/argoproj/argocd-example-apps", Path: "guestbook"}, + Project: "default", + Destination: v1alpha1.ApplicationDestination{Server: "{{url}}"}, + }, + }, + }, + } + + kubeclientset := kubefake.NewSimpleClientset() + argoDBMock := dbmocks.ArgoDB{} + argoObjs := []runtime.Object{&defaultProject} + + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).Build() + goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} + argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) + argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ + goodCluster, + }}, nil) + + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Renderer: &utils.Render{}, + Recorder: record.NewFakeRecorder(recordBuffer), + Generators: map[string]generators.Generator{ + "List": generators.NewListGenerator(), + }, + ArgoDB: &argoDBMock, + ArgoCDNamespace: "argocd", + ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), + KubeClientset: kubeclientset, + Policy: v1alpha1.ApplicationsSyncPolicySync, + EnablePolicyOverride: allowPolicyOverride, + } + + req := ctrl.Request{ + NamespacedName: types.NamespacedName{ + Namespace: "argocd", + Name: "name", + }, + } + + // Verify that on validation error, no error is returned, but the object is requeued + resCreate, err := r.Reconcile(context.Background(), req) + assert.Nil(t, err) + assert.True(t, resCreate.RequeueAfter == 0) + + var app v1alpha1.Application + + // make sure good app got created + err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "good-cluster"}, &app) + assert.Nil(t, err) + assert.Equal(t, app.Name, "good-cluster") + + // Update resource + var retrievedApplicationSet v1alpha1.ApplicationSet + err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "name"}, &retrievedApplicationSet) + assert.Nil(t, err) + + retrievedApplicationSet.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + retrievedApplicationSet.Spec.Template.Labels = map[string]string{"argocd.argoproj.io/application-set-name": "name", "label-key": "label-value"} + + retrievedApplicationSet.Spec.Template.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{ + Values: "global.test: test", + } + + err = r.Client.Update(context.TODO(), &retrievedApplicationSet) + assert.Nil(t, err) + + resUpdate, err := r.Reconcile(context.Background(), req) + assert.Nil(t, err) + + err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "good-cluster"}, &app) + assert.Nil(t, err) + assert.True(t, resUpdate.RequeueAfter == 0) + assert.Equal(t, app.Name, "good-cluster") + + return app +} + +func TestUpdateNotPerformedWithSyncPolicyCreateOnly(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly + + app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 1, true) + + assert.Nil(t, app.Spec.Source.Helm) + assert.Nil(t, app.ObjectMeta.Annotations) + assert.Equal(t, map[string]string{"argocd.argoproj.io/application-set-name": "name"}, app.ObjectMeta.Labels) +} + +func TestUpdateNotPerformedWithSyncPolicyCreateDelete(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateDelete + + app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 1, true) + + assert.Nil(t, app.Spec.Source.Helm) + assert.Nil(t, app.ObjectMeta.Annotations) + assert.Equal(t, map[string]string{"argocd.argoproj.io/application-set-name": "name"}, app.ObjectMeta.Labels) +} + +func TestUpdatePerformedWithSyncPolicyCreateUpdate(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateUpdate + + app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 2, true) + + assert.Equal(t, "global.test: test", app.Spec.Source.Helm.Values) + assert.Equal(t, map[string]string{"annotation-key": "annotation-value"}, app.ObjectMeta.Annotations) + assert.Equal(t, map[string]string{"argocd.argoproj.io/application-set-name": "name", "label-key": "label-value"}, app.ObjectMeta.Labels) +} + +func TestUpdatePerformedWithSyncPolicySync(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicySync + + app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 2, true) + + assert.Equal(t, "global.test: test", app.Spec.Source.Helm.Values) + assert.Equal(t, map[string]string{"annotation-key": "annotation-value"}, app.ObjectMeta.Annotations) + assert.Equal(t, map[string]string{"argocd.argoproj.io/application-set-name": "name", "label-key": "label-value"}, app.ObjectMeta.Labels) +} + +func TestUpdatePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly + + app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 2, false) + + assert.Equal(t, "global.test: test", app.Spec.Source.Helm.Values) + assert.Equal(t, map[string]string{"annotation-key": "annotation-value"}, app.ObjectMeta.Annotations) + assert.Equal(t, map[string]string{"argocd.argoproj.io/application-set-name": "name", "label-key": "label-value"}, app.ObjectMeta.Labels) +} + +func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alpha1.ApplicationsSyncPolicy, recordBuffer int, allowPolicyOverride bool) v1alpha1.ApplicationList { + + scheme := runtime.NewScheme() + err := v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + err = v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + defaultProject := v1alpha1.AppProject{ + ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, + Spec: v1alpha1.AppProjectSpec{SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "https://good-cluster"}}}, + } + appSet := v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "good-cluster","url": "https://good-cluster"}`), + }}, + }, + }, + }, + SyncPolicy: &v1alpha1.ApplicationSetSyncPolicy{ + ApplicationsSync: &applicationsSyncPolicy, + }, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "{{cluster}}", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{RepoURL: "https://github.com/argoproj/argocd-example-apps", Path: "guestbook"}, + Project: "default", + Destination: v1alpha1.ApplicationDestination{Server: "{{url}}"}, + }, + }, + }, + } + + kubeclientset := kubefake.NewSimpleClientset() + argoDBMock := dbmocks.ArgoDB{} + argoObjs := []runtime.Object{&defaultProject} + + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).Build() + goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} + argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) + argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ + goodCluster, + }}, nil) + + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Renderer: &utils.Render{}, + Recorder: record.NewFakeRecorder(recordBuffer), + Generators: map[string]generators.Generator{ + "List": generators.NewListGenerator(), + }, + ArgoDB: &argoDBMock, + ArgoCDNamespace: "argocd", + ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), + KubeClientset: kubeclientset, + Policy: v1alpha1.ApplicationsSyncPolicySync, + EnablePolicyOverride: allowPolicyOverride, + } + + req := ctrl.Request{ + NamespacedName: types.NamespacedName{ + Namespace: "argocd", + Name: "name", + }, + } + + // Verify that on validation error, no error is returned, but the object is requeued + resCreate, err := r.Reconcile(context.Background(), req) + assert.Nil(t, err) + assert.True(t, resCreate.RequeueAfter == 0) + + var app v1alpha1.Application + + // make sure good app got created + err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "good-cluster"}, &app) + assert.Nil(t, err) + assert.Equal(t, app.Name, "good-cluster") + + // Update resource + var retrievedApplicationSet v1alpha1.ApplicationSet + err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "name"}, &retrievedApplicationSet) + assert.Nil(t, err) + retrievedApplicationSet.Spec.Generators = []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{}, + }, + }, + } + + err = r.Client.Update(context.TODO(), &retrievedApplicationSet) + assert.Nil(t, err) + + resUpdate, err := r.Reconcile(context.Background(), req) + assert.Nil(t, err) + + var apps v1alpha1.ApplicationList + + err = r.Client.List(context.TODO(), &apps) + assert.Nil(t, err) + assert.True(t, resUpdate.RequeueAfter == 0) + + return apps +} + +func TestDeleteNotPerformedWithSyncPolicyCreateOnly(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly + + apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 1, true) + + assert.Equal(t, "good-cluster", apps.Items[0].Name) +} + +func TestDeleteNotPerformedWithSyncPolicyCreateUpdate(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateUpdate + + apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 2, true) + + assert.Equal(t, "good-cluster", apps.Items[0].Name) +} + +func TestDeletePerformedWithSyncPolicyCreateDelete(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateDelete + + apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) + + assert.Equal(t, 0, len(apps.Items)) +} + +func TestDeletePerformedWithSyncPolicySync(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicySync + + apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) + + assert.Equal(t, 0, len(apps.Items)) +} + +func TestDeletePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *testing.T) { + + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly + + apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, false) + + assert.Equal(t, 0, len(apps.Items)) +} + // Test app generation from a go template application set using a pull request generator func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) { scheme := runtime.NewScheme() @@ -2041,7 +2383,8 @@ func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "AppSet-branch1-1", Labels: map[string]string{ - "app1": "label1", + "app1": "label1", + LabelKeyAppSetInstance: "", }, }, Spec: v1alpha1.ApplicationSpec{ @@ -2204,6 +2547,7 @@ func TestPolicies(t *testing.T) { "List": generators.NewListGenerator(), }, ArgoDB: &argoDBMock, + ArgoCDNamespace: "argocd", ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, Policy: policy, @@ -2277,55 +2621,104 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { err = v1alpha1.AddToScheme(scheme) assert.Nil(t, err) - appSet := v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{ - {List: &v1alpha1.ListGenerator{ - Elements: []apiextensionsv1.JSON{{ - Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), - }}, - }}, + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) + argoDBMock := dbmocks.ArgoDB{} + argoObjs := []runtime.Object{} + + for _, cc := range []struct { + name string + appSet v1alpha1.ApplicationSet + appStatuses []v1alpha1.ApplicationSetApplicationStatus + expectedAppStatuses []v1alpha1.ApplicationSetApplicationStatus + }{ + { + name: "sets a single appstatus", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }}, + }, + Template: v1alpha1.ApplicationSetTemplate{}, + }, + }, + appStatuses: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "testing SetApplicationSetApplicationStatus to Healthy", + Status: "Healthy", + }, + }, + expectedAppStatuses: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "testing SetApplicationSetApplicationStatus to Healthy", + Status: "Healthy", + }, }, - Template: v1alpha1.ApplicationSetTemplate{}, }, - } - - appStatuses := []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "my-application", - LastTransitionTime: &metav1.Time{}, - Message: "testing SetApplicationSetApplicationStatus to Healthy", - Status: "Healthy", + name: "removes an appstatus", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }}, + }, + Template: v1alpha1.ApplicationSetTemplate{}, + }, + Status: v1alpha1.ApplicationSetStatus{ + ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "testing SetApplicationSetApplicationStatus to Healthy", + Status: "Healthy", + }, + }, + }, + }, + appStatuses: []v1alpha1.ApplicationSetApplicationStatus{}, + expectedAppStatuses: nil, }, - } + } { - kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} - argoObjs := []runtime.Object{} + t.Run(cc.name, func(t *testing.T) { - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Renderer: &utils.Render{}, - Recorder: record.NewFakeRecorder(1), - Generators: map[string]generators.Generator{ - "List": generators.NewListGenerator(), - }, - ArgoDB: &argoDBMock, - ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), - KubeClientset: kubeclientset, - } + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Renderer: &utils.Render{}, + Recorder: record.NewFakeRecorder(1), + Generators: map[string]generators.Generator{ + "List": generators.NewListGenerator(), + }, + ArgoDB: &argoDBMock, + ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), + KubeClientset: kubeclientset, + } - err = r.setAppSetApplicationStatus(context.TODO(), &appSet, appStatuses) - assert.Nil(t, err) + err = r.setAppSetApplicationStatus(context.TODO(), &cc.appSet, cc.appStatuses) + assert.Nil(t, err) - assert.Len(t, appSet.Status.ApplicationStatus, 1) + assert.Equal(t, cc.expectedAppStatuses, cc.appSet.Status.ApplicationStatus) + }) + } } func TestBuildAppDependencyList(t *testing.T) { @@ -2792,7 +3185,7 @@ func TestBuildAppDependencyList(t *testing.T) { }, }, { - name: "multiple 'NotIn' selectors only match Applications with all labels", + name: "multiple 'NotIn' selectors remove Applications with mising labels on any match", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -2846,10 +3239,88 @@ func TestBuildAppDependencyList(t *testing.T) { }, }, expectedList: [][]string{ - {"app-qa1"}, + {}, + }, + expectedStepMap: map[string]int{}, + }, + { + name: "multiple 'NotIn' selectors filter all matching Applications", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Strategy: &v1alpha1.ApplicationSetStrategy{ + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{ + { + Key: "region", + Operator: "NotIn", + Values: []string{ + "us-east-2", + }, + }, + { + Key: "env", + Operator: "NotIn", + Values: []string{ + "qa", + }, + }, + }, + }, + }, + }, + }, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-qa1", + Labels: map[string]string{ + "env": "qa", + "region": "us-east-1", + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-qa2", + Labels: map[string]string{ + "env": "qa", + "region": "us-east-2", + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-prod1", + Labels: map[string]string{ + "env": "prod", + "region": "us-east-1", + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-prod2", + Labels: map[string]string{ + "env": "prod", + "region": "us-east-2", + }, + }, + }, + }, + expectedList: [][]string{ + {"app-prod1"}, }, expectedStepMap: map[string]int{ - "app-qa1": 0, + "app-prod1": 0, }, }, { @@ -4065,6 +4536,63 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + { + name: "progresses a pending application with a successful sync <1s ago to progressing", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Strategy: &v1alpha1.ApplicationSetStrategy{ + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + }, + }, + Status: v1alpha1.ApplicationSetStatus{ + ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + LastTransitionTime: &metav1.Time{ + Time: time.Now(), + }, + Message: "", + Status: "Pending", + Step: "1", + }, + }, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Status: v1alpha1.ApplicationStatus{ + Health: v1alpha1.HealthStatus{ + Status: health.HealthStatusDegraded, + }, + OperationState: &v1alpha1.OperationState{ + Phase: common.OperationSucceeded, + StartedAt: metav1.Time{ + Time: time.Now().Add(time.Duration(-1) * time.Second), + }, + }, + Sync: v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + }, + }, + }, + }, + expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "Application resource completed a sync successfully, updating status from Pending to Progressing.", + Status: "Progressing", + Step: "1", + }, + }, + }, { name: "does not progresses a pending application with an old successful sync to progressing", appSet: v1alpha1.ApplicationSet{ @@ -4083,7 +4611,7 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { { Application: "app1", LastTransitionTime: &metav1.Time{ - Time: time.Now().Add(time.Duration(-1) * time.Minute), + Time: time.Now(), }, Message: "Application moved to Pending status, watching for the Application resource to start Progressing.", Status: "Pending", @@ -4104,7 +4632,7 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { OperationState: &v1alpha1.OperationState{ Phase: common.OperationSucceeded, StartedAt: metav1.Time{ - Time: time.Now().Add(time.Duration(-2) * time.Minute), + Time: time.Now().Add(time.Duration(-11) * time.Second), }, }, Sync: v1alpha1.SyncStatus{ @@ -4122,6 +4650,63 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + { + name: "removes the appStatus for applications that no longer exist", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Strategy: &v1alpha1.ApplicationSetStrategy{ + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + }, + }, + Status: v1alpha1.ApplicationSetStatus{ + ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "Application has pending changes, setting status to Waiting.", + Status: "Waiting", + Step: "1", + }, + { + Application: "app2", + Message: "Application has pending changes, setting status to Waiting.", + Status: "Waiting", + Step: "1", + }, + }, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Status: v1alpha1.ApplicationStatus{ + Health: v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + }, + OperationState: &v1alpha1.OperationState{ + Phase: common.OperationSucceeded, + }, + Sync: v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + }, + }, + }, + }, + expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "Application resource is already Healthy, updating status from Waiting to Healthy.", + Status: "Healthy", + Step: "1", + }, + }, + }, } { t.Run(cc.name, func(t *testing.T) { diff --git a/applicationset/examples/applications-sync-policies/create-only.yaml b/applicationset/examples/applications-sync-policies/create-only.yaml new file mode 100644 index 0000000000000..7758a70b45765 --- /dev/null +++ b/applicationset/examples/applications-sync-policies/create-only.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: guestbook +spec: + goTemplate: true + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + foo: bar + # Update foo value with foo: bar + # Application engineering-prod-guestbook labels will still be baz + # Delete this element + # Application engineering-prod-guestbook will be kept + - cluster: engineering-prod + url: https://kubernetes.default.svc + foo: baz + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + foo: '{{.foo}}' + spec: + project: default + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + path: applicationset/examples/list-generator/guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook + syncPolicy: + applicationsSync: create-only diff --git a/applicationset/examples/applications-sync-policies/create-update.yaml b/applicationset/examples/applications-sync-policies/create-update.yaml new file mode 100644 index 0000000000000..277e8d6e18884 --- /dev/null +++ b/applicationset/examples/applications-sync-policies/create-update.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: guestbook +spec: + goTemplate: true + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + foo: bar + # Update foo value with foo: bar + # Application engineering-prod-guestbook labels will change to foo: bar + # Delete this element + # Application engineering-prod-guestbook will be kept + - cluster: engineering-prod + url: https://kubernetes.default.svc + foo: baz + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + foo: '{{.foo}}' + spec: + project: default + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + path: applicationset/examples/list-generator/guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook + syncPolicy: + applicationsSync: create-update diff --git a/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-deployment.yaml b/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-deployment.yaml new file mode 100644 index 0000000000000..8a0975e363539 --- /dev/null +++ b/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: guestbook-ui +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app: guestbook-ui + template: + metadata: + labels: + app: guestbook-ui + spec: + containers: + - image: gcr.io/heptio-images/ks-guestbook-demo:0.2 + name: guestbook-ui + ports: + - containerPort: 80 diff --git a/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-svc.yaml b/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-svc.yaml new file mode 100644 index 0000000000000..e8a4a27fbae40 --- /dev/null +++ b/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: guestbook-ui +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: guestbook-ui diff --git a/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-deployment.yaml b/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-deployment.yaml new file mode 100644 index 0000000000000..8a0975e363539 --- /dev/null +++ b/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: guestbook-ui +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app: guestbook-ui + template: + metadata: + labels: + app: guestbook-ui + spec: + containers: + - image: gcr.io/heptio-images/ks-guestbook-demo:0.2 + name: guestbook-ui + ports: + - containerPort: 80 diff --git a/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-svc.yaml b/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-svc.yaml new file mode 100644 index 0000000000000..e8a4a27fbae40 --- /dev/null +++ b/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: guestbook-ui +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: guestbook-ui diff --git a/applicationset/examples/cluster/cluster-example.yaml b/applicationset/examples/cluster/cluster-example.yaml index 9714ce1952e9c..a8e54212595e8 100644 --- a/applicationset/examples/cluster/cluster-example.yaml +++ b/applicationset/examples/cluster/cluster-example.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - clusters: {} template: diff --git a/applicationset/examples/clusterDecisionResource/ducktype-example.yaml b/applicationset/examples/clusterDecisionResource/ducktype-example.yaml index c6058e870bbf6..cf633483a8f68 100644 --- a/applicationset/examples/clusterDecisionResource/ducktype-example.yaml +++ b/applicationset/examples/clusterDecisionResource/ducktype-example.yaml @@ -4,6 +4,7 @@ metadata: name: book-import spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - clusterDecisionResource: configMapRef: ocm-placement diff --git a/applicationset/examples/design-doc/applicationset.yaml b/applicationset/examples/design-doc/applicationset.yaml index b1e49bd814d15..7ab4e824596a3 100644 --- a/applicationset/examples/design-doc/applicationset.yaml +++ b/applicationset/examples/design-doc/applicationset.yaml @@ -8,6 +8,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - clusters: {} template: diff --git a/applicationset/examples/design-doc/git-directory-discovery.yaml b/applicationset/examples/design-doc/git-directory-discovery.yaml index 2f62e33cd6ca6..a158d034d9043 100644 --- a/applicationset/examples/design-doc/git-directory-discovery.yaml +++ b/applicationset/examples/design-doc/git-directory-discovery.yaml @@ -27,6 +27,7 @@ metadata: name: cluster-addons spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/infra-team/cluster-deployments.git diff --git a/applicationset/examples/design-doc/git-files-discovery.yaml b/applicationset/examples/design-doc/git-files-discovery.yaml index 3a4167886de69..367e318ac2d5a 100644 --- a/applicationset/examples/design-doc/git-files-discovery.yaml +++ b/applicationset/examples/design-doc/git-files-discovery.yaml @@ -38,6 +38,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/infra-team/cluster-deployments.git diff --git a/applicationset/examples/design-doc/git-files-literal.yaml b/applicationset/examples/design-doc/git-files-literal.yaml index 5cb9bd9553446..9dbace36e4c56 100644 --- a/applicationset/examples/design-doc/git-files-literal.yaml +++ b/applicationset/examples/design-doc/git-files-literal.yaml @@ -51,6 +51,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/infra-team/cluster-deployments.git diff --git a/applicationset/examples/design-doc/list.yaml b/applicationset/examples/design-doc/list.yaml index 3f76526b17df5..b1bcd593eac7f 100644 --- a/applicationset/examples/design-doc/list.yaml +++ b/applicationset/examples/design-doc/list.yaml @@ -5,6 +5,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/examples/design-doc/template-override.yaml b/applicationset/examples/design-doc/template-override.yaml index be55e739e15a2..970c7c395a820 100644 --- a/applicationset/examples/design-doc/template-override.yaml +++ b/applicationset/examples/design-doc/template-override.yaml @@ -8,6 +8,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml b/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml index 786d30a536419..a021a3d0c66d3 100644 --- a/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml +++ b/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml @@ -5,6 +5,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git diff --git a/applicationset/examples/git-generator-directory/git-directories-example.yaml b/applicationset/examples/git-generator-directory/git-directories-example.yaml index 4ac79a34dd43c..6fc16b4d39384 100644 --- a/applicationset/examples/git-generator-directory/git-directories-example.yaml +++ b/applicationset/examples/git-generator-directory/git-directories-example.yaml @@ -5,6 +5,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git diff --git a/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml b/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml index 7ccd68f6c6b88..78a0136655498 100644 --- a/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml +++ b/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git diff --git a/applicationset/examples/list-generator/list-example.yaml b/applicationset/examples/list-generator/list-example.yaml index a54fa0cfd92e1..03e33130bad84 100644 --- a/applicationset/examples/list-generator/list-example.yaml +++ b/applicationset/examples/list-generator/list-example.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/examples/matrix/cluster-and-git.yaml b/applicationset/examples/matrix/cluster-and-git.yaml index a42568db821f3..d58d2fa5f83f6 100644 --- a/applicationset/examples/matrix/cluster-and-git.yaml +++ b/applicationset/examples/matrix/cluster-and-git.yaml @@ -8,6 +8,7 @@ metadata: name: cluster-git spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/matrix/list-and-git.yaml b/applicationset/examples/matrix/list-and-git.yaml index d1a2979daedfe..9ba04345476b4 100644 --- a/applicationset/examples/matrix/list-and-git.yaml +++ b/applicationset/examples/matrix/list-and-git.yaml @@ -8,6 +8,7 @@ metadata: name: list-git spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/matrix/list-and-list.yaml b/applicationset/examples/matrix/list-and-list.yaml index fe5606a4b4b53..f88189ba5ec01 100644 --- a/applicationset/examples/matrix/list-and-list.yaml +++ b/applicationset/examples/matrix/list-and-list.yaml @@ -5,6 +5,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml b/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml index 783b4c94b5c3a..e4fed589764a8 100644 --- a/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml +++ b/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml @@ -13,6 +13,7 @@ metadata: name: matrix-and-union-in-matrix spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/merge/merge-clusters-and-list.yaml b/applicationset/examples/merge/merge-clusters-and-list.yaml index 48b35b0251ed4..c91f4fea47d7b 100644 --- a/applicationset/examples/merge/merge-clusters-and-list.yaml +++ b/applicationset/examples/merge/merge-clusters-and-list.yaml @@ -4,6 +4,7 @@ metadata: name: merge-clusters-and-list spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - merge: mergeKeys: diff --git a/applicationset/examples/merge/merge-two-matrixes.yaml b/applicationset/examples/merge/merge-two-matrixes.yaml index f7590fb685d9f..f864ac6948b2d 100644 --- a/applicationset/examples/merge/merge-two-matrixes.yaml +++ b/applicationset/examples/merge/merge-two-matrixes.yaml @@ -4,6 +4,7 @@ metadata: name: merge-two-matrixes spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - merge: mergeKeys: diff --git a/applicationset/examples/pull-request-generator/pull-request-example.yaml b/applicationset/examples/pull-request-generator/pull-request-example.yaml index 98f66ae095e6d..d8ad8502b9b13 100644 --- a/applicationset/examples/pull-request-generator/pull-request-example.yaml +++ b/applicationset/examples/pull-request-generator/pull-request-example.yaml @@ -4,6 +4,7 @@ metadata: name: myapp spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - pullRequest: github: diff --git a/applicationset/examples/scm-provider-generator/scm-provider-example.yaml b/applicationset/examples/scm-provider-generator/scm-provider-example.yaml index 8e310d45ccda5..c3ca2e5b3e5a9 100644 --- a/applicationset/examples/scm-provider-generator/scm-provider-example.yaml +++ b/applicationset/examples/scm-provider-generator/scm-provider-example.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - scmProvider: github: diff --git a/applicationset/examples/template-override/template-overrides-example.yaml b/applicationset/examples/template-override/template-overrides-example.yaml index dbc19418b4716..48cbf703fcd70 100644 --- a/applicationset/examples/template-override/template-overrides-example.yaml +++ b/applicationset/examples/template-override/template-overrides-example.yaml @@ -8,6 +8,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go index 6e40391901e7a..9486d0e5e4475 100644 --- a/applicationset/generators/cluster.go +++ b/applicationset/generators/cluster.go @@ -109,7 +109,7 @@ func (g *ClusterGenerator) GenerateParams( params["nameNormalized"] = cluster.Name params["server"] = cluster.Server - err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet) + err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) if err != nil { return nil, err } @@ -149,7 +149,7 @@ func (g *ClusterGenerator) GenerateParams( } } - err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet) + err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) if err != nil { return nil, err } @@ -162,44 +162,6 @@ func (g *ClusterGenerator) GenerateParams( return res, nil } -func appendTemplatedValues(clusterValues map[string]string, params map[string]interface{}, appSet *argoappsetv1alpha1.ApplicationSet) error { - // We create a local map to ensure that we do not fall victim to a billion-laughs attack. We iterate through the - // cluster values map and only replace values in said map if it has already been whitelisted in the params map. - // Once we iterate through all the cluster values we can then safely merge the `tmp` map into the main params map. - tmp := map[string]interface{}{} - - for key, value := range clusterValues { - result, err := replaceTemplatedString(value, params, appSet) - - if err != nil { - return fmt.Errorf("error replacing templated String: %w", err) - } - - if appSet.Spec.GoTemplate { - if tmp["values"] == nil { - tmp["values"] = map[string]string{} - } - tmp["values"].(map[string]string)[key] = result - } else { - tmp[fmt.Sprintf("values.%s", key)] = result - } - } - - for key, value := range tmp { - params[key] = value - } - - return nil -} - -func replaceTemplatedString(value string, params map[string]interface{}, appSet *argoappsetv1alpha1.ApplicationSet) (string, error) { - replacedTmplStr, err := render.Replace(value, params, appSet.Spec.GoTemplate) - if err != nil { - return "", err - } - return replacedTmplStr, nil -} - func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) (map[string]corev1.Secret, error) { // List all Clusters: clusterSecretList := &corev1.SecretList{} diff --git a/applicationset/generators/generator_spec_processor.go b/applicationset/generators/generator_spec_processor.go index 419cc2dde9702..e9b6f5ef278ea 100644 --- a/applicationset/generators/generator_spec_processor.go +++ b/applicationset/generators/generator_spec_processor.go @@ -5,8 +5,8 @@ import ( "reflect" "github.com/argoproj/argo-cd/v2/applicationset/utils" + "github.com/jeremywohl/flatten" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -26,7 +26,10 @@ type TransformResult struct { // Transform a spec generator to list of paramSets and a template func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, allGenerators map[string]Generator, baseTemplate argoprojiov1alpha1.ApplicationSetTemplate, appSet *argoprojiov1alpha1.ApplicationSet, genParams map[string]interface{}) ([]TransformResult, error) { - selector, err := metav1.LabelSelectorAsSelector(requestedGenerator.Selector) + // This is a custom version of the `LabelSelectorAsSelector` that is in k8s.io/apimachinery. This has been copied + // verbatim from that package, with the difference that we do not have any restrictions on label values. This is done + // so that, among other things, we can match on cluster urls. + selector, err := utils.LabelSelectorAsSelector(requestedGenerator.Selector) if err != nil { return nil, fmt.Errorf("error parsing label selector: %w", err) } @@ -49,7 +52,7 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al } var params []map[string]interface{} if len(genParams) != 0 { - tempInterpolatedGenerator, err := InterpolateGenerator(&requestedGenerator, genParams, appSet.Spec.GoTemplate) + tempInterpolatedGenerator, err := InterpolateGenerator(&requestedGenerator, genParams, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) interpolatedGenerator = &tempInterpolatedGenerator if err != nil { log.WithError(err).WithField("genParams", genParams). @@ -71,8 +74,17 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al } var filterParams []map[string]interface{} for _, param := range params { + flatParam, err := flattenParameters(param) + if err != nil { + log.WithError(err).WithField("generator", g). + Error("error flattening params") + if firstError == nil { + firstError = err + } + continue + } - if requestedGenerator.Selector != nil && !selector.Matches(labels.Set(keepOnlyStringValues(param))) { + if requestedGenerator.Selector != nil && !selector.Matches(labels.Set(flatParam)) { continue } filterParams = append(filterParams, param) @@ -87,18 +99,6 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al return res, firstError } -func keepOnlyStringValues(in map[string]interface{}) map[string]string { - var out map[string]string = map[string]string{} - - for key, value := range in { - if _, ok := value.(string); ok { - out[key] = value.(string) - } - } - - return out -} - func GetRelevantGenerators(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, generators map[string]Generator) []Generator { var res []Generator @@ -121,6 +121,20 @@ func GetRelevantGenerators(requestedGenerator *argoprojiov1alpha1.ApplicationSet return res } +func flattenParameters(in map[string]interface{}) (map[string]string, error) { + flat, err := flatten.Flatten(in, "", flatten.DotStyle) + if err != nil { + return nil, err + } + + out := make(map[string]string, len(flat)) + for k, v := range flat { + out[k] = fmt.Sprintf("%v", v) + } + + return out, nil +} + func mergeGeneratorTemplate(g Generator, requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetTemplate argoprojiov1alpha1.ApplicationSetTemplate) (argoprojiov1alpha1.ApplicationSetTemplate, error) { // Make a copy of the value from `GetTemplate()` before merge, rather than copying directly into // the provided parameter (which will touch the original resource object returned by client-go) @@ -133,9 +147,9 @@ func mergeGeneratorTemplate(g Generator, requestedGenerator *argoprojiov1alpha1. // InterpolateGenerator allows interpolating the matrix's 2nd child generator with values from the 1st child generator // "params" parameter is an array, where each index corresponds to a generator. Each index contains a map w/ that generator's parameters. -func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool) (argoprojiov1alpha1.ApplicationSetGenerator, error) { +func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (argoprojiov1alpha1.ApplicationSetGenerator, error) { render := utils.Render{} - interpolatedGenerator, err := render.RenderGeneratorParams(requestedGenerator, params, useGoTemplate) + interpolatedGenerator, err := render.RenderGeneratorParams(requestedGenerator, params, useGoTemplate, goTemplateOptions) if err != nil { log.WithError(err).WithField("interpolatedGenerator", interpolatedGenerator).Error("error interpolating generator with other generator's parameter") return *interpolatedGenerator, err @@ -143,3 +157,16 @@ func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetG return *interpolatedGenerator, nil } + +// Fixes https://github.com/argoproj/argo-cd/issues/11982 while ensuring backwards compatibility. +// This is only a short-term solution and should be removed in a future major version. +func dropDisabledNestedSelectors(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator) bool { + var foundSelector bool + for i := range generators { + if generators[i].Selector != nil { + foundSelector = true + generators[i].Selector = nil + } + } + return foundSelector +} diff --git a/applicationset/generators/generator_spec_processor_test.go b/applicationset/generators/generator_spec_processor_test.go index 89ca8fc67010a..b9756ee7fc6d4 100644 --- a/applicationset/generators/generator_spec_processor_test.go +++ b/applicationset/generators/generator_spec_processor_test.go @@ -73,7 +73,92 @@ func TestMatchValues(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "set", }, - Spec: argov1alpha1.ApplicationSetSpec{}, + Spec: argov1alpha1.ApplicationSetSpec{ + GoTemplate: false, + }, + } + + results, err := Transform(argov1alpha1.ApplicationSetGenerator{ + Selector: testCase.selector, + List: &argov1alpha1.ListGenerator{ + Elements: testCase.elements, + Template: emptyTemplate(), + }}, + data, + emptyTemplate(), + &applicationSetInfo, nil) + + assert.NoError(t, err) + assert.ElementsMatch(t, testCase.expected, results[0].Params) + }) + } +} + +func TestMatchValuesGoTemplate(t *testing.T) { + testCases := []struct { + name string + elements []apiextensionsv1.JSON + selector *metav1.LabelSelector + expected []map[string]interface{} + }{ + { + name: "no filter", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}}, + selector: &metav1.LabelSelector{}, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}}, + }, + { + name: "nil", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}}, + selector: nil, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}}, + }, + { + name: "values.foo should be foo but is ignore element", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}}, + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.foo": "foo", + }, + }, + expected: []map[string]interface{}{}, + }, + { + name: "values.foo should be bar", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}}, + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.foo": "bar", + }, + }, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values": map[string]interface{}{"foo": "bar"}}}, + }, + { + name: "values.0 should be bar", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":["bar"]}`)}}, + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.0": "bar", + }, + }, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values": []interface{}{"bar"}}}, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + var listGenerator = NewListGenerator() + var data = map[string]Generator{ + "List": listGenerator, + } + + applicationSetInfo := argov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argov1alpha1.ApplicationSetSpec{ + GoTemplate: true, + }, } results, err := Transform(argov1alpha1.ApplicationSetGenerator{ @@ -92,6 +177,75 @@ func TestMatchValues(t *testing.T) { } } +func TestTransForm(t *testing.T) { + testCases := []struct { + name string + selector *metav1.LabelSelector + expected []map[string]interface{} + }{ + { + name: "server filter", + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"server": "https://production-01.example.com"}, + }, + expected: []map[string]interface{}{{ + "metadata.annotations.foo.argoproj.io": "production", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", + "metadata.labels.environment": "production", + "metadata.labels.org": "bar", + "name": "production_01/west", + "nameNormalized": "production-01-west", + "server": "https://production-01.example.com", + }}, + }, + { + name: "server filter with long url", + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"server": "https://some-really-long-url-that-will-exceed-63-characters.com"}, + }, + expected: []map[string]interface{}{{ + "metadata.annotations.foo.argoproj.io": "production", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", + "metadata.labels.environment": "production", + "metadata.labels.org": "bar", + "name": "some-really-long-server-url", + "nameNormalized": "some-really-long-server-url", + "server": "https://some-really-long-url-that-will-exceed-63-characters.com", + }}, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + testGenerators := map[string]Generator{ + "Clusters": getMockClusterGenerator(), + } + + applicationSetInfo := argov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argov1alpha1.ApplicationSetSpec{}, + } + + results, err := Transform( + argov1alpha1.ApplicationSetGenerator{ + Selector: testCase.selector, + Clusters: &argov1alpha1.ClusterGenerator{ + Selector: metav1.LabelSelector{}, + Template: argov1alpha1.ApplicationSetTemplate{}, + Values: nil, + }}, + testGenerators, + emptyTemplate(), + &applicationSetInfo, nil) + + assert.NoError(t, err) + assert.ElementsMatch(t, testCase.expected, results[0].Params) + }) + } +} + func emptyTemplate() argov1alpha1.ApplicationSetTemplate { return argov1alpha1.ApplicationSetTemplate{ Spec: argov1alpha1.ApplicationSpec{ @@ -150,8 +304,35 @@ func getMockClusterGenerator() Generator { }, Type: corev1.SecretType("Opaque"), }, + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "some-really-long-server-url", + Namespace: "namespace", + Labels: map[string]string{ + "argocd.argoproj.io/secret-type": "cluster", + "environment": "production", + "org": "bar", + }, + Annotations: map[string]string{ + "foo.argoproj.io": "production", + }, + }, + Data: map[string][]byte{ + "config": []byte("{}"), + "name": []byte("some-really-long-server-url"), + "server": []byte("https://some-really-long-url-that-will-exceed-63-characters.com"), + }, + Type: corev1.SecretType("Opaque"), + }, } runtimeClusters := []runtime.Object{} + for _, clientCluster := range clusters { + runtimeClusters = append(runtimeClusters, clientCluster) + } appClientset := kubefake.NewSimpleClientset(runtimeClusters...) fakeClient := fake.NewClientBuilder().WithObjects(clusters...).Build() @@ -232,7 +413,7 @@ func TestInterpolateGenerator(t *testing.T) { "path[1]": "p2", "path.basenameNormalized": "app3", } - interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, false) + interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, false, nil) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") return @@ -257,7 +438,7 @@ func TestInterpolateGenerator(t *testing.T) { clusterGeneratorParams := map[string]interface{}{ "name": "production_01/west", "server": "https://production-01.example.com", } - interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, false) + interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, false, nil) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") return @@ -285,7 +466,7 @@ func TestInterpolateGenerator_go(t *testing.T) { "segments": []string{"p1", "p2", "app3"}, }, } - interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, true) + interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, true, nil) require.NoError(t, err) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") @@ -311,7 +492,7 @@ func TestInterpolateGenerator_go(t *testing.T) { clusterGeneratorParams := map[string]interface{}{ "name": "production_01/west", "server": "https://production-01.example.com", } - interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, true) + interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, true, nil) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") return diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go index 911dc49391f18..9b2825618d80a 100644 --- a/applicationset/generators/git.go +++ b/applicationset/generators/git.go @@ -59,9 +59,9 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic var err error var res []map[string]interface{} if len(appSetGenerator.Git.Directories) != 0 { - res, err = g.generateParamsForGitDirectories(appSetGenerator, appSet.Spec.GoTemplate) + res, err = g.generateParamsForGitDirectories(appSetGenerator, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) } else if len(appSetGenerator.Git.Files) != 0 { - res, err = g.generateParamsForGitFiles(appSetGenerator, appSet.Spec.GoTemplate) + res, err = g.generateParamsForGitFiles(appSetGenerator, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) } else { return nil, EmptyAppSetGeneratorError } @@ -72,7 +72,7 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic return res, nil } -func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { // Directories, not files allPaths, err := g.repos.GetDirectories(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision) @@ -90,12 +90,15 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj requestedApps := g.filterApps(appSetGenerator.Git.Directories, allPaths) - res := g.generateParamsFromApps(requestedApps, appSetGenerator, useGoTemplate) + res, err := g.generateParamsFromApps(requestedApps, appSetGenerator, useGoTemplate, goTemplateOptions) + if err != nil { + return nil, fmt.Errorf("failed to generate params from apps: %w", err) + } return res, nil } -func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { // Get all files that match the requested path string, removing duplicates allFiles := make(map[string][]byte) @@ -122,7 +125,7 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al for _, path := range allPaths { // A JSON / YAML file path can contain multiple sets of parameters (ie it is an array) - paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], useGoTemplate, appSetGenerator.Git.PathParamPrefix) + paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], appSetGenerator.Git.Values, useGoTemplate, goTemplateOptions, appSetGenerator.Git.PathParamPrefix) if err != nil { return nil, fmt.Errorf("unable to process file '%s': %v", path, err) } @@ -132,7 +135,7 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al return res, nil } -func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, useGoTemplate bool, pathParamPrefix string) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, values map[string]string, useGoTemplate bool, goTemplateOptions []string, pathParamPrefix string) ([]map[string]interface{}, error) { objectsFound := []map[string]interface{}{} // First, we attempt to parse as an array @@ -195,6 +198,11 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent [] } } + err := appendTemplatedValues(values, params, useGoTemplate, goTemplateOptions) + if err != nil { + return nil, fmt.Errorf("failed to append templated values: %w", err) + } + res = append(res, params) } @@ -229,7 +237,7 @@ func (g *GitGenerator) filterApps(Directories []argoprojiov1alpha1.GitDirectoryG return res } -func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) []map[string]interface{} { +func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { res := make([]map[string]interface{}, len(requestedApps)) for i, a := range requestedApps { @@ -261,8 +269,13 @@ func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGene } } + err := appendTemplatedValues(appSetGenerator.Git.Values, params, useGoTemplate, goTemplateOptions) + if err != nil { + return nil, fmt.Errorf("failed to append templated values: %w", err) + } + res[i] = params } - return res + return res, nil } diff --git a/applicationset/generators/git_test.go b/applicationset/generators/git_test.go index dadb7ec29c0b5..a236b00bca7bb 100644 --- a/applicationset/generators/git_test.go +++ b/applicationset/generators/git_test.go @@ -4,20 +4,21 @@ import ( "fmt" "testing" - "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) - func Test_generateParamsFromGitFile(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), false, "") +`), values, false, nil, "") if err != nil { t.Fatal(err) } @@ -36,10 +37,11 @@ foo: } func Test_generatePrefixedParamsFromGitFile(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), false, "myRepo") +`), values, false, nil, "myRepo") if err != nil { t.Fatal(err) } @@ -58,10 +60,11 @@ foo: } func Test_generateParamsFromGitFileGoTemplate(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), true, "") +`), values, true, nil, "") if err != nil { t.Fatal(err) } @@ -86,10 +89,11 @@ foo: } func Test_generatePrefixedParamsFromGitFileGoTemplate(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), true, "myRepo") +`), values, true, nil, "myRepo") if err != nil { t.Fatal(err) } @@ -123,6 +127,7 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { pathParamPrefix string repoApps []string repoError error + values map[string]string expected []map[string]interface{} expectedError error }{ @@ -213,6 +218,25 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { }, expectedError: nil, }, + { + name: "Value variable interpolation", + directories: []argoprojiov1alpha1.GitDirectoryGeneratorItem{{Path: "*"}, {Path: "*/*"}}, + repoApps: []string{ + "app1", + "p1/app2", + }, + repoError: nil, + values: map[string]string{ + "foo": "bar", + "aaa": "{{ path[0] }}", + "no-op": "{{ this-does-not-exist }}", + }, + expected: []map[string]interface{}{ + {"values.foo": "bar", "values.no-op": "{{ this-does-not-exist }}", "values.aaa": "app1", "path": "app1", "path.basename": "app1", "path[0]": "app1", "path.basenameNormalized": "app1"}, + {"values.foo": "bar", "values.no-op": "{{ this-does-not-exist }}", "values.aaa": "p1", "path": "p1/app2", "path.basename": "app2", "path[0]": "p1", "path[1]": "app2", "path.basenameNormalized": "app2"}, + }, + expectedError: nil, + }, { name: "handles empty response from repo server", directories: []argoprojiov1alpha1.GitDirectoryGeneratorItem{{Path: "*"}}, @@ -253,6 +277,7 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { Revision: "Revision", Directories: testCaseCopy.directories, PathParamPrefix: testCaseCopy.pathParamPrefix, + Values: testCaseCopy.values, }, }}, }, @@ -579,6 +604,7 @@ func TestGitGenerateParamsFromFiles(t *testing.T) { repoFileContents map[string][]byte // if repoPathsError is non-nil, the call to GetPaths(...) will return this error value repoPathsError error + values map[string]string expected []map[string]interface{} expectedError error }{ @@ -642,6 +668,74 @@ func TestGitGenerateParamsFromFiles(t *testing.T) { }, expectedError: nil, }, + { + name: "Value variable interpolation", + files: []argoprojiov1alpha1.GitFileGeneratorItem{{Path: "**/config.json"}}, + repoFileContents: map[string][]byte{ + "cluster-config/production/config.json": []byte(`{ + "cluster": { + "owner": "john.doe@example.com", + "name": "production", + "address": "https://kubernetes.default.svc" + }, + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 +}`), + "cluster-config/staging/config.json": []byte(`{ + "cluster": { + "owner": "foo.bar@example.com", + "name": "staging", + "address": "https://kubernetes.default.svc" + } +}`), + }, + repoPathsError: nil, + values: map[string]string{ + "aaa": "{{ cluster.owner }}", + "no-op": "{{ this-does-not-exist }}", + }, + expected: []map[string]interface{}{ + { + "cluster.owner": "john.doe@example.com", + "cluster.name": "production", + "cluster.address": "https://kubernetes.default.svc", + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "path": "cluster-config/production", + "path.basename": "production", + "path[0]": "cluster-config", + "path[1]": "production", + "path.basenameNormalized": "production", + "path.filename": "config.json", + "path.filenameNormalized": "config.json", + "values.aaa": "john.doe@example.com", + "values.no-op": "{{ this-does-not-exist }}", + }, + { + "cluster.owner": "foo.bar@example.com", + "cluster.name": "staging", + "cluster.address": "https://kubernetes.default.svc", + "path": "cluster-config/staging", + "path.basename": "staging", + "path[0]": "cluster-config", + "path[1]": "staging", + "path.basenameNormalized": "staging", + "path.filename": "config.json", + "path.filenameNormalized": "config.json", + "values.aaa": "foo.bar@example.com", + "values.no-op": "{{ this-does-not-exist }}", + }, + }, + expectedError: nil, + }, { name: "handles error during getting repo paths", files: []argoprojiov1alpha1.GitFileGeneratorItem{{Path: "**/config.json"}}, @@ -838,6 +932,7 @@ cluster: RepoURL: "RepoURL", Revision: "Revision", Files: testCaseCopy.files, + Values: testCaseCopy.values, }, }}, }, diff --git a/applicationset/generators/matrix.go b/applicationset/generators/matrix.go index 0389e8ad9062a..2d5d18c8a203c 100644 --- a/applicationset/generators/matrix.go +++ b/applicationset/generators/matrix.go @@ -8,6 +8,8 @@ import ( "github.com/argoproj/argo-cd/v2/applicationset/utils" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + + log "github.com/sirupsen/logrus" ) var _ Generator = (*MatrixGenerator)(nil) @@ -84,10 +86,22 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli if err != nil { return nil, err } + if matrixGen != nil && !appSet.Spec.ApplyNestedSelectors { + foundSelector := dropDisabledNestedSelectors(matrixGen.Generators) + if foundSelector { + log.Warnf("AppSet '%v' defines selector on nested matrix generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selectors", appSet.Name) + } + } mergeGen, err := getMergeGenerator(appSetBaseGenerator) if err != nil { return nil, err } + if mergeGen != nil && !appSet.Spec.ApplyNestedSelectors { + foundSelector := dropDisabledNestedSelectors(mergeGen.Generators) + if foundSelector { + log.Warnf("AppSet '%v' defines selector on nested merge generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selectors", appSet.Name) + } + } t, err := Transform( argoprojiov1alpha1.ApplicationSetGenerator{ @@ -97,6 +111,7 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli SCMProvider: appSetBaseGenerator.SCMProvider, ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource, PullRequest: appSetBaseGenerator.PullRequest, + Plugin: appSetBaseGenerator.Plugin, Matrix: matrixGen, Merge: mergeGen, Selector: appSetBaseGenerator.Selector, @@ -135,6 +150,7 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap Clusters: r.Clusters, Git: r.Git, PullRequest: r.PullRequest, + Plugin: r.Plugin, Matrix: matrixGen, Merge: mergeGen, } diff --git a/applicationset/generators/matrix_test.go b/applicationset/generators/matrix_test.go index e2d55dfc28103..902a7b86b2d73 100644 --- a/applicationset/generators/matrix_test.go +++ b/applicationset/generators/matrix_test.go @@ -5,7 +5,6 @@ import ( "testing" "time" - "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -14,6 +13,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" + "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -848,7 +849,7 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { } listGenerator := &argoprojiov1alpha1.ListGenerator{ - Elements: []apiextensionsv1.JSON{}, + Elements: []apiextensionsv1.JSON{}, ElementsYaml: "{{ .foo.bar | toJson }}", } @@ -870,60 +871,59 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { }, expected: []map[string]interface{}{ { - "chart": "a", - "version": "1", + "chart": "a", + "version": "1", "foo": map[string]interface{}{ "bar": []interface{}{ map[string]interface{}{ - "chart": "a", + "chart": "a", "version": "1", }, map[string]interface{}{ - "chart": "b", + "chart": "b", "version": "2", }, }, }, "path": map[string]interface{}{ - "basename": "dir", + "basename": "dir", "basenameNormalized": "dir", - "filename": "file_name.yaml", + "filename": "file_name.yaml", "filenameNormalized": "file-name.yaml", - "path": "path/dir", - "segments": []string { + "path": "path/dir", + "segments": []string{ "path", "dir", }, }, }, { - "chart": "b", - "version": "2", + "chart": "b", + "version": "2", "foo": map[string]interface{}{ "bar": []interface{}{ map[string]interface{}{ - "chart": "a", + "chart": "a", "version": "1", }, map[string]interface{}{ - "chart": "b", + "chart": "b", "version": "2", }, }, }, "path": map[string]interface{}{ - "basename": "dir", + "basename": "dir", "basenameNormalized": "dir", - "filename": "file_name.yaml", + "filename": "file_name.yaml", "filenameNormalized": "file-name.yaml", - "path": "path/dir", - "segments": []string { + "path": "path/dir", + "segments": []string{ "path", "dir", }, }, }, - }, }, } @@ -952,27 +952,26 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { "foo": map[string]interface{}{ "bar": []interface{}{ map[string]interface{}{ - "chart": "a", + "chart": "a", "version": "1", }, map[string]interface{}{ - "chart": "b", + "chart": "b", "version": "2", }, }, }, "path": map[string]interface{}{ - "basename": "dir", + "basename": "dir", "basenameNormalized": "dir", - "filename": "file_name.yaml", + "filename": "file_name.yaml", "filenameNormalized": "file-name.yaml", - "path": "path/dir", - "segments": []string { + "path": "path/dir", + "segments": []string{ "path", "dir", }, }, - }}, nil) genMock.On("GetTemplate", &gitGeneratorSpec). Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) diff --git a/applicationset/generators/merge.go b/applicationset/generators/merge.go index a2827a74ba5f0..6d79925e5d61a 100644 --- a/applicationset/generators/merge.go +++ b/applicationset/generators/merge.go @@ -9,6 +9,8 @@ import ( "github.com/argoproj/argo-cd/v2/applicationset/utils" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + + log "github.com/sirupsen/logrus" ) var _ Generator = (*MergeGenerator)(nil) @@ -141,10 +143,22 @@ func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Applic if err != nil { return nil, err } + if matrixGen != nil && !appSet.Spec.ApplyNestedSelectors { + foundSelector := dropDisabledNestedSelectors(matrixGen.Generators) + if foundSelector { + log.Warnf("AppSet '%v' defines selector on nested matrix generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selector", appSet.Name) + } + } mergeGen, err := getMergeGenerator(appSetBaseGenerator) if err != nil { return nil, err } + if mergeGen != nil && !appSet.Spec.ApplyNestedSelectors { + foundSelector := dropDisabledNestedSelectors(mergeGen.Generators) + if foundSelector { + log.Warnf("AppSet '%v' defines selector on nested merge generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selector", appSet.Name) + } + } t, err := Transform( argoprojiov1alpha1.ApplicationSetGenerator{ @@ -154,6 +168,7 @@ func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Applic SCMProvider: appSetBaseGenerator.SCMProvider, ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource, PullRequest: appSetBaseGenerator.PullRequest, + Plugin: appSetBaseGenerator.Plugin, Matrix: matrixGen, Merge: mergeGen, Selector: appSetBaseGenerator.Selector, @@ -190,6 +205,7 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App Clusters: r.Clusters, Git: r.Git, PullRequest: r.PullRequest, + Plugin: r.Plugin, Matrix: matrixGen, Merge: mergeGen, } diff --git a/applicationset/generators/plugin.go b/applicationset/generators/plugin.go new file mode 100644 index 0000000000000..9876d0ff93a2a --- /dev/null +++ b/applicationset/generators/plugin.go @@ -0,0 +1,211 @@ +package generators + +import ( + "context" + "fmt" + "strconv" + "strings" + "time" + + "github.com/jeremywohl/flatten" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/kubernetes" + "sigs.k8s.io/controller-runtime/pkg/client" + + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/settings" + + "github.com/argoproj/argo-cd/v2/applicationset/services/plugin" +) + +const ( + DefaultPluginRequeueAfterSeconds = 30 * time.Minute +) + +var _ Generator = (*PluginGenerator)(nil) + +type PluginGenerator struct { + client client.Client + ctx context.Context + clientset kubernetes.Interface + namespace string +} + +func NewPluginGenerator(client client.Client, ctx context.Context, clientset kubernetes.Interface, namespace string) Generator { + g := &PluginGenerator{ + client: client, + ctx: ctx, + clientset: clientset, + namespace: namespace, + } + return g +} + +func (g *PluginGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration { + // Return a requeue default of 30 minutes, if no default is specified. + + if appSetGenerator.Plugin.RequeueAfterSeconds != nil { + return time.Duration(*appSetGenerator.Plugin.RequeueAfterSeconds) * time.Second + } + + return DefaultPluginRequeueAfterSeconds +} + +func (g *PluginGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate { + return &appSetGenerator.Plugin.Template +} + +func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + + if appSetGenerator == nil { + return nil, EmptyAppSetGeneratorError + } + + if appSetGenerator.Plugin == nil { + return nil, EmptyAppSetGeneratorError + } + + ctx := context.Background() + + providerConfig := appSetGenerator.Plugin + + pluginClient, err := g.getPluginFromGenerator(ctx, applicationSetInfo.Name, providerConfig) + if err != nil { + return nil, err + } + + list, err := pluginClient.List(ctx, providerConfig.Input.Parameters) + if err != nil { + return nil, fmt.Errorf("error listing params: %w", err) + } + + res, err := g.generateParams(appSetGenerator, applicationSetInfo, list.Output.Parameters, appSetGenerator.Plugin.Input.Parameters, applicationSetInfo.Spec.GoTemplate) + if err != nil { + return nil, err + } + + return res, nil +} + +func (g *PluginGenerator) getPluginFromGenerator(ctx context.Context, appSetName string, generatorConfig *argoprojiov1alpha1.PluginGenerator) (*plugin.Service, error) { + cm, err := g.getConfigMap(ctx, generatorConfig.ConfigMapRef.Name) + if err != nil { + return nil, fmt.Errorf("error fetching ConfigMap: %w", err) + } + token, err := g.getToken(ctx, cm["token"]) + if err != nil { + return nil, fmt.Errorf("error fetching Secret token: %v", err) + } + + var requestTimeout int + requestTimeoutStr, ok := cm["requestTimeout"] + if ok { + requestTimeout, err = strconv.Atoi(requestTimeoutStr) + if err != nil { + return nil, fmt.Errorf("error set requestTimeout : %w", err) + } + } + + pluginClient, err := plugin.NewPluginService(ctx, appSetName, cm["baseUrl"], token, requestTimeout) + if err != nil { + return nil, err + } + return pluginClient, nil +} + +func (g *PluginGenerator) generateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, objectsFound []map[string]interface{}, pluginParams argoprojiov1alpha1.PluginParameters, useGoTemplate bool) ([]map[string]interface{}, error) { + res := []map[string]interface{}{} + + for _, objectFound := range objectsFound { + + params := map[string]interface{}{} + + if useGoTemplate { + for k, v := range objectFound { + params[k] = v + } + } else { + flat, err := flatten.Flatten(objectFound, "", flatten.DotStyle) + if err != nil { + return nil, err + } + for k, v := range flat { + params[k] = fmt.Sprintf("%v", v) + } + } + + params["generator"] = map[string]interface{}{ + "input": map[string]argoprojiov1alpha1.PluginParameters{ + "parameters": pluginParams, + }, + } + + err := appendTemplatedValues(appSetGenerator.Plugin.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) + if err != nil { + return nil, err + } + + res = append(res, params) + } + + return res, nil +} + +func (g *PluginGenerator) getToken(ctx context.Context, tokenRef string) (string, error) { + + if tokenRef == "" || !strings.HasPrefix(tokenRef, "$") { + return "", fmt.Errorf("token is empty, or does not reference a secret key starting with '$': %v", tokenRef) + } + + secretName, tokenKey := plugin.ParseSecretKey(tokenRef) + + secret := &corev1.Secret{} + err := g.client.Get( + ctx, + client.ObjectKey{ + Name: secretName, + Namespace: g.namespace, + }, + secret) + + if err != nil { + return "", fmt.Errorf("error fetching secret %s/%s: %v", g.namespace, secretName, err) + } + + secretValues := make(map[string]string, len(secret.Data)) + + for k, v := range secret.Data { + secretValues[k] = string(v) + } + + token := settings.ReplaceStringSecret(tokenKey, secretValues) + + return token, err +} + +func (g *PluginGenerator) getConfigMap(ctx context.Context, configMapRef string) (map[string]string, error) { + cm := &corev1.ConfigMap{} + err := g.client.Get( + ctx, + client.ObjectKey{ + Name: configMapRef, + Namespace: g.namespace, + }, + cm) + + if err != nil { + return nil, err + } + + baseUrl, ok := cm.Data["baseUrl"] + if !ok || baseUrl == "" { + return nil, fmt.Errorf("baseUrl not found in ConfigMap") + } + + token, ok := cm.Data["token"] + if !ok || token == "" { + return nil, fmt.Errorf("token not found in ConfigMap") + } + + return cm.Data, nil +} diff --git a/applicationset/generators/plugin_test.go b/applicationset/generators/plugin_test.go new file mode 100644 index 0000000000000..19f53a90b9442 --- /dev/null +++ b/applicationset/generators/plugin_test.go @@ -0,0 +1,705 @@ +package generators + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + v1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + kubefake "k8s.io/client-go/kubernetes/fake" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "github.com/argoproj/argo-cd/v2/applicationset/services/plugin" + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func TestPluginGenerateParams(t *testing.T) { + testCases := []struct { + name string + configmap *v1.ConfigMap + secret *v1.Secret + inputParameters map[string]apiextensionsv1.JSON + values map[string]string + gotemplate bool + expected []map[string]interface{} + content []byte + expectedError error + }{ + { + name: "simple case", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "simple case with values", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + values: map[string]string{ + "valuekey1": "valuevalue1", + "valuekey2": "templated-{{key1}}", + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "values.valuekey1": "valuevalue1", + "values.valuekey2": "templated-val1", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "simple case with gotemplate", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: true, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2": map[string]interface{}{ + "key2_1": "val2_1", + "key2_2": map[string]interface{}{ + "key2_2_1": "val2_2_1", + }, + }, + "key3": float64(123), + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "simple case with appended params", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": {"parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123, + "pkey2": "valplugin" + }]}}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "pkey2": "valplugin", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "no params", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: argoprojiov1alpha1.PluginParameters{}, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": map[string]map[string]interface{}{ + "parameters": {}, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "empty return", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{}, + gotemplate: false, + content: []byte(`{"input": {"parameters": []}}`), + expected: []map[string]interface{}{}, + expectedError: nil, + }, + { + name: "wrong return", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{}, + gotemplate: false, + content: []byte(`wrong body ...`), + expected: []map[string]interface{}{}, + expectedError: fmt.Errorf("error listing params: error get api 'set': invalid character 'w' looking for beginning of value: wrong body ..."), + }, + { + name: "external secret", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin-secret:plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "plugin-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": {"parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123, + "pkey2": "valplugin" + }]}}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "pkey2": "valplugin", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "no secret", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{}, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching Secret token: error fetching secret default/argocd-secret: secrets \"argocd-secret\" not found"), + }, + { + name: "no configmap", + configmap: &v1.ConfigMap{}, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching ConfigMap: configmaps \"\" not found"), + }, + { + name: "no baseUrl", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching ConfigMap: baseUrl not found in ConfigMap"), + }, + { + name: "no token", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + }, + }, + secret: &v1.Secret{}, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching ConfigMap: token not found in ConfigMap"), + }, + } + + ctx := context.Background() + + for _, testCase := range testCases { + + t.Run(testCase.name, func(t *testing.T) { + + generatorConfig := argoprojiov1alpha1.ApplicationSetGenerator{ + Plugin: &argoprojiov1alpha1.PluginGenerator{ + ConfigMapRef: argoprojiov1alpha1.PluginConfigMapRef{Name: testCase.configmap.Name}, + Input: argoprojiov1alpha1.PluginInput{ + Parameters: testCase.inputParameters, + }, + Values: testCase.values, + }, + } + + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + + authHeader := r.Header.Get("Authorization") + _, tokenKey := plugin.ParseSecretKey(testCase.configmap.Data["token"]) + expectedToken := testCase.secret.Data[strings.Replace(tokenKey, "$", "", -1)] + if authHeader != "Bearer "+string(expectedToken) { + w.WriteHeader(http.StatusUnauthorized) + return + } + + w.Header().Set("Content-Type", "application/json") + _, err := w.Write(testCase.content) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + }) + + fakeServer := httptest.NewServer(handler) + + defer fakeServer.Close() + + if _, ok := testCase.configmap.Data["baseUrl"]; ok { + testCase.configmap.Data["baseUrl"] = fakeServer.URL + } + + fakeClient := kubefake.NewSimpleClientset(append([]runtime.Object{}, testCase.configmap, testCase.secret)...) + + fakeClientWithCache := fake.NewClientBuilder().WithObjects([]client.Object{testCase.configmap, testCase.secret}...).Build() + + var pluginGenerator = NewPluginGenerator(fakeClientWithCache, ctx, fakeClient, "default") + + applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argoprojiov1alpha1.ApplicationSetSpec{ + GoTemplate: testCase.gotemplate, + }, + } + + got, err := pluginGenerator.GenerateParams(&generatorConfig, &applicationSetInfo) + + if err != nil { + fmt.Println(err) + } + + if testCase.expectedError != nil { + assert.EqualError(t, err, testCase.expectedError.Error()) + } else { + assert.NoError(t, err) + expectedJson, err := json.Marshal(testCase.expected) + require.NoError(t, err) + gotJson, err := json.Marshal(got) + require.NoError(t, err) + assert.Equal(t, string(expectedJson), string(gotJson)) + } + }) + } +} diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go index d0ca89b42273f..edfe35b42bc4f 100644 --- a/applicationset/generators/pull_request.go +++ b/applicationset/generators/pull_request.go @@ -96,12 +96,14 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha } paramMap := map[string]interface{}{ - "number": strconv.Itoa(pull.Number), - "branch": pull.Branch, - "branch_slug": slug.Make(pull.Branch), - "head_sha": pull.HeadSHA, - "head_short_sha": pull.HeadSHA[:shortSHALength], - "head_short_sha_7": pull.HeadSHA[:shortSHALength7], + "number": strconv.Itoa(pull.Number), + "branch": pull.Branch, + "branch_slug": slug.Make(pull.Branch), + "target_branch": pull.TargetBranch, + "target_branch_slug": slug.Make(pull.TargetBranch), + "head_sha": pull.HeadSHA, + "head_short_sha": pull.HeadSHA[:shortSHALength], + "head_short_sha_7": pull.HeadSHA[:shortSHALength7], } // PR lables will only be supported for Go Template appsets, since fasttemplate will be deprecated. @@ -146,6 +148,32 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera return pullrequest.NewBitbucketServiceNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.Repo) } } + if generatorConfig.Bitbucket != nil { + providerConfig := generatorConfig.Bitbucket + if providerConfig.BearerToken != nil { + appToken, err := g.getSecretRef(ctx, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace) + if err != nil { + return nil, fmt.Errorf("error fetching Secret Bearer token: %v", err) + } + return pullrequest.NewBitbucketCloudServiceBearerToken(providerConfig.API, appToken, providerConfig.Owner, providerConfig.Repo) + } else if providerConfig.BasicAuth != nil { + password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) + if err != nil { + return nil, fmt.Errorf("error fetching Secret token: %v", err) + } + return pullrequest.NewBitbucketCloudServiceBasicAuth(providerConfig.API, providerConfig.BasicAuth.Username, password, providerConfig.Owner, providerConfig.Repo) + } else { + return pullrequest.NewBitbucketCloudServiceNoAuth(providerConfig.API, providerConfig.Owner, providerConfig.Repo) + } + } + if generatorConfig.AzureDevOps != nil { + providerConfig := generatorConfig.AzureDevOps + token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) + if err != nil { + return nil, fmt.Errorf("error fetching Secret token: %v", err) + } + return pullrequest.NewAzureDevOpsService(ctx, token, providerConfig.API, providerConfig.Organization, providerConfig.Project, providerConfig.Repo, providerConfig.Labels) + } return nil, fmt.Errorf("no Pull Request provider implementation configured") } diff --git a/applicationset/generators/pull_request_test.go b/applicationset/generators/pull_request_test.go index ba2ebfab34f01..4ad069657f414 100644 --- a/applicationset/generators/pull_request_test.go +++ b/applicationset/generators/pull_request_test.go @@ -28,9 +28,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -38,12 +39,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "branch1", - "branch_slug": "branch1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "head_short_sha_7": "089d92c", + "number": "1", + "branch": "branch1", + "branch_slug": "branch1", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "head_short_sha_7": "089d92c", }, }, expectedErr: nil, @@ -54,9 +57,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 2, - Branch: "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", - HeadSHA: "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", + Number: 2, + Branch: "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + TargetBranch: "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + HeadSHA: "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", }, }, nil, @@ -64,12 +68,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "2", - "branch": "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", - "branch_slug": "feat-areally-long-pull-request-name-to-test-argo", - "head_sha": "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", - "head_short_sha": "9b34ff5b", - "head_short_sha_7": "9b34ff5", + "number": "2", + "branch": "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + "branch_slug": "feat-areally-long-pull-request-name-to-test-argo", + "target_branch": "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + "target_branch_slug": "feat-anotherreally-long-pull-request-name-to-test", + "head_sha": "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", + "head_short_sha": "9b34ff5b", + "head_short_sha_7": "9b34ff5", }, }, expectedErr: nil, @@ -80,9 +86,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "a-very-short-sha", - HeadSHA: "abcd", + Number: 1, + Branch: "a-very-short-sha", + TargetBranch: "master", + HeadSHA: "abcd", }, }, nil, @@ -90,12 +97,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "a-very-short-sha", - "branch_slug": "a-very-short-sha", - "head_sha": "abcd", - "head_short_sha": "abcd", - "head_short_sha_7": "abcd", + "number": "1", + "branch": "a-very-short-sha", + "branch_slug": "a-very-short-sha", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "abcd", + "head_short_sha": "abcd", + "head_short_sha_7": "abcd", }, }, expectedErr: nil, @@ -117,10 +126,11 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", - Labels: []string{"preview"}, + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Labels: []string{"preview"}, }, }, nil, @@ -128,13 +138,15 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "branch1", - "branch_slug": "branch1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "head_short_sha_7": "089d92c", - "labels": []string{"preview"}, + "number": "1", + "branch": "branch1", + "branch_slug": "branch1", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "head_short_sha_7": "089d92c", + "labels": []string{"preview"}, }, }, expectedErr: nil, @@ -151,10 +163,11 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", - Labels: []string{"preview"}, + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Labels: []string{"preview"}, }, }, nil, @@ -162,12 +175,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "branch1", - "branch_slug": "branch1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "head_short_sha_7": "089d92c", + "number": "1", + "branch": "branch1", + "branch_slug": "branch1", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "head_short_sha_7": "089d92c", }, }, expectedErr: nil, diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index b5e11162b77a9..9d0b386c30e4f 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -131,6 +131,12 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error initializing Bitbucket cloud service: %v", err) } + } else if providerConfig.AWSCodeCommit != nil { + var awsErr error + provider, awsErr = scm_provider.NewAWSCodeCommitProvider(ctx, providerConfig.AWSCodeCommit.TagFilters, providerConfig.AWSCodeCommit.Role, providerConfig.AWSCodeCommit.Region, providerConfig.AWSCodeCommit.AllBranches) + if awsErr != nil { + return nil, fmt.Errorf("error initializing AWS codecommit service: %v", awsErr) + } } else { return nil, fmt.Errorf("no SCM provider implementation configured") } @@ -140,7 +146,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error listing repos: %v", err) } - params := make([]map[string]interface{}, 0, len(repos)) + paramsArray := make([]map[string]interface{}, 0, len(repos)) var shortSHALength int var shortSHALength7 int for _, repo := range repos { @@ -154,7 +160,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha shortSHALength7 = len(repo.SHA) } - params = append(params, map[string]interface{}{ + params := map[string]interface{}{ "organization": repo.Organization, "repository": repo.Repository, "url": repo.URL, @@ -164,9 +170,16 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha "short_sha_7": repo.SHA[:shortSHALength7], "labels": strings.Join(repo.Labels, ","), "branchNormalized": utils.SanitizeName(repo.Branch), - }) + } + + err := appendTemplatedValues(appSetGenerator.SCMProvider.Values, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) + if err != nil { + return nil, fmt.Errorf("failed to append templated values: %w", err) + } + + paramsArray = append(paramsArray, params) } - return params, nil + return paramsArray, nil } func (g *SCMProviderGenerator) getSecretRef(ctx context.Context, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) { diff --git a/applicationset/generators/scm_provider_test.go b/applicationset/generators/scm_provider_test.go index 3b129dfb71ff9..b83f5d892312b 100644 --- a/applicationset/generators/scm_provider_test.go +++ b/applicationset/generators/scm_provider_test.go @@ -80,40 +80,123 @@ func TestSCMProviderGetSecretRef(t *testing.T) { } func TestSCMProviderGenerateParams(t *testing.T) { - mockProvider := &scm_provider.MockProvider{ - Repos: []*scm_provider.Repository{ - { - Organization: "myorg", - Repository: "repo1", - URL: "git@github.com:myorg/repo1.git", - Branch: "main", - SHA: "0bc57212c3cbbec69d20b34c507284bd300def5b", - Labels: []string{"prod", "staging"}, + cases := []struct { + name string + repos []*scm_provider.Repository + values map[string]string + expected []map[string]interface{} + expectedError error + }{ + { + name: "Multiple repos with labels", + repos: []*scm_provider.Repository{ + { + Organization: "myorg", + Repository: "repo1", + URL: "git@github.com:myorg/repo1.git", + Branch: "main", + SHA: "0bc57212c3cbbec69d20b34c507284bd300def5b", + Labels: []string{"prod", "staging"}, + }, + { + Organization: "myorg", + Repository: "repo2", + URL: "git@github.com:myorg/repo2.git", + Branch: "main", + SHA: "59d0", + }, + }, + expected: []map[string]interface{}{ + { + "organization": "myorg", + "repository": "repo1", + "url": "git@github.com:myorg/repo1.git", + "branch": "main", + "branchNormalized": "main", + "sha": "0bc57212c3cbbec69d20b34c507284bd300def5b", + "short_sha": "0bc57212", + "short_sha_7": "0bc5721", + "labels": "prod,staging", + }, + { + "organization": "myorg", + "repository": "repo2", + "url": "git@github.com:myorg/repo2.git", + "branch": "main", + "branchNormalized": "main", + "sha": "59d0", + "short_sha": "59d0", + "short_sha_7": "59d0", + "labels": "", + }, + }, + }, + { + name: "Value interpolation", + repos: []*scm_provider.Repository{ + { + Organization: "myorg", + Repository: "repo3", + URL: "git@github.com:myorg/repo3.git", + Branch: "main", + SHA: "0bc57212c3cbbec69d20b34c507284bd300def5b", + Labels: []string{"prod", "staging"}, + }, + }, + values: map[string]string{ + "foo": "bar", + "should_i_force_push_to": "{{ branch }}?", }, - { - Organization: "myorg", - Repository: "repo2", - URL: "git@github.com:myorg/repo2.git", - Branch: "main", - SHA: "59d0", + expected: []map[string]interface{}{ + { + "organization": "myorg", + "repository": "repo3", + "url": "git@github.com:myorg/repo3.git", + "branch": "main", + "branchNormalized": "main", + "sha": "0bc57212c3cbbec69d20b34c507284bd300def5b", + "short_sha": "0bc57212", + "short_sha_7": "0bc5721", + "labels": "prod,staging", + "values.foo": "bar", + "values.should_i_force_push_to": "main?", + }, }, }, } - gen := &SCMProviderGenerator{overrideProvider: mockProvider} - params, err := gen.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{ - SCMProvider: &argoprojiov1alpha1.SCMProviderGenerator{}, - }, nil) - assert.Nil(t, err) - assert.Len(t, params, 2) - assert.Equal(t, "myorg", params[0]["organization"]) - assert.Equal(t, "repo1", params[0]["repository"]) - assert.Equal(t, "git@github.com:myorg/repo1.git", params[0]["url"]) - assert.Equal(t, "main", params[0]["branch"]) - assert.Equal(t, "0bc57212c3cbbec69d20b34c507284bd300def5b", params[0]["sha"]) - assert.Equal(t, "0bc57212", params[0]["short_sha"]) - assert.Equal(t, "59d0", params[1]["short_sha"]) - assert.Equal(t, "0bc5721", params[0]["short_sha_7"]) - assert.Equal(t, "59d0", params[1]["short_sha_7"]) - assert.Equal(t, "prod,staging", params[0]["labels"]) - assert.Equal(t, "repo2", params[1]["repository"]) + + for _, testCase := range cases { + testCaseCopy := testCase + + t.Run(testCaseCopy.name, func(t *testing.T) { + t.Parallel() + + mockProvider := &scm_provider.MockProvider{ + Repos: testCaseCopy.repos, + } + scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider} + applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argoprojiov1alpha1.ApplicationSetSpec{ + Generators: []argoprojiov1alpha1.ApplicationSetGenerator{{ + SCMProvider: &argoprojiov1alpha1.SCMProviderGenerator{ + Values: testCaseCopy.values, + }, + }}, + }, + } + + got, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) + + if testCaseCopy.expectedError != nil { + assert.EqualError(t, err, testCaseCopy.expectedError.Error()) + } else { + assert.NoError(t, err) + assert.Equal(t, testCaseCopy.expected, got) + } + + }) + } } diff --git a/applicationset/generators/value_interpolation.go b/applicationset/generators/value_interpolation.go new file mode 100644 index 0000000000000..05a078d42f782 --- /dev/null +++ b/applicationset/generators/value_interpolation.go @@ -0,0 +1,43 @@ +package generators + +import ( + "fmt" +) + +func appendTemplatedValues(values map[string]string, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) error { + // We create a local map to ensure that we do not fall victim to a billion-laughs attack. We iterate through the + // cluster values map and only replace values in said map if it has already been allowlisted in the params map. + // Once we iterate through all the cluster values we can then safely merge the `tmp` map into the main params map. + tmp := map[string]interface{}{} + + for key, value := range values { + result, err := replaceTemplatedString(value, params, useGoTemplate, goTemplateOptions) + + if err != nil { + return fmt.Errorf("failed to replace templated string: %w", err) + } + + if useGoTemplate { + if tmp["values"] == nil { + tmp["values"] = map[string]string{} + } + tmp["values"].(map[string]string)[key] = result + } else { + tmp[fmt.Sprintf("values.%s", key)] = result + } + } + + for key, value := range tmp { + params[key] = value + } + + return nil +} + +func replaceTemplatedString(value string, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { + replacedTmplStr, err := render.Replace(value, params, useGoTemplate, goTemplateOptions) + if err != nil { + return "", fmt.Errorf("failed to replace templated string with rendered values: %w", err) + } + return replacedTmplStr, nil +} diff --git a/applicationset/generators/value_interpolation_test.go b/applicationset/generators/value_interpolation_test.go new file mode 100644 index 0000000000000..8aa57dc0c0e65 --- /dev/null +++ b/applicationset/generators/value_interpolation_test.go @@ -0,0 +1,125 @@ +package generators + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestValueInterpolation(t *testing.T) { + testCases := []struct { + name string + values map[string]string + params map[string]interface{} + expected map[string]interface{} + }{ + { + name: "Simple interpolation", + values: map[string]string{ + "hello": "{{ world }}", + }, + params: map[string]interface{}{ + "world": "world!", + }, + expected: map[string]interface{}{ + "world": "world!", + "values.hello": "world!", + }, + }, + { + name: "Non-existent", + values: map[string]string{ + "non-existent": "{{ non-existent }}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values.non-existent": "{{ non-existent }}", + }, + }, + { + name: "Billion laughs", + values: map[string]string{ + "lol1": "lol", + "lol2": "{{values.lol1}}{{values.lol1}}", + "lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values.lol1": "lol", + "values.lol2": "{{values.lol1}}{{values.lol1}}", + "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", + }, + }, + } + + for _, testCase := range testCases { + + t.Run(testCase.name, func(t *testing.T) { + err := appendTemplatedValues(testCase.values, testCase.params, false, nil) + assert.NoError(t, err) + assert.EqualValues(t, testCase.expected, testCase.params) + }) + } +} + +func TestValueInterpolationWithGoTemplating(t *testing.T) { + testCases := []struct { + name string + values map[string]string + params map[string]interface{} + expected map[string]interface{} + }{ + { + name: "Simple interpolation", + values: map[string]string{ + "hello": "{{ .world }}", + }, + params: map[string]interface{}{ + "world": "world!", + }, + expected: map[string]interface{}{ + "world": "world!", + "values": map[string]string{ + "hello": "world!", + }, + }, + }, + { + name: "Non-existent to default", + values: map[string]string{ + "non_existent": "{{ default \"bar\" .non_existent }}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values": map[string]string{ + "non_existent": "bar", + }, + }, + }, + { + name: "Billion laughs", + values: map[string]string{ + "lol1": "lol", + "lol2": "{{.values.lol1}}{{.values.lol1}}", + "lol3": "{{.values.lol2}}{{.values.lol2}}{{.values.lol2}}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values": map[string]string{ + "lol1": "lol", + "lol2": "", + "lol3": "", + }, + }, + }, + } + + for _, testCase := range testCases { + + t.Run(testCase.name, func(t *testing.T) { + err := appendTemplatedValues(testCase.values, testCase.params, true, nil) + assert.NoError(t, err) + assert.EqualValues(t, testCase.expected, testCase.params) + }) + } +} diff --git a/applicationset/services/internal/http/client.go b/applicationset/services/internal/http/client.go new file mode 100644 index 0000000000000..00bcf32f3204f --- /dev/null +++ b/applicationset/services/internal/http/client.go @@ -0,0 +1,161 @@ +package http + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "strings" + "time" +) + +const ( + userAgent = "argocd-applicationset" + defaultTimeout = 30 +) + +type Client struct { + // URL is the URL used for API requests. + baseURL string + + // UserAgent is the user agent to include in HTTP requests. + UserAgent string + + // Token is used to make authenticated API calls. + token string + + // Client is an HTTP client used to communicate with the API. + client *http.Client +} + +type ErrorResponse struct { + Body []byte + Response *http.Response + Message string +} + +func NewClient(baseURL string, options ...ClientOptionFunc) (*Client, error) { + client, err := newClient(baseURL, options...) + if err != nil { + return nil, err + } + return client, nil +} + +func newClient(baseURL string, options ...ClientOptionFunc) (*Client, error) { + c := &Client{baseURL: baseURL, UserAgent: userAgent} + + // Configure the HTTP client. + c.client = &http.Client{ + Timeout: time.Duration(defaultTimeout) * time.Second, + } + + // Apply any given client options. + for _, fn := range options { + if fn == nil { + continue + } + if err := fn(c); err != nil { + return nil, err + } + } + + return c, nil +} + +func (c *Client) NewRequest(method, path string, body interface{}, options []ClientOptionFunc) (*http.Request, error) { + + // Make sure the given URL end with a slash + if !strings.HasSuffix(c.baseURL, "/") { + c.baseURL += "/" + } + + var buf io.ReadWriter + if body != nil { + buf = &bytes.Buffer{} + enc := json.NewEncoder(buf) + enc.SetEscapeHTML(false) + err := enc.Encode(body) + if err != nil { + return nil, err + } + } + + req, err := http.NewRequest(method, c.baseURL+path, buf) + if err != nil { + return nil, err + } + + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + if len(c.token) != 0 { + req.Header.Set("Authorization", "Bearer "+c.token) + } + + if c.UserAgent != "" { + req.Header.Set("User-Agent", c.UserAgent) + } + + return req, nil +} + +func (c *Client) Do(ctx context.Context, req *http.Request, v interface{}) (*http.Response, error) { + resp, err := c.client.Do(req) + if err != nil { + return nil, err + } + + defer resp.Body.Close() + + if err := CheckResponse(resp); err != nil { + return resp, err + } + + switch v := v.(type) { + case nil: + case io.Writer: + _, err = io.Copy(v, resp.Body) + default: + buf := new(bytes.Buffer) + teeReader := io.TeeReader(resp.Body, buf) + decErr := json.NewDecoder(teeReader).Decode(v) + if decErr == io.EOF { + decErr = nil // ignore EOF errors caused by empty response body + } + if decErr != nil { + err = fmt.Errorf("%s: %s", decErr.Error(), buf.String()) + } + } + return resp, err +} + +// CheckResponse checks the API response for errors, and returns them if present. +func CheckResponse(resp *http.Response) error { + + if c := resp.StatusCode; 200 <= c && c <= 299 { + return nil + } + + data, err := io.ReadAll(resp.Body) + if err != nil { + return fmt.Errorf("API error with status code %d: %v", resp.StatusCode, err) + } + + var raw map[string]interface{} + if err := json.Unmarshal(data, &raw); err != nil { + return fmt.Errorf("API error with status code %d: %s", resp.StatusCode, string(data)) + } + + message := "" + if value, ok := raw["message"].(string); ok { + message = value + } else if value, ok := raw["error"].(string); ok { + message = value + } + + return fmt.Errorf("API error with status code %d: %s", resp.StatusCode, message) +} diff --git a/applicationset/services/internal/http/client_options.go b/applicationset/services/internal/http/client_options.go new file mode 100644 index 0000000000000..ec388c9a80605 --- /dev/null +++ b/applicationset/services/internal/http/client_options.go @@ -0,0 +1,22 @@ +package http + +import "time" + +// ClientOptionFunc can be used to customize a new Restful API client. +type ClientOptionFunc func(*Client) error + +// WithToken is an option for NewClient to set token +func WithToken(token string) ClientOptionFunc { + return func(c *Client) error { + c.token = token + return nil + } +} + +// WithTimeout can be used to configure a custom timeout for requests. +func WithTimeout(timeout int) ClientOptionFunc { + return func(c *Client) error { + c.client.Timeout = time.Duration(timeout) * time.Second + return nil + } +} diff --git a/applicationset/services/internal/http/client_test.go b/applicationset/services/internal/http/client_test.go new file mode 100644 index 0000000000000..ca2c916177fee --- /dev/null +++ b/applicationset/services/internal/http/client_test.go @@ -0,0 +1,163 @@ +package http + +import ( + "bytes" + "context" + "fmt" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestClient(t *testing.T) { + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte("Hello, World!")) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + })) + defer server.Close() + + var clientOptionFns []ClientOptionFunc + _, err := NewClient(server.URL, clientOptionFns...) + + if err != nil { + t.Fatalf("Failed to create client: %v", err) + } +} + +func TestClientDo(t *testing.T) { + ctx := context.Background() + + for _, c := range []struct { + name string + params map[string]string + content []byte + fakeServer *httptest.Server + clientOptionFns []ClientOptionFunc + expected []map[string]interface{} + expectedCode int + expectedError error + }{ + { + name: "Simple", + params: map[string]string{ + "pkey1": "val1", + "pkey2": "val2", + }, + fakeServer: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(`[{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }]`)) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + })), + clientOptionFns: nil, + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2": map[string]interface{}{ + "key2_1": "val2_1", + "key2_2": map[string]interface{}{ + "key2_2_1": "val2_2_1", + }, + }, + "key3": float64(123), + }, + }, + expectedCode: 200, + expectedError: nil, + }, + { + name: "With Token", + params: map[string]string{ + "pkey1": "val1", + "pkey2": "val2", + }, + fakeServer: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + authHeader := r.Header.Get("Authorization") + if authHeader != "Bearer "+string("test-token") { + w.WriteHeader(http.StatusUnauthorized) + return + } + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(`[{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }]`)) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + })), + clientOptionFns: nil, + expected: []map[string]interface{}(nil), + expectedCode: 401, + expectedError: fmt.Errorf("API error with status code 401: "), + }, + } { + cc := c + t.Run(cc.name, func(t *testing.T) { + defer cc.fakeServer.Close() + + client, err := NewClient(cc.fakeServer.URL, cc.clientOptionFns...) + + if err != nil { + t.Fatalf("NewClient returned unexpected error: %v", err) + } + + req, err := client.NewRequest("POST", "", cc.params, nil) + + if err != nil { + t.Fatalf("NewRequest returned unexpected error: %v", err) + } + + var data []map[string]interface{} + + resp, err := client.Do(ctx, req, &data) + + if cc.expectedError != nil { + assert.EqualError(t, err, cc.expectedError.Error()) + } else { + assert.Equal(t, resp.StatusCode, cc.expectedCode) + assert.Equal(t, data, cc.expected) + assert.NoError(t, err) + } + }) + } +} + +func TestCheckResponse(t *testing.T) { + resp := &http.Response{ + StatusCode: http.StatusBadRequest, + Body: io.NopCloser(bytes.NewBufferString(`{"error":"invalid_request","description":"Invalid token"}`)), + } + + err := CheckResponse(resp) + if err == nil { + t.Error("Expected an error, got nil") + } + + expected := "API error with status code 400: invalid_request" + if err.Error() != expected { + t.Errorf("Expected error '%s', got '%s'", expected, err.Error()) + } +} diff --git a/applicationset/services/plugin/plugin_service.go b/applicationset/services/plugin/plugin_service.go new file mode 100644 index 0000000000000..95573e0942407 --- /dev/null +++ b/applicationset/services/plugin/plugin_service.go @@ -0,0 +1,73 @@ +package plugin + +import ( + "context" + "fmt" + "net/http" + + internalhttp "github.com/argoproj/argo-cd/v2/applicationset/services/internal/http" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +// ServiceRequest is the request object sent to the plugin service. +type ServiceRequest struct { + // ApplicationSetName is the appSetName of the ApplicationSet for which we're requesting parameters. Useful for logging in + // the plugin service. + ApplicationSetName string `json:"applicationSetName"` + // Input is the map of parameters set in the ApplicationSet spec for this generator. + Input v1alpha1.PluginInput `json:"input"` +} + +type Output struct { + // Parameters is the list of parameter sets returned by the plugin. + Parameters []map[string]interface{} `json:"parameters"` +} + +// ServiceResponse is the response object returned by the plugin service. +type ServiceResponse struct { + // Output is the map of outputs returned by the plugin. + Output Output `json:"output"` +} + +type Service struct { + client *internalhttp.Client + appSetName string +} + +func NewPluginService(ctx context.Context, appSetName string, baseURL string, token string, requestTimeout int) (*Service, error) { + var clientOptionFns []internalhttp.ClientOptionFunc + + clientOptionFns = append(clientOptionFns, internalhttp.WithToken(token)) + + if requestTimeout != 0 { + clientOptionFns = append(clientOptionFns, internalhttp.WithTimeout(requestTimeout)) + } + + client, err := internalhttp.NewClient(baseURL, clientOptionFns...) + if err != nil { + return nil, fmt.Errorf("error creating plugin client: %v", err) + } + + return &Service{ + client: client, + appSetName: appSetName, + }, nil +} + +func (p *Service) List(ctx context.Context, parameters v1alpha1.PluginParameters) (*ServiceResponse, error) { + req, err := p.client.NewRequest(http.MethodPost, "api/v1/getparams.execute", ServiceRequest{ApplicationSetName: p.appSetName, Input: v1alpha1.PluginInput{Parameters: parameters}}, nil) + + if err != nil { + return nil, fmt.Errorf("NewRequest returned unexpected error: %v", err) + } + + var data ServiceResponse + + _, err = p.client.Do(ctx, req, &data) + + if err != nil { + return nil, fmt.Errorf("error get api '%s': %v", p.appSetName, err) + } + + return &data, err +} diff --git a/applicationset/services/plugin/plugin_service_test.go b/applicationset/services/plugin/plugin_service_test.go new file mode 100644 index 0000000000000..6dc81d33df71f --- /dev/null +++ b/applicationset/services/plugin/plugin_service_test.go @@ -0,0 +1,52 @@ +package plugin + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestPlugin(t *testing.T) { + expectedJSON := `{"parameters": [{"number":123,"digest":"sha256:942ae2dfd73088b54d7151a3c3fd5af038a51c50029bfcfd21f1e650d9579967"},{"number":456,"digest":"sha256:224e68cc69566e5cbbb76034b3c42cd2ed57c1a66720396e1c257794cb7d68c1"}]}` + token := "0bc57212c3cbbec69d20b34c507284bd300def5b" + + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + authHeader := r.Header.Get("Authorization") + if authHeader != "Bearer "+token { + w.WriteHeader(http.StatusUnauthorized) + return + } + _, err := w.Write([]byte(expectedJSON)) + + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + }) + ts := httptest.NewServer(handler) + defer ts.Close() + + client, err := NewPluginService(context.Background(), "plugin-test", ts.URL, token, 0) + + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + data, err := client.List(context.Background(), nil) + + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + var expectedData ServiceResponse + err = json.Unmarshal([]byte(expectedJSON), &expectedData) + if err != nil { + t.Fatal(err) + } + assert.Equal(t, &expectedData, data) +} diff --git a/applicationset/services/plugin/utils.go b/applicationset/services/plugin/utils.go new file mode 100644 index 0000000000000..26e38e492200d --- /dev/null +++ b/applicationset/services/plugin/utils.go @@ -0,0 +1,21 @@ +package plugin + +import ( + "fmt" + "strings" + + "github.com/argoproj/argo-cd/v2/common" +) + +// ParseSecretKey retrieves secret appSetName if different from common ArgoCDSecretName. +func ParseSecretKey(key string) (secretName string, tokenKey string) { + if strings.Contains(key, ":") { + parts := strings.Split(key, ":") + secretName = parts[0][1:] + tokenKey = fmt.Sprintf("$%s", parts[1]) + } else { + secretName = common.ArgoCDSecretName + tokenKey = key + } + return secretName, tokenKey +} diff --git a/applicationset/services/plugin/utils_test.go b/applicationset/services/plugin/utils_test.go new file mode 100644 index 0000000000000..c364d606392e4 --- /dev/null +++ b/applicationset/services/plugin/utils_test.go @@ -0,0 +1,17 @@ +package plugin + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestParseSecretKey(t *testing.T) { + secretName, tokenKey := ParseSecretKey("#my-secret:my-token") + assert.Equal(t, "my-secret", secretName) + assert.Equal(t, "$my-token", tokenKey) + + secretName, tokenKey = ParseSecretKey("#my-secret") + assert.Equal(t, "argocd-secret", secretName) + assert.Equal(t, "#my-secret", tokenKey) +} diff --git a/applicationset/services/pull_request/azure_devops.go b/applicationset/services/pull_request/azure_devops.go new file mode 100644 index 0000000000000..9090b829ca0c2 --- /dev/null +++ b/applicationset/services/pull_request/azure_devops.go @@ -0,0 +1,145 @@ +package pull_request + +import ( + "context" + "fmt" + "strings" + + "github.com/microsoft/azure-devops-go-api/azuredevops" + core "github.com/microsoft/azure-devops-go-api/azuredevops/core" + git "github.com/microsoft/azure-devops-go-api/azuredevops/git" +) + +const AZURE_DEVOPS_DEFAULT_URL = "https://dev.azure.com" + +type AzureDevOpsClientFactory interface { + // Returns an Azure Devops Client interface. + GetClient(ctx context.Context) (git.Client, error) +} + +type devopsFactoryImpl struct { + connection *azuredevops.Connection +} + +func (factory *devopsFactoryImpl) GetClient(ctx context.Context) (git.Client, error) { + gitClient, err := git.NewClient(ctx, factory.connection) + if err != nil { + return nil, fmt.Errorf("failed to get new Azure DevOps git client for pull request generator: %w", err) + } + return gitClient, nil +} + +type AzureDevOpsService struct { + clientFactory AzureDevOpsClientFactory + project string + repo string + labels []string +} + +var _ PullRequestService = (*AzureDevOpsService)(nil) +var _ AzureDevOpsClientFactory = &devopsFactoryImpl{} + +func NewAzureDevOpsService(ctx context.Context, token, url, organization, project, repo string, labels []string) (PullRequestService, error) { + organizationUrl := buildURL(url, organization) + + var connection *azuredevops.Connection + if token == "" { + connection = azuredevops.NewAnonymousConnection(organizationUrl) + } else { + connection = azuredevops.NewPatConnection(organizationUrl, token) + } + + return &AzureDevOpsService{ + clientFactory: &devopsFactoryImpl{connection: connection}, + project: project, + repo: repo, + labels: labels, + }, nil +} + +func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) { + client, err := a.clientFactory.GetClient(ctx) + if err != nil { + return nil, fmt.Errorf("failed to get Azure DevOps client: %w", err) + } + + args := git.GetPullRequestsByProjectArgs{ + Project: &a.project, + SearchCriteria: &git.GitPullRequestSearchCriteria{}, + } + + azurePullRequests, err := client.GetPullRequestsByProject(ctx, args) + if err != nil { + return nil, fmt.Errorf("failed to get pull requests by project: %w", err) + } + + pullRequests := []*PullRequest{} + + for _, pr := range *azurePullRequests { + if pr.Repository == nil || + pr.Repository.Name == nil || + pr.PullRequestId == nil || + pr.SourceRefName == nil || + pr.LastMergeSourceCommit == nil || + pr.LastMergeSourceCommit.CommitId == nil { + continue + } + + azureDevOpsLabels := convertLabels(pr.Labels) + if !containAzureDevOpsLabels(a.labels, azureDevOpsLabels) { + continue + } + + if *pr.Repository.Name == a.repo { + pullRequests = append(pullRequests, &PullRequest{ + Number: *pr.PullRequestId, + Branch: strings.Replace(*pr.SourceRefName, "refs/heads/", "", 1), + HeadSHA: *pr.LastMergeSourceCommit.CommitId, + Labels: azureDevOpsLabels, + }) + } + } + + return pullRequests, nil +} + +// convertLabels converts WebApiTagDefinitions to strings +func convertLabels(tags *[]core.WebApiTagDefinition) []string { + if tags == nil { + return []string{} + } + labelStrings := make([]string, len(*tags)) + for i, label := range *tags { + labelStrings[i] = *label.Name + } + return labelStrings +} + +// containAzureDevOpsLabels returns true if gotLabels contains expectedLabels +func containAzureDevOpsLabels(expectedLabels []string, gotLabels []string) bool { + for _, expected := range expectedLabels { + found := false + for _, got := range gotLabels { + if expected == got { + found = true + break + } + } + if !found { + return false + } + } + return true +} + +func buildURL(url, organization string) string { + if url == "" { + url = AZURE_DEVOPS_DEFAULT_URL + } + separator := "" + if !strings.HasSuffix(url, "/") { + separator = "/" + } + devOpsURL := fmt.Sprintf("%s%s%s", url, separator, organization) + return devOpsURL +} diff --git a/applicationset/services/pull_request/azure_devops_test.go b/applicationset/services/pull_request/azure_devops_test.go new file mode 100644 index 0000000000000..15ac1c8233d89 --- /dev/null +++ b/applicationset/services/pull_request/azure_devops_test.go @@ -0,0 +1,221 @@ +package pull_request + +import ( + "context" + "testing" + + "github.com/microsoft/azure-devops-go-api/azuredevops/core" + git "github.com/microsoft/azure-devops-go-api/azuredevops/git" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + + azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks" +) + +func createBoolPtr(x bool) *bool { + return &x +} + +func createStringPtr(x string) *string { + return &x +} + +func createIntPtr(x int) *int { + return &x +} + +func createLabelsPtr(x []core.WebApiTagDefinition) *[]core.WebApiTagDefinition { + return &x +} + +type AzureClientFactoryMock struct { + mock *mock.Mock +} + +func (m *AzureClientFactoryMock) GetClient(ctx context.Context) (git.Client, error) { + args := m.mock.Called(ctx) + + var client git.Client + c := args.Get(0) + if c != nil { + client = c.(git.Client) + } + + var err error + if len(args) > 1 { + if e, ok := args.Get(1).(error); ok { + err = e + } + } + + return client, err +} + +func TestListPullRequest(t *testing.T) { + teamProject := "myorg_project" + repoName := "myorg_project_repo" + pr_id := 123 + pr_head_sha := "cd4973d9d14a08ffe6b641a89a68891d6aac8056" + ctx := context.Background() + + pullRequestMock := []git.GitPullRequest{ + { + PullRequestId: createIntPtr(pr_id), + SourceRefName: createStringPtr("refs/heads/feature-branch"), + LastMergeSourceCommit: &git.GitCommitRef{ + CommitId: createStringPtr(pr_head_sha), + }, + Labels: &[]core.WebApiTagDefinition{}, + Repository: &git.GitRepository{ + Name: createStringPtr(repoName), + }, + }, + } + + args := git.GetPullRequestsByProjectArgs{ + Project: &teamProject, + SearchCriteria: &git.GitPullRequestSearchCriteria{}, + } + + gitClientMock := azureMock.Client{} + clientFactoryMock := &AzureClientFactoryMock{mock: &mock.Mock{}} + clientFactoryMock.mock.On("GetClient", mock.Anything).Return(&gitClientMock, nil) + gitClientMock.On("GetPullRequestsByProject", ctx, args).Return(&pullRequestMock, nil) + + provider := AzureDevOpsService{ + clientFactory: clientFactoryMock, + project: teamProject, + repo: repoName, + labels: nil, + } + + list, err := provider.List(ctx) + assert.NoError(t, err) + assert.Equal(t, 1, len(list)) + assert.Equal(t, "feature-branch", list[0].Branch) + assert.Equal(t, pr_head_sha, list[0].HeadSHA) + assert.Equal(t, pr_id, list[0].Number) +} + +func TestConvertLabes(t *testing.T) { + testCases := []struct { + name string + gotLabels *[]core.WebApiTagDefinition + expectedLabels []string + }{ + { + name: "empty labels", + gotLabels: createLabelsPtr([]core.WebApiTagDefinition{}), + expectedLabels: []string{}, + }, + { + name: "nil labels", + gotLabels: createLabelsPtr(nil), + expectedLabels: []string{}, + }, + { + name: "one label", + gotLabels: createLabelsPtr([]core.WebApiTagDefinition{ + {Name: createStringPtr("label1"), Active: createBoolPtr(true)}, + }), + expectedLabels: []string{"label1"}, + }, + { + name: "two label", + gotLabels: createLabelsPtr([]core.WebApiTagDefinition{ + {Name: createStringPtr("label1"), Active: createBoolPtr(true)}, + {Name: createStringPtr("label2"), Active: createBoolPtr(true)}, + }), + expectedLabels: []string{"label1", "label2"}, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + got := convertLabels(tc.gotLabels) + assert.Equal(t, tc.expectedLabels, got) + }) + } +} + +func TestContainAzureDevOpsLabels(t *testing.T) { + testCases := []struct { + name string + expectedLabels []string + gotLabels []string + expectedResult bool + }{ + { + name: "empty labels", + expectedLabels: []string{}, + gotLabels: []string{}, + expectedResult: true, + }, + { + name: "no matching labels", + expectedLabels: []string{"label1", "label2"}, + gotLabels: []string{"label3", "label4"}, + expectedResult: false, + }, + { + name: "some matching labels", + expectedLabels: []string{"label1", "label2"}, + gotLabels: []string{"label1", "label3"}, + expectedResult: false, + }, + { + name: "all matching labels", + expectedLabels: []string{"label1", "label2"}, + gotLabels: []string{"label1", "label2"}, + expectedResult: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + got := containAzureDevOpsLabels(tc.expectedLabels, tc.gotLabels) + assert.Equal(t, tc.expectedResult, got) + }) + } +} + +func TestBuildURL(t *testing.T) { + testCases := []struct { + name string + url string + organization string + expected string + }{ + { + name: "Provided default URL and organization", + url: "https://dev.azure.com/", + organization: "myorganization", + expected: "https://dev.azure.com/myorganization", + }, + { + name: "Provided default URL and organization without trailing slash", + url: "https://dev.azure.com", + organization: "myorganization", + expected: "https://dev.azure.com/myorganization", + }, + { + name: "Provided no URL and organization", + url: "", + organization: "myorganization", + expected: "https://dev.azure.com/myorganization", + }, + { + name: "Provided custom URL and organization", + url: "https://azuredevops.mycompany.com/", + organization: "myorganization", + expected: "https://azuredevops.mycompany.com/myorganization", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + result := buildURL(tc.url, tc.organization) + assert.Equal(t, result, tc.expected) + }) + } +} diff --git a/applicationset/services/pull_request/bitbucket_cloud.go b/applicationset/services/pull_request/bitbucket_cloud.go new file mode 100644 index 0000000000000..5d5f8208f9b06 --- /dev/null +++ b/applicationset/services/pull_request/bitbucket_cloud.go @@ -0,0 +1,138 @@ +package pull_request + +import ( + "context" + "encoding/json" + "fmt" + "net/url" + + "github.com/ktrysmt/go-bitbucket" +) + +type BitbucketCloudService struct { + client *bitbucket.Client + owner string + repositorySlug string +} + +type BitbucketCloudPullRequest struct { + ID int `json:"id"` + Source BitbucketCloudPullRequestSource `json:"source"` +} + +type BitbucketCloudPullRequestSource struct { + Branch BitbucketCloudPullRequestSourceBranch `json:"branch"` + Commit BitbucketCloudPullRequestSourceCommit `json:"commit"` +} + +type BitbucketCloudPullRequestSourceBranch struct { + Name string `json:"name"` +} + +type BitbucketCloudPullRequestSourceCommit struct { + Hash string `json:"hash"` +} + +type PullRequestResponse struct { + Page int32 `json:"page"` + Size int32 `json:"size"` + Pagelen int32 `json:"pagelen"` + Next string `json:"next"` + Previous string `json:"previous"` + Items []PullRequest `json:"values"` +} + +var _ PullRequestService = (*BitbucketCloudService)(nil) + +func parseUrl(uri string) (*url.URL, error) { + if uri == "" { + uri = "https://api.bitbucket.org/2.0" + } + + url, err := url.Parse(uri) + if err != nil { + return nil, err + } + + return url, nil +} + +func NewBitbucketCloudServiceBasicAuth(baseUrl, username, password, owner, repositorySlug string) (PullRequestService, error) { + url, err := parseUrl(baseUrl) + if err != nil { + return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %v", baseUrl, owner, repositorySlug, err) + } + + bitbucketClient := bitbucket.NewBasicAuth(username, password) + bitbucketClient.SetApiBaseURL(*url) + + return &BitbucketCloudService{ + client: bitbucketClient, + owner: owner, + repositorySlug: repositorySlug, + }, nil +} + +func NewBitbucketCloudServiceBearerToken(baseUrl, bearerToken, owner, repositorySlug string) (PullRequestService, error) { + url, err := parseUrl(baseUrl) + if err != nil { + return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %v", baseUrl, owner, repositorySlug, err) + } + + bitbucketClient := bitbucket.NewOAuthbearerToken(bearerToken) + bitbucketClient.SetApiBaseURL(*url) + + return &BitbucketCloudService{ + client: bitbucketClient, + owner: owner, + repositorySlug: repositorySlug, + }, nil +} + +func NewBitbucketCloudServiceNoAuth(baseUrl, owner, repositorySlug string) (PullRequestService, error) { + // There is currently no method to explicitly not require auth + return NewBitbucketCloudServiceBearerToken(baseUrl, "", owner, repositorySlug) +} + +func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error) { + opts := &bitbucket.PullRequestsOptions{ + Owner: b.owner, + RepoSlug: b.repositorySlug, + } + + response, err := b.client.Repositories.PullRequests.Gets(opts) + if err != nil { + return nil, fmt.Errorf("error listing pull requests for %s/%s: %v", b.owner, b.repositorySlug, err) + } + + resp, ok := response.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("unknown type returned from bitbucket pull requests") + } + + repoArray, ok := resp["values"].([]interface{}) + if !ok { + return nil, fmt.Errorf("unknown type returned from response values") + } + + jsonStr, err := json.Marshal(repoArray) + if err != nil { + return nil, fmt.Errorf("error marshalling response body to json: %v", err) + } + + var pulls []BitbucketCloudPullRequest + if err := json.Unmarshal(jsonStr, &pulls); err != nil { + return nil, fmt.Errorf("error unmarshalling json to type '[]BitbucketCloudPullRequest': %v", err) + } + + pullRequests := []*PullRequest{} + for _, pull := range pulls { + pullRequests = append(pullRequests, &PullRequest{ + Number: pull.ID, + Branch: pull.Source.Branch.Name, + HeadSHA: pull.Source.Commit.Hash, + }) + } + + return pullRequests, nil +} diff --git a/applicationset/services/pull_request/bitbucket_cloud_test.go b/applicationset/services/pull_request/bitbucket_cloud_test.go new file mode 100644 index 0000000000000..2f604c1fa9ccf --- /dev/null +++ b/applicationset/services/pull_request/bitbucket_cloud_test.go @@ -0,0 +1,410 @@ +package pull_request + +import ( + "context" + "fmt" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request) { + return func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + var err error + switch r.RequestURI { + case "/repositories/OWNER/REPO/pullrequests/": + _, err = io.WriteString(w, `{ + "size": 1, + "pagelen": 10, + "page": 1, + "values": [ + { + "id": 101, + "source": { + "branch": { + "name": "feature/foo-bar" + }, + "commit": { + "type": "commit", + "hash": "1a8dd249c04a" + } + } + } + ] + }`) + default: + t.Fail() + } + if err != nil { + t.Fail() + } + } +} + +func TestParseUrlEmptyUrl(t *testing.T) { + url, err := parseUrl("") + bitbucketUrl, _ := url.Parse("https://api.bitbucket.org/2.0") + + assert.NoError(t, err) + assert.Equal(t, bitbucketUrl, url) +} + +func TestInvalidBaseUrlBasicAuthCloud(t *testing.T) { + _, err := NewBitbucketCloudServiceBasicAuth("http:// example.org", "user", "password", "OWNER", "REPO") + + assert.Error(t, err) +} + +func TestInvalidBaseUrlBearerTokenCloud(t *testing.T) { + _, err := NewBitbucketCloudServiceBearerToken("http:// example.org", "TOKEN", "OWNER", "REPO") + + assert.Error(t, err) +} + +func TestInvalidBaseUrlNoAuthCloud(t *testing.T) { + _, err := NewBitbucketCloudServiceNoAuth("http:// example.org", "OWNER", "REPO") + + assert.Error(t, err) +} + +func TestListPullRequestBearerTokenCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "Bearer TOKEN", r.Header.Get("Authorization")) + defaultHandlerCloud(t)(w, r) + })) + defer ts.Close() + svc, err := NewBitbucketCloudServiceBearerToken(ts.URL, "TOKEN", "OWNER", "REPO") + assert.NoError(t, err) + pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) + assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) + assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) +} + +func TestListPullRequestNoAuthCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Empty(t, r.Header.Get("Authorization")) + defaultHandlerCloud(t)(w, r) + })) + defer ts.Close() + svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + assert.NoError(t, err) + pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) + assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) + assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) +} + +func TestListPullRequestBasicAuthCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "Basic dXNlcjpwYXNzd29yZA==", r.Header.Get("Authorization")) + defaultHandlerCloud(t)(w, r) + })) + defer ts.Close() + svc, err := NewBitbucketCloudServiceBasicAuth(ts.URL, "user", "password", "OWNER", "REPO") + assert.NoError(t, err) + pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) + assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) + assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) +} + +func TestListPullRequestPaginationCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + var err error + switch r.RequestURI { + case "/repositories/OWNER/REPO/pullrequests/": + _, err = io.WriteString(w, fmt.Sprintf(`{ + "size": 2, + "pagelen": 1, + "page": 1, + "next": "http://%s/repositories/OWNER/REPO/pullrequests/?pagelen=1&page=2", + "values": [ + { + "id": 101, + "source": { + "branch": { + "name": "feature-101" + }, + "commit": { + "type": "commit", + "hash": "1a8dd249c04a" + } + } + }, + { + "id": 102, + "source": { + "branch": { + "name": "feature-102" + }, + "commit": { + "type": "commit", + "hash": "4cf807e67a6d" + } + } + } + ] + }`, r.Host)) + case "/repositories/OWNER/REPO/pullrequests/?pagelen=1&page=2": + _, err = io.WriteString(w, fmt.Sprintf(`{ + "size": 2, + "pagelen": 1, + "page": 2, + "previous": "http://%s/repositories/OWNER/REPO/pullrequests/?pagelen=1&page=1", + "values": [ + { + "id": 103, + "source": { + "branch": { + "name": "feature-103" + }, + "commit": { + "type": "commit", + "hash": "6344d9623e3b" + } + } + } + ] + }`, r.Host)) + default: + t.Fail() + } + if err != nil { + t.Fail() + } + })) + defer ts.Close() + svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + assert.NoError(t, err) + pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.NoError(t, err) + assert.Equal(t, 3, len(pullRequests)) + assert.Equal(t, PullRequest{ + Number: 101, + Branch: "feature-101", + HeadSHA: "1a8dd249c04a", + }, *pullRequests[0]) + assert.Equal(t, PullRequest{ + Number: 102, + Branch: "feature-102", + HeadSHA: "4cf807e67a6d", + }, *pullRequests[1]) + assert.Equal(t, PullRequest{ + Number: 103, + Branch: "feature-103", + HeadSHA: "6344d9623e3b", + }, *pullRequests[2]) +} + +func TestListResponseErrorCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(500) + })) + defer ts.Close() + svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.Error(t, err) +} + +func TestListResponseMalformedCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + switch r.RequestURI { + case "/repositories/OWNER/REPO/pullrequests/": + _, err := io.WriteString(w, `[{ + "size": 1, + "pagelen": 10, + "page": 1, + "values": [{ "id": 101 }] + }]`) + if err != nil { + t.Fail() + } + default: + t.Fail() + } + })) + defer ts.Close() + svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.Error(t, err) +} + +func TestListResponseMalformedValuesCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + switch r.RequestURI { + case "/repositories/OWNER/REPO/pullrequests/": + _, err := io.WriteString(w, `{ + "size": 1, + "pagelen": 10, + "page": 1, + "values": { "id": 101 } + }`) + if err != nil { + t.Fail() + } + default: + t.Fail() + } + })) + defer ts.Close() + svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.Error(t, err) +} + +func TestListResponseEmptyCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + switch r.RequestURI { + case "/repositories/OWNER/REPO/pullrequests/": + _, err := io.WriteString(w, `{ + "size": 1, + "pagelen": 10, + "page": 1, + "values": [] + }`) + if err != nil { + t.Fail() + } + default: + t.Fail() + } + })) + defer ts.Close() + svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + assert.NoError(t, err) + pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + assert.NoError(t, err) + assert.Empty(t, pullRequests) +} + +func TestListPullRequestBranchMatchCloud(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + var err error + switch r.RequestURI { + case "/repositories/OWNER/REPO/pullrequests/": + _, err = io.WriteString(w, fmt.Sprintf(`{ + "size": 2, + "pagelen": 1, + "page": 1, + "next": "http://%s/repositories/OWNER/REPO/pullrequests/?pagelen=1&page=2", + "values": [ + { + "id": 101, + "source": { + "branch": { + "name": "feature-101" + }, + "commit": { + "type": "commit", + "hash": "1a8dd249c04a" + } + } + }, + { + "id": 200, + "source": { + "branch": { + "name": "feature-200" + }, + "commit": { + "type": "commit", + "hash": "4cf807e67a6d" + } + } + } + ] + }`, r.Host)) + case "/repositories/OWNER/REPO/pullrequests/?pagelen=1&page=2": + _, err = io.WriteString(w, fmt.Sprintf(`{ + "size": 2, + "pagelen": 1, + "page": 2, + "previous": "http://%s/repositories/OWNER/REPO/pullrequests/?pagelen=1&page=1", + "values": [ + { + "id": 102, + "source": { + "branch": { + "name": "feature-102" + }, + "commit": { + "type": "commit", + "hash": "6344d9623e3b" + } + } + } + ] + }`, r.Host)) + default: + t.Fail() + } + if err != nil { + t.Fail() + } + })) + defer ts.Close() + regexp := `feature-1[\d]{2}` + svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + assert.NoError(t, err) + pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ + { + BranchMatch: ®exp, + }, + }) + assert.NoError(t, err) + assert.Equal(t, 2, len(pullRequests)) + assert.Equal(t, PullRequest{ + Number: 101, + Branch: "feature-101", + HeadSHA: "1a8dd249c04a", + }, *pullRequests[0]) + assert.Equal(t, PullRequest{ + Number: 102, + Branch: "feature-102", + HeadSHA: "6344d9623e3b", + }, *pullRequests[1]) + + regexp = `.*2$` + svc, err = NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + assert.NoError(t, err) + pullRequests, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ + { + BranchMatch: ®exp, + }, + }) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) + assert.Equal(t, PullRequest{ + Number: 102, + Branch: "feature-102", + HeadSHA: "6344d9623e3b", + }, *pullRequests[0]) + + regexp = `[\d{2}` + svc, err = NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") + assert.NoError(t, err) + _, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ + { + BranchMatch: ®exp, + }, + }) + assert.Error(t, err) +} diff --git a/applicationset/services/pull_request/bitbucket_server.go b/applicationset/services/pull_request/bitbucket_server.go index 72cd6dd7e1900..99665d163e1bc 100644 --- a/applicationset/services/pull_request/bitbucket_server.go +++ b/applicationset/services/pull_request/bitbucket_server.go @@ -66,10 +66,11 @@ func (b *BitbucketService) List(_ context.Context) ([]*PullRequest, error) { for _, pull := range pulls { pullRequests = append(pullRequests, &PullRequest{ - Number: pull.ID, - Branch: pull.FromRef.DisplayID, // ID: refs/heads/main DisplayID: main - HeadSHA: pull.FromRef.LatestCommit, // This is not defined in the official docs, but works in practice - Labels: []string{}, // Not supported by library + Number: pull.ID, + Branch: pull.FromRef.DisplayID, // ID: refs/heads/main DisplayID: main + TargetBranch: pull.ToRef.DisplayID, + HeadSHA: pull.FromRef.LatestCommit, // This is not defined in the official docs, but works in practice + Labels: []string{}, // Not supported by library }) } diff --git a/applicationset/services/pull_request/bitbucket_server_test.go b/applicationset/services/pull_request/bitbucket_server_test.go index 28f123fa9f43e..911e3e7e0ccd0 100644 --- a/applicationset/services/pull_request/bitbucket_server_test.go +++ b/applicationset/services/pull_request/bitbucket_server_test.go @@ -24,6 +24,11 @@ func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { "values": [ { "id": 101, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-ABC-123", "displayId": "feature-ABC-123", @@ -55,6 +60,7 @@ func TestListPullRequestNoAuth(t *testing.T) { assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, 101, pullRequests[0].Number) assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch) + assert.Equal(t, "master", pullRequests[0].TargetBranch) assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA) } @@ -71,6 +77,11 @@ func TestListPullRequestPagination(t *testing.T) { "values": [ { "id": 101, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-101", "displayId": "feature-101", @@ -79,6 +90,11 @@ func TestListPullRequestPagination(t *testing.T) { }, { "id": 102, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "branch", + "id": "refs/heads/branch" + }, "fromRef": { "id": "refs/heads/feature-102", "displayId": "feature-102", @@ -96,6 +112,11 @@ func TestListPullRequestPagination(t *testing.T) { "values": [ { "id": 200, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-200", "displayId": "feature-200", @@ -119,22 +140,25 @@ func TestListPullRequestPagination(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 3, len(pullRequests)) assert.Equal(t, PullRequest{ - Number: 101, - Branch: "feature-101", - HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 101, + Branch: "feature-101", + TargetBranch: "master", + HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[0]) assert.Equal(t, PullRequest{ - Number: 102, - Branch: "feature-102", - HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 102, + Branch: "feature-102", + TargetBranch: "branch", + HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[1]) assert.Equal(t, PullRequest{ - Number: 200, - Branch: "feature-200", - HeadSHA: "cb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 200, + Branch: "feature-200", + TargetBranch: "master", + HeadSHA: "cb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[2]) } @@ -231,6 +255,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { "values": [ { "id": 101, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-101", "displayId": "feature-101", @@ -239,6 +268,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { }, { "id": 102, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "branch", + "id": "refs/heads/branch" + }, "fromRef": { "id": "refs/heads/feature-102", "displayId": "feature-102", @@ -256,6 +290,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { "values": [ { "id": 200, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-200", "displayId": "feature-200", @@ -284,16 +323,18 @@ func TestListPullRequestBranchMatch(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 2, len(pullRequests)) assert.Equal(t, PullRequest{ - Number: 101, - Branch: "feature-101", - HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 101, + Branch: "feature-101", + TargetBranch: "master", + HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[0]) assert.Equal(t, PullRequest{ - Number: 102, - Branch: "feature-102", - HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 102, + Branch: "feature-102", + TargetBranch: "branch", + HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[1]) regexp = `.*2$` @@ -307,10 +348,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, PullRequest{ - Number: 102, - Branch: "feature-102", - HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 102, + Branch: "feature-102", + TargetBranch: "branch", + HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[0]) regexp = `[\d{2}` diff --git a/applicationset/services/pull_request/gitea.go b/applicationset/services/pull_request/gitea.go index f913fb35580f5..435a0b57117e6 100644 --- a/applicationset/services/pull_request/gitea.go +++ b/applicationset/services/pull_request/gitea.go @@ -54,10 +54,11 @@ func (g *GiteaService) List(ctx context.Context) ([]*PullRequest, error) { list := []*PullRequest{} for _, pr := range prs { list = append(list, &PullRequest{ - Number: int(pr.Index), - Branch: pr.Head.Ref, - HeadSHA: pr.Head.Sha, - Labels: getGiteaPRLabelNames(pr.Labels), + Number: int(pr.Index), + Branch: pr.Head.Ref, + TargetBranch: pr.Base.Ref, + HeadSHA: pr.Head.Sha, + Labels: getGiteaPRLabelNames(pr.Labels), }) } return list, nil diff --git a/applicationset/services/pull_request/gitea_test.go b/applicationset/services/pull_request/gitea_test.go index 9d5ff25748234..c450a40a268b6 100644 --- a/applicationset/services/pull_request/gitea_test.go +++ b/applicationset/services/pull_request/gitea_test.go @@ -256,6 +256,7 @@ func TestGiteaList(t *testing.T) { assert.Equal(t, len(prs), 1) assert.Equal(t, prs[0].Number, 1) assert.Equal(t, prs[0].Branch, "test") + assert.Equal(t, prs[0].TargetBranch, "main") assert.Equal(t, prs[0].HeadSHA, "7bbaf62d92ddfafd9cc8b340c619abaec32bc09f") } diff --git a/applicationset/services/pull_request/github.go b/applicationset/services/pull_request/github.go index a40588ec3d367..7c801e7370f53 100644 --- a/applicationset/services/pull_request/github.go +++ b/applicationset/services/pull_request/github.go @@ -65,10 +65,11 @@ func (g *GithubService) List(ctx context.Context) ([]*PullRequest, error) { continue } pullRequests = append(pullRequests, &PullRequest{ - Number: *pull.Number, - Branch: *pull.Head.Ref, - HeadSHA: *pull.Head.SHA, - Labels: getGithubPRLabelNames(pull.Labels), + Number: *pull.Number, + Branch: *pull.Head.Ref, + TargetBranch: *pull.Base.Ref, + HeadSHA: *pull.Head.SHA, + Labels: getGithubPRLabelNames(pull.Labels), }) } if resp.NextPage == 0 { diff --git a/applicationset/services/pull_request/gitlab.go b/applicationset/services/pull_request/gitlab.go index 39f6250aae0e8..33bbdcd954fb0 100644 --- a/applicationset/services/pull_request/gitlab.go +++ b/applicationset/services/pull_request/gitlab.go @@ -69,10 +69,11 @@ func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) { } for _, mr := range mrs { pullRequests = append(pullRequests, &PullRequest{ - Number: mr.IID, - Branch: mr.SourceBranch, - HeadSHA: mr.SHA, - Labels: mr.Labels, + Number: mr.IID, + Branch: mr.SourceBranch, + TargetBranch: mr.TargetBranch, + HeadSHA: mr.SHA, + Labels: mr.Labels, }) } if resp.NextPage == 0 { diff --git a/applicationset/services/pull_request/gitlab_test.go b/applicationset/services/pull_request/gitlab_test.go index 7c42e6f9f9269..3aba534aec42a 100644 --- a/applicationset/services/pull_request/gitlab_test.go +++ b/applicationset/services/pull_request/gitlab_test.go @@ -80,6 +80,7 @@ func TestList(t *testing.T) { assert.Len(t, prs, 1) assert.Equal(t, prs[0].Number, 15442) assert.Equal(t, prs[0].Branch, "use-structured-logging-for-db-load-balancer") + assert.Equal(t, prs[0].TargetBranch, "master") assert.Equal(t, prs[0].HeadSHA, "2fc4e8b972ff3208ec63b6143e34ad67ff343ad7") } diff --git a/applicationset/services/pull_request/interface.go b/applicationset/services/pull_request/interface.go index f81dc35e41435..0015cfe5eafa6 100644 --- a/applicationset/services/pull_request/interface.go +++ b/applicationset/services/pull_request/interface.go @@ -10,6 +10,8 @@ type PullRequest struct { Number int // Branch is the name of the branch from which the pull request originated. Branch string + // TargetBranch is the name of the target branch of the pull request. + TargetBranch string // HeadSHA is the SHA of the HEAD from which the pull request originated. HeadSHA string // Labels of the pull request. @@ -22,5 +24,6 @@ type PullRequestService interface { } type Filter struct { - BranchMatch *regexp.Regexp + BranchMatch *regexp.Regexp + TargetBranchMatch *regexp.Regexp } diff --git a/applicationset/services/pull_request/utils.go b/applicationset/services/pull_request/utils.go index c7970170a7d64..50d4e5a3c0098 100644 --- a/applicationset/services/pull_request/utils.go +++ b/applicationset/services/pull_request/utils.go @@ -19,6 +19,12 @@ func compileFilters(filters []argoprojiov1alpha1.PullRequestGeneratorFilter) ([] return nil, fmt.Errorf("error compiling BranchMatch regexp %q: %v", *filter.BranchMatch, err) } } + if filter.TargetBranchMatch != nil { + outFilter.TargetBranchMatch, err = regexp.Compile(*filter.TargetBranchMatch) + if err != nil { + return nil, fmt.Errorf("error compiling TargetBranchMatch regexp %q: %v", *filter.TargetBranchMatch, err) + } + } outFilters = append(outFilters, outFilter) } return outFilters, nil @@ -28,6 +34,9 @@ func matchFilter(pullRequest *PullRequest, filter *Filter) bool { if filter.BranchMatch != nil && !filter.BranchMatch.MatchString(pullRequest.Branch) { return false } + if filter.TargetBranchMatch != nil && !filter.TargetBranchMatch.MatchString(pullRequest.TargetBranch) { + return false + } return true } diff --git a/applicationset/services/pull_request/utils_test.go b/applicationset/services/pull_request/utils_test.go index eb92e5fad866f..3f813127edab7 100644 --- a/applicationset/services/pull_request/utils_test.go +++ b/applicationset/services/pull_request/utils_test.go @@ -16,9 +16,10 @@ func TestFilterBranchMatchBadRegexp(t *testing.T) { context.Background(), []*PullRequest{ { - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -37,24 +38,28 @@ func TestFilterBranchMatch(t *testing.T) { context.Background(), []*PullRequest{ { - Number: 1, - Branch: "one", - HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 2, - Branch: "two", - HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 2, + Branch: "two", + TargetBranch: "master", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 3, - Branch: "three", - HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 3, + Branch: "three", + TargetBranch: "master", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 4, - Branch: "four", - HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 4, + Branch: "four", + TargetBranch: "master", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -70,29 +75,75 @@ func TestFilterBranchMatch(t *testing.T) { assert.Equal(t, "two", pullRequests[0].Branch) } +func TestFilterTargetBranchMatch(t *testing.T) { + provider, _ := NewFakeService( + context.Background(), + []*PullRequest{ + { + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 2, + Branch: "two", + TargetBranch: "branch1", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 3, + Branch: "three", + TargetBranch: "branch2", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 4, + Branch: "four", + TargetBranch: "branch3", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + }, + }, + nil, + ) + filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{ + { + TargetBranchMatch: strp("1"), + }, + } + pullRequests, err := ListPullRequests(context.Background(), provider, filters) + assert.NoError(t, err) + assert.Len(t, pullRequests, 1) + assert.Equal(t, "two", pullRequests[0].Branch) +} + func TestMultiFilterOr(t *testing.T) { provider, _ := NewFakeService( context.Background(), []*PullRequest{ { - Number: 1, - Branch: "one", - HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 2, - Branch: "two", - HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 2, + Branch: "two", + TargetBranch: "master", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 3, - Branch: "three", - HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 3, + Branch: "three", + TargetBranch: "master", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 4, - Branch: "four", - HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 4, + Branch: "four", + TargetBranch: "master", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -113,19 +164,69 @@ func TestMultiFilterOr(t *testing.T) { assert.Equal(t, "four", pullRequests[2].Branch) } +func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) { + provider, _ := NewFakeService( + context.Background(), + []*PullRequest{ + { + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 2, + Branch: "two", + TargetBranch: "branch1", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 3, + Branch: "three", + TargetBranch: "branch2", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 4, + Branch: "four", + TargetBranch: "branch3", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + }, + }, + nil, + ) + filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{ + { + BranchMatch: strp("w"), + TargetBranchMatch: strp("1"), + }, + { + BranchMatch: strp("r"), + TargetBranchMatch: strp("3"), + }, + } + pullRequests, err := ListPullRequests(context.Background(), provider, filters) + assert.NoError(t, err) + assert.Len(t, pullRequests, 2) + assert.Equal(t, "two", pullRequests[0].Branch) + assert.Equal(t, "four", pullRequests[1].Branch) +} + func TestNoFilters(t *testing.T) { provider, _ := NewFakeService( context.Background(), []*PullRequest{ { - Number: 1, - Branch: "one", - HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 2, - Branch: "two", - HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 2, + Branch: "two", + TargetBranch: "master", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, diff --git a/applicationset/services/repo_service.go b/applicationset/services/repo_service.go index cff5f7846f7bd..6697756a54af1 100644 --- a/applicationset/services/repo_service.go +++ b/applicationset/services/repo_service.go @@ -18,10 +18,11 @@ type RepositoryDB interface { } type argoCDService struct { - repositoriesDB RepositoryDB - storecreds git.CredsStore - submoduleEnabled bool - repoServerClientSet apiclient.Clientset + repositoriesDB RepositoryDB + storecreds git.CredsStore + submoduleEnabled bool + repoServerClientSet apiclient.Clientset + newFileGlobbingEnabled bool } type Repos interface { @@ -33,11 +34,12 @@ type Repos interface { GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) } -func NewArgoCDService(db db.ArgoDB, submoduleEnabled bool, repoClientset apiclient.Clientset) (Repos, error) { +func NewArgoCDService(db db.ArgoDB, submoduleEnabled bool, repoClientset apiclient.Clientset, newFileGlobbingEnabled bool) (Repos, error) { return &argoCDService{ - repositoriesDB: db.(RepositoryDB), - submoduleEnabled: submoduleEnabled, - repoServerClientSet: repoClientset, + repositoriesDB: db.(RepositoryDB), + submoduleEnabled: submoduleEnabled, + repoServerClientSet: repoClientset, + newFileGlobbingEnabled: newFileGlobbingEnabled, }, nil } @@ -48,10 +50,11 @@ func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision s } fileRequest := &apiclient.GitFilesRequest{ - Repo: repo, - SubmoduleEnabled: a.submoduleEnabled, - Revision: revision, - Path: pattern, + Repo: repo, + SubmoduleEnabled: a.submoduleEnabled, + Revision: revision, + Path: pattern, + NewGitFileGlobbingEnabled: a.newFileGlobbingEnabled, } closer, client, err := a.repoServerClientSet.NewRepoServerClient() if err != nil { diff --git a/applicationset/services/repo_service_test.go b/applicationset/services/repo_service_test.go index 7df653a6e04ea..62f8c11c172d0 100644 --- a/applicationset/services/repo_service_test.go +++ b/applicationset/services/repo_service_test.go @@ -185,7 +185,7 @@ func TestGetFiles(t *testing.T) { } func TestNewArgoCDService(t *testing.T) { - service, err := NewArgoCDService(&db_mocks.ArgoDB{}, false, &repo_mocks.Clientset{}) + service, err := NewArgoCDService(&db_mocks.ArgoDB{}, false, &repo_mocks.Clientset{}, false) assert.NoError(t, err, err) assert.NotNil(t, service) } diff --git a/applicationset/services/scm_provider/aws_codecommit.go b/applicationset/services/scm_provider/aws_codecommit.go new file mode 100644 index 0000000000000..280711271cfb0 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit.go @@ -0,0 +1,376 @@ +package scm_provider + +import ( + "context" + "fmt" + "github.com/aws/aws-sdk-go/aws/request" + pathpkg "path" + "path/filepath" + "strings" + + application "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/arn" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/codecommit" + "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" + log "github.com/sirupsen/logrus" + "golang.org/x/exp/maps" + "k8s.io/utils/strings/slices" +) + +const ( + resourceTypeCodeCommitRepository = "codecommit:repository" + prefixGitUrlHttps = "https://git-codecommit." + prefixGitUrlHttpsFIPS = "https://git-codecommit-fips." +) + +// AWSCodeCommitClient is a lean facade to the codecommitiface.CodeCommitAPI +// it helps to reduce the mockery generated code. +type AWSCodeCommitClient interface { + ListRepositoriesWithContext(aws.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error) + GetRepositoryWithContext(aws.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error) + ListBranchesWithContext(aws.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error) + GetFolderWithContext(aws.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error) +} + +// AWSTaggingClient is a lean facade to the resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI +// it helps to reduce the mockery generated code. +type AWSTaggingClient interface { + GetResourcesWithContext(aws.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) +} + +type AWSCodeCommitProvider struct { + codeCommitClient AWSCodeCommitClient + taggingClient AWSTaggingClient + tagFilters []*application.TagFilter + allBranches bool +} + +func NewAWSCodeCommitProvider(ctx context.Context, tagFilters []*application.TagFilter, role string, region string, allBranches bool) (*AWSCodeCommitProvider, error) { + taggingClient, codeCommitClient, err := createAWSDiscoveryClients(ctx, role, region) + if err != nil { + return nil, err + } + return &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + tagFilters: tagFilters, + allBranches: allBranches, + }, nil +} + +func (p *AWSCodeCommitProvider) ListRepos(ctx context.Context, cloneProtocol string) ([]*Repository, error) { + repos := make([]*Repository, 0) + + repoNames, err := p.listRepoNames(ctx) + if err != nil { + return nil, fmt.Errorf("failed to list codecommit repository: %w", err) + } + + for _, repoName := range repoNames { + repo, err := p.codeCommitClient.GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{ + RepositoryName: aws.String(repoName), + }) + if err != nil { + // we don't want to skip at this point. It's a valid repo, we don't want to have flapping Application on an AWS outage. + return nil, fmt.Errorf("failed to get codecommit repository: %w", err) + } + if repo == nil || repo.RepositoryMetadata == nil { + // unlikely to happen, but just in case to protect nil pointer dereferences. + log.Warnf("codecommit returned invalid response for repository %s, skipped", repoName) + continue + } + if aws.StringValue(repo.RepositoryMetadata.DefaultBranch) == "" { + // if a codecommit repo doesn't have default branch, it's uninitialized. not going to bother with it. + log.Warnf("repository %s does not have default branch, skipped", repoName) + continue + } + var url string + switch cloneProtocol { + // default to SSH if unspecified (i.e. if ""). + case "", "ssh": + url = aws.StringValue(repo.RepositoryMetadata.CloneUrlSsh) + case "https": + url = aws.StringValue(repo.RepositoryMetadata.CloneUrlHttp) + case "https-fips": + url, err = getCodeCommitFIPSEndpoint(aws.StringValue(repo.RepositoryMetadata.CloneUrlHttp)) + if err != nil { + return nil, fmt.Errorf("https-fips is provided but repoUrl can't be transformed to FIPS endpoint: %w", err) + } + default: + return nil, fmt.Errorf("unknown clone protocol for codecommit %v", cloneProtocol) + } + repos = append(repos, &Repository{ + // there's no "organization" level at codecommit. + // we are just using AWS accountId for now. + Organization: aws.StringValue(repo.RepositoryMetadata.AccountId), + Repository: aws.StringValue(repo.RepositoryMetadata.RepositoryName), + URL: url, + Branch: aws.StringValue(repo.RepositoryMetadata.DefaultBranch), + // we could propagate repo tag keys, but without value not sure if it's any useful. + Labels: []string{}, + RepositoryId: aws.StringValue(repo.RepositoryMetadata.RepositoryId), + }) + } + + return repos, nil +} + +func (p *AWSCodeCommitProvider) RepoHasPath(ctx context.Context, repo *Repository, path string) (bool, error) { + // we use GetFolder instead of GetFile here because GetFile always downloads the full blob which has scalability problem. + // GetFolder is slightly less concerning. + + path = toAbsolutePath(path) + // shortcut: if it's root folder ('/'), we always return true. + if path == "/" { + return true, nil + } + // here we are sure it's not root folder, strip the suffix for easier comparison. + path = strings.TrimSuffix(path, "/") + + // we always get the parent folder, so we could support both submodule, file, symlink and folder cases. + parentPath := pathpkg.Dir(path) + basePath := pathpkg.Base(path) + + input := &codecommit.GetFolderInput{ + CommitSpecifier: aws.String(repo.Branch), + FolderPath: aws.String(parentPath), + RepositoryName: aws.String(repo.Repository), + } + output, err := p.codeCommitClient.GetFolderWithContext(ctx, input) + if err != nil { + if hasAwsError(err, + codecommit.ErrCodeRepositoryDoesNotExistException, + codecommit.ErrCodeCommitDoesNotExistException, + codecommit.ErrCodeFolderDoesNotExistException, + ) { + return false, nil + } + // unhandled exception, propagate out + return false, err + } + + // anything that matches. + for _, submodule := range output.SubModules { + if basePath == aws.StringValue(submodule.RelativePath) { + return true, nil + } + } + for _, subpath := range output.SubFolders { + if basePath == aws.StringValue(subpath.RelativePath) { + return true, nil + } + } + for _, subpath := range output.Files { + if basePath == aws.StringValue(subpath.RelativePath) { + return true, nil + } + } + for _, subpath := range output.SymbolicLinks { + if basePath == aws.StringValue(subpath.RelativePath) { + return true, nil + } + } + return false, nil +} + +func (p *AWSCodeCommitProvider) GetBranches(ctx context.Context, repo *Repository) ([]*Repository, error) { + repos := make([]*Repository, 0) + if !p.allBranches { + output, err := p.codeCommitClient.GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{ + RepositoryName: aws.String(repo.Repository), + }) + if err != nil { + return nil, err + } + repos = append(repos, &Repository{ + Organization: repo.Organization, + Repository: repo.Repository, + URL: repo.URL, + Branch: aws.StringValue(output.RepositoryMetadata.DefaultBranch), + RepositoryId: repo.RepositoryId, + Labels: repo.Labels, + // getting SHA of the branch requires a separate GetBranch call. + // too expensive. for now, we just don't support it. + // SHA: "", + }) + } else { + input := &codecommit.ListBranchesInput{ + RepositoryName: aws.String(repo.Repository), + } + for { + output, err := p.codeCommitClient.ListBranchesWithContext(ctx, input) + if err != nil { + return nil, err + } + for _, branch := range output.Branches { + repos = append(repos, &Repository{ + Organization: repo.Organization, + Repository: repo.Repository, + URL: repo.URL, + Branch: aws.StringValue(branch), + RepositoryId: repo.RepositoryId, + Labels: repo.Labels, + // getting SHA of the branch requires a separate GetBranch call. + // too expensive. for now, we just don't support it. + // SHA: "", + }) + } + input.NextToken = output.NextToken + if aws.StringValue(output.NextToken) == "" { + break + } + } + } + + return repos, nil +} + +func (p *AWSCodeCommitProvider) listRepoNames(ctx context.Context) ([]string, error) { + tagFilters := p.getTagFilters() + repoNames := make([]string, 0) + var err error + + if len(tagFilters) < 1 { + log.Debugf("no tag filer, calling codecommit api to list repos") + listReposInput := &codecommit.ListRepositoriesInput{} + var output *codecommit.ListRepositoriesOutput + for { + output, err = p.codeCommitClient.ListRepositoriesWithContext(ctx, listReposInput) + if err != nil { + break + } + for _, repo := range output.Repositories { + repoNames = append(repoNames, aws.StringValue(repo.RepositoryName)) + } + listReposInput.NextToken = output.NextToken + if aws.StringValue(output.NextToken) == "" { + break + } + } + } else { + log.Debugf("tag filer is specified, calling tagging api to list repos") + discoveryInput := &resourcegroupstaggingapi.GetResourcesInput{ + ResourceTypeFilters: aws.StringSlice([]string{resourceTypeCodeCommitRepository}), + TagFilters: tagFilters, + } + var output *resourcegroupstaggingapi.GetResourcesOutput + for { + output, err = p.taggingClient.GetResourcesWithContext(ctx, discoveryInput) + if err != nil { + break + } + for _, resource := range output.ResourceTagMappingList { + repoArn := aws.StringValue(resource.ResourceARN) + log.Debugf("discovered codecommit repo with arn %s", repoArn) + repoName, extractErr := getCodeCommitRepoName(repoArn) + if extractErr != nil { + log.Warnf("discovered codecommit repoArn %s cannot be parsed due to %v", repoArn, err) + continue + } + repoNames = append(repoNames, repoName) + } + discoveryInput.PaginationToken = output.PaginationToken + if aws.StringValue(output.PaginationToken) == "" { + break + } + } + } + return repoNames, err +} + +func (p *AWSCodeCommitProvider) getTagFilters() []*resourcegroupstaggingapi.TagFilter { + filters := make(map[string]*resourcegroupstaggingapi.TagFilter) + for _, tagFilter := range p.tagFilters { + filter, hasKey := filters[tagFilter.Key] + if !hasKey { + filter = &resourcegroupstaggingapi.TagFilter{ + Key: aws.String(tagFilter.Key), + } + filters[tagFilter.Key] = filter + } + if tagFilter.Value != "" { + filter.Values = append(filter.Values, aws.String(tagFilter.Value)) + } + } + return maps.Values(filters) +} + +func getCodeCommitRepoName(repoArn string) (string, error) { + parsedArn, err := arn.Parse(repoArn) + if err != nil { + return "", fmt.Errorf("failed to parse codecommit repository ARN: %w", err) + } + // see: https://docs.aws.amazon.com/codecommit/latest/userguide/auth-and-access-control-permissions-reference.html + // arn:aws:codecommit:region:account-id:repository-name + return parsedArn.Resource, nil +} + +// getCodeCommitFIPSEndpoint transforms provided https:// codecommit URL to a FIPS-compliant endpoint. +// note that the specified region must support FIPS, otherwise the returned URL won't be reachable +// see: https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-git +func getCodeCommitFIPSEndpoint(repoUrl string) (string, error) { + if strings.HasPrefix(repoUrl, prefixGitUrlHttpsFIPS) { + log.Debugf("provided repoUrl %s is already a fips endpoint", repoUrl) + return repoUrl, nil + } + if !strings.HasPrefix(repoUrl, prefixGitUrlHttps) { + return "", fmt.Errorf("the provided https endpoint isn't recognized, cannot be transformed to FIPS endpoint: %s", repoUrl) + } + // we already have the prefix, so we guarantee to replace exactly the prefix only. + return strings.Replace(repoUrl, prefixGitUrlHttps, prefixGitUrlHttpsFIPS, 1), nil +} + +func hasAwsError(err error, codes ...string) bool { + if awsErr, ok := err.(awserr.Error); ok { + return slices.Contains(codes, awsErr.Code()) + } + return false +} + +// toAbsolutePath transforms a path input to absolute path, as required by AWS CodeCommit +// see https://docs.aws.amazon.com/codecommit/latest/APIReference/API_GetFolder.html +func toAbsolutePath(path string) string { + if filepath.IsAbs(path) { + return path + } + return filepath.ToSlash(filepath.Join("/", path)) +} + +func createAWSDiscoveryClients(_ context.Context, role string, region string) (*resourcegroupstaggingapi.ResourceGroupsTaggingAPI, *codecommit.CodeCommit, error) { + podSession, err := session.NewSession() + if err != nil { + return nil, nil, fmt.Errorf("error creating new AWS pod session: %w", err) + } + discoverySession := podSession + // assume role if provided - this allows cross account CodeCommit repo discovery. + if role != "" { + log.Debugf("role %s is provided for AWS CodeCommit discovery", role) + assumeRoleCreds := stscreds.NewCredentials(podSession, role) + discoverySession, err = session.NewSession(&aws.Config{ + Credentials: assumeRoleCreds, + }) + if err != nil { + return nil, nil, fmt.Errorf("error creating new AWS discovery session: %s", err) + } + } else { + log.Debugf("role is not provided for AWS CodeCommit discovery, using pod role") + } + // use region explicitly if provided - this allows cross region CodeCommit repo discovery. + if region != "" { + log.Debugf("region %s is provided for AWS CodeCommit discovery", region) + discoverySession = discoverySession.Copy(&aws.Config{ + Region: aws.String(region), + }) + } else { + log.Debugf("region is not provided for AWS CodeCommit discovery, using pod region") + } + + taggingClient := resourcegroupstaggingapi.New(discoverySession) + codeCommitClient := codecommit.New(discoverySession) + + return taggingClient, codeCommitClient, nil +} diff --git a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go new file mode 100644 index 0000000000000..b9d6f6a5d5956 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -0,0 +1,321 @@ +// Code generated by mockery v2.26.1. DO NOT EDIT. + +package mocks + +import ( + context "context" + + codecommit "github.com/aws/aws-sdk-go/service/codecommit" + + mock "github.com/stretchr/testify/mock" + + request "github.com/aws/aws-sdk-go/aws/request" +) + +// AWSCodeCommitClient is an autogenerated mock type for the AWSCodeCommitClient type +type AWSCodeCommitClient struct { + mock.Mock +} + +type AWSCodeCommitClient_Expecter struct { + mock *mock.Mock +} + +func (_m *AWSCodeCommitClient) EXPECT() *AWSCodeCommitClient_Expecter { + return &AWSCodeCommitClient_Expecter{mock: &_m.Mock} +} + +// GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.GetFolderOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) *codecommit.GetFolderOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetFolderOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_GetFolderWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetFolderWithContext' +type AWSCodeCommitClient_GetFolderWithContext_Call struct { + *mock.Call +} + +// GetFolderWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.GetFolderInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) GetFolderWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetFolderWithContext_Call { + return &AWSCodeCommitClient_GetFolderWithContext_Call{Call: _e.mock.On("GetFolderWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetFolderWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.GetFolderInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Return(_a0 *codecommit.GetFolderOutput, _a1 error) *AWSCodeCommitClient_GetFolderWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)) *AWSCodeCommitClient_GetFolderWithContext_Call { + _c.Call.Return(run) + return _c +} + +// GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.GetRepositoryOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) *codecommit.GetRepositoryOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetRepositoryOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_GetRepositoryWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetRepositoryWithContext' +type AWSCodeCommitClient_GetRepositoryWithContext_Call struct { + *mock.Call +} + +// GetRepositoryWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.GetRepositoryInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) GetRepositoryWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + return &AWSCodeCommitClient_GetRepositoryWithContext_Call{Call: _e.mock.On("GetRepositoryWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.GetRepositoryInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Return(_a0 *codecommit.GetRepositoryOutput, _a1 error) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + _c.Call.Return(run) + return _c +} + +// ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.ListBranchesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) *codecommit.ListBranchesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListBranchesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_ListBranchesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListBranchesWithContext' +type AWSCodeCommitClient_ListBranchesWithContext_Call struct { + *mock.Call +} + +// ListBranchesWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.ListBranchesInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) ListBranchesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListBranchesWithContext_Call { + return &AWSCodeCommitClient_ListBranchesWithContext_Call{Call: _e.mock.On("ListBranchesWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListBranchesWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.ListBranchesInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Return(_a0 *codecommit.ListBranchesOutput, _a1 error) *AWSCodeCommitClient_ListBranchesWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)) *AWSCodeCommitClient_ListBranchesWithContext_Call { + _c.Call.Return(run) + return _c +} + +// ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.ListRepositoriesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) *codecommit.ListRepositoriesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListRepositoriesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_ListRepositoriesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListRepositoriesWithContext' +type AWSCodeCommitClient_ListRepositoriesWithContext_Call struct { + *mock.Call +} + +// ListRepositoriesWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.ListRepositoriesInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) ListRepositoriesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + return &AWSCodeCommitClient_ListRepositoriesWithContext_Call{Call: _e.mock.On("ListRepositoriesWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.ListRepositoriesInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Return(_a0 *codecommit.ListRepositoriesOutput, _a1 error) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + _c.Call.Return(run) + return _c +} + +type mockConstructorTestingTNewAWSCodeCommitClient interface { + mock.TestingT + Cleanup(func()) +} + +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +func NewAWSCodeCommitClient(t mockConstructorTestingTNewAWSCodeCommitClient) *AWSCodeCommitClient { + mock := &AWSCodeCommitClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go new file mode 100644 index 0000000000000..9acd8979b7818 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -0,0 +1,110 @@ +// Code generated by mockery v2.26.1. DO NOT EDIT. + +package mocks + +import ( + context "context" + + request "github.com/aws/aws-sdk-go/aws/request" + mock "github.com/stretchr/testify/mock" + + resourcegroupstaggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" +) + +// AWSTaggingClient is an autogenerated mock type for the AWSTaggingClient type +type AWSTaggingClient struct { + mock.Mock +} + +type AWSTaggingClient_Expecter struct { + mock *mock.Mock +} + +func (_m *AWSTaggingClient) EXPECT() *AWSTaggingClient_Expecter { + return &AWSTaggingClient_Expecter{mock: &_m.Mock} +} + +// GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *resourcegroupstaggingapi.GetResourcesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) *resourcegroupstaggingapi.GetResourcesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*resourcegroupstaggingapi.GetResourcesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSTaggingClient_GetResourcesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetResourcesWithContext' +type AWSTaggingClient_GetResourcesWithContext_Call struct { + *mock.Call +} + +// GetResourcesWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *resourcegroupstaggingapi.GetResourcesInput +// - _a2 ...request.Option +func (_e *AWSTaggingClient_Expecter) GetResourcesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSTaggingClient_GetResourcesWithContext_Call { + return &AWSTaggingClient_GetResourcesWithContext_Call{Call: _e.mock.On("GetResourcesWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Run(run func(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option)) *AWSTaggingClient_GetResourcesWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*resourcegroupstaggingapi.GetResourcesInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Return(_a0 *resourcegroupstaggingapi.GetResourcesOutput, _a1 error) *AWSTaggingClient_GetResourcesWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSTaggingClient_GetResourcesWithContext_Call) RunAndReturn(run func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)) *AWSTaggingClient_GetResourcesWithContext_Call { + _c.Call.Return(run) + return _c +} + +type mockConstructorTestingTNewAWSTaggingClient interface { + mock.TestingT + Cleanup(func()) +} + +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +func NewAWSTaggingClient(t mockConstructorTestingTNewAWSTaggingClient) *AWSTaggingClient { + mock := &AWSTaggingClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/aws_codecommit_test.go b/applicationset/services/scm_provider/aws_codecommit_test.go new file mode 100644 index 0000000000000..3a4f7c1a9a6a8 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit_test.go @@ -0,0 +1,483 @@ +package scm_provider + +import ( + "context" + "errors" + "sort" + "testing" + + "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/aws_codecommit/mocks" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/codecommit" + "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" + "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" +) + +type awsCodeCommitTestRepository struct { + name string + id string + arn string + accountId string + defaultBranch string + expectedCloneUrl string + getRepositoryError error + getRepositoryNilMetadata bool + valid bool +} + +func TestAWSCodeCommitListRepos(t *testing.T) { + testCases := []struct { + name string + repositories []*awsCodeCommitTestRepository + cloneProtocol string + tagFilters []*v1alpha1.TagFilter + expectTagFilters []*resourcegroupstaggingapi.TagFilter + listRepositoryError error + expectOverallError bool + expectListAtCodeCommit bool + }{ + { + name: "ListRepos by tag with https", + cloneProtocol: "https", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + expectedCloneUrl: "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1", + valid: true, + }, + }, + tagFilters: []*v1alpha1.TagFilter{ + {Key: "key1", Value: "value1"}, + {Key: "key1", Value: "value2"}, + {Key: "key2"}, + }, + expectTagFilters: []*resourcegroupstaggingapi.TagFilter{ + {Key: aws.String("key1"), Values: aws.StringSlice([]string{"value1", "value2"})}, + {Key: aws.String("key2")}, + }, + expectOverallError: false, + expectListAtCodeCommit: false, + }, + { + name: "ListRepos by tag with https-fips", + cloneProtocol: "https-fips", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + expectedCloneUrl: "https://git-codecommit-fips.us-east-1.amazonaws.com/v1/repos/repo1", + valid: true, + }, + }, + tagFilters: []*v1alpha1.TagFilter{ + {Key: "key1"}, + }, + expectTagFilters: []*resourcegroupstaggingapi.TagFilter{ + {Key: aws.String("key1")}, + }, + expectOverallError: false, + expectListAtCodeCommit: false, + }, + { + name: "ListRepos without tag with invalid repo", + cloneProtocol: "ssh", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + expectedCloneUrl: "ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1", + valid: true, + }, + { + name: "repo2", + id: "640d5859-d265-4e27-a9fa-e0731eb13ed7", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo2", + valid: false, + }, + { + name: "repo3-nil-metadata", + id: "24a6ee96-d3a0-4be6-a595-c5e5b1ab1617", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo3-nil-metadata", + getRepositoryNilMetadata: true, + valid: false, + }, + }, + expectOverallError: false, + expectListAtCodeCommit: true, + }, + { + name: "ListRepos with invalid protocol", + cloneProtocol: "invalid-protocol", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + valid: true, + }, + }, + expectOverallError: true, + expectListAtCodeCommit: true, + }, + { + name: "ListRepos error on listRepos", + cloneProtocol: "https", + listRepositoryError: errors.New("list repo error"), + expectOverallError: true, + expectListAtCodeCommit: true, + }, + { + name: "ListRepos error on getRepo", + cloneProtocol: "https", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + getRepositoryError: errors.New("get repo error"), + valid: true, + }, + }, + expectOverallError: true, + expectListAtCodeCommit: true, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + codeCommitClient := mocks.NewAWSCodeCommitClient(t) + taggingClient := mocks.NewAWSTaggingClient(t) + ctx := context.Background() + codecommitRepoNameIdPairs := make([]*codecommit.RepositoryNameIdPair, 0) + resourceTaggings := make([]*resourcegroupstaggingapi.ResourceTagMapping, 0) + validRepositories := make([]*awsCodeCommitTestRepository, 0) + + for _, repo := range testCase.repositories { + repoMetadata := &codecommit.RepositoryMetadata{ + AccountId: aws.String(repo.accountId), + Arn: aws.String(repo.arn), + CloneUrlHttp: aws.String("https://git-codecommit.us-east-1.amazonaws.com/v1/repos/" + repo.name), + CloneUrlSsh: aws.String("ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/" + repo.name), + DefaultBranch: aws.String(repo.defaultBranch), + RepositoryId: aws.String(repo.id), + RepositoryName: aws.String(repo.name), + } + if repo.getRepositoryNilMetadata { + repoMetadata = nil + } + codeCommitClient.EXPECT(). + GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(repo.name)}). + Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: repoMetadata}, repo.getRepositoryError) + codecommitRepoNameIdPairs = append(codecommitRepoNameIdPairs, &codecommit.RepositoryNameIdPair{ + RepositoryId: aws.String(repo.id), + RepositoryName: aws.String(repo.name), + }) + resourceTaggings = append(resourceTaggings, &resourcegroupstaggingapi.ResourceTagMapping{ + ResourceARN: aws.String(repo.arn), + }) + if repo.valid { + validRepositories = append(validRepositories, repo) + } + } + + if testCase.expectListAtCodeCommit { + codeCommitClient.EXPECT(). + ListRepositoriesWithContext(ctx, &codecommit.ListRepositoriesInput{}). + Return(&codecommit.ListRepositoriesOutput{ + Repositories: codecommitRepoNameIdPairs, + }, testCase.listRepositoryError) + } else { + taggingClient.EXPECT(). + GetResourcesWithContext(ctx, mock.MatchedBy(equalIgnoringTagFilterOrder(&resourcegroupstaggingapi.GetResourcesInput{ + TagFilters: testCase.expectTagFilters, + ResourceTypeFilters: aws.StringSlice([]string{resourceTypeCodeCommitRepository}), + }))). + Return(&resourcegroupstaggingapi.GetResourcesOutput{ + ResourceTagMappingList: resourceTaggings, + }, testCase.listRepositoryError) + } + + provider := &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + tagFilters: testCase.tagFilters, + } + repos, err := provider.ListRepos(ctx, testCase.cloneProtocol) + if testCase.expectOverallError { + assert.Error(t, err) + } else { + assert.Len(t, repos, len(validRepositories)) + for i, repo := range repos { + originRepo := validRepositories[i] + assert.Equal(t, originRepo.accountId, repo.Organization) + assert.Equal(t, originRepo.name, repo.Repository) + assert.Equal(t, originRepo.id, repo.RepositoryId) + assert.Equal(t, originRepo.defaultBranch, repo.Branch) + assert.Equal(t, originRepo.expectedCloneUrl, repo.URL) + assert.Empty(t, repo.SHA, "SHA is always empty") + } + } + }) + } +} + +func TestAWSCodeCommitRepoHasPath(t *testing.T) { + organization := "111111111111" + repoName := "repo1" + branch := "main" + + testCases := []struct { + name string + path string + expectedGetFolderPath string + getFolderOutput *codecommit.GetFolderOutput + getFolderError error + expectOverallError bool + expectedResult bool + }{ + { + name: "RepoHasPath on regular file", + path: "lib/config.yaml", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + Files: []*codecommit.File{ + {RelativePath: aws.String("config.yaml")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on folder", + path: "lib/config", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + SubFolders: []*codecommit.Folder{ + {RelativePath: aws.String("config")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on submodules", + path: "/lib/submodule/", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + SubModules: []*codecommit.SubModule{ + {RelativePath: aws.String("submodule")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on symlink", + path: "./lib/service.json", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + SymbolicLinks: []*codecommit.SymbolicLink{ + {RelativePath: aws.String("service.json")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath when no match", + path: "no-match.json", + expectedGetFolderPath: "/", + getFolderOutput: &codecommit.GetFolderOutput{ + Files: []*codecommit.File{ + {RelativePath: aws.String("config.yaml")}, + }, + SubFolders: []*codecommit.Folder{ + {RelativePath: aws.String("config")}, + }, + SubModules: []*codecommit.SubModule{ + {RelativePath: aws.String("submodule")}, + }, + SymbolicLinks: []*codecommit.SymbolicLink{ + {RelativePath: aws.String("service.json")}, + }, + }, + expectOverallError: false, + expectedResult: false, + }, + { + name: "RepoHasPath when parent folder not found", + path: "lib/submodule", + expectedGetFolderPath: "/lib", + getFolderError: &codecommit.FolderDoesNotExistException{}, + expectOverallError: false, + }, + { + name: "RepoHasPath when unknown error", + path: "lib/submodule", + expectedGetFolderPath: "/lib", + getFolderError: errors.New("unknown error"), + expectOverallError: true, + }, + { + name: "RepoHasPath on root folder - './'", + path: "./", + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on root folder - '/'", + path: "/", + expectOverallError: false, + expectedResult: true, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + codeCommitClient := mocks.NewAWSCodeCommitClient(t) + taggingClient := mocks.NewAWSTaggingClient(t) + ctx := context.Background() + if testCase.expectedGetFolderPath != "" { + codeCommitClient.EXPECT(). + GetFolderWithContext(ctx, &codecommit.GetFolderInput{ + CommitSpecifier: aws.String(branch), + FolderPath: aws.String(testCase.expectedGetFolderPath), + RepositoryName: aws.String(repoName), + }). + Return(testCase.getFolderOutput, testCase.getFolderError) + } + provider := &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + } + actual, err := provider.RepoHasPath(ctx, &Repository{ + Organization: organization, + Repository: repoName, + Branch: branch, + }, testCase.path) + if testCase.expectOverallError { + assert.Error(t, err) + } else { + assert.Equal(t, testCase.expectedResult, actual) + } + }) + } +} + +func TestAWSCodeCommitGetBranches(t *testing.T) { + name := "repo1" + id := "1a64adc4-2fb5-4abd-afe7-127984ba83c0" + defaultBranch := "main" + organization := "111111111111" + cloneUrl := "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1" + + testCases := []struct { + name string + branches []string + apiError error + expectOverallError bool + allBranches bool + }{ + { + name: "GetBranches all branches", + branches: []string{"main", "feature/codecommit", "chore/go-upgrade"}, + allBranches: true, + }, + { + name: "GetBranches default branch only", + allBranches: false, + }, + { + name: "GetBranches default branch only", + allBranches: false, + }, + { + name: "GetBranches all branches on api error", + apiError: errors.New("api error"), + expectOverallError: true, + allBranches: true, + }, + { + name: "GetBranches default branch on api error", + apiError: errors.New("api error"), + expectOverallError: true, + allBranches: false, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + codeCommitClient := mocks.NewAWSCodeCommitClient(t) + taggingClient := mocks.NewAWSTaggingClient(t) + ctx := context.Background() + if testCase.allBranches { + codeCommitClient.EXPECT(). + ListBranchesWithContext(ctx, &codecommit.ListBranchesInput{ + RepositoryName: aws.String(name), + }). + Return(&codecommit.ListBranchesOutput{Branches: aws.StringSlice(testCase.branches)}, testCase.apiError) + } else { + codeCommitClient.EXPECT(). + GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(name)}). + Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: &codecommit.RepositoryMetadata{ + AccountId: aws.String(organization), + DefaultBranch: aws.String(defaultBranch), + }}, testCase.apiError) + } + provider := &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + allBranches: testCase.allBranches, + } + actual, err := provider.GetBranches(ctx, &Repository{ + Organization: organization, + Repository: name, + URL: cloneUrl, + RepositoryId: id, + }) + if testCase.expectOverallError { + assert.Error(t, err) + } else { + assertCopiedProperties := func(repo *Repository) { + assert.Equal(t, id, repo.RepositoryId) + assert.Equal(t, name, repo.Repository) + assert.Equal(t, cloneUrl, repo.URL) + assert.Equal(t, organization, repo.Organization) + assert.Empty(t, repo.SHA) + } + actualBranches := make([]string, 0) + for _, repo := range actual { + assertCopiedProperties(repo) + actualBranches = append(actualBranches, repo.Branch) + } + if testCase.allBranches { + assert.ElementsMatch(t, testCase.branches, actualBranches) + } else { + assert.ElementsMatch(t, []string{defaultBranch}, actualBranches) + } + } + }) + } +} + +// equalIgnoringTagFilterOrder provides an argumentMatcher function that can be used to compare equality of GetResourcesInput ignoring the tagFilter ordering. +func equalIgnoringTagFilterOrder(expected *resourcegroupstaggingapi.GetResourcesInput) func(*resourcegroupstaggingapi.GetResourcesInput) bool { + return func(actual *resourcegroupstaggingapi.GetResourcesInput) bool { + sort.Slice(actual.TagFilters, func(i, j int) bool { + return *actual.TagFilters[i].Key < *actual.TagFilters[j].Key + }) + return cmp.Equal(expected, actual) + } +} diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index 26f8060f2b669..b08b21895bda9 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -3,11 +3,11 @@ package scm_provider import ( "context" "fmt" - "os" "net/http" + "os" pathpkg "path" - gitlab "github.com/xanzy/go-gitlab" + "github.com/xanzy/go-gitlab" ) type GitlabProvider struct { @@ -65,7 +65,7 @@ func (g *GitlabProvider) GetBranches(ctx context.Context, repo *Repository) ([]* func (g *GitlabProvider) ListRepos(ctx context.Context, cloneProtocol string) ([]*Repository, error) { opt := &gitlab.ListGroupProjectsOptions{ ListOptions: gitlab.ListOptions{PerPage: 100}, - IncludeSubgroups: &g.includeSubgroups, + IncludeSubGroups: &g.includeSubgroups, } repos := []*Repository{} for { diff --git a/applicationset/utils/clusterUtils.go b/applicationset/utils/clusterUtils.go index e06d7b39fac50..ee9832f533e5e 100644 --- a/applicationset/utils/clusterUtils.go +++ b/applicationset/utils/clusterUtils.go @@ -50,10 +50,10 @@ const ( // ValidateDestination checks: // if we used destination name we infer the server url // if we used both name and server then we return an invalid spec error -func ValidateDestination(ctx context.Context, dest *appv1.ApplicationDestination, clientset kubernetes.Interface, namespace string) error { +func ValidateDestination(ctx context.Context, dest *appv1.ApplicationDestination, clientset kubernetes.Interface, argoCDNamespace string) error { if dest.Name != "" { if dest.Server == "" { - server, err := getDestinationServer(ctx, dest.Name, clientset, namespace) + server, err := getDestinationServer(ctx, dest.Name, clientset, argoCDNamespace) if err != nil { return fmt.Errorf("unable to find destination server: %v", err) } @@ -70,11 +70,11 @@ func ValidateDestination(ctx context.Context, dest *appv1.ApplicationDestination return nil } -func getDestinationServer(ctx context.Context, clusterName string, clientset kubernetes.Interface, namespace string) (string, error) { +func getDestinationServer(ctx context.Context, clusterName string, clientset kubernetes.Interface, argoCDNamespace string) (string, error) { // settingsMgr := settings.NewSettingsManager(context.TODO(), clientset, namespace) // argoDB := db.NewDB(namespace, settingsMgr, clientset) // clusterList, err := argoDB.ListClusters(ctx) - clusterList, err := ListClusters(ctx, clientset, namespace) + clusterList, err := ListClusters(ctx, clientset, argoCDNamespace) if err != nil { return "", err } diff --git a/applicationset/utils/policy.go b/applicationset/utils/policy.go index 926a50926cd05..a06509265a540 100644 --- a/applicationset/utils/policy.go +++ b/applicationset/utils/policy.go @@ -1,55 +1,22 @@ package utils -// Policy allows to apply different rules to a set of changes. -type Policy interface { - Update() bool - Delete() bool -} +import ( + argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) // Policies is a registry of available policies. -var Policies = map[string]Policy{ - "sync": &SyncPolicy{}, - "create-only": &CreateOnlyPolicy{}, - "create-update": &CreateUpdatePolicy{}, - "create-delete": &CreateDeletePolicy{}, -} - -type SyncPolicy struct{} - -func (p *SyncPolicy) Update() bool { - return true -} - -func (p *SyncPolicy) Delete() bool { - return true -} - -type CreateUpdatePolicy struct{} - -func (p *CreateUpdatePolicy) Update() bool { - return true -} - -func (p *CreateUpdatePolicy) Delete() bool { - return false -} - -type CreateOnlyPolicy struct{} - -func (p *CreateOnlyPolicy) Update() bool { - return false -} - -func (p *CreateOnlyPolicy) Delete() bool { - return false -} - -type CreateDeletePolicy struct{} - -func (p *CreateDeletePolicy) Update() bool { - return false -} - -func (p *CreateDeletePolicy) Delete() bool { - return true +var Policies = map[string]argov1alpha1.ApplicationsSyncPolicy{ + "create-only": argov1alpha1.ApplicationsSyncPolicyCreateOnly, + "create-update": argov1alpha1.ApplicationsSyncPolicyCreateUpdate, + "create-delete": argov1alpha1.ApplicationsSyncPolicyCreateDelete, + "sync": argov1alpha1.ApplicationsSyncPolicySync, + // Default is "sync" + "": argov1alpha1.ApplicationsSyncPolicySync, +} + +func DefaultPolicy(appSetSyncPolicy *argov1alpha1.ApplicationSetSyncPolicy, controllerPolicy argov1alpha1.ApplicationsSyncPolicy, enablePolicyOverride bool) argov1alpha1.ApplicationsSyncPolicy { + if appSetSyncPolicy == nil || appSetSyncPolicy.ApplicationsSync == nil || !enablePolicyOverride { + return controllerPolicy + } + return *appSetSyncPolicy.ApplicationsSync } diff --git a/applicationset/utils/selector.go b/applicationset/utils/selector.go new file mode 100644 index 0000000000000..53db73a5b3a48 --- /dev/null +++ b/applicationset/utils/selector.go @@ -0,0 +1,261 @@ +package utils + +import ( + "fmt" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/klog/v2" + "sort" + "strconv" + "strings" +) + +var ( + unaryOperators = []string{ + string(selection.Exists), string(selection.DoesNotExist), + } + binaryOperators = []string{ + string(selection.In), string(selection.NotIn), + string(selection.Equals), string(selection.DoubleEquals), string(selection.NotEquals), + string(selection.GreaterThan), string(selection.LessThan), + } + validRequirementOperators = append(binaryOperators, unaryOperators...) +) + +// Selector represents a label selector. +type Selector interface { + // Matches returns true if this selector matches the given set of labels. + Matches(labels.Labels) bool + + // Add adds requirements to the Selector + Add(r ...Requirement) Selector +} + +type internalSelector []Requirement + +// ByKey sorts requirements by key to obtain deterministic parser +type ByKey []Requirement + +func (a ByKey) Len() int { return len(a) } + +func (a ByKey) Swap(i, j int) { a[i], a[j] = a[j], a[i] } + +func (a ByKey) Less(i, j int) bool { return a[i].key < a[j].key } + +// Matches for a internalSelector returns true if all +// its Requirements match the input Labels. If any +// Requirement does not match, false is returned. +func (s internalSelector) Matches(l labels.Labels) bool { + for ix := range s { + if matches := s[ix].Matches(l); !matches { + return false + } + } + return true +} + +// Add adds requirements to the selector. It copies the current selector returning a new one +func (s internalSelector) Add(reqs ...Requirement) Selector { + ret := make(internalSelector, 0, len(s)+len(reqs)) + ret = append(ret, s...) + ret = append(ret, reqs...) + sort.Sort(ByKey(ret)) + return ret +} + +type nothingSelector struct{} + +func (n nothingSelector) Matches(l labels.Labels) bool { + return false +} + +func (n nothingSelector) Add(r ...Requirement) Selector { + return n +} + +// Nothing returns a selector that matches no labels +func nothing() Selector { + return nothingSelector{} +} + +// Everything returns a selector that matches all labels. +func everything() Selector { + return internalSelector{} +} + +// LabelSelectorAsSelector converts the LabelSelector api type into a struct that implements +// labels.Selector +// Note: This function should be kept in sync with the selector methods in pkg/labels/selector.go +func LabelSelectorAsSelector(ps *v1.LabelSelector) (Selector, error) { + if ps == nil { + return nothing(), nil + } + if len(ps.MatchLabels)+len(ps.MatchExpressions) == 0 { + return everything(), nil + } + requirements := make([]Requirement, 0, len(ps.MatchLabels)+len(ps.MatchExpressions)) + for k, v := range ps.MatchLabels { + r, err := newRequirement(k, selection.Equals, []string{v}) + if err != nil { + return nil, err + } + requirements = append(requirements, *r) + } + for _, expr := range ps.MatchExpressions { + var op selection.Operator + switch expr.Operator { + case v1.LabelSelectorOpIn: + op = selection.In + case v1.LabelSelectorOpNotIn: + op = selection.NotIn + case v1.LabelSelectorOpExists: + op = selection.Exists + case v1.LabelSelectorOpDoesNotExist: + op = selection.DoesNotExist + default: + return nil, fmt.Errorf("%q is not a valid pod selector operator", expr.Operator) + } + r, err := newRequirement(expr.Key, op, append([]string(nil), expr.Values...)) + if err != nil { + return nil, err + } + requirements = append(requirements, *r) + } + selector := newSelector() + selector = selector.Add(requirements...) + return selector, nil +} + +// NewSelector returns a nil selector +func newSelector() Selector { + return internalSelector(nil) +} + +func validateLabelKey(k string, path *field.Path) *field.Error { + if errs := validation.IsQualifiedName(k); len(errs) != 0 { + return field.Invalid(path, k, strings.Join(errs, "; ")) + } + return nil +} + +// NewRequirement is the constructor for a Requirement. +// If any of these rules is violated, an error is returned: +// (1) The operator can only be In, NotIn, Equals, DoubleEquals, Gt, Lt, NotEquals, Exists, or DoesNotExist. +// (2) If the operator is In or NotIn, the values set must be non-empty. +// (3) If the operator is Equals, DoubleEquals, or NotEquals, the values set must contain one value. +// (4) If the operator is Exists or DoesNotExist, the value set must be empty. +// (5) If the operator is Gt or Lt, the values set must contain only one value, which will be interpreted as an integer. +// (6) The key is invalid due to its length, or sequence +// +// of characters. See validateLabelKey for more details. +// +// The empty string is a valid value in the input values set. +// Returned error, if not nil, is guaranteed to be an aggregated field.ErrorList +func newRequirement(key string, op selection.Operator, vals []string, opts ...field.PathOption) (*Requirement, error) { + var allErrs field.ErrorList + path := field.ToPath(opts...) + if err := validateLabelKey(key, path.Child("key")); err != nil { + allErrs = append(allErrs, err) + } + + valuePath := path.Child("values") + switch op { + case selection.In, selection.NotIn: + if len(vals) == 0 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "for 'in', 'notin' operators, values set can't be empty")) + } + case selection.Equals, selection.DoubleEquals, selection.NotEquals: + if len(vals) != 1 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "exact-match compatibility requires one single value")) + } + case selection.Exists, selection.DoesNotExist: + if len(vals) != 0 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "values set must be empty for exists and does not exist")) + } + case selection.GreaterThan, selection.LessThan: + if len(vals) != 1 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "for 'Gt', 'Lt' operators, exactly one value is required")) + } + for i := range vals { + if _, err := strconv.ParseInt(vals[i], 10, 64); err != nil { + allErrs = append(allErrs, field.Invalid(valuePath.Index(i), vals[i], "for 'Gt', 'Lt' operators, the value must be an integer")) + } + } + default: + allErrs = append(allErrs, field.NotSupported(path.Child("operator"), op, validRequirementOperators)) + } + + return &Requirement{key: key, operator: op, strValues: vals}, allErrs.ToAggregate() +} + +// Requirement contains values, a key, and an operator that relates the key and values. +// The zero value of Requirement is invalid. +// Requirement implements both set based match and exact match +// Requirement should be initialized via NewRequirement constructor for creating a valid Requirement. +// +k8s:deepcopy-gen=true +type Requirement struct { + key string + operator selection.Operator + // In the majority of cases we have at most one value here. + // It is generally faster to operate on a single-element slice + // than on a single-element map, so we have a slice here. + strValues []string +} + +func (r *Requirement) hasValue(value string) bool { + for i := range r.strValues { + if r.strValues[i] == value { + return true + } + } + return false +} + +func (r *Requirement) Matches(ls labels.Labels) bool { + switch r.operator { + case selection.In, selection.Equals, selection.DoubleEquals: + if !ls.Has(r.key) { + return false + } + return r.hasValue(ls.Get(r.key)) + case selection.NotIn, selection.NotEquals: + if !ls.Has(r.key) { + return true + } + return !r.hasValue(ls.Get(r.key)) + case selection.Exists: + return ls.Has(r.key) + case selection.DoesNotExist: + return !ls.Has(r.key) + case selection.GreaterThan, selection.LessThan: + if !ls.Has(r.key) { + return false + } + lsValue, err := strconv.ParseInt(ls.Get(r.key), 10, 64) + if err != nil { + klog.V(10).Infof("ParseInt failed for value %+v in label %+v, %+v", ls.Get(r.key), ls, err) + return false + } + + // There should be only one strValue in r.strValues, and can be converted to an integer. + if len(r.strValues) != 1 { + klog.V(10).Infof("Invalid values count %+v of requirement %#v, for 'Gt', 'Lt' operators, exactly one value is required", len(r.strValues), r) + return false + } + + var rValue int64 + for i := range r.strValues { + rValue, err = strconv.ParseInt(r.strValues[i], 10, 64) + if err != nil { + klog.V(10).Infof("ParseInt failed for value %+v in requirement %#v, for 'Gt', 'Lt' operators, the value must be an integer", r.strValues[i], r) + return false + } + } + return (r.operator == selection.GreaterThan && lsValue > rValue) || (r.operator == selection.LessThan && lsValue < rValue) + default: + return false + } +} diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go index 7a68b334f3ee2..ca0e508858375 100644 --- a/applicationset/utils/utils.go +++ b/applicationset/utils/utils.go @@ -31,7 +31,7 @@ func init() { } type Renderer interface { - RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool) (*argoappsv1.Application, error) + RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*argoappsv1.Application, error) } type Render struct { @@ -50,7 +50,7 @@ func copyUnexported(copy, original reflect.Value) { // This function is in charge of searching all String fields of the object recursively and apply templating // thanks to https://gist.github.com/randallmlough/1fd78ec8a1034916ca52281e3b886dc7 -func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[string]interface{}, useGoTemplate bool) error { +func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) error { switch original.Kind() { // The first cases handle nested structures and translate them recursively // If it is a pointer we need to unwrap and call once again @@ -70,7 +70,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri copyUnexported(copy, original) } // Unwrap the newly created pointer - if err := r.deeplyReplace(copy.Elem(), originalValue, replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy.Elem(), originalValue, replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } @@ -84,7 +84,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri // Create a new object. Now new gives us a pointer, but we want the value it // points to, so we have to call Elem() to unwrap it copyValue := reflect.New(originalValue.Type()).Elem() - if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } copy.Set(copyValue) @@ -105,7 +105,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri } jsonOriginal := reflect.ValueOf(&unmarshaled) jsonCopy := reflect.New(jsonOriginal.Type()).Elem() - err = r.deeplyReplace(jsonCopy, jsonOriginal, replaceMap, useGoTemplate) + err = r.deeplyReplace(jsonCopy, jsonOriginal, replaceMap, useGoTemplate, goTemplateOptions) if err != nil { return fmt.Errorf("failed to deeply replace JSON field contents: %w", err) } @@ -115,7 +115,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri return fmt.Errorf("failed to marshal templated JSON field: %w", err) } copy.Field(i).Set(reflect.ValueOf(data)) - } else if err := r.deeplyReplace(copy.Field(i), original.Field(i), replaceMap, useGoTemplate); err != nil { + } else if err := r.deeplyReplace(copy.Field(i), original.Field(i), replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } } @@ -129,7 +129,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri } for i := 0; i < original.Len(); i += 1 { - if err := r.deeplyReplace(copy.Index(i), original.Index(i), replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy.Index(i), original.Index(i), replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } } @@ -143,19 +143,19 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri } for _, key := range original.MapKeys() { originalValue := original.MapIndex(key) - if originalValue.Kind() != reflect.String && originalValue.IsNil() { + if originalValue.Kind() != reflect.String && isNillable(originalValue) && originalValue.IsNil() { continue } // New gives us a pointer, but again we want the value copyValue := reflect.New(originalValue.Type()).Elem() - if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } // Keys can be templated as well as values (e.g. to template something into an annotation). if key.Kind() == reflect.String { - templatedKey, err := r.Replace(key.String(), replaceMap, useGoTemplate) + templatedKey, err := r.Replace(key.String(), replaceMap, useGoTemplate, goTemplateOptions) if err != nil { return err } @@ -169,7 +169,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri // If it is a string translate it (yay finally we're doing what we came for) case reflect.String: strToTemplate := original.String() - templated, err := r.Replace(strToTemplate, replaceMap, useGoTemplate) + templated, err := r.Replace(strToTemplate, replaceMap, useGoTemplate, goTemplateOptions) if err != nil { return err } @@ -191,7 +191,17 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri return nil } -func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool) (*argoappsv1.Application, error) { +// isNillable returns true if the value is something which may be set to nil. This function is meant to guard against a +// panic from calling IsNil on a non-pointer type. +func isNillable(v reflect.Value) bool { + switch v.Kind() { + case reflect.Map, reflect.Pointer, reflect.UnsafePointer, reflect.Interface, reflect.Slice: + return true + } + return false +} + +func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*argoappsv1.Application, error) { if tmpl == nil { return nil, fmt.Errorf("application template is empty") } @@ -203,7 +213,7 @@ func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy * original := reflect.ValueOf(tmpl) copy := reflect.New(original.Type()).Elem() - if err := r.deeplyReplace(copy, original, params, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy, original, params, useGoTemplate, goTemplateOptions); err != nil { return nil, err } @@ -223,7 +233,7 @@ func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy * return replacedTmpl, nil } -func (r *Render) RenderGeneratorParams(gen *argoappsv1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool) (*argoappsv1.ApplicationSetGenerator, error) { +func (r *Render) RenderGeneratorParams(gen *argoappsv1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*argoappsv1.ApplicationSetGenerator, error) { if gen == nil { return nil, fmt.Errorf("generator is empty") } @@ -235,7 +245,7 @@ func (r *Render) RenderGeneratorParams(gen *argoappsv1.ApplicationSetGenerator, original := reflect.ValueOf(gen) copy := reflect.New(original.Type()).Elem() - if err := r.deeplyReplace(copy, original, params, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy, original, params, useGoTemplate, goTemplateOptions); err != nil { return nil, fmt.Errorf("failed to replace parameters in generator: %w", err) } @@ -248,12 +258,15 @@ var isTemplatedRegex = regexp.MustCompile(".*{{.*}}.*") // Replace executes basic string substitution of a template with replacement values. // remaining in the substituted template. -func (r *Render) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool) (string, error) { +func (r *Render) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { if useGoTemplate { template, err := template.New("").Funcs(sprigFuncMap).Parse(tmpl) if err != nil { return "", fmt.Errorf("failed to parse template %s: %w", tmpl, err) } + for _, option := range goTemplateOptions { + template = template.Option(option) + } var replacedTmplBuffer bytes.Buffer if err = template.Execute(&replacedTmplBuffer, replaceMap); err != nil { diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go index 97e4a69c50908..8e7bfa58d4fa8 100644 --- a/applicationset/utils/utils_test.go +++ b/applicationset/utils/utils_test.go @@ -8,6 +8,7 @@ import ( logtest "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -173,7 +174,7 @@ func TestRenderTemplateParams(t *testing.T) { // Render the cloned application, into a new application render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, test.params, false) + newApplication, err := render.RenderTemplateParams(application, nil, test.params, false, nil) // Retrieve the value of the target field from the newApplication, then verify that // the target field has been templated into the expected value @@ -235,11 +236,12 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { } tests := []struct { - name string - fieldVal string - params map[string]interface{} - expectedVal string - errorMessage string + name string + fieldVal string + params map[string]interface{} + expectedVal string + errorMessage string + templateOptions []string }{ { name: "simple substitution", @@ -422,6 +424,26 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { }, errorMessage: `failed to execute go template {{.data.test}}: template: :1:7: executing "" at <.data.test>: can't evaluate field test in type interface {}`, }, + { + name: "lookup missing value with missingkey=default", + fieldVal: `--> {{.doesnotexist}} <--`, + expectedVal: `--> <--`, + params: map[string]interface{}{ + // if no params are passed then for some reason templating is skipped + "unused": "this is not used", + }, + }, + { + name: "lookup missing value with missingkey=error", + fieldVal: `--> {{.doesnotexist}} <--`, + expectedVal: "", + params: map[string]interface{}{ + // if no params are passed then for some reason templating is skipped + "unused": "this is not used", + }, + templateOptions: []string{"missingkey=error"}, + errorMessage: `failed to execute go template --> {{.doesnotexist}} <--: template: :1:6: executing "" at <.doesnotexist>: map has no entry for key "doesnotexist"`, + }, } for _, test := range tests { @@ -438,7 +460,7 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { // Render the cloned application, into a new application render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, test.params, true) + newApplication, err := render.RenderTemplateParams(application, nil, test.params, true, test.templateOptions) // Retrieve the value of the target field from the newApplication, then verify that // the target field has been templated into the expected value @@ -463,6 +485,34 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { } } +func TestRenderGeneratorParams_does_not_panic(t *testing.T) { + // This test verifies that the RenderGeneratorParams function does not panic when the value in a map is a non- + // nillable type. This is a regression test. + render := Render{} + params := map[string]interface{}{ + "branch": "master", + } + generator := &argoappsv1.ApplicationSetGenerator{ + Plugin: &argoappsv1.PluginGenerator{ + ConfigMapRef: argoappsv1.PluginConfigMapRef{ + Name: "cm-plugin", + }, + Input: argoappsv1.PluginInput{ + Parameters: map[string]apiextensionsv1.JSON{ + "branch": { + Raw: []byte(`"{{.branch}}"`), + }, + "repo": { + Raw: []byte(`"argo-test"`), + }, + }, + }, + }, + } + _, err := render.RenderGeneratorParams(generator, params, true, []string{}) + assert.NoError(t, err) +} + func TestRenderTemplateKeys(t *testing.T) { t.Run("fasttemplate", func(t *testing.T) { application := &argoappsv1.Application{ @@ -479,7 +529,7 @@ func TestRenderTemplateKeys(t *testing.T) { } render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, params, false) + newApplication, err := render.RenderTemplateParams(application, nil, params, false, nil) require.NoError(t, err) require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") @@ -499,7 +549,7 @@ func TestRenderTemplateKeys(t *testing.T) { } render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, params, true) + newApplication, err := render.RenderTemplateParams(application, nil, params, true, nil) require.NoError(t, err) require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") @@ -600,7 +650,7 @@ func TestRenderTemplateParamsFinalizers(t *testing.T) { // Render the cloned application, into a new application render := Render{} - res, err := render.RenderTemplateParams(application, c.syncPolicy, params, true) + res, err := render.RenderTemplateParams(application, c.syncPolicy, params, true, nil) assert.Nil(t, err) assert.ElementsMatch(t, res.Finalizers, c.expectedFinalizers) diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go index 72f6dde38b069..f1dd5b5ebb0eb 100644 --- a/applicationset/webhook/webhook.go +++ b/applicationset/webhook/webhook.go @@ -98,6 +98,7 @@ func (h *WebhookHandler) HandleEvent(payload interface{}) { // check if the ApplicationSet uses any generator that is relevant to the payload shouldRefresh = shouldRefreshGitGenerator(gen.Git, gitGenInfo) || shouldRefreshPRGenerator(gen.PullRequest, prGenInfo) || + shouldRefreshPluginGenerator(gen.Plugin) || h.shouldRefreshMatrixGenerator(gen.Matrix, &appSet, gitGenInfo, prGenInfo) || h.shouldRefreshMergeGenerator(gen.Merge, &appSet, gitGenInfo, prGenInfo) if shouldRefresh { @@ -287,6 +288,10 @@ func shouldRefreshGitGenerator(gen *v1alpha1.GitGenerator, info *gitGeneratorInf return true } +func shouldRefreshPluginGenerator(gen *v1alpha1.PluginGenerator) bool { + return gen != nil +} + func genRevisionHasChanged(gen *v1alpha1.GitGenerator, revision string, touchedHead bool) bool { targetRev := parseRevision(gen.Revision) if targetRev == "HEAD" || targetRev == "" { // revision is head @@ -417,6 +422,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera SCMProvider: g0.SCMProvider, ClusterDecisionResource: g0.ClusterDecisionResource, PullRequest: g0.PullRequest, + Plugin: g0.Plugin, Matrix: matrixGenerator0, Merge: mergeGenerator0, } @@ -471,6 +477,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera SCMProvider: g1.SCMProvider, ClusterDecisionResource: g1.ClusterDecisionResource, PullRequest: g1.PullRequest, + Plugin: g1.Plugin, Matrix: matrixGenerator1, Merge: mergeGenerator1, } @@ -478,7 +485,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera // Interpolate second child generator with params from first child generator, if there are any params if len(params) != 0 { for _, p := range params { - tempInterpolatedGenerator, err := generators.InterpolateGenerator(requestedGenerator1, p, appSet.Spec.GoTemplate) + tempInterpolatedGenerator, err := generators.InterpolateGenerator(requestedGenerator1, p, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) interpolatedGenerator := &tempInterpolatedGenerator if err != nil { log.Error(err) @@ -488,6 +495,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera // Check all interpolated child generators if shouldRefreshGitGenerator(interpolatedGenerator.Git, gitGenInfo) || shouldRefreshPRGenerator(interpolatedGenerator.PullRequest, prGenInfo) || + shouldRefreshPluginGenerator(interpolatedGenerator.Plugin) || h.shouldRefreshMatrixGenerator(interpolatedGenerator.Matrix, appSet, gitGenInfo, prGenInfo) || h.shouldRefreshMergeGenerator(requestedGenerator1.Merge, appSet, gitGenInfo, prGenInfo) { return true @@ -498,6 +506,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera // First child generator didn't return any params, just check the second child generator return shouldRefreshGitGenerator(requestedGenerator1.Git, gitGenInfo) || shouldRefreshPRGenerator(requestedGenerator1.PullRequest, prGenInfo) || + shouldRefreshPluginGenerator(requestedGenerator1.Plugin) || h.shouldRefreshMatrixGenerator(requestedGenerator1.Matrix, appSet, gitGenInfo, prGenInfo) || h.shouldRefreshMergeGenerator(requestedGenerator1.Merge, appSet, gitGenInfo, prGenInfo) } diff --git a/applicationset/webhook/webhook_test.go b/applicationset/webhook/webhook_test.go index d9b64bee0862c..eb36cc1730193 100644 --- a/applicationset/webhook/webhook_test.go +++ b/applicationset/webhook/webhook_test.go @@ -60,7 +60,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "push", payloadFile: "github-commit-event.json", - effectedAppSets: []string{"git-github", "matrix-git-github", "merge-git-github", "matrix-scm-git-github", "matrix-nested-git-github", "merge-nested-git-github"}, + effectedAppSets: []string{"git-github", "matrix-git-github", "merge-git-github", "matrix-scm-git-github", "matrix-nested-git-github", "merge-nested-git-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -69,7 +69,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "push", payloadFile: "github-commit-branch-event.json", - effectedAppSets: []string{"git-github"}, + effectedAppSets: []string{"git-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -78,7 +78,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "ping", payloadFile: "github-ping-event.json", - effectedAppSets: []string{"git-github"}, + effectedAppSets: []string{"git-github", "plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: false, }, @@ -87,7 +87,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Gitlab-Event", headerValue: "Push Hook", payloadFile: "gitlab-event.json", - effectedAppSets: []string{"git-gitlab"}, + effectedAppSets: []string{"git-gitlab", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -96,7 +96,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Random-Event", headerValue: "Push Hook", payloadFile: "gitlab-event.json", - effectedAppSets: []string{"git-gitlab"}, + effectedAppSets: []string{"git-gitlab", "plugin"}, expectedStatusCode: http.StatusBadRequest, expectedRefresh: false, }, @@ -105,7 +105,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Random-Event", headerValue: "Push Hook", payloadFile: "invalid-event.json", - effectedAppSets: []string{"git-gitlab"}, + effectedAppSets: []string{"git-gitlab", "plugin"}, expectedStatusCode: http.StatusBadRequest, expectedRefresh: false, }, @@ -114,7 +114,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "pull_request", payloadFile: "github-pull-request-opened-event.json", - effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github"}, + effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -123,7 +123,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "pull_request", payloadFile: "github-pull-request-assigned-event.json", - effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github"}, + effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: false, }, @@ -132,7 +132,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Gitlab-Event", headerValue: "Merge Request Hook", payloadFile: "gitlab-merge-request-open-event.json", - effectedAppSets: []string{"pull-request-gitlab"}, + effectedAppSets: []string{"pull-request-gitlab", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -141,7 +141,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Gitlab-Event", headerValue: "Merge Request Hook", payloadFile: "gitlab-merge-request-approval-event.json", - effectedAppSets: []string{"pull-request-gitlab"}, + effectedAppSets: []string{"pull-request-gitlab", "plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: false, }, @@ -162,11 +162,13 @@ func TestWebhookHandler(t *testing.T) { fakeAppWithGitGenerator("git-gitlab", namespace, "https://gitlab/group/name"), fakeAppWithGithubPullRequestGenerator("pull-request-github", namespace, "Codertocat", "Hello-World"), fakeAppWithGitlabPullRequestGenerator("pull-request-gitlab", namespace, "100500"), + fakeAppWithPluginGenerator("plugin", namespace), fakeAppWithMatrixAndGitGenerator("matrix-git-github", namespace, "https://github.com/org/repo"), fakeAppWithMatrixAndPullRequestGenerator("matrix-pull-request-github", namespace, "Codertocat", "Hello-World"), fakeAppWithMatrixAndScmWithGitGenerator("matrix-scm-git-github", namespace, "org"), fakeAppWithMatrixAndScmWithPullRequestGenerator("matrix-scm-pull-request-github", namespace, "Codertocat"), fakeAppWithMatrixAndNestedGitGenerator("matrix-nested-git-github", namespace, "https://github.com/org/repo"), + fakeAppWithMatrixAndPullRequestGeneratorWithPluginGenerator("matrix-pull-request-github-plugin", namespace, "Codertocat", "Hello-World", "plugin-cm"), fakeAppWithMergeAndGitGenerator("merge-git-github", namespace, "https://github.com/org/repo"), fakeAppWithMergeAndPullRequestGenerator("merge-pull-request-github", namespace, "Codertocat", "Hello-World"), fakeAppWithMergeAndNestedGitGenerator("merge-nested-git-github", namespace, "https://github.com/org/repo"), @@ -214,6 +216,7 @@ func mockGenerators() map[string]generators.Generator { // generatorMockList := generatorMock{} generatorMockGit := &generatorMock{} generatorMockPR := &generatorMock{} + generatorMockPlugin := &generatorMock{} mockSCMProvider := &scm_provider.MockProvider{ Repos: []*scm_provider.Repository{ { @@ -239,6 +242,7 @@ func mockGenerators() map[string]generators.Generator { "Git": generatorMockGit, "SCMProvider": generatorMockSCM, "PullRequest": generatorMockPR, + "Plugin": generatorMockPlugin, } nestedGenerators := map[string]generators.Generator{ @@ -246,6 +250,7 @@ func mockGenerators() map[string]generators.Generator { "Git": terminalMockGenerators["Git"], "SCMProvider": terminalMockGenerators["SCMProvider"], "PullRequest": terminalMockGenerators["PullRequest"], + "Plugin": terminalMockGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(terminalMockGenerators), "Merge": generators.NewMergeGenerator(terminalMockGenerators), } @@ -255,6 +260,7 @@ func mockGenerators() map[string]generators.Generator { "Git": terminalMockGenerators["Git"], "SCMProvider": terminalMockGenerators["SCMProvider"], "PullRequest": terminalMockGenerators["PullRequest"], + "Plugin": terminalMockGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(nestedGenerators), "Merge": generators.NewMergeGenerator(nestedGenerators), } @@ -592,6 +598,60 @@ func fakeAppWithMergeAndNestedGitGenerator(name, namespace, repo string) *v1alph } } +func fakeAppWithPluginGenerator(name, namespace string) *v1alpha1.ApplicationSet { + return &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Plugin: &v1alpha1.PluginGenerator{ + ConfigMapRef: v1alpha1.PluginConfigMapRef{ + Name: "test", + }, + }, + }, + }, + }, + } +} + +func fakeAppWithMatrixAndPullRequestGeneratorWithPluginGenerator(name, namespace, owner, repo, configmapName string) *v1alpha1.ApplicationSet { + return &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Matrix: &v1alpha1.MatrixGenerator{ + Generators: []v1alpha1.ApplicationSetNestedGenerator{ + { + PullRequest: &v1alpha1.PullRequestGenerator{ + Github: &v1alpha1.PullRequestGeneratorGithub{ + Owner: owner, + Repo: repo, + }, + }, + }, + { + Plugin: &v1alpha1.PluginGenerator{ + ConfigMapRef: v1alpha1.PluginConfigMapRef{ + Name: configmapName, + }, + }, + }, + }, + }, + }, + }, + }, + } +} + func newFakeClient(ns string) *kubefake.Clientset { s := runtime.NewScheme() s.AddKnownTypes(v1alpha1.SchemeGroupVersion, &v1alpha1.ApplicationSet{}) diff --git a/assets/swagger.json b/assets/swagger.json index 7e7901fc01a61..62d3ca354eae1 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -1778,6 +1778,12 @@ "description": "the selector to restrict returned list to applications only with matched labels.", "name": "selector", "in": "query" + }, + { + "type": "string", + "description": "The application set namespace. Default empty is argocd control plane namespace.", + "name": "appsetNamespace", + "in": "query" } ], "responses": { @@ -1846,6 +1852,12 @@ "name": "name", "in": "path", "required": true + }, + { + "type": "string", + "description": "The application set namespace. Default empty is argocd control plane namespace.", + "name": "appsetNamespace", + "in": "query" } ], "responses": { @@ -1875,6 +1887,12 @@ "name": "name", "in": "path", "required": true + }, + { + "type": "string", + "description": "The application set namespace. Default empty is argocd control plane namespace.", + "name": "appsetNamespace", + "in": "query" } ], "responses": { @@ -4367,6 +4385,7 @@ "type": "boolean" }, "configManagementPlugins": { + "description": "Deprecated: use sidecar plugins instead.", "type": "array", "items": { "$ref": "#/definitions/v1alpha1ConfigManagementPlugin" @@ -4952,6 +4971,17 @@ } } }, + "runtimeRawExtension": { + "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned\nstruct, and Object in your internal struct. You also need to register your\nvarious plugin types.\n\n// Internal package:\ntype MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n}\ntype PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External package:\ntype MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n}\ntype PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something like this:\n{\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into\nyour external MyAPIObject. That causes the raw JSON to be stored, but not unpacked.\nThe next step is to copy (using pkg/conversion) into the internal struct. The runtime\npackage's DefaultScheme has conversion functions installed which will unpack the\nJSON stored in RawExtension, turning it into the correct object type, and storing it\nin the Object. (TODO: In the case where the object is of an unknown type, a\nruntime.Unknown object will be created and stored.)\n\n+k8s:deepcopy-gen=true\n+protobuf=true\n+k8s:openapi-gen=true", + "type": "object", + "properties": { + "raw": { + "description": "Raw is the underlying serialization of this object.\n\nTODO: Determine how to detect ContentType and ContentEncoding of 'Raw' data.", + "type": "string", + "format": "byte" + } + } + }, "runtimeStreamError": { "type": "object", "properties": { @@ -5848,6 +5878,9 @@ "merge": { "$ref": "#/definitions/v1alpha1MergeGenerator" }, + "plugin": { + "$ref": "#/definitions/v1alpha1PluginGenerator" + }, "pullRequest": { "$ref": "#/definitions/v1alpha1PullRequestGenerator" }, @@ -5896,6 +5929,9 @@ "merge": { "$ref": "#/definitions/v1JSON" }, + "plugin": { + "$ref": "#/definitions/v1alpha1PluginGenerator" + }, "pullRequest": { "$ref": "#/definitions/v1alpha1PullRequestGenerator" }, @@ -5936,6 +5972,10 @@ "description": "ApplicationSetSpec represents a class of application set state.", "type": "object", "properties": { + "applyNestedSelectors": { + "type": "boolean", + "title": "ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators" + }, "generators": { "type": "array", "items": { @@ -5945,6 +5985,12 @@ "goTemplate": { "type": "boolean" }, + "goTemplateOptions": { + "type": "array", + "items": { + "type": "string" + } + }, "preservedFields": { "$ref": "#/definitions/v1alpha1ApplicationPreservedFields" }, @@ -5994,6 +6040,10 @@ "description": "ApplicationSetSyncPolicy configures how generated Applications will relate to their\nApplicationSet.", "type": "object", "properties": { + "applicationsSync": { + "type": "string", + "title": "ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync\n+kubebuilder:validation:Optional\n+kubebuilder:validation:Enum=create-only;create-update;create-delete;sync" + }, "preserveResourcesOnDeletion": { "description": "PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted.", "type": "boolean" @@ -6144,7 +6194,10 @@ }, "values": { "type": "string", - "title": "Values specifies Helm values to be passed to helm template, typically defined as a block" + "title": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.\n+patchStrategy=replace" + }, + "valuesObject": { + "$ref": "#/definitions/runtimeRawExtension" }, "version": { "type": "string", @@ -6345,6 +6398,10 @@ "$ref": "#/definitions/v1alpha1ApplicationCondition" } }, + "controllerNamespace": { + "type": "string", + "title": "ControllerNamespace indicates the namespace in which the application controller is located" + }, "health": { "$ref": "#/definitions/v1alpha1HealthStatus" }, @@ -6485,6 +6542,15 @@ } } }, + "v1alpha1BearerTokenBitbucketCloud": { + "description": "BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.", + "type": "object", + "properties": { + "tokenRef": { + "$ref": "#/definitions/v1alpha1SecretRef" + } + } + }, "v1alpha1ChartDetails": { "type": "object", "title": "ChartDetails contains helm chart metadata for a specific version", @@ -6859,6 +6925,13 @@ }, "template": { "$ref": "#/definitions/v1alpha1ApplicationSetTemplate" + }, + "values": { + "type": "object", + "title": "Values contains key/value pairs which are passed directly as parameters to the template", + "additionalProperties": { + "type": "string" + } } } }, @@ -7296,6 +7369,54 @@ } } }, + "v1alpha1PluginConfigMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string", + "title": "Name of the ConfigMap" + } + } + }, + "v1alpha1PluginGenerator": { + "description": "PluginGenerator defines connection info specific to Plugin.", + "type": "object", + "properties": { + "configMapRef": { + "$ref": "#/definitions/v1alpha1PluginConfigMapRef" + }, + "input": { + "$ref": "#/definitions/v1alpha1PluginInput" + }, + "requeueAfterSeconds": { + "description": "RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again.", + "type": "string", + "format": "int64" + }, + "template": { + "$ref": "#/definitions/v1alpha1ApplicationSetTemplate" + }, + "values": { + "description": "Values contains key/value pairs which are passed directly as parameters to the template. These values will not be\nsent as parameters to the plugin.", + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + }, + "v1alpha1PluginInput": { + "type": "object", + "properties": { + "parameters": { + "description": "Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the\nvalues can be any type.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/v1JSON" + } + } + } + }, "v1alpha1ProjectRole": { "type": "object", "title": "ProjectRole represents a role that has access to a project", @@ -7335,6 +7456,12 @@ "description": "PullRequestGenerator defines a generator that scrapes a PullRequest API to find candidate pull requests.", "type": "object", "properties": { + "azuredevops": { + "$ref": "#/definitions/v1alpha1PullRequestGeneratorAzureDevOps" + }, + "bitbucket": { + "$ref": "#/definitions/v1alpha1PullRequestGeneratorBitbucket" + }, "bitbucketServer": { "$ref": "#/definitions/v1alpha1PullRequestGeneratorBitbucketServer" }, @@ -7364,8 +7491,64 @@ } } }, + "v1alpha1PullRequestGeneratorAzureDevOps": { + "description": "PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps.", + "type": "object", + "properties": { + "api": { + "description": "The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/.", + "type": "string" + }, + "labels": { + "type": "array", + "title": "Labels is used to filter the PRs that you want to target", + "items": { + "type": "string" + } + }, + "organization": { + "description": "Azure DevOps org to scan. Required.", + "type": "string" + }, + "project": { + "description": "Azure DevOps project name to scan. Required.", + "type": "string" + }, + "repo": { + "description": "Azure DevOps repo name to scan. Required.", + "type": "string" + }, + "tokenRef": { + "$ref": "#/definitions/v1alpha1SecretRef" + } + } + }, + "v1alpha1PullRequestGeneratorBitbucket": { + "description": "PullRequestGeneratorBitbucket defines connection info specific to Bitbucket.", + "type": "object", + "properties": { + "api": { + "description": "The Bitbucket REST API URL to talk to. If blank, uses https://api.bitbucket.org/2.0.", + "type": "string" + }, + "basicAuth": { + "$ref": "#/definitions/v1alpha1BasicAuthBitbucketServer" + }, + "bearerToken": { + "$ref": "#/definitions/v1alpha1BearerTokenBitbucketCloud" + }, + "owner": { + "description": "Workspace to scan. Required.", + "type": "string" + }, + "repo": { + "description": "Repo name to scan. Required.", + "type": "string" + } + } + }, "v1alpha1PullRequestGeneratorBitbucketServer": { - "description": "PullRequestGenerator defines connection info specific to BitbucketServer.", + "description": "PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer.", "type": "object", "properties": { "api": { @@ -7391,6 +7574,9 @@ "properties": { "branchMatch": { "type": "string" + }, + "targetBranchMatch": { + "type": "string" } } }, @@ -7423,7 +7609,7 @@ } }, "v1alpha1PullRequestGeneratorGitea": { - "description": "PullRequestGenerator defines connection info specific to Gitea.", + "description": "PullRequestGeneratorGitea defines connection info specific to Gitea.", "type": "object", "properties": { "api": { @@ -7924,6 +8110,9 @@ "ignoreDifferences": { "$ref": "#/definitions/v1alpha1OverrideIgnoreDiff" }, + "ignoreResourceUpdates": { + "$ref": "#/definitions/v1alpha1OverrideIgnoreDiff" + }, "knownTypeFields": { "type": "array", "items": { @@ -8126,6 +8315,9 @@ "description": "SCMProviderGenerator defines a generator that scrapes a SCMaaS API to find candidate repos.", "type": "object", "properties": { + "awsCodeCommit": { + "$ref": "#/definitions/v1alpha1SCMProviderGeneratorAWSCodeCommit" + }, "azureDevOps": { "$ref": "#/definitions/v1alpha1SCMProviderGeneratorAzureDevOps" }, @@ -8162,6 +8354,38 @@ }, "template": { "$ref": "#/definitions/v1alpha1ApplicationSetTemplate" + }, + "values": { + "type": "object", + "title": "Values contains key/value pairs which are passed directly as parameters to the template", + "additionalProperties": { + "type": "string" + } + } + } + }, + "v1alpha1SCMProviderGeneratorAWSCodeCommit": { + "description": "SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit.", + "type": "object", + "properties": { + "allBranches": { + "description": "Scan all branches instead of just the default branch.", + "type": "boolean" + }, + "region": { + "description": "Region provides the AWS region to discover repos.\nif not provided, AppSet controller will infer the current region from environment.", + "type": "string" + }, + "role": { + "description": "Role provides the AWS IAM role to assume, for cross-account repo discovery\nif not provided, AppSet controller will use its pod/node identity to discover.", + "type": "string" + }, + "tagFilters": { + "type": "array", + "title": "TagFilters provides the tag filter(s) for repo discovery", + "items": { + "$ref": "#/definitions/v1alpha1TagFilter" + } } } }, @@ -8646,6 +8870,17 @@ } } }, + "v1alpha1TagFilter": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "versionVersionMessage": { "type": "object", "title": "VersionMessage represents version of the Argo CD API server", diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index 597cfd0e33495..ab88d4ccbdf93 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -23,6 +23,7 @@ import ( cacheutil "github.com/argoproj/argo-cd/v2/util/cache" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/cli" + "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/argo-cd/v2/util/errors" kubeutil "github.com/argoproj/argo-cd/v2/util/kube" @@ -62,6 +63,7 @@ func NewCommand() *cobra.Command { otlpAddress string applicationNamespaces []string persistResourceHealth bool + shardingAlgorithm string ) var command = cobra.Command{ Use: cliName, @@ -134,7 +136,7 @@ func NewCommand() *cobra.Command { appController.InvalidateProjectsCache() })) kubectl := kubeutil.NewKubectl() - clusterFilter := getClusterFilter() + clusterFilter := getClusterFilter(kubeClient, settingsMgr, shardingAlgorithm) appController, err = controller.NewApplicationController( namespace, settingsMgr, @@ -152,7 +154,8 @@ func NewCommand() *cobra.Command { kubectlParallelismLimit, persistResourceHealth, clusterFilter, - applicationNamespaces) + applicationNamespaces, + ) errors.CheckError(err) cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer()) @@ -195,13 +198,14 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces that applications are allowed to be reconciled from") command.Flags().BoolVar(&persistResourceHealth, "persist-resource-health", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH", true), "Enables storing the managed resources health in the Application CRD") + command.Flags().StringVar(&shardingAlgorithm, "sharding-method", env.StringFromEnv(common.EnvControllerShardingAlgorithm, common.DefaultShardingAlgorithm), "Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] ") cacheSrc = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) { redisClient = client }) return &command } -func getClusterFilter() func(cluster *v1alpha1.Cluster) bool { +func getClusterFilter(kubeClient *kubernetes.Clientset, settingsMgr *settings.SettingsManager, shardingAlgorithm string) sharding.ClusterFilterFunction { replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) shard := env.ParseNumFromEnv(common.EnvControllerShard, -1, -math.MaxInt32, math.MaxInt32) var clusterFilter func(cluster *v1alpha1.Cluster) bool @@ -212,7 +216,10 @@ func getClusterFilter() func(cluster *v1alpha1.Cluster) bool { errors.CheckError(err) } log.Infof("Processing clusters from shard %d", shard) - clusterFilter = sharding.GetClusterFilter(replicas, shard) + db := db.NewDB(settingsMgr.GetNamespace(), settingsMgr, kubeClient) + log.Infof("Using filter function: %s", shardingAlgorithm) + distributionFunction := sharding.GetDistributionFunction(db, shardingAlgorithm) + clusterFilter = sharding.GetClusterFilter(distributionFunction, shard) } else { log.Info("Processing all cluster shards") } diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index 741e9b4349cdd..368328ecd8ca7 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -7,12 +7,12 @@ import ( "os" "time" - "github.com/argoproj/argo-cd/v2/reposerver/apiclient" - "github.com/argoproj/argo-cd/v2/util/tls" "github.com/argoproj/pkg/stats" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/cache" + + "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + "github.com/argoproj/argo-cd/v2/util/tls" "github.com/argoproj/argo-cd/v2/applicationset/controllers" "github.com/argoproj/argo-cd/v2/applicationset/generators" @@ -52,12 +52,14 @@ func NewCommand() *cobra.Command { probeBindAddr string webhookAddr string enableLeaderElection bool - namespace string + applicationSetNamespaces []string argocdRepoServer string policy string + enablePolicyOverride bool debugLog bool dryRun bool enableProgressiveSyncs bool + enableNewGitFileGlobbing bool repoServerPlaintext bool repoServerStrictTLS bool repoServerTimeoutSeconds int @@ -74,6 +76,8 @@ func NewCommand() *cobra.Command { vers := common.GetVersion() namespace, _, err := clientConfig.Namespace() + applicationSetNamespaces = append(applicationSetNamespaces, namespace) + errors.CheckError(err) vers.LogStartupInfo( "ArgoCD ApplicationSet Controller", @@ -92,23 +96,29 @@ func NewCommand() *cobra.Command { policyObj, exists := utils.Policies[policy] if !exists { - log.Info("Policy value can be: sync, create-only, create-update, create-delete") + log.Info("Policy value can be: sync, create-only, create-update, create-delete, default value: sync") os.Exit(1) } + // By default watch all namespace + var watchedNamespace string = "" + + // If the applicationset-namespaces contains only one namespace it corresponds to the current namespace + if len(applicationSetNamespaces) == 1 { + watchedNamespace = (applicationSetNamespaces)[0] + } + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - // Our cache and thus watches and client queries are restricted to the namespace we're running in. This assumes - // the applicationset controller is in the same namespace as argocd, which should be the same namespace of - // all cluster Secrets and Applications we interact with. - NewCache: cache.MultiNamespacedCacheBuilder([]string{namespace}), + Scheme: scheme, + MetricsBindAddress: metricsAddr, + Namespace: watchedNamespace, HealthProbeBindAddress: probeBindAddr, Port: 9443, LeaderElection: enableLeaderElection, LeaderElectionID: "58ac56fa.applicationsets.argoproj.io", DryRunClient: dryRun, }) + if err != nil { log.Error(err, "unable to start manager") os.Exit(1) @@ -141,7 +151,7 @@ func NewCommand() *cobra.Command { } repoClientset := apiclient.NewRepoServerClientset(argocdRepoServer, repoServerTimeoutSeconds, tlsConfig) - argoCDService, err := services.NewArgoCDService(argoCDDB, getSubmoduleEnabled(), repoClientset) + argoCDService, err := services.NewArgoCDService(argoCDDB, getSubmoduleEnabled(), repoClientset, enableNewGitFileGlobbing) errors.CheckError(err) terminalGenerators := map[string]generators.Generator{ @@ -151,6 +161,7 @@ func NewCommand() *cobra.Command { "SCMProvider": generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth), "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace), "PullRequest": generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth), + "Plugin": generators.NewPluginGenerator(mgr.GetClient(), ctx, k8sClient, namespace), } nestedGenerators := map[string]generators.Generator{ @@ -160,6 +171,7 @@ func NewCommand() *cobra.Command { "SCMProvider": terminalGenerators["SCMProvider"], "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(terminalGenerators), "Merge": generators.NewMergeGenerator(terminalGenerators), } @@ -171,6 +183,7 @@ func NewCommand() *cobra.Command { "SCMProvider": terminalGenerators["SCMProvider"], "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(nestedGenerators), "Merge": generators.NewMergeGenerator(nestedGenerators), } @@ -185,16 +198,19 @@ func NewCommand() *cobra.Command { } if err = (&controllers.ApplicationSetReconciler{ - Generators: topLevelGenerators, - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - Recorder: mgr.GetEventRecorderFor("applicationset-controller"), - Renderer: &utils.Render{}, - Policy: policyObj, - ArgoAppClientset: appSetConfig, - KubeClientset: k8sClient, - ArgoDB: argoCDDB, - EnableProgressiveSyncs: enableProgressiveSyncs, + Generators: topLevelGenerators, + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Recorder: mgr.GetEventRecorderFor("applicationset-controller"), + Renderer: &utils.Render{}, + Policy: policyObj, + EnablePolicyOverride: enablePolicyOverride, + ArgoAppClientset: appSetConfig, + KubeClientset: k8sClient, + ArgoDB: argoCDDB, + ArgoCDNamespace: namespace, + ApplicationSetNamespaces: applicationSetNamespaces, + EnableProgressiveSyncs: enableProgressiveSyncs, }).SetupWithManager(mgr, enableProgressiveSyncs, maxConcurrentReconciliations); err != nil { log.Error(err, "unable to create controller", "controller", "ApplicationSet") os.Exit(1) @@ -216,14 +232,16 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&enableLeaderElection, "enable-leader-election", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION", false), "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") - command.Flags().StringVar(&namespace, "namespace", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE", ""), "Argo CD repo namespace (default: argocd)") + command.Flags().StringSliceVar(&applicationSetNamespaces, "applicationset-namespaces", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES", []string{}, ","), "Argo CD applicationset namespaces") command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER", common.DefaultRepoServerAddr), "Argo CD repo server address") - command.Flags().StringVar(&policy, "policy", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_POLICY", "sync"), "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)") + command.Flags().StringVar(&policy, "policy", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_POLICY", ""), "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)") + command.Flags().BoolVar(&enablePolicyOverride, "enable-policy-override", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE", policy == ""), "For security reason if 'policy' is set, it is not possible to override it at applicationSet level. 'allow-policy-override' allows user to define their own policy") command.Flags().BoolVar(&debugLog, "debug", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG", false), "Print debug logs. Takes precedence over loglevel") command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().BoolVar(&dryRun, "dry-run", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN", false), "Enable dry run mode") command.Flags().BoolVar(&enableProgressiveSyncs, "enable-progressive-syncs", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS", false), "Enable use of the experimental progressive syncs feature.") + command.Flags().BoolVar(&enableNewGitFileGlobbing, "enable-new-git-file-globbing", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING", false), "Enable new globbing in Git files generator.") command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server") command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server") command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.") diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go index f9494ea966313..15675e7af376b 100644 --- a/cmd/argocd-notification/commands/controller.go +++ b/cmd/argocd-notification/commands/controller.go @@ -153,8 +153,8 @@ func NewCommand() *cobra.Command { command.Flags().IntVar(&processorsCount, "processors-count", 1, "Processors count.") command.Flags().StringVar(&appLabelSelector, "app-label-selector", "", "App label selector.") command.Flags().StringVar(&namespace, "namespace", "", "Namespace which controller handles. Current namespace if empty.") - command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") - command.Flags().StringVar(&logFormat, "logformat", "text", "Set the logging format. One of: text|json") + command.Flags().StringVar(&logLevel, "loglevel", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") + command.Flags().StringVar(&logFormat, "logformat", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port") command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address") command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server") diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go index bf6a8840f2b17..c62df8043173a 100644 --- a/cmd/argocd-repo-server/commands/argocd_repo_server.go +++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go @@ -5,7 +5,6 @@ import ( "math" "net" "net/http" - "os" "time" "github.com/argoproj/pkg/stats" @@ -45,11 +44,7 @@ const ( ) func getGnuPGSourcePath() string { - if path := os.Getenv("ARGOCD_GPG_DATA_PATH"); path != "" { - return path - } else { - return gnuPGSourcePath - } + return env.StringFromEnv(common.EnvGPGDataPath, gnuPGSourcePath) } func getPauseGenerationAfterFailedGenerationAttempts() int { @@ -72,7 +67,9 @@ func NewCommand() *cobra.Command { var ( parallelismLimit int64 listenPort int + listenHost string metricsPort int + metricsHost string otlpAddress string cacheSrc func() (*reposervercache.Cache, error) tlsConfigCustomizer tls.ConfigCustomizer @@ -150,7 +147,7 @@ func NewCommand() *cobra.Command { } grpc := server.CreateGRPC() - listener, err := net.Listen("tcp", fmt.Sprintf(":%d", listenPort)) + listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", listenHost, listenPort)) errors.CheckError(err) healthz.ServeHealthCheck(http.DefaultServeMux, func(r *http.Request) error { @@ -176,7 +173,7 @@ func NewCommand() *cobra.Command { return nil }) http.Handle("/metrics", metricsServer.GetHandler()) - go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf(":%d", metricsPort), nil)) }() + go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf("%s:%d", metricsHost, metricsPort), nil)) }() go func() { errors.CheckError(askPassServer.Run(askpass.SocketPath)) }() if gpg.IsGPGEnabled() { @@ -201,13 +198,12 @@ func NewCommand() *cobra.Command { return nil }, } - if cmdutil.LogFormat == "" { - cmdutil.LogFormat = os.Getenv("ARGOCD_REPO_SERVER_LOGLEVEL") - } command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().Int64Var(¶llelismLimit, "parallelismlimit", int64(env.ParseNumFromEnv("ARGOCD_REPO_SERVER_PARALLELISM_LIMIT", 0, 0, math.MaxInt32)), "Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.") + command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_REPO_SERVER_LISTEN_ADDRESS", common.DefaultAddressRepoServer), "Listen on given address for incoming connections") command.Flags().IntVar(&listenPort, "port", common.DefaultPortRepoServer, "Listen on given port for incoming connections") + command.Flags().StringVar(&metricsHost, "metrics-address", env.StringFromEnv("ARGOCD_REPO_SERVER_METRICS_LISTEN_ADDRESS", common.DefaultAddressRepoServerMetrics), "Listen on given address for metrics") command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortRepoServerMetrics, "Start metrics server on given port") command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_REPO_SERVER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().BoolVar(&disableTLS, "disable-tls", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_TLS", false), "Disable TLS on the gRPC endpoint") diff --git a/cmd/argocd-server/commands/argocd_server.go b/cmd/argocd-server/commands/argocd_server.go index 76c93c678bead..b9ef17a79c832 100644 --- a/cmd/argocd-server/commands/argocd_server.go +++ b/cmd/argocd-server/commands/argocd_server.go @@ -49,7 +49,9 @@ func NewCommand() *cobra.Command { var ( redisClient *redis.Client insecure bool + listenHost string listenPort int + metricsHost string metricsPort int otlpAddress string glogLevel int @@ -167,7 +169,9 @@ func NewCommand() *cobra.Command { argoCDOpts := server.ArgoCDServerOpts{ Insecure: insecure, ListenPort: listenPort, + ListenHost: listenHost, MetricsPort: metricsPort, + MetricsHost: metricsHost, Namespace: namespace, BaseHRef: baseHRef, RootPath: rootPath, @@ -224,9 +228,11 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&repoServerAddress, "repo-server", env.StringFromEnv("ARGOCD_SERVER_REPO_SERVER", common.DefaultRepoServerAddr), "Repo server address") command.Flags().StringVar(&dexServerAddress, "dex-server", env.StringFromEnv("ARGOCD_SERVER_DEX_SERVER", common.DefaultDexServerAddr), "Dex server address") command.Flags().BoolVar(&disableAuth, "disable-auth", env.ParseBoolFromEnv("ARGOCD_SERVER_DISABLE_AUTH", false), "Disable client authentication") - command.Flags().BoolVar(&enableGZip, "enable-gzip", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_GZIP", false), "Enable GZIP compression") + command.Flags().BoolVar(&enableGZip, "enable-gzip", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_GZIP", true), "Enable GZIP compression") command.AddCommand(cli.NewVersionCmd(cliName)) + command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_SERVER_LISTEN_ADDRESS", common.DefaultAddressAPIServer), "Listen on given address") command.Flags().IntVar(&listenPort, "port", common.DefaultPortAPIServer, "Listen on given port") + command.Flags().StringVar(&metricsHost, env.StringFromEnv("ARGOCD_SERVER_METRICS_LISTEN_ADDRESS", "metrics-address"), common.DefaultAddressAPIServerMetrics, "Listen for metrics on given address") command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDAPIServerMetrics, "Start metrics on given port") command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_SERVER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.") diff --git a/cmd/argocd/commands/account.go b/cmd/argocd/commands/account.go index 3dced8ce67c45..2f73dd796f89f 100644 --- a/cmd/argocd/commands/account.go +++ b/cmd/argocd/commands/account.go @@ -130,9 +130,9 @@ has appropriate RBAC permissions to change other accounts. }, } - command.Flags().StringVar(¤tPassword, "current-password", "", "password of the currently logged on user") - command.Flags().StringVar(&newPassword, "new-password", "", "new password you want to update to") - command.Flags().StringVar(&account, "account", "", "an account name that should be updated. Defaults to current user account") + command.Flags().StringVar(¤tPassword, "current-password", "", "Password of the currently logged on user") + command.Flags().StringVar(&newPassword, "new-password", "", "New password you want to update to") + command.Flags().StringVar(&account, "account", "", "An account name that should be updated. Defaults to current user account") return command } diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index dd5833a21b048..52b33fcc8d5ae 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -19,6 +19,7 @@ import ( "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" + "k8s.io/utils/pointer" cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" "github.com/argoproj/argo-cd/v2/common" @@ -115,10 +116,13 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie } batch := clustersList.Items[batchStart:batchEnd] _ = kube.RunAllAsync(len(batch), func(i int) error { - cluster := batch[i] clusterShard := 0 + cluster := batch[i] if replicas > 0 { - clusterShard = sharding.GetShardByID(cluster.ID, replicas) + distributionFunction := sharding.GetDistributionFunction(argoDB, common.DefaultShardingAlgorithm) + distributionFunction(&cluster) + cluster.Shard = pointer.Int64Ptr(int64(clusterShard)) + log.Infof("Cluster with uid: %s will be processed by shard %d", cluster.ID, clusterShard) } if shard != -1 && clusterShard != shard { diff --git a/cmd/argocd/commands/admin/dashboard.go b/cmd/argocd/commands/admin/dashboard.go index 46c81a5385c9e..52a14a42d7a63 100644 --- a/cmd/argocd/commands/admin/dashboard.go +++ b/cmd/argocd/commands/admin/dashboard.go @@ -35,7 +35,7 @@ func NewDashboardCommand() *cobra.Command { } initialize.InitCommand(cmd) cmd.Flags().IntVar(&port, "port", common.DefaultPortAPIServer, "Listen on given port") - cmd.Flags().StringVar(&address, "address", common.DefaultAddressAPIServer, "Listen on given address") + cmd.Flags().StringVar(&address, "address", common.DefaultAddressAdminDashboard, "Listen on given address") cmd.Flags().StringVar(&compressionStr, "redis-compress", env.StringFromEnv("REDIS_COMPRESSION", string(cache.RedisCompressionGZip)), "Enable this if the application controller is configured with redis compression enabled. (possible values: gzip, none)") return cmd } diff --git a/cmd/argocd/commands/admin/settings.go b/cmd/argocd/commands/admin/settings.go index 3a3f04ecc5fb5..795f82a1192ab 100644 --- a/cmd/argocd/commands/admin/settings.go +++ b/cmd/argocd/commands/admin/settings.go @@ -233,13 +233,6 @@ var validatorsByGroup = map[string]settingValidator{ _, err := manager.GetGoogleAnalytics() return "", err }), - "plugins": func(manager *settings.SettingsManager) (string, error) { - plugins, err := manager.GetConfigManagementPlugins() - if err != nil { - return "", err - } - return fmt.Sprintf("%d plugins", len(plugins)), nil - }, "kustomize": func(manager *settings.SettingsManager) (string, error) { opts, err := manager.GetKustomizeSettings() if err != nil { @@ -356,6 +349,7 @@ func NewResourceOverridesCommand(cmdCtx commandContext) *cobra.Command { }, } command.AddCommand(NewResourceIgnoreDifferencesCommand(cmdCtx)) + command.AddCommand(NewResourceIgnoreResourceUpdatesCommand(cmdCtx)) command.AddCommand(NewResourceActionListCommand(cmdCtx)) command.AddCommand(NewResourceActionRunCommand(cmdCtx)) command.AddCommand(NewResourceHealthCommand(cmdCtx)) @@ -387,6 +381,31 @@ func executeResourceOverrideCommand(ctx context.Context, cmdCtx commandContext, callback(res, override, overrides) } +func executeIgnoreResourceUpdatesOverrideCommand(ctx context.Context, cmdCtx commandContext, args []string, callback func(res unstructured.Unstructured, override v1alpha1.ResourceOverride, overrides map[string]v1alpha1.ResourceOverride)) { + data, err := os.ReadFile(args[0]) + errors.CheckError(err) + + res := unstructured.Unstructured{} + errors.CheckError(yaml.Unmarshal(data, &res)) + + settingsManager, err := cmdCtx.createSettingsManager(ctx) + errors.CheckError(err) + + overrides, err := settingsManager.GetIgnoreResourceUpdatesOverrides() + errors.CheckError(err) + gvk := res.GroupVersionKind() + key := gvk.Kind + if gvk.Group != "" { + key = fmt.Sprintf("%s/%s", gvk.Group, gvk.Kind) + } + override, hasOverride := overrides[key] + if !hasOverride { + _, _ = fmt.Printf("No overrides configured for '%s/%s'\n", gvk.Group, gvk.Kind) + return + } + callback(res, override, overrides) +} + func NewResourceIgnoreDifferencesCommand(cmdCtx commandContext) *cobra.Command { var command = &cobra.Command{ Use: "ignore-differences RESOURCE_YAML_PATH", @@ -437,6 +456,52 @@ argocd admin settings resource-overrides ignore-differences ./deploy.yaml --argo return command } +func NewResourceIgnoreResourceUpdatesCommand(cmdCtx commandContext) *cobra.Command { + var command = &cobra.Command{ + Use: "ignore-resource-updates RESOURCE_YAML_PATH", + Short: "Renders fields excluded from resource updates", + Long: "Renders ignored fields using the 'ignoreResourceUpdates' setting specified in the 'resource.customizations' field of 'argocd-cm' ConfigMap", + Example: ` +argocd admin settings resource-overrides ignore-resource-updates ./deploy.yaml --argocd-cm-path ./argocd-cm.yaml`, + Run: func(c *cobra.Command, args []string) { + ctx := c.Context() + + if len(args) < 1 { + c.HelpFunc()(c, args) + os.Exit(1) + } + + executeIgnoreResourceUpdatesOverrideCommand(ctx, cmdCtx, args, func(res unstructured.Unstructured, override v1alpha1.ResourceOverride, overrides map[string]v1alpha1.ResourceOverride) { + gvk := res.GroupVersionKind() + if len(override.IgnoreResourceUpdates.JSONPointers) == 0 && len(override.IgnoreResourceUpdates.JQPathExpressions) == 0 { + _, _ = fmt.Printf("Ignore resource updates are not configured for '%s/%s'\n", gvk.Group, gvk.Kind) + return + } + + normalizer, err := normalizers.NewIgnoreNormalizer(nil, overrides) + errors.CheckError(err) + + normalizedRes := res.DeepCopy() + logs := collectLogs(func() { + errors.CheckError(normalizer.Normalize(normalizedRes)) + }) + if logs != "" { + _, _ = fmt.Println(logs) + } + + if reflect.DeepEqual(&res, normalizedRes) { + _, _ = fmt.Printf("No fields are ignored by ignoreResourceUpdates settings: \n%s\n", override.IgnoreResourceUpdates) + return + } + + _, _ = fmt.Printf("Following fields are ignored:\n\n") + _ = cli.PrintDiff(res.GetName(), &res, normalizedRes) + }) + }, + } + return command +} + func NewResourceHealthCommand(cmdCtx commandContext) *cobra.Command { var command = &cobra.Command{ Use: "health RESOURCE_YAML_PATH", @@ -545,13 +610,26 @@ argocd admin settings resource-overrides action run /tmp/deploy.yaml restart --a modifiedRes, err := luaVM.ExecuteResourceAction(&res, action.ActionLua) errors.CheckError(err) - if reflect.DeepEqual(&res, modifiedRes) { - _, _ = fmt.Printf("No fields had been changed by action: \n%s\n", action.Name) - return + for _, impactedResource := range modifiedRes { + result := impactedResource.UnstructuredObj + switch impactedResource.K8SOperation { + // No default case since a not supported operation would have failed upon unmarshaling earlier + case lua.PatchOperation: + if reflect.DeepEqual(&res, modifiedRes) { + _, _ = fmt.Printf("No fields had been changed by action: \n%s\n", action.Name) + return + } + + _, _ = fmt.Printf("Following fields have been changed:\n\n") + _ = cli.PrintDiff(res.GetName(), &res, result) + case lua.CreateOperation: + yamlBytes, err := yaml.Marshal(impactedResource.UnstructuredObj) + errors.CheckError(err) + fmt.Println("Following resource was created:") + fmt.Println(bytes.NewBuffer(yamlBytes).String()) + } } - _, _ = fmt.Printf("Following fields have been changed:\n\n") - _ = cli.PrintDiff(res.GetName(), &res, modifiedRes) }) }, } diff --git a/cmd/argocd/commands/admin/settings_rbac.go b/cmd/argocd/commands/admin/settings_rbac.go index 3b458c6f88f16..6164aa910a6e4 100644 --- a/cmd/argocd/commands/admin/settings_rbac.go +++ b/cmd/argocd/commands/admin/settings_rbac.go @@ -22,38 +22,40 @@ import ( // Provide a mapping of short-hand resource names to their RBAC counterparts var resourceMap map[string]string = map[string]string{ - "account": rbacpolicy.ResourceAccounts, - "app": rbacpolicy.ResourceApplications, - "apps": rbacpolicy.ResourceApplications, - "application": rbacpolicy.ResourceApplications, - "cert": rbacpolicy.ResourceCertificates, - "certs": rbacpolicy.ResourceCertificates, - "certificate": rbacpolicy.ResourceCertificates, - "cluster": rbacpolicy.ResourceClusters, - "gpgkey": rbacpolicy.ResourceGPGKeys, - "key": rbacpolicy.ResourceGPGKeys, - "log": rbacpolicy.ResourceLogs, - "logs": rbacpolicy.ResourceLogs, - "exec": rbacpolicy.ResourceExec, - "proj": rbacpolicy.ResourceProjects, - "projs": rbacpolicy.ResourceProjects, - "project": rbacpolicy.ResourceProjects, - "repo": rbacpolicy.ResourceRepositories, - "repos": rbacpolicy.ResourceRepositories, - "repository": rbacpolicy.ResourceRepositories, + "account": rbacpolicy.ResourceAccounts, + "app": rbacpolicy.ResourceApplications, + "apps": rbacpolicy.ResourceApplications, + "application": rbacpolicy.ResourceApplications, + "applicationsets": rbacpolicy.ResourceApplicationSets, + "cert": rbacpolicy.ResourceCertificates, + "certs": rbacpolicy.ResourceCertificates, + "certificate": rbacpolicy.ResourceCertificates, + "cluster": rbacpolicy.ResourceClusters, + "gpgkey": rbacpolicy.ResourceGPGKeys, + "key": rbacpolicy.ResourceGPGKeys, + "log": rbacpolicy.ResourceLogs, + "logs": rbacpolicy.ResourceLogs, + "exec": rbacpolicy.ResourceExec, + "proj": rbacpolicy.ResourceProjects, + "projs": rbacpolicy.ResourceProjects, + "project": rbacpolicy.ResourceProjects, + "repo": rbacpolicy.ResourceRepositories, + "repos": rbacpolicy.ResourceRepositories, + "repository": rbacpolicy.ResourceRepositories, } // List of allowed RBAC resources var validRBACResources map[string]bool = map[string]bool{ - rbacpolicy.ResourceAccounts: true, - rbacpolicy.ResourceApplications: true, - rbacpolicy.ResourceCertificates: true, - rbacpolicy.ResourceClusters: true, - rbacpolicy.ResourceGPGKeys: true, - rbacpolicy.ResourceLogs: true, - rbacpolicy.ResourceExec: true, - rbacpolicy.ResourceProjects: true, - rbacpolicy.ResourceRepositories: true, + rbacpolicy.ResourceAccounts: true, + rbacpolicy.ResourceApplications: true, + rbacpolicy.ResourceApplicationSets: true, + rbacpolicy.ResourceCertificates: true, + rbacpolicy.ResourceClusters: true, + rbacpolicy.ResourceGPGKeys: true, + rbacpolicy.ResourceLogs: true, + rbacpolicy.ResourceExec: true, + rbacpolicy.ResourceProjects: true, + rbacpolicy.ResourceRepositories: true, } // List of allowed RBAC actions diff --git a/cmd/argocd/commands/admin/settings_rbac_test.go b/cmd/argocd/commands/admin/settings_rbac_test.go index 93601eed1d303..e53a5ed6da1f9 100644 --- a/cmd/argocd/commands/admin/settings_rbac_test.go +++ b/cmd/argocd/commands/admin/settings_rbac_test.go @@ -102,6 +102,22 @@ func Test_PolicyFromK8s(t *testing.T) { ok := checkPolicy("role:user", "get", "certificates", ".*", assets.BuiltinPolicyCSV, uPol, "role:readonly", "regex", true) require.False(t, ok) }) + t.Run("get logs", func(t *testing.T) { + ok := checkPolicy("role:test", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) + t.Run("create exec", func(t *testing.T) { + ok := checkPolicy("role:test", "create", "exec", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) + t.Run("create applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) + t.Run("delete applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "delete", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) } func Test_PolicyFromK8sUsingRegex(t *testing.T) { @@ -111,7 +127,12 @@ func Test_PolicyFromK8sUsingRegex(t *testing.T) { p, role:user, clusters, get, .+, allow p, role:user, clusters, get, https://kubernetes.*, deny p, role:user, applications, get, .*, allow -p, role:user, applications, create, .*/.*, allow` +p, role:user, applications, create, .*/.*, allow +p, role:user, applicationsets, create, .*/.*, allow +p, role:user, applicationsets, delete, .*/.*, allow +p, role:user, logs, get, .*/.*, allow +p, role:user, exec, create, .*/.*, allow +` kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -157,4 +178,20 @@ p, role:, certificates, get, .*, allow` ok := checkPolicy("role:user", "get", "certificates", ".+", builtInPolicy, uPol, dRole, "glob", true) require.False(t, ok) }) + t.Run("get logs via glob match mode", func(t *testing.T) { + ok := checkPolicy("role:user", "get", "logs", ".*/.*", builtInPolicy, uPol, dRole, "glob", true) + require.True(t, ok) + }) + t.Run("create exec", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "exec", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + require.True(t, ok) + }) + t.Run("create applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + require.True(t, ok) + }) + t.Run("delete applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "delete", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + require.True(t, ok) + }) } diff --git a/cmd/argocd/commands/admin/settings_test.go b/cmd/argocd/commands/admin/settings_test.go index 696387d0e01fc..55c1c8c767012 100644 --- a/cmd/argocd/commands/admin/settings_test.go +++ b/cmd/argocd/commands/admin/settings_test.go @@ -151,13 +151,6 @@ clientSecret: aaaabbbbccccddddeee`, }, containsSummary: "Dex is configured ('url' field is missing)", }, - "Plugins_ValidConfig": { - validator: "plugins", - data: map[string]string{ - "configManagementPlugins": `[{"name": "test1"}, {"name": "test2"}]`, - }, - containsSummary: "2 plugins", - }, "Kustomize_ModifiedOptions": { validator: "kustomize", containsSummary: "default options", @@ -233,6 +226,17 @@ spec: replicas: 0` ) +const ( + testCronJobYAML = `apiVersion: batch/v1 +kind: CronJob +metadata: + name: hello + namespace: test-ns + uid: "123" +spec: + schedule: "* * * * *"` +) + func tempFile(content string) (string, io.Closer, error) { f, err := os.CreateTemp("", "*.yaml") if err != nil { @@ -342,6 +346,12 @@ func TestResourceOverrideAction(t *testing.T) { } defer utils.Close(closer) + cronJobFile, closer, err := tempFile(testCronJobYAML) + if !assert.NoError(t, err) { + return + } + defer utils.Close(closer) + t.Run("NoActions", func(t *testing.T) { cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{ "resource.customizations": `apps/Deployment: {}`})) @@ -354,7 +364,7 @@ func TestResourceOverrideAction(t *testing.T) { assert.Contains(t, out, "Actions are not configured") }) - t.Run("ActionConfigured", func(t *testing.T) { + t.Run("OldStyleActionConfigured", func(t *testing.T) { cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{ "resource.customizations": `apps/Deployment: actions: | @@ -388,4 +398,50 @@ restart false resume false `) }) + + t.Run("NewStyleActionConfigured", func(t *testing.T) { + cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{ + "resource.customizations": `batch/CronJob: + actions: | + discovery.lua: | + actions = {} + actions["create-a-job"] = {["disabled"] = false} + return actions + definitions: + - name: test + action.lua: | + job1 = {} + job1.apiVersion = "batch/v1" + job1.kind = "Job" + job1.metadata = {} + job1.metadata.name = "hello-1" + job1.metadata.namespace = "obj.metadata.namespace" + impactedResource1 = {} + impactedResource1.operation = "create" + impactedResource1.resource = job1 + result = {} + result[1] = impactedResource1 + return result +`})) + out, err := captureStdout(func() { + cmd.SetArgs([]string{"run-action", cronJobFile, "test"}) + err := cmd.Execute() + assert.NoError(t, err) + }) + assert.NoError(t, err) + assert.Contains(t, out, "resource was created:") + assert.Contains(t, out, "hello-1") + + out, err = captureStdout(func() { + cmd.SetArgs([]string{"list-actions", cronJobFile}) + err := cmd.Execute() + assert.NoError(t, err) + }) + + assert.NoError(t, err) + assert.Contains(t, out, "NAME") + assert.Contains(t, out, "ENABLED") + assert.Contains(t, out, "create-a-job") + assert.Contains(t, out, "false") + }) } diff --git a/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml b/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml index 06cb30e8df665..bf947fb8b7110 100644 --- a/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml +++ b/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml @@ -8,6 +8,8 @@ data: p, role:user, applications, create, */*, allow p, role:user, applications, delete, *, allow p, role:user, applications, delete, */guestbook, deny + p, role:user, applicationsets, create, */*, allow + p, role:user, applicationsets, delete, */*, allow p, role:user, logs, get, */*, allow g, test, role:user policy.default: role:unknown diff --git a/cmd/argocd/commands/admin/testdata/rbac/policy.csv b/cmd/argocd/commands/admin/testdata/rbac/policy.csv index a92060ec3b4fe..b18d0904f5f60 100644 --- a/cmd/argocd/commands/admin/testdata/rbac/policy.csv +++ b/cmd/argocd/commands/admin/testdata/rbac/policy.csv @@ -5,6 +5,8 @@ p, role:user, applications, get, *, allow p, role:user, applications, create, */*, allow p, role:user, applications, delete, *, allow p, role:user, applications, delete, */guestbook, deny +p, role:user, applicationsets, create, */*, allow +p, role:user, applicationsets, delete, */*, allow p, role:test, certificates, get, *, allow p, role:test, logs, get, */*, allow p, role:test, exec, create, */*, allow diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 112008859ad74..8bb7b0b8e8968 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -39,7 +39,6 @@ import ( clusterpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" projectpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/project" "github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" - settingspkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" repoapiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/reposerver/repository" @@ -283,7 +282,7 @@ func NewApplicationGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com conn, appIf := acdClient.NewApplicationClientOrDie() defer argoio.Close(conn) - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") app, err := appIf.Get(ctx, &application.ApplicationQuery{ Name: &appName, Refresh: getRefreshType(refresh, hardRefresh), @@ -367,7 +366,7 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co acdClient := headless.NewClientOrDie(clientOpts, c) conn, appIf := acdClient.NewApplicationClientOrDie() defer argoio.Close(conn) - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") retry := true for retry { @@ -547,7 +546,7 @@ func appURLDefault(acdClient argocdclient.Client, appName string) string { func appURL(ctx context.Context, acdClient argocdclient.Client, appName string) string { conn, settingsIf := acdClient.NewSettingsClientOrDie() defer argoio.Close(conn) - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) if argoSettings.URL != "" { @@ -611,7 +610,7 @@ func NewApplicationSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") argocdClient := headless.NewClientOrDie(clientOpts, c) conn, appIf := argocdClient.NewApplicationClientOrDie() defer argoio.Close(conn) @@ -689,7 +688,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) app, err := appIf.Get(ctx, &application.ApplicationQuery{Name: &appName, AppNamespace: &appNs}) @@ -795,9 +794,11 @@ func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, n } } } - if opts.valuesLiteral && source.Helm.Values != "" { - source.Helm.Values = "" - updated = true + if opts.valuesLiteral && !source.Helm.ValuesIsEmpty() { + err := source.Helm.SetValuesString("") + if err == nil { + updated = true + } } for _, valuesFile := range opts.valuesFiles { specValueFiles := source.Helm.ValueFiles @@ -845,9 +846,9 @@ func targetObjects(resources []*argoappv1.ResourceDiff) ([]*unstructured.Unstruc return objs, nil } -func getLocalObjects(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, - configManagementPlugins []*argoappv1.ConfigManagementPlugin, trackingMethod string) []*unstructured.Unstructured { - manifestStrings := getLocalObjectsString(ctx, app, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, configManagementPlugins, trackingMethod) +func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, + trackingMethod string) []*unstructured.Unstructured { + manifestStrings := getLocalObjectsString(ctx, app, proj, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, trackingMethod) objs := make([]*unstructured.Unstructured, len(manifestStrings)) for i := range manifestStrings { obj := unstructured.Unstructured{} @@ -858,20 +859,21 @@ func getLocalObjects(ctx context.Context, app *argoappv1.Application, local, loc return objs } -func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, - configManagementPlugins []*argoappv1.ConfigManagementPlugin, trackingMethod string) []string { +func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, + trackingMethod string) []string { source := app.Spec.GetSource() res, err := repository.GenerateManifests(ctx, local, localRepoRoot, source.TargetRevision, &repoapiclient.ManifestRequest{ - Repo: &argoappv1.Repository{Repo: source.RepoURL}, - AppLabelKey: appLabelKey, - AppName: app.Name, - Namespace: app.Spec.Destination.Namespace, - ApplicationSource: &source, - KustomizeOptions: kustomizeOptions, - KubeVersion: kubeVersion, - ApiVersions: apiVersions, - Plugins: configManagementPlugins, - TrackingMethod: trackingMethod, + Repo: &argoappv1.Repository{Repo: source.RepoURL}, + AppLabelKey: appLabelKey, + AppName: app.Name, + Namespace: app.Spec.Destination.Namespace, + ApplicationSource: &source, + KustomizeOptions: kustomizeOptions, + KubeVersion: kubeVersion, + ApiVersions: apiVersions, + TrackingMethod: trackingMethod, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, }, true, &git.NoopCredsStore{}, resource.MustParse("0"), nil) errors.CheckError(err) @@ -941,7 +943,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co clientset := headless.NewClientOrDie(clientOpts, c) conn, appIf := clientset.NewApplicationClientOrDie() defer argoio.Close(conn) - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") app, err := appIf.Get(ctx, &application.ApplicationQuery{ Name: &appName, Refresh: getRefreshType(refresh, hardRefresh), @@ -953,7 +955,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) conn, settingsIf := clientset.NewSettingsClientOrDie() defer argoio.Close(conn) - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) diffOption := &DifferenceOption{} if revision != "" { @@ -989,7 +991,8 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co diffOption.cluster = cluster } } - foundDiffs := findandPrintDiff(ctx, app, resources, argoSettings, appName, diffOption) + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + foundDiffs := findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) if foundDiffs && exitCode { os.Exit(1) } @@ -1017,13 +1020,13 @@ type DifferenceOption struct { } // findandPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false -func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources *application.ManagedResourcesResponse, argoSettings *settingspkg.Settings, appName string, diffOptions *DifferenceOption) bool { +func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption) bool { var foundDiffs bool liveObjs, err := cmdutil.LiveObjects(resources.Items) errors.CheckError(err) items := make([]objKeyLiveTarget, 0) if diffOptions.local != "" { - localObjs := groupObjsByKey(getLocalObjects(ctx, app, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) + localObjs := groupObjsByKey(getLocalObjects(ctx, app, proj, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace)) } else if diffOptions.revision != "" { var unstructureds []*unstructured.Unstructured @@ -1033,7 +1036,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources unstructureds = append(unstructureds, obj) } groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace) - items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.Name) + items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace)) } else if diffOptions.serversideRes != nil { var unstructureds []*unstructured.Unstructured for _, mfst := range diffOptions.serversideRes.Manifests { @@ -1042,7 +1045,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources unstructureds = append(unstructureds, obj) } groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace) - items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.Name) + items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace)) } else { for i := range resources.Items { res := resources.Items[i] @@ -1184,7 +1187,7 @@ func NewApplicationDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra. } for _, appFullName := range appNames { - appName, appNs := argo.ParseAppQualifiedName(appFullName, "") + appName, appNs := argo.ParseFromQualifiedName(appFullName, "") appDeleteReq := application.ApplicationDeleteRequest{ Name: &appName, AppNamespace: &appNs, @@ -1612,7 +1615,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co } for _, appQualifiedName := range appNames { - appName, appNs := argo.ParseAppQualifiedName(appQualifiedName, "") + appName, appNs := argo.ParseFromQualifiedName(appQualifiedName, "") if len(selectedLabels) > 0 { q := application.ApplicationManifestQuery{ @@ -1677,7 +1680,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) conn, settingsIf := acdClient.NewSettingsClientOrDie() - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) argoio.Close(conn) @@ -1686,7 +1689,9 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co cluster, err := clusterIf.Get(ctx, &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server}) errors.CheckError(err) argoio.Close(conn) - localObjsStrings = getLocalObjectsString(ctx, app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod) + + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + localObjsStrings = getLocalObjectsString(ctx, app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) errors.CheckError(err) diffOption.local = local diffOption.localRepoRoot = localRepoRoot @@ -1751,11 +1756,13 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) conn, settingsIf := acdClient.NewSettingsClientOrDie() defer argoio.Close(conn) - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) foundDiffs := false fmt.Printf("====== Previewing differences between live and desired state of application %s ======\n", appQualifiedName) - foundDiffs = findandPrintDiff(ctx, app, resources, argoSettings, appQualifiedName, diffOption) + + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + foundDiffs = findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) if foundDiffs { if !diffChangesConfirm { yesno := cli.AskToProceed(fmt.Sprintf("Please review changes to application %s shown above. Do you want to continue the sync process? (y/n): ", appQualifiedName)) @@ -2005,7 +2012,7 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client, // time when the sync status lags behind when an operation completes refresh := false - appRealName, appNs := argo.ParseAppQualifiedName(appName, "") + appRealName, appNs := argo.ParseFromQualifiedName(appName, "") printFinalStatus := func(app *argoappv1.Application) *argoappv1.Application { var err error @@ -2207,7 +2214,7 @@ func NewApplicationHistoryCommand(clientOpts *argocdclient.ClientOptions) *cobra } conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") app, err := appIf.Get(ctx, &application.ApplicationQuery{ Name: &appName, AppNamespace: &appNs, @@ -2258,7 +2265,7 @@ func NewApplicationRollbackCommand(clientOpts *argocdclient.ClientOptions) *cobr c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") var err error depID := -1 if len(args) > 1 { @@ -2340,7 +2347,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") clientset := headless.NewClientOrDie(clientOpts, c) conn, appIf := clientset.NewApplicationClientOrDie() defer argoio.Close(conn) @@ -2359,7 +2366,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob settingsConn, settingsIf := clientset.NewSettingsClientOrDie() defer argoio.Close(settingsConn) - argoSettings, err := settingsIf.Get(context.Background(), &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(context.Background(), &settings.SettingsQuery{}) errors.CheckError(err) clusterConn, clusterIf := clientset.NewClusterClientOrDie() @@ -2367,7 +2374,8 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob cluster, err := clusterIf.Get(context.Background(), &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server}) errors.CheckError(err) - unstructureds = getLocalObjects(context.Background(), app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod) + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + unstructureds = getLocalObjects(context.Background(), app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) } else if revision != "" { q := application.ApplicationManifestQuery{ Name: &appName, @@ -2422,7 +2430,7 @@ func NewApplicationTerminateOpCommand(clientOpts *argocdclient.ClientOptions) *c c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) _, err := appIf.TerminateOperation(ctx, &application.OperationTerminateRequest{ @@ -2447,7 +2455,7 @@ func NewApplicationEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) app, err := appIf.Get(ctx, &application.ApplicationQuery{ @@ -2509,7 +2517,7 @@ func NewApplicationPatchCommand(clientOpts *argocdclient.ClientOptions) *cobra.C c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) diff --git a/cmd/argocd/commands/app_actions.go b/cmd/argocd/commands/app_actions.go index ed036f2d368f6..48a5e4ce58bed 100644 --- a/cmd/argocd/commands/app_actions.go +++ b/cmd/argocd/commands/app_actions.go @@ -66,7 +66,7 @@ func NewApplicationResourceActionsListCommand(clientOpts *argocdclient.ClientOpt c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer io.Close(conn) resources, err := getActionableResourcesForApplication(appIf, ctx, &appNs, &appName) @@ -152,7 +152,7 @@ func NewApplicationResourceActionsRunCommand(clientOpts *argocdclient.ClientOpti c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") actionName := args[1] conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go index 02c1054b6372d..60ba6efff406e 100644 --- a/cmd/argocd/commands/app_resources.go +++ b/cmd/argocd/commands/app_resources.go @@ -54,7 +54,7 @@ func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) @@ -116,7 +116,7 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) c.HelpFunc()(c, args) os.Exit(1) } - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) @@ -182,7 +182,7 @@ func NewApplicationListResourcesCommand(clientOpts *argocdclient.ClientOptions) os.Exit(1) } listAll := !c.Flag("orphaned").Changed - appName, appNs := argo.ParseAppQualifiedName(args[0], "") + appName, appNs := argo.ParseFromQualifiedName(args[0], "") conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) appResourceTree, err := appIf.ResourceTree(ctx, &applicationpkg.ResourcesQuery{ diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go index e6a0fa9e5c3c7..673bceec7b632 100644 --- a/cmd/argocd/commands/app_test.go +++ b/cmd/argocd/commands/app_test.go @@ -9,7 +9,6 @@ import ( argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apis/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/gitops-engine/pkg/health" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/google/go-cmp/cmp" @@ -17,6 +16,7 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" ) @@ -779,7 +779,7 @@ func Test_unset(t *testing.T) { }, }, PassCredentials: true, - Values: "some: yaml", + ValuesObject: &runtime.RawExtension{Raw: []byte("some: yaml")}, ValueFiles: []string{ "values-1.yaml", "values-2.yaml", @@ -865,9 +865,9 @@ func Test_unset(t *testing.T) { assert.False(t, updated) assert.False(t, nothingToUnset) - assert.Equal(t, "some: yaml", helmSource.Helm.Values) + assert.Equal(t, "some: yaml", helmSource.Helm.ValuesString()) updated, nothingToUnset = unset(helmSource, unsetOpts{valuesLiteral: true}) - assert.Equal(t, "", helmSource.Helm.Values) + assert.Equal(t, "", helmSource.Helm.ValuesString()) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(helmSource, unsetOpts{valuesLiteral: true}) @@ -973,49 +973,49 @@ func TestFilterAppResources(t *testing.T) { } // Resource filters var ( - blankValues = argoappv1.SyncOperationResource{ + blankValues = v1alpha1.SyncOperationResource{ Group: "", Kind: "", Name: "", Namespace: "", Exclude: false} // *:*:* - includeAllResources = argoappv1.SyncOperationResource{ + includeAllResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "*", Name: "*", Namespace: "", Exclude: false} // !*:*:* - excludeAllResources = argoappv1.SyncOperationResource{ + excludeAllResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "*", Name: "*", Namespace: "", Exclude: true} // *:Service:* - includeAllServiceResources = argoappv1.SyncOperationResource{ + includeAllServiceResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "Service", Name: "*", Namespace: "", Exclude: false} // !*:Service:* - excludeAllServiceResources = argoappv1.SyncOperationResource{ + excludeAllServiceResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "Service", Name: "*", Namespace: "", Exclude: true} // apps:ReplicaSet:replicaSet-name1 - includeReplicaSet1Resource = argoappv1.SyncOperationResource{ + includeReplicaSet1Resource = v1alpha1.SyncOperationResource{ Group: "apps", Kind: "ReplicaSet", Name: "replicaSet-name1", Namespace: "", Exclude: false} // !apps:ReplicaSet:replicaSet-name2 - excludeReplicaSet2Resource = argoappv1.SyncOperationResource{ + excludeReplicaSet2Resource = v1alpha1.SyncOperationResource{ Group: "apps", Kind: "ReplicaSet", Name: "replicaSet-name2", @@ -1064,60 +1064,60 @@ func TestFilterAppResources(t *testing.T) { ) tests := []struct { testName string - selectedResources []*argoappv1.SyncOperationResource - expectedResult []*argoappv1.SyncOperationResource + selectedResources []*v1alpha1.SyncOperationResource + expectedResult []*v1alpha1.SyncOperationResource }{ // --resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:* {testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources", - selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &service1, &service2}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &service1, &service2}, }, // --resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:* {testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources", - selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 --resource !*:Service:* {testName: "Exclude ReplicaSet replicaSet-name2 resouce and all service resources", - selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 {testName: "Exclude ReplicaSet replicaSet-name2 resouce", - selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment}, }, // --resource apps:ReplicaSet:replicaSet-name1 {testName: "Include ReplicaSet replicaSet-name1 resouce", - selectedResources: []*argoappv1.SyncOperationResource{&includeReplicaSet1Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeReplicaSet1Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1}, }, // --resource !*:Service:* {testName: "Exclude Service resouces", - selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource *:Service:* {testName: "Include Service resouces", - selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources}, - expectedResult: []*argoappv1.SyncOperationResource{&service1, &service2}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&service1, &service2}, }, // --resource !*:*:* {testName: "Exclude all resouces", - selectedResources: []*argoappv1.SyncOperationResource{&excludeAllResources}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllResources}, expectedResult: nil, }, // --resource *:*:* {testName: "Include all resouces", - selectedResources: []*argoappv1.SyncOperationResource{&includeAllResources}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeAllResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, {testName: "No Filters", - selectedResources: []*argoappv1.SyncOperationResource{&blankValues}, + selectedResources: []*v1alpha1.SyncOperationResource{&blankValues}, expectedResult: nil, }, {testName: "Empty Filter", - selectedResources: []*argoappv1.SyncOperationResource{}, + selectedResources: []*v1alpha1.SyncOperationResource{}, expectedResult: nil, }, } @@ -1440,8 +1440,8 @@ func TestCheckResourceStatus(t *testing.T) { func Test_hasAppChanged(t *testing.T) { type args struct { - appReq *argoappv1.Application - appRes *argoappv1.Application + appReq *v1alpha1.Application + appRes *v1alpha1.Application upsert bool } tests := []struct { @@ -1503,16 +1503,16 @@ func Test_hasAppChanged(t *testing.T) { } } -func testApp(name, project string, labels map[string]string, annotations map[string]string, finalizers []string) *argoappv1.Application { - return &argoappv1.Application{ +func testApp(name, project string, labels map[string]string, annotations map[string]string, finalizers []string) *v1alpha1.Application { + return &v1alpha1.Application{ ObjectMeta: metav1.ObjectMeta{ Name: name, Labels: labels, Annotations: annotations, Finalizers: finalizers, }, - Spec: argoappv1.ApplicationSpec{ - Source: &argoappv1.ApplicationSource{ + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{ RepoURL: "https://github.com/argoproj/argocd-example-apps.git", }, Project: project, diff --git a/cmd/argocd/commands/applicationset.go b/cmd/argocd/commands/applicationset.go index 8a60d0ea23361..a328842a67bb5 100644 --- a/cmd/argocd/commands/applicationset.go +++ b/cmd/argocd/commands/applicationset.go @@ -16,6 +16,7 @@ import ( argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apiclient/applicationset" arogappsetv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/cli" "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/grpc" @@ -76,8 +77,10 @@ func NewApplicationSetGetCommand(clientOpts *argocdclient.ClientOptions) *cobra. acdClient := headless.NewClientOrDie(clientOpts, c) conn, appIf := acdClient.NewApplicationSetClientOrDie() defer argoio.Close(conn) - appSetName := args[0] - appSet, err := appIf.Get(ctx, &applicationset.ApplicationSetGetQuery{Name: appSetName}) + + appSetName, appSetNs := argo.ParseFromQualifiedName(args[0], "") + + appSet, err := appIf.Get(ctx, &applicationset.ApplicationSetGetQuery{Name: appSetName, AppsetNamespace: appSetNs}) errors.CheckError(err) switch output { @@ -176,9 +179,10 @@ func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cob // NewApplicationSetListCommand returns a new instance of an `argocd appset list` command func NewApplicationSetListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - output string - selector string - projects []string + output string + selector string + projects []string + appSetNamespace string ) var command = &cobra.Command{ Use: "list", @@ -192,7 +196,7 @@ func NewApplicationSetListCommand(clientOpts *argocdclient.ClientOptions) *cobra conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationSetClientOrDie() defer argoio.Close(conn) - appsets, err := appIf.List(ctx, &applicationset.ApplicationSetListQuery{Selector: selector, Projects: projects}) + appsets, err := appIf.List(ctx, &applicationset.ApplicationSetListQuery{Selector: selector, Projects: projects, AppsetNamespace: appSetNamespace}) errors.CheckError(err) appsetList := appsets.Items @@ -213,6 +217,7 @@ func NewApplicationSetListCommand(clientOpts *argocdclient.ClientOptions) *cobra command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: wide|name|json|yaml") command.Flags().StringVarP(&selector, "selector", "l", "", "List applicationsets by label") command.Flags().StringArrayVarP(&projects, "project", "p", []string{}, "Filter by project name") + command.Flags().StringVarP(&appSetNamespace, "appset-namespace", "N", "", "Only list applicationsets in namespace") return command } @@ -245,18 +250,22 @@ func NewApplicationSetDeleteCommand(clientOpts *argocdclient.ClientOptions) *cob if promptFlag.Changed && promptFlag.Value.String() == "true" { noPrompt = true } - for _, appsetName := range args { + for _, appSetQualifiedName := range args { + + appSetName, appSetNs := argo.ParseFromQualifiedName(appSetQualifiedName, "") + appsetDeleteReq := applicationset.ApplicationSetDeleteRequest{ - Name: appsetName, + Name: appSetName, + AppsetNamespace: appSetNs, } if isTerminal && !noPrompt { var lowercaseAnswer string if numOfApps == 1 { - lowercaseAnswer = cli.AskToProceedS("Are you sure you want to delete '" + appsetName + "' and all its Applications? [y/n] ") + lowercaseAnswer = cli.AskToProceedS("Are you sure you want to delete '" + appSetQualifiedName + "' and all its Applications? [y/n] ") } else { if !isConfirmAll { - lowercaseAnswer = cli.AskToProceedS("Are you sure you want to delete '" + appsetName + "' and all its Applications? [y/n/A] where 'A' is to delete all specified ApplicationSets and their Applications without prompting") + lowercaseAnswer = cli.AskToProceedS("Are you sure you want to delete '" + appSetQualifiedName + "' and all its Applications? [y/n/A] where 'A' is to delete all specified ApplicationSets and their Applications without prompting") if lowercaseAnswer == "a" || lowercaseAnswer == "all" { lowercaseAnswer = "y" isConfirmAll = true @@ -268,9 +277,9 @@ func NewApplicationSetDeleteCommand(clientOpts *argocdclient.ClientOptions) *cob if lowercaseAnswer == "y" || lowercaseAnswer == "yes" { _, err := appIf.Delete(ctx, &appsetDeleteReq) errors.CheckError(err) - fmt.Printf("applicationset '%s' deleted\n", appsetName) + fmt.Printf("applicationset '%s' deleted\n", appSetQualifiedName) } else { - fmt.Println("The command to delete '" + appsetName + "' was cancelled.") + fmt.Println("The command to delete '" + appSetQualifiedName + "' was cancelled.") } } else { _, err := appIf.Delete(ctx, &appsetDeleteReq) @@ -286,7 +295,7 @@ func NewApplicationSetDeleteCommand(clientOpts *argocdclient.ClientOptions) *cob // Print simple list of application names func printApplicationSetNames(apps []arogappsetv1.ApplicationSet) { for _, app := range apps { - fmt.Println(app.Name) + fmt.Println(app.QualifiedName()) } } @@ -294,12 +303,12 @@ func printApplicationSetNames(apps []arogappsetv1.ApplicationSet) { func printApplicationSetTable(apps []arogappsetv1.ApplicationSet, output *string) { w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) var fmtStr string - headers := []interface{}{"NAME", "NAMESPACE", "PROJECT", "SYNCPOLICY", "CONDITIONS"} + headers := []interface{}{"NAME", "PROJECT", "SYNCPOLICY", "CONDITIONS"} if *output == "wide" { - fmtStr = "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n" + fmtStr = "%s\t%s\t%s\t%s\t%s\t%s\t%s\n" headers = append(headers, "REPO", "PATH", "TARGET") } else { - fmtStr = "%s\t%s\t%s\t%s\t%s\n" + fmtStr = "%s\t%s\t%s\t%s\n" } _, _ = fmt.Fprintf(w, fmtStr, headers...) for _, app := range apps { @@ -310,8 +319,7 @@ func printApplicationSetTable(apps []arogappsetv1.ApplicationSet, output *string } } vals := []interface{}{ - app.ObjectMeta.Name, - app.ObjectMeta.Namespace, + app.QualifiedName(), app.Spec.Template.Spec.Project, app.Spec.SyncPolicy, conditions, @@ -334,7 +342,7 @@ func getServerForAppSet(appSet *arogappsetv1.ApplicationSet) string { func printAppSetSummaryTable(appSet *arogappsetv1.ApplicationSet) { source := appSet.Spec.Template.Spec.GetSource() - fmt.Printf(printOpFmtStr, "Name:", appSet.Name) + fmt.Printf(printOpFmtStr, "Name:", appSet.QualifiedName()) fmt.Printf(printOpFmtStr, "Project:", appSet.Spec.Template.Spec.GetProject()) fmt.Printf(printOpFmtStr, "Server:", getServerForAppSet(appSet)) fmt.Printf(printOpFmtStr, "Namespace:", appSet.Spec.Template.Spec.Destination.Namespace) diff --git a/cmd/argocd/commands/applicationset_test.go b/cmd/argocd/commands/applicationset_test.go index 074c4d2b76bfc..ce6fab64526c3 100644 --- a/cmd/argocd/commands/applicationset_test.go +++ b/cmd/argocd/commands/applicationset_test.go @@ -6,22 +6,27 @@ import ( "testing" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - arogappsetv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestPrintApplicationSetNames(t *testing.T) { output, _ := captureOutput(func() error { - appSet := &arogappsetv1.ApplicationSet{ + appSet := &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "test", }, } - printApplicationSetNames([]arogappsetv1.ApplicationSet{*appSet, *appSet}) + appSet2 := &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "team-one", + Name: "test", + }, + } + printApplicationSetNames([]v1alpha1.ApplicationSet{*appSet, *appSet2}) return nil }) - expectation := "test\ntest\n" + expectation := "test\nteam-one/test\n" if output != expectation { t.Fatalf("Incorrect print params output %q, should be %q", output, expectation) } @@ -29,108 +34,143 @@ func TestPrintApplicationSetNames(t *testing.T) { func TestPrintApplicationSetTable(t *testing.T) { output, err := captureOutput(func() error { - app := &arogappsetv1.ApplicationSet{ + app := &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "app-name", }, - Spec: arogappsetv1.ApplicationSetSpec{ - Generators: []arogappsetv1.ApplicationSetGenerator{ - arogappsetv1.ApplicationSetGenerator{ - Git: &arogappsetv1.GitGenerator{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + v1alpha1.ApplicationSetGenerator{ + Git: &v1alpha1.GitGenerator{ + RepoURL: "https://github.com/argoproj/argo-cd.git", + Revision: "head", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + v1alpha1.GitDirectoryGeneratorItem{ + Path: "applicationset/examples/git-generator-directory/cluster-addons/*", + }, + }, + }, + }, + }, + Template: v1alpha1.ApplicationSetTemplate{ + Spec: v1alpha1.ApplicationSpec{ + Project: "default", + }, + }, + }, + Status: v1alpha1.ApplicationSetStatus{ + Conditions: []v1alpha1.ApplicationSetCondition{ + v1alpha1.ApplicationSetCondition{ + Status: v1alpha1.ApplicationSetConditionStatusTrue, + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, + }, + }, + }, + } + + app2 := &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "app-name", + Namespace: "team-two", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + v1alpha1.ApplicationSetGenerator{ + Git: &v1alpha1.GitGenerator{ RepoURL: "https://github.com/argoproj/argo-cd.git", Revision: "head", - Directories: []arogappsetv1.GitDirectoryGeneratorItem{ - arogappsetv1.GitDirectoryGeneratorItem{ + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + v1alpha1.GitDirectoryGeneratorItem{ Path: "applicationset/examples/git-generator-directory/cluster-addons/*", }, }, }, }, }, - Template: arogappsetv1.ApplicationSetTemplate{ + Template: v1alpha1.ApplicationSetTemplate{ Spec: v1alpha1.ApplicationSpec{ Project: "default", }, }, }, - Status: arogappsetv1.ApplicationSetStatus{ - Conditions: []arogappsetv1.ApplicationSetCondition{ - arogappsetv1.ApplicationSetCondition{ + Status: v1alpha1.ApplicationSetStatus{ + Conditions: []v1alpha1.ApplicationSetCondition{ + v1alpha1.ApplicationSetCondition{ Status: v1alpha1.ApplicationSetConditionStatusTrue, - Type: arogappsetv1.ApplicationSetConditionResourcesUpToDate, + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, }, }, }, } output := "table" - printApplicationSetTable([]arogappsetv1.ApplicationSet{*app, *app}, &output) + printApplicationSetTable([]v1alpha1.ApplicationSet{*app, *app2}, &output) return nil }) assert.NoError(t, err) - expectation := "NAME NAMESPACE PROJECT SYNCPOLICY CONDITIONS\napp-name default nil [{ResourcesUpToDate True }]\napp-name default nil [{ResourcesUpToDate True }]\n" + expectation := "NAME PROJECT SYNCPOLICY CONDITIONS\napp-name default nil [{ResourcesUpToDate True }]\nteam-two/app-name default nil [{ResourcesUpToDate True }]\n" assert.Equal(t, expectation, output) } func TestPrintAppSetSummaryTable(t *testing.T) { - baseAppSet := &arogappsetv1.ApplicationSet{ + baseAppSet := &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "app-name", }, - Spec: arogappsetv1.ApplicationSetSpec{ - Generators: []arogappsetv1.ApplicationSetGenerator{ - arogappsetv1.ApplicationSetGenerator{ - Git: &arogappsetv1.GitGenerator{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + v1alpha1.ApplicationSetGenerator{ + Git: &v1alpha1.GitGenerator{ RepoURL: "https://github.com/argoproj/argo-cd.git", Revision: "head", - Directories: []arogappsetv1.GitDirectoryGeneratorItem{ - arogappsetv1.GitDirectoryGeneratorItem{ + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + v1alpha1.GitDirectoryGeneratorItem{ Path: "applicationset/examples/git-generator-directory/cluster-addons/*", }, }, }, }, }, - Template: arogappsetv1.ApplicationSetTemplate{ + Template: v1alpha1.ApplicationSetTemplate{ Spec: v1alpha1.ApplicationSpec{ Project: "default", }, }, }, - Status: arogappsetv1.ApplicationSetStatus{ - Conditions: []arogappsetv1.ApplicationSetCondition{ - arogappsetv1.ApplicationSetCondition{ + Status: v1alpha1.ApplicationSetStatus{ + Conditions: []v1alpha1.ApplicationSetCondition{ + v1alpha1.ApplicationSetCondition{ Status: v1alpha1.ApplicationSetConditionStatusTrue, - Type: arogappsetv1.ApplicationSetConditionResourcesUpToDate, + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, }, }, }, } appsetSpecSyncPolicy := baseAppSet.DeepCopy() - appsetSpecSyncPolicy.Spec.SyncPolicy = &arogappsetv1.ApplicationSetSyncPolicy{ + appsetSpecSyncPolicy.Spec.SyncPolicy = &v1alpha1.ApplicationSetSyncPolicy{ PreserveResourcesOnDeletion: true, } appSetTemplateSpecSyncPolicy := baseAppSet.DeepCopy() - appSetTemplateSpecSyncPolicy.Spec.Template.Spec.SyncPolicy = &arogappsetv1.SyncPolicy{ - Automated: &arogappsetv1.SyncPolicyAutomated{ + appSetTemplateSpecSyncPolicy.Spec.Template.Spec.SyncPolicy = &v1alpha1.SyncPolicy{ + Automated: &v1alpha1.SyncPolicyAutomated{ SelfHeal: true, }, } appSetBothSyncPolicies := baseAppSet.DeepCopy() - appSetBothSyncPolicies.Spec.SyncPolicy = &arogappsetv1.ApplicationSetSyncPolicy{ + appSetBothSyncPolicies.Spec.SyncPolicy = &v1alpha1.ApplicationSetSyncPolicy{ PreserveResourcesOnDeletion: true, } - appSetBothSyncPolicies.Spec.Template.Spec.SyncPolicy = &arogappsetv1.SyncPolicy{ - Automated: &arogappsetv1.SyncPolicyAutomated{ + appSetBothSyncPolicies.Spec.Template.Spec.SyncPolicy = &v1alpha1.SyncPolicy{ + Automated: &v1alpha1.SyncPolicyAutomated{ SelfHeal: true, }, } for _, tt := range []struct { name string - appSet *arogappsetv1.ApplicationSet + appSet *v1alpha1.ApplicationSet expectedOutput string }{ { diff --git a/cmd/argocd/commands/bcrypt_test.go b/cmd/argocd/commands/bcrypt_test.go index c5949977a1425..ec00a73b0dcba 100644 --- a/cmd/argocd/commands/bcrypt_test.go +++ b/cmd/argocd/commands/bcrypt_test.go @@ -12,7 +12,7 @@ func TestGeneratePassword(t *testing.T) { bcryptCmd := NewBcryptCmd() bcryptCmd.SetArgs([]string{"--password", "abc"}) output := new(bytes.Buffer) - bcryptCmd.SetOutput(output) + bcryptCmd.SetOut(output) err := bcryptCmd.Execute() if err != nil { return diff --git a/cmd/argocd/commands/cert.go b/cmd/argocd/commands/cert.go index b8a042f6cc524..d443d57e337d4 100644 --- a/cmd/argocd/commands/cert.go +++ b/cmd/argocd/commands/cert.go @@ -130,7 +130,7 @@ func NewCertAddTLSCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command } }, } - command.Flags().StringVar(&fromFile, "from", "", "read TLS certificate data from file (default is to read from stdin)") + command.Flags().StringVar(&fromFile, "from", "", "Read TLS certificate data from file (default is to read from stdin)") command.Flags().BoolVar(&upsert, "upsert", false, "Replace existing TLS certificate if certificate is different in input") return command } @@ -300,9 +300,9 @@ func NewCertListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { } command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide") - command.Flags().StringVar(&sortOrder, "sort", "", "set display sort order for output format wide. One of: hostname|type") - command.Flags().StringVar(&certType, "cert-type", "", "only list certificates of given type, valid: 'ssh','https'") - command.Flags().StringVar(&hostNamePattern, "hostname-pattern", "", "only list certificates for hosts matching given glob-pattern") + command.Flags().StringVar(&sortOrder, "sort", "", "Set display sort order for output format wide. One of: hostname|type") + command.Flags().StringVar(&certType, "cert-type", "", "Only list certificates of given type, valid: 'ssh','https'") + command.Flags().StringVar(&hostNamePattern, "hostname-pattern", "", "Only list certificates for hosts matching given glob-pattern") return command } diff --git a/cmd/argocd/commands/initialize/cmd.go b/cmd/argocd/commands/initialize/cmd.go index 76a6470f07002..8f9da9f68783f 100644 --- a/cmd/argocd/commands/initialize/cmd.go +++ b/cmd/argocd/commands/initialize/cmd.go @@ -3,12 +3,11 @@ package initialize import ( "github.com/spf13/cobra" "github.com/spf13/pflag" - flag "github.com/spf13/pflag" "github.com/argoproj/argo-cd/v2/util/cli" ) -func RetrieveContextIfChanged(contextFlag *flag.Flag) string { +func RetrieveContextIfChanged(contextFlag *pflag.Flag) string { if contextFlag != nil && contextFlag.Changed { return contextFlag.Value.String() } diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go index 2fc2ce3b32199..3e2ad4e7d1b73 100644 --- a/cmd/argocd/commands/login.go +++ b/cmd/argocd/commands/login.go @@ -175,11 +175,11 @@ argocd login cd.argoproj.io --core`, fmt.Printf("Context '%s' updated\n", ctxName) }, } - command.Flags().StringVar(&ctxName, "name", "", "name to use for the context") - command.Flags().StringVar(&username, "username", "", "the username of an account to authenticate") - command.Flags().StringVar(&password, "password", "", "the password of an account to authenticate") - command.Flags().BoolVar(&sso, "sso", false, "perform SSO login") - command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "port to run local OAuth2 login application") + command.Flags().StringVar(&ctxName, "name", "", "Name to use for the context") + command.Flags().StringVar(&username, "username", "", "The username of an account to authenticate") + command.Flags().StringVar(&password, "password", "", "The password of an account to authenticate") + command.Flags().BoolVar(&sso, "sso", false, "Perform SSO login") + command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application") command.Flags(). BoolVar(&skipTestTLS, "skip-test-tls", false, "Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason)") return command diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index d8298101ddab1..4f08665eb437b 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -1,6 +1,7 @@ package commands import ( + "context" "encoding/json" "fmt" "io" @@ -13,7 +14,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" @@ -453,7 +453,7 @@ func modifyResourcesList(list *[]metav1.GroupKind, add bool, listDesc string, gr } } fmt.Printf("Group '%s' and kind '%s' is added to %s resources\n", group, kind, listDesc) - *list = append(*list, v1.GroupKind{Group: group, Kind: kind}) + *list = append(*list, metav1.GroupKind{Group: group, Kind: kind}) return true } else { index := -1 @@ -819,10 +819,7 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command os.Exit(1) } projName := args[0] - conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() - defer argoio.Close(conn) - detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) - errors.CheckError(err) + detailedProject := getProject(c, clientOpts, ctx, projName) switch output { case "yaml", "json": @@ -839,6 +836,14 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command return command } +func getProject(c *cobra.Command, clientOpts *argocdclient.ClientOptions, ctx context.Context, projName string) *projectpkg.DetailedProjectsResponse { + conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() + defer argoio.Close(conn) + detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) + errors.CheckError(err) + return detailedProject +} + func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "edit PROJECT", diff --git a/cmd/argocd/commands/relogin.go b/cmd/argocd/commands/relogin.go index b4c1ef7fe9b81..9ec7e51f906ee 100644 --- a/cmd/argocd/commands/relogin.go +++ b/cmd/argocd/commands/relogin.go @@ -85,7 +85,7 @@ func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comm fmt.Printf("Context '%s' updated\n", localCfg.CurrentContext) }, } - command.Flags().StringVar(&password, "password", "", "the password of an account to authenticate") - command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "port to run local OAuth2 login application") + command.Flags().StringVar(&password, "password", "", "The password of an account to authenticate") + command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application") return command } diff --git a/cmd/argocd/commands/relogin_test.go b/cmd/argocd/commands/relogin_test.go new file mode 100644 index 0000000000000..eb6c4cd2d2f2d --- /dev/null +++ b/cmd/argocd/commands/relogin_test.go @@ -0,0 +1,64 @@ +package commands + +import ( + "strconv" + "testing" + + "github.com/stretchr/testify/assert" + + argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" +) + +func TestNewReloginCommand(t *testing.T) { + globalClientOpts := argocdclient.ClientOptions{ + ConfigPath: "/path/to/config", + } + + cmd := NewReloginCommand(&globalClientOpts) + + assert.Equal(t, "relogin", cmd.Use, "Unexpected command Use") + assert.Equal(t, "Refresh an expired authenticate token", cmd.Short, "Unexpected command Short") + assert.Equal(t, "Refresh an expired authenticate token", cmd.Long, "Unexpected command Long") + + // Assert command flags + passwordFlag := cmd.Flags().Lookup("password") + assert.NotNil(t, passwordFlag, "Expected flag --password to be defined") + assert.Equal(t, "", passwordFlag.Value.String(), "Unexpected default value for --password flag") + + ssoPortFlag := cmd.Flags().Lookup("sso-port") + port, err := strconv.Atoi(ssoPortFlag.Value.String()) + assert.NotNil(t, ssoPortFlag, "Expected flag --sso-port to be defined") + assert.NoError(t, err, "Failed to convert sso-port flag value to integer") + assert.Equal(t, 8085, port, "Unexpected default value for --sso-port flag") +} + +func TestNewReloginCommandWithGlobalClientOptions(t *testing.T) { + globalClientOpts := argocdclient.ClientOptions{ + ConfigPath: "/path/to/config", + ServerAddr: "https://argocd-server.example.com", + Insecure: true, + ClientCertFile: "/path/to/client-cert", + ClientCertKeyFile: "/path/to/client-cert-key", + GRPCWeb: true, + GRPCWebRootPath: "/path/to/grpc-web-root-path", + PlainText: true, + Headers: []string{"header1", "header2"}, + } + + cmd := NewReloginCommand(&globalClientOpts) + + assert.Equal(t, "relogin", cmd.Use, "Unexpected command Use") + assert.Equal(t, "Refresh an expired authenticate token", cmd.Short, "Unexpected command Short") + assert.Equal(t, "Refresh an expired authenticate token", cmd.Long, "Unexpected command Long") + + // Assert command flags + passwordFlag := cmd.Flags().Lookup("password") + assert.NotNil(t, passwordFlag, "Expected flag --password to be defined") + assert.Equal(t, "", passwordFlag.Value.String(), "Unexpected default value for --password flag") + + ssoPortFlag := cmd.Flags().Lookup("sso-port") + port, err := strconv.Atoi(ssoPortFlag.Value.String()) + assert.NotNil(t, ssoPortFlag, "Expected flag --sso-port to be defined") + assert.NoError(t, err, "Failed to convert sso-port flag value to integer") + assert.Equal(t, 8085, port, "Unexpected default value for --sso-port flag") +} diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go index df5ab1655ed5e..09f51ae4d5aeb 100644 --- a/cmd/argocd/commands/repo.go +++ b/cmd/argocd/commands/repo.go @@ -3,6 +3,7 @@ package commands import ( "fmt" "os" + "strconv" "text/tabwriter" log "github.com/sirupsen/logrus" @@ -250,15 +251,12 @@ func printRepoTable(repos appsv1.Repositories) { _, _ = fmt.Fprintf(w, "TYPE\tNAME\tREPO\tINSECURE\tOCI\tLFS\tCREDS\tSTATUS\tMESSAGE\tPROJECT\n") for _, r := range repos { var hasCreds string - if !r.HasCredentials() { - hasCreds = "false" + if r.InheritedCreds { + hasCreds = "inherited" } else { - if r.InheritedCreds { - hasCreds = "inherited" - } else { - hasCreds = "true" - } + hasCreds = strconv.FormatBool(r.HasCredentials()) } + _, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%v\t%v\t%v\t%s\t%s\t%s\t%s\n", r.Type, r.Name, r.Repo, r.IsInsecure(), r.EnableOCI, r.EnableLFS, hasCreds, r.ConnectionState.Status, r.ConnectionState.Message, r.Project) } _ = w.Flush() diff --git a/cmd/argocd/commands/version_test.go b/cmd/argocd/commands/version_test.go index 88aa689b48669..3312e5ad958b6 100644 --- a/cmd/argocd/commands/version_test.go +++ b/cmd/argocd/commands/version_test.go @@ -12,7 +12,7 @@ import ( func TestShortVersionClient(t *testing.T) { buf := new(bytes.Buffer) cmd := NewVersionCmd(&argocdclient.ClientOptions{}, nil) - cmd.SetOutput(buf) + cmd.SetOut(buf) cmd.SetArgs([]string{"version", "--short", "--client"}) err := cmd.Execute() if err != nil { @@ -26,7 +26,7 @@ func TestShortVersion(t *testing.T) { serverVersion := &version.VersionMessage{Version: "v99.99.99+unknown"} buf := new(bytes.Buffer) cmd := NewVersionCmd(&argocdclient.ClientOptions{}, serverVersion) - cmd.SetOutput(buf) + cmd.SetOut(buf) cmd.SetArgs([]string{"argocd", "version", "--short"}) err := cmd.Execute() if err != nil { diff --git a/cmd/util/app.go b/cmd/util/app.go index d501a599a81e4..d64c5ed02e6cb 100644 --- a/cmd/util/app.go +++ b/cmd/util/app.go @@ -427,7 +427,10 @@ func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) { src.Helm.IgnoreMissingValueFiles = opts.ignoreMissingValueFiles } if len(opts.values) > 0 { - src.Helm.Values = opts.values + err := src.Helm.SetValuesString(opts.values) + if err != nil { + log.Fatal(err) + } } if opts.releaseName != "" { src.Helm.ReleaseName = opts.releaseName @@ -597,7 +600,7 @@ func constructAppsBaseOnName(appName string, labels, annotations, args []string, } appName = args[0] } - appName, appNs := argo.ParseAppQualifiedName(appName, "") + appName, appNs := argo.ParseFromQualifiedName(appName, "") app = &argoappv1.Application{ TypeMeta: v1.TypeMeta{ Kind: application.ApplicationKind, diff --git a/cmd/util/app_test.go b/cmd/util/app_test.go index ae8a7b8140788..2f49a3cc4c8c4 100644 --- a/cmd/util/app_test.go +++ b/cmd/util/app_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "k8s.io/apimachinery/pkg/util/intstr" ) @@ -217,7 +216,7 @@ func Test_setAppSpecOptions(t *testing.T) { t.Run("Kustomize", func(t *testing.T) { assert.NoError(t, f.SetFlag("kustomize-replica", "my-deployment=2")) assert.NoError(t, f.SetFlag("kustomize-replica", "my-statefulset=4")) - assert.Equal(t, f.spec.Source.Kustomize.Replicas, argoappv1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}}) + assert.Equal(t, f.spec.Source.Kustomize.Replicas, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}}) }) } @@ -294,7 +293,7 @@ func TestReadAppsFromURI(t *testing.T) { _, _ = file.WriteString(appsYaml) _ = file.Sync() - apps := make([]*argoappv1.Application, 0) + apps := make([]*v1alpha1.Application, 0) err = readAppsFromURI(file.Name(), &apps) assert.NoError(t, err) assert.Equal(t, 2, len(apps)) diff --git a/cmd/util/applicationset_test.go b/cmd/util/applicationset_test.go index 78c07f7e0d005..c15e58a61af14 100644 --- a/cmd/util/applicationset_test.go +++ b/cmd/util/applicationset_test.go @@ -7,7 +7,7 @@ import ( "github.com/stretchr/testify/assert" ) -var appSet string = `apiVersion: argoproj.io/v1alpha1 +var appSet = `apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: guestbook @@ -31,10 +31,10 @@ spec: ` func TestReadAppSet(t *testing.T) { - appsets := []*argoprojiov1alpha1.ApplicationSet{} - err := readAppset([]byte(appSet), &appsets) + var appSets []*argoprojiov1alpha1.ApplicationSet + err := readAppset([]byte(appSet), &appSets) if err != nil { t.Logf("Failed reading appset file") } - assert.Equal(t, len(appsets), 1) + assert.Equal(t, len(appSets), 1) } diff --git a/cmpserver/plugin/config_test.go b/cmpserver/plugin/config_test.go new file mode 100644 index 0000000000000..9e22dab1d3741 --- /dev/null +++ b/cmpserver/plugin/config_test.go @@ -0,0 +1,215 @@ +package plugin + +import ( + "fmt" + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/argoproj/argo-cd/v2/common" +) + +func Test_IsDefined(t *testing.T) { + testCases := []struct { + name string + discover Discover + expected bool + }{ + { + name: "empty discover", + discover: Discover{}, + expected: false, + }, + { + name: "discover with find", + discover: Discover{ + Find: Find{ + Glob: "glob", + }, + }, + expected: true, + }, + { + name: "discover with fileName", + discover: Discover{ + FileName: "fileName", + }, + expected: true, + }, + { + name: "discover with empty command", + discover: Discover{ + Find: Find{ + Command: Command{ + Command: []string{}, + }, + }, + }, + expected: false, + }, + { + name: "discover with command", + discover: Discover{ + Find: Find{ + Command: Command{ + Command: []string{"command"}, + }, + }, + }, + expected: true, + }, + } + + for _, tc := range testCases { + tcc := tc + t.Run(tcc.name, func(t *testing.T) { + t.Parallel() + + actual := tcc.discover.IsDefined() + assert.Equal(t, tcc.expected, actual) + }) + } +} + +func Test_ReadPluginConfig(t *testing.T) { + testCases := []struct { + name string + fileContents string + expected *PluginConfig + expectedErr string + }{ + { + name: "empty metadata", + fileContents: ` +metadata: +`, + expected: nil, + expectedErr: "invalid plugin configuration file. metadata.name should be non-empty.", + }, + { + name: "empty metadata name", + fileContents: ` +metadata: + name: "" +`, + expected: nil, + expectedErr: "invalid plugin configuration file. metadata.name should be non-empty.", + }, + { + name: "invalid kind", + fileContents: ` +kind: invalid +metadata: + name: name +`, + expected: nil, + expectedErr: "invalid plugin configuration file. kind should be ConfigManagementPlugin, found invalid", + }, + { + name: "empty generate command", + fileContents: ` +kind: ConfigManagementPlugin +metadata: + name: name +`, + expected: nil, + expectedErr: "invalid plugin configuration file. spec.generate command should be non-empty", + }, + { + name: "valid config", + fileContents: ` +kind: ConfigManagementPlugin +metadata: + name: name +spec: + generate: + command: [command] +`, + expected: &PluginConfig{ + TypeMeta: v1.TypeMeta{ + Kind: ConfigManagementPluginKind, + }, + Metadata: v1.ObjectMeta{ + Name: "name", + }, + Spec: PluginConfigSpec{ + Generate: Command{ + Command: []string{"command"}, + }, + }, + }, + }, + } + + for _, tc := range testCases { + tcc := tc + t.Run(tcc.name, func(t *testing.T) { + t.Parallel() + // write test string to temporary file + tempDir := t.TempDir() + tempFile, err := os.Create(filepath.Join(tempDir, "plugin.yaml")) + require.NoError(t, err) + err = tempFile.Close() + require.NoError(t, err) + err = os.WriteFile(tempFile.Name(), []byte(tcc.fileContents), 0644) + require.NoError(t, err) + config, err := ReadPluginConfig(tempDir) + if tcc.expectedErr != "" { + assert.EqualError(t, err, tcc.expectedErr) + } else { + assert.NoError(t, err) + } + assert.Equal(t, tcc.expected, config) + }) + } +} + +func Test_PluginConfig_Address(t *testing.T) { + testCases := []struct { + name string + config *PluginConfig + expected string + }{ + { + name: "no version specified", + config: &PluginConfig{ + TypeMeta: v1.TypeMeta{ + Kind: ConfigManagementPluginKind, + }, + Metadata: v1.ObjectMeta{ + Name: "name", + }, + }, + expected: "name", + }, + { + name: "version specified", + config: &PluginConfig{ + TypeMeta: v1.TypeMeta{ + Kind: ConfigManagementPluginKind, + }, + Metadata: v1.ObjectMeta{ + Name: "name", + }, + Spec: PluginConfigSpec{ + Version: "version", + }, + }, + expected: "name-version", + }, + } + + for _, tc := range testCases { + tcc := tc + t.Run(tcc.name, func(t *testing.T) { + t.Parallel() + actual := tcc.config.Address() + expectedAddress := fmt.Sprintf("%s/%s.sock", common.GetPluginSockFilePath(), tcc.expected) + assert.Equal(t, expectedAddress, actual) + }) + } +} diff --git a/cmpserver/plugin/plugin.go b/cmpserver/plugin/plugin.go index 08be235315dde..ca67ccecf214a 100644 --- a/cmpserver/plugin/plugin.go +++ b/cmpserver/plugin/plugin.go @@ -24,6 +24,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/io/files" "github.com/argoproj/gitops-engine/pkg/utils/kube" + "github.com/cyphar/filepath-securejoin" "github.com/mattn/go-zglob" log "github.com/sirupsen/logrus" ) @@ -182,7 +183,7 @@ func getTempDirMustCleanup(baseDir string) (workDir string, cleanup func(), err if err := os.RemoveAll(workDir); err != nil { log.WithFields(map[string]interface{}{ common.SecurityField: common.SecurityHigh, - common.SecurityCWEField: 459, + common.SecurityCWEField: common.SecurityCWEIncompleteCleanup, }).Errorf("Failed to clean up temp directory: %s", err) } } @@ -302,7 +303,7 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error { return fmt.Errorf("match repository error receiving stream: %w", err) } - isSupported, isDiscoveryEnabled, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv()) + isSupported, isDiscoveryEnabled, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv(), metadata.GetAppRelPath()) if err != nil { return fmt.Errorf("match repository error: %w", err) } @@ -315,12 +316,20 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error { return nil } -func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry) (isSupported bool, isDiscoveryEnabled bool, err error) { +func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry, appRelPath string) (isSupported bool, isDiscoveryEnabled bool, err error) { config := s.initConstants.PluginConfig + appPath, err := securejoin.SecureJoin(workdir, appRelPath) + if err != nil { + log.WithFields(map[string]interface{}{ + common.SecurityField: common.SecurityHigh, + common.SecurityCWEField: common.SecurityCWEIncompleteCleanup, + }).Errorf("error joining workdir %q and appRelPath %q: %v", workdir, appRelPath, err) + } + if config.Spec.Discover.FileName != "" { log.Debugf("config.Spec.Discover.FileName is provided") - pattern := filepath.Join(workdir, config.Spec.Discover.FileName) + pattern := filepath.Join(appPath, config.Spec.Discover.FileName) matches, err := filepath.Glob(pattern) if err != nil { e := fmt.Errorf("error finding filename match for pattern %q: %w", pattern, err) @@ -332,7 +341,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie if config.Spec.Discover.Find.Glob != "" { log.Debugf("config.Spec.Discover.Find.Glob is provided") - pattern := filepath.Join(workdir, config.Spec.Discover.Find.Glob) + pattern := filepath.Join(appPath, config.Spec.Discover.Find.Glob) // filepath.Glob doesn't have '**' support hence selecting third-party lib // https://github.com/golang/go/issues/11862 matches, err := zglob.Glob(pattern) @@ -348,7 +357,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie if len(config.Spec.Discover.Find.Command.Command) > 0 { log.Debugf("Going to try runCommand.") env := append(os.Environ(), environ(envEntries)...) - find, err := runCommand(ctx, config.Spec.Discover.Find.Command, workdir, env) + find, err := runCommand(ctx, config.Spec.Discover.Find.Command, appPath, env) if err != nil { return false, true, fmt.Errorf("error running find command: %w", err) } diff --git a/cmpserver/plugin/plugin_test.go b/cmpserver/plugin/plugin_test.go index 3096e6736bc23..936a38caba934 100644 --- a/cmpserver/plugin/plugin_test.go +++ b/cmpserver/plugin/plugin_test.go @@ -100,7 +100,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -115,7 +115,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -130,7 +130,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - _, _, err := f.service.matchRepository(context.Background(), f.path, f.env) + _, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.ErrorContains(t, err, "syntax error") @@ -145,7 +145,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -162,7 +162,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -179,7 +179,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - _, _, err := f.service.matchRepository(context.Background(), f.path, f.env) + _, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.ErrorContains(t, err, "error finding glob match for pattern") @@ -196,7 +196,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -215,7 +215,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) assert.False(t, match) @@ -233,7 +233,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -253,7 +253,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -272,7 +272,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.Error(t, err) @@ -285,7 +285,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) diff --git a/common/common.go b/common/common.go index 7f8875b6041a8..b52fc859905c8 100644 --- a/common/common.go +++ b/common/common.go @@ -53,7 +53,11 @@ const ( // DefaultAddressAPIServer for ArgoCD components const ( - DefaultAddressAPIServer = "localhost" + DefaultAddressAdminDashboard = "localhost" + DefaultAddressAPIServer = "0.0.0.0" + DefaultAddressAPIServerMetrics = "0.0.0.0" + DefaultAddressRepoServer = "0.0.0.0" + DefaultAddressRepoServerMetrics = "0.0.0.0" ) // Default paths on the pod's file system @@ -99,6 +103,12 @@ const ( // PasswordPatten is the default password patten PasswordPatten = `^.{8,32}$` + + // LegacyShardingAlgorithm is the default value for Sharding Algorithm it uses an `uid` based distribution (non-uniform) + LegacyShardingAlgorithm = "legacy" + // RoundRobinShardingAlgorithm is a flag value that can be opted for Sharding Algorithm it uses an equal distribution accross all shards + RoundRobinShardingAlgorithm = "round-robin" + DefaultShardingAlgorithm = LegacyShardingAlgorithm ) // Dex related constants @@ -199,6 +209,8 @@ const ( EnvControllerReplicas = "ARGOCD_CONTROLLER_REPLICAS" // EnvControllerShard is the shard number that should be handled by controller EnvControllerShard = "ARGOCD_CONTROLLER_SHARD" + // EnvControllerShardingAlgorithm is the distribution sharding algorithm to be used: legacy or round-robin + EnvControllerShardingAlgorithm = "ARGOCD_CONTROLLER_SHARDING_ALGORITHM" // EnvEnableGRPCTimeHistogramEnv enables gRPC metrics collection EnvEnableGRPCTimeHistogramEnv = "ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM" // EnvGithubAppCredsExpirationDuration controls the caching of Github app credentials. This value is in minutes (default: 60) @@ -219,6 +231,8 @@ const ( EnvCMPChunkSize = "ARGOCD_CMP_CHUNK_SIZE" // EnvCMPWorkDir defines the full path of the work directory used by the CMP server EnvCMPWorkDir = "ARGOCD_CMP_WORKDIR" + // EnvGPGDataPath overrides the location where GPG keyring for signature verification is stored + EnvGPGDataPath = "ARGOCD_GPG_DATA_PATH" ) // Config Management Plugin related constants @@ -309,13 +323,16 @@ const ( // Security severity logging const ( - SecurityField = "security" - SecurityCWEField = "CWE" - SecurityEmergency = 5 // Indicates unmistakably malicious events that should NEVER occur accidentally and indicates an active attack (i.e. brute forcing, DoS) - SecurityCritical = 4 // Indicates any malicious or exploitable event that had a side effect (i.e. secrets being left behind on the filesystem) - SecurityHigh = 3 // Indicates likely malicious events but one that had no side effects or was blocked (i.e. out of bounds symlinks in repos) - SecurityMedium = 2 // Could indicate malicious events, but has a high likelihood of being user/system error (i.e. access denied) - SecurityLow = 1 // Unexceptional entries (i.e. successful access logs) + SecurityField = "security" + // SecurityCWEField is the logs field for the CWE associated with a log line. CWE stands for Common Weakness Enumeration. See https://cwe.mitre.org/ + SecurityCWEField = "CWE" + SecurityCWEIncompleteCleanup = 459 + SecurityCWEMissingReleaseOfFileDescriptor = 775 + SecurityEmergency = 5 // Indicates unmistakably malicious events that should NEVER occur accidentally and indicates an active attack (i.e. brute forcing, DoS) + SecurityCritical = 4 // Indicates any malicious or exploitable event that had a side effect (i.e. secrets being left behind on the filesystem) + SecurityHigh = 3 // Indicates likely malicious events but one that had no side effects or was blocked (i.e. out of bounds symlinks in repos) + SecurityMedium = 2 // Could indicate malicious events, but has a high likelihood of being user/system error (i.e. access denied) + SecurityLow = 1 // Unexceptional entries (i.e. successful access logs) ) // TokenVerificationError is a generic error message for a failure to verify a JWT diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 75fca472951c9..a2ee1b35bbf06 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -41,14 +41,17 @@ import ( "github.com/argoproj/argo-cd/v2/common" statecache "github.com/argoproj/argo-cd/v2/controller/cache" "github.com/argoproj/argo-cd/v2/controller/metrics" + "github.com/argoproj/argo-cd/v2/controller/sharding" "github.com/argoproj/argo-cd/v2/pkg/apis/application" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + argov1alpha "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions/application/v1alpha1" applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/util/argo" argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" + appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/errors" @@ -229,10 +232,12 @@ func (ctrl *ApplicationController) InvalidateProjectsCache(names ...string) { ctrl.projByNameCache.Delete(name) } } else { - ctrl.projByNameCache.Range(func(key, _ interface{}) bool { - ctrl.projByNameCache.Delete(key) - return true - }) + if ctrl != nil { + ctrl.projByNameCache.Range(func(key, _ interface{}) bool { + ctrl.projByNameCache.Delete(key) + return true + }) + } } } @@ -354,17 +359,18 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b level = CompareWithRecent } - // Additional check for debug level so we don't need to evaluate the - // format string in case of non-debug scenarios - if log.GetLevel() >= log.DebugLevel { - var resKey string - if ref.Namespace != "" { - resKey = ref.Namespace + "/" + ref.Name - } else { - resKey = "(cluster-scoped)/" + ref.Name - } - log.Debugf("Refreshing app %s for change in cluster of object %s of type %s/%s", appKey, resKey, ref.APIVersion, ref.Kind) + namespace := ref.Namespace + if ref.Namespace == "" { + namespace = "(cluster-scoped)" } + log.WithFields(log.Fields{ + "application": appKey, + "level": level, + "namespace": namespace, + "name": ref.Name, + "api-version": ref.APIVersion, + "kind": ref.Kind, + }).Debug("Requesting app refresh caused by object update") ctrl.requestAppRefresh(app.QualifiedName(), &level, nil) } @@ -1470,6 +1476,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo }) app.Status.SourceType = compareResult.appSourceType app.Status.SourceTypes = compareResult.appSourceTypes + app.Status.ControllerNamespace = ctrl.namespace ctrl.persistAppStatus(origApp, &app.Status) return } @@ -2009,3 +2016,5 @@ func (ctrl *ApplicationController) toAppKey(appName string) string { func (ctrl *ApplicationController) toAppQualifiedName(appName, appNamespace string) string { return fmt.Sprintf("%s/%s", appNamespace, appName) } + +type ClusterFilterFunction func(c *argov1alpha.Cluster, distributionFunction sharding.DistributionFunction) bool diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index e48c7aa23343c..0458f02ca8d2d 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -32,7 +32,6 @@ import ( mockstatecache "github.com/argoproj/argo-cd/v2/controller/cache/mocks" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" mockrepoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" @@ -43,17 +42,19 @@ import ( ) type namespacedResource struct { - argoappv1.ResourceNode + v1alpha1.ResourceNode AppName string } type fakeData struct { apps []runtime.Object manifestResponse *apiclient.ManifestResponse + manifestResponses []*apiclient.ManifestResponse managedLiveObjs map[kube.ResourceKey]*unstructured.Unstructured namespacedResources map[kube.ResourceKey]namespacedResource configMapData map[string]string metricsCacheExpiration time.Duration + applicationNamespaces []string } func newFakeController(data *fakeData) *ApplicationController { @@ -65,7 +66,15 @@ func newFakeController(data *fakeData) *ApplicationController { // Mock out call to GenerateManifest mockRepoClient := mockrepoclient.RepoServerServiceClient{} - mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(data.manifestResponse, nil) + + if len(data.manifestResponses) > 0 { + for _, response := range data.manifestResponses { + mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(response, nil).Once() + } + } else { + mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(data.manifestResponse, nil) + } + mockRepoClientset := mockrepoclient.Clientset{RepoServerServiceClient: &mockRepoClient} secret := corev1.Secret{ @@ -111,7 +120,7 @@ func newFakeController(data *fakeData) *ApplicationController { 0, true, nil, - []string{}, + data.applicationNamespaces, ) if err != nil { panic(err) @@ -131,7 +140,7 @@ func newFakeController(data *fakeData) *ApplicationController { mockStateCache.On("IsNamespaced", mock.Anything, mock.Anything).Return(true, nil) mockStateCache.On("GetManagedLiveObjs", mock.Anything, mock.Anything).Return(data.managedLiveObjs, nil) mockStateCache.On("GetVersionsInfo", mock.Anything).Return("v1.2.3", nil, nil) - response := make(map[kube.ResourceKey]argoappv1.ResourceNode) + response := make(map[kube.ResourceKey]v1alpha1.ResourceNode) for k, v := range data.namespacedResources { response[k] = v.ResourceNode } @@ -140,12 +149,12 @@ func newFakeController(data *fakeData) *ApplicationController { mockStateCache.On("GetClusterCache", mock.Anything).Return(&clusterCacheMock, nil) mockStateCache.On("IterateHierarchy", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) { key := args[1].(kube.ResourceKey) - action := args[2].(func(child argoappv1.ResourceNode, appName string) bool) + action := args[2].(func(child v1alpha1.ResourceNode, appName string) bool) appName := "" if res, ok := data.namespacedResources[key]; ok { appName = res.AppName } - _ = action(argoappv1.ResourceNode{ResourceRef: argoappv1.ResourceRef{Kind: key.Kind, Group: key.Group, Namespace: key.Namespace, Name: key.Name}}, appName) + _ = action(v1alpha1.ResourceNode{ResourceRef: v1alpha1.ResourceRef{Kind: key.Kind, Group: key.Group, Namespace: key.Namespace, Name: key.Name}}, appName) }).Return(nil) return ctrl } @@ -167,7 +176,6 @@ metadata: namespace: ` + test.FakeArgoCDNamespace + ` type: Opaque ` - var fakeApp = ` apiVersion: argoproj.io/v1alpha1 kind: Application @@ -223,9 +231,14 @@ spec: project: default sources: - path: some/path + helm: + valueFiles: + - $values_test/values.yaml repoURL: https://github.com/argoproj/argocd-example-apps.git - path: some/other/path repoURL: https://github.com/argoproj/argocd-example-apps-fake.git + - ref: values_test + repoURL: https://github.com/argoproj/argocd-example-apps-fake-ref.git syncPolicy: automated: {} status: @@ -237,6 +250,7 @@ status: revisions: - HEAD - HEAD + - HEAD phase: Succeeded startedAt: 2018-09-21T23:50:25Z syncResult: @@ -251,11 +265,14 @@ status: revisions: - aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb + - cccccccccccccccccccccccccccccccccccccccc sources: - path: some/path repoURL: https://github.com/argoproj/argocd-example-apps.git - path: some/other/path repoURL: https://github.com/argoproj/argocd-example-apps-fake.git + - path: some/other/path + repoURL: https://github.com/argoproj/argocd-example-apps-fake-ref.git ` var fakeAppWithDestName = ` @@ -308,24 +325,24 @@ metadata: data: ` -func newFakeApp() *argoappv1.Application { +func newFakeApp() *v1alpha1.Application { return createFakeApp(fakeApp) } -func newFakeMultiSourceApp() *argoappv1.Application { +func newFakeMultiSourceApp() *v1alpha1.Application { return createFakeApp(fakeMultiSourceApp) } -func newFakeAppWithDestMismatch() *argoappv1.Application { +func newFakeAppWithDestMismatch() *v1alpha1.Application { return createFakeApp(fakeAppWithDestMismatch) } -func newFakeAppWithDestName() *argoappv1.Application { +func newFakeAppWithDestName() *v1alpha1.Application { return createFakeApp(fakeAppWithDestName) } -func createFakeApp(testApp string) *argoappv1.Application { - var app argoappv1.Application +func createFakeApp(testApp string) *v1alpha1.Application { + var app v1alpha1.Application err := yaml.Unmarshal([]byte(testApp), &app) if err != nil { panic(err) @@ -345,11 +362,11 @@ func newFakeCM() map[string]interface{} { func TestAutoSync(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -362,11 +379,11 @@ func TestAutoSyncNotAllowEmpty(t *testing.T) { app := newFakeApp() app.Spec.SyncPolicy.Automated.Prune = true ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.NotNil(t, cond) } @@ -375,11 +392,11 @@ func TestAutoSyncAllowEmpty(t *testing.T) { app.Spec.SyncPolicy.Automated.Prune = true app.Spec.SyncPolicy.Automated.AllowEmpty = true ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) } @@ -389,11 +406,11 @@ func TestSkipAutoSync(t *testing.T) { t.Run("PreviouslySyncedToRevision", func(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -404,11 +421,11 @@ func TestSkipAutoSync(t *testing.T) { t.Run("AlreadyInSyncedState", func(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeSynced, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -420,11 +437,11 @@ func TestSkipAutoSync(t *testing.T) { app := newFakeApp() app.Spec.SyncPolicy = nil ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -437,11 +454,11 @@ func TestSkipAutoSync(t *testing.T) { now := metav1.Now() app.DeletionTimestamp = &now ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -452,22 +469,22 @@ func TestSkipAutoSync(t *testing.T) { // Set current to 'aaaaa', desired to 'bbbbb' and add 'bbbbb' to failure history t.Run("PreviousSyncAttemptFailed", func(t *testing.T) { app := newFakeApp() - app.Status.OperationState = &argoappv1.OperationState{ - Operation: argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, + app.Status.OperationState = &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, }, Phase: synccommon.OperationFailed, - SyncResult: &argoappv1.SyncOperationResult{ + SyncResult: &v1alpha1.SyncOperationResult{ Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", Source: *app.Spec.Source.DeepCopy(), }, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -477,12 +494,12 @@ func TestSkipAutoSync(t *testing.T) { t.Run("NeedsToPruneResourcesOnlyButAutomatedPruneDisabled", func(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{ - {Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync, RequiresPruning: true}, + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{ + {Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync, RequiresPruning: true}, }) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) @@ -494,8 +511,8 @@ func TestSkipAutoSync(t *testing.T) { // TestAutoSyncIndicateError verifies we skip auto-sync and return error condition if previous sync failed func TestAutoSyncIndicateError(t *testing.T) { app := newFakeApp() - app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{ + app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{ { Name: "a", Value: "1", @@ -503,23 +520,23 @@ func TestAutoSyncIndicateError(t *testing.T) { }, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", } - app.Status.OperationState = &argoappv1.OperationState{ - Operation: argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{ + app.Status.OperationState = &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ Source: app.Spec.Source.DeepCopy(), }, }, Phase: synccommon.OperationFailed, - SyncResult: &argoappv1.SyncOperationResult{ + SyncResult: &v1alpha1.SyncOperationResult{ Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", Source: *app.Spec.Source.DeepCopy(), }, } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -529,8 +546,8 @@ func TestAutoSyncIndicateError(t *testing.T) { // TestAutoSyncParameterOverrides verifies we auto-sync if revision is same but parameter overrides are different func TestAutoSyncParameterOverrides(t *testing.T) { app := newFakeApp() - app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{ + app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{ { Name: "a", Value: "1", @@ -538,16 +555,16 @@ func TestAutoSyncParameterOverrides(t *testing.T) { }, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", } - app.Status.OperationState = &argoappv1.OperationState{ - Operation: argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{ - Source: &argoappv1.ApplicationSource{ - Helm: &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{ + app.Status.OperationState = &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Source: &v1alpha1.ApplicationSource{ + Helm: &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{ { Name: "a", Value: "2", // this value changed @@ -558,11 +575,11 @@ func TestAutoSyncParameterOverrides(t *testing.T) { }, }, Phase: synccommon.OperationFailed, - SyncResult: &argoappv1.SyncOperationResult{ + SyncResult: &v1alpha1.SyncOperationResult{ Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", }, } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -571,14 +588,14 @@ func TestAutoSyncParameterOverrides(t *testing.T) { // TestFinalizeAppDeletion verifies application deletion func TestFinalizeAppDeletion(t *testing.T) { - defaultProj := argoappv1.AppProject{ + defaultProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "default", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "*", @@ -607,8 +624,8 @@ func TestFinalizeAppDeletion(t *testing.T) { patched = true return true, nil, nil }) - _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) assert.True(t, patched) @@ -617,14 +634,14 @@ func TestFinalizeAppDeletion(t *testing.T) { // Ensure any stray resources irregularly labeled with instance label of app are not deleted upon deleting, // when app project restriction is in place t.Run("ProjectRestrictionEnforced", func(*testing.T) { - restrictedProj := argoappv1.AppProject{ + restrictedProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "restricted", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "my-app", @@ -657,8 +674,8 @@ func TestFinalizeAppDeletion(t *testing.T) { patched = true return true, nil, nil }) - objs, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + objs, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) assert.True(t, patched) @@ -691,8 +708,8 @@ func TestFinalizeAppDeletion(t *testing.T) { patched = true return true, nil, nil }) - _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) assert.True(t, patched) @@ -704,7 +721,7 @@ func TestFinalizeAppDeletion(t *testing.T) { appTemplate := newFakeAppWithDestName() - testShouldDelete := func(app *argoappv1.Application) { + testShouldDelete := func(app *v1alpha1.Application) { appObj := kube.MustToUnstructured(&app) ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}, managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{ kube.GetResourceKey(appObj): appObj, @@ -716,8 +733,8 @@ func TestFinalizeAppDeletion(t *testing.T) { fakeAppCs.AddReactor("get", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { return defaultReactor.React(action) }) - _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) } @@ -741,14 +758,14 @@ func TestFinalizeAppDeletion(t *testing.T) { // TestNormalizeApplication verifies we normalize an application during reconciliation func TestNormalizeApplication(t *testing.T) { - defaultProj := argoappv1.AppProject{ + defaultProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "default", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "*", @@ -758,7 +775,7 @@ func TestNormalizeApplication(t *testing.T) { } app := newFakeApp() app.Spec.Project = "" - app.Spec.Source.Kustomize = &argoappv1.ApplicationSourceKustomize{NamePrefix: "foo-"} + app.Spec.Source.Kustomize = &v1alpha1.ApplicationSourceKustomize{NamePrefix: "foo-"} data := fakeData{ apps: []runtime.Object{app, &defaultProj}, manifestResponse: &apiclient.ManifestResponse{ @@ -816,7 +833,7 @@ func TestNormalizeApplication(t *testing.T) { func TestHandleAppUpdated(t *testing.T) { app := newFakeApp() app.Spec.Destination.Namespace = test.FakeArgoCDNamespace - app.Spec.Destination.Server = argoappv1.KubernetesInternalAPIServerAddr + app.Spec.Destination.Server = v1alpha1.KubernetesInternalAPIServerAddr proj := defaultProj.DeepCopy() proj.Spec.SourceNamespaces = []string{test.FakeArgoCDNamespace} ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, proj}}) @@ -836,15 +853,15 @@ func TestHandleOrphanedResourceUpdated(t *testing.T) { app1 := newFakeApp() app1.Name = "app1" app1.Spec.Destination.Namespace = test.FakeArgoCDNamespace - app1.Spec.Destination.Server = argoappv1.KubernetesInternalAPIServerAddr + app1.Spec.Destination.Server = v1alpha1.KubernetesInternalAPIServerAddr app2 := newFakeApp() app2.Name = "app2" app2.Spec.Destination.Namespace = test.FakeArgoCDNamespace - app2.Spec.Destination.Server = argoappv1.KubernetesInternalAPIServerAddr + app2.Spec.Destination.Server = v1alpha1.KubernetesInternalAPIServerAddr proj := defaultProj.DeepCopy() - proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{} + proj.Spec.OrphanedResources = &v1alpha1.OrphanedResourcesMonitorSettings{} ctrl := newFakeController(&fakeData{apps: []runtime.Object{app1, app2, proj}}) @@ -862,16 +879,16 @@ func TestHandleOrphanedResourceUpdated(t *testing.T) { func TestGetResourceTree_HasOrphanedResources(t *testing.T) { app := newFakeApp() proj := defaultProj.DeepCopy() - proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{} + proj.Spec.OrphanedResources = &v1alpha1.OrphanedResourcesMonitorSettings{} - managedDeploy := argoappv1.ResourceNode{ - ResourceRef: argoappv1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "nginx-deployment", Version: "v1"}, + managedDeploy := v1alpha1.ResourceNode{ + ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "nginx-deployment", Version: "v1"}, } - orphanedDeploy1 := argoappv1.ResourceNode{ - ResourceRef: argoappv1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy1"}, + orphanedDeploy1 := v1alpha1.ResourceNode{ + ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy1"}, } - orphanedDeploy2 := argoappv1.ResourceNode{ - ResourceRef: argoappv1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy2"}, + orphanedDeploy2 := v1alpha1.ResourceNode{ + ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy2"}, } ctrl := newFakeController(&fakeData{ @@ -882,7 +899,7 @@ func TestGetResourceTree_HasOrphanedResources(t *testing.T) { kube.NewResourceKey("apps", "Deployment", "default", "deploy2"): {ResourceNode: orphanedDeploy2}, }, }) - tree, err := ctrl.getResourceTree(app, []*argoappv1.ResourceDiff{{ + tree, err := ctrl.getResourceTree(app, []*v1alpha1.ResourceDiff{{ Namespace: "default", Name: "nginx-deployment", Kind: "Deployment", @@ -892,8 +909,8 @@ func TestGetResourceTree_HasOrphanedResources(t *testing.T) { }}) assert.NoError(t, err) - assert.Equal(t, tree.Nodes, []argoappv1.ResourceNode{managedDeploy}) - assert.Equal(t, tree.OrphanedNodes, []argoappv1.ResourceNode{orphanedDeploy1, orphanedDeploy2}) + assert.Equal(t, tree.Nodes, []v1alpha1.ResourceNode{managedDeploy}) + assert.Equal(t, tree.OrphanedNodes, []v1alpha1.ResourceNode{orphanedDeploy1, orphanedDeploy2}) } func TestSetOperationStateOnDeletedApp(t *testing.T) { @@ -905,14 +922,14 @@ func TestSetOperationStateOnDeletedApp(t *testing.T) { patched = true return true, nil, apierr.NewNotFound(schema.GroupResource{}, "my-app") }) - ctrl.setOperationState(newFakeApp(), &argoappv1.OperationState{Phase: synccommon.OperationSucceeded}) + ctrl.setOperationState(newFakeApp(), &v1alpha1.OperationState{Phase: synccommon.OperationSucceeded}) assert.True(t, patched) } func TestNeedRefreshAppStatus(t *testing.T) { testCases := []struct { name string - app *argoappv1.Application + app *v1alpha1.Application }{ { name: "single-source app", @@ -931,9 +948,9 @@ func TestNeedRefreshAppStatus(t *testing.T) { now := metav1.Now() app.Status.ReconciledAt = &now - app.Status.Sync = argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeSynced, - ComparedTo: argoappv1.ComparedTo{ + app.Status.Sync = v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, }, } @@ -954,15 +971,15 @@ func TestNeedRefreshAppStatus(t *testing.T) { needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithRecent, compareWith) // refresh application which status is not reconciled using latest commit - app.Status.Sync = argoappv1.SyncStatus{Status: argoappv1.SyncStatusCodeUnknown} + app.Status.Sync = v1alpha1.SyncStatus{Status: v1alpha1.SyncStatusCodeUnknown} needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) t.Run("refresh app using the 'latest' level if comparison expired", func(t *testing.T) { @@ -972,15 +989,15 @@ func TestNeedRefreshAppStatus(t *testing.T) { app.Status.ReconciledAt = &reconciledAt needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Minute, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) }) t.Run("refresh app using the 'latest' level if comparison expired for hard refresh", func(t *testing.T) { app := app.DeepCopy() - app.Status.Sync = argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeSynced, - ComparedTo: argoappv1.ComparedTo{ + app.Status.Sync = v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, }, } @@ -994,7 +1011,7 @@ func TestNeedRefreshAppStatus(t *testing.T) { app.Status.ReconciledAt = &reconciledAt needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 2*time.Hour, 1*time.Minute) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeHard, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeHard, refreshType) assert.Equal(t, CompareWithLatest, compareWith) }) @@ -1003,11 +1020,11 @@ func TestNeedRefreshAppStatus(t *testing.T) { reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour)) app.Status.ReconciledAt = &reconciledAt app.Annotations = map[string]string{ - v1alpha1.AnnotationKeyRefresh: string(argoappv1.RefreshTypeHard), + v1alpha1.AnnotationKeyRefresh: string(v1alpha1.RefreshTypeHard), } needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeHard, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeHard, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) }) @@ -1016,15 +1033,15 @@ func TestNeedRefreshAppStatus(t *testing.T) { ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil) // sample app source change if app.Spec.HasMultipleSources() { - app.Spec.Sources[0].Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{{ + app.Spec.Sources[0].Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{{ Name: "foo", Value: "bar", }}, } } else { - app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{{ + app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{{ Name: "foo", Value: "bar", }}, @@ -1033,7 +1050,7 @@ func TestNeedRefreshAppStatus(t *testing.T) { needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) }) }) @@ -1043,7 +1060,7 @@ func TestNeedRefreshAppStatus(t *testing.T) { func TestUpdatedManagedNamespaceMetadata(t *testing.T) { ctrl := newFakeController(&fakeData{apps: []runtime.Object{}}) app := newFakeApp() - app.Spec.SyncPolicy.ManagedNamespaceMetadata = &argoappv1.ManagedNamespaceMetadata{ + app.Spec.SyncPolicy.ManagedNamespaceMetadata = &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{ "foo": "bar", }, @@ -1060,14 +1077,14 @@ func TestUpdatedManagedNamespaceMetadata(t *testing.T) { needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 30*time.Minute, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatest, compareWith) } func TestUnchangedManagedNamespaceMetadata(t *testing.T) { ctrl := newFakeController(&fakeData{apps: []runtime.Object{}}) app := newFakeApp() - app.Spec.SyncPolicy.ManagedNamespaceMetadata = &argoappv1.ManagedNamespaceMetadata{ + app.Spec.SyncPolicy.ManagedNamespaceMetadata = &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{ "foo": "bar", }, @@ -1085,19 +1102,19 @@ func TestUnchangedManagedNamespaceMetadata(t *testing.T) { needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 30*time.Minute, 2*time.Hour) assert.False(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatest, compareWith) } func TestRefreshAppConditions(t *testing.T) { - defaultProj := argoappv1.AppProject{ + defaultProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "default", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "*", @@ -1117,27 +1134,27 @@ func TestRefreshAppConditions(t *testing.T) { t.Run("PreserveExistingWarningCondition", func(t *testing.T) { app := newFakeApp() - app.Status.SetConditions([]argoappv1.ApplicationCondition{{Type: argoappv1.ApplicationConditionExcludedResourceWarning}}, nil) + app.Status.SetConditions([]v1alpha1.ApplicationCondition{{Type: v1alpha1.ApplicationConditionExcludedResourceWarning}}, nil) ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}}) _, hasErrors := ctrl.refreshAppConditions(app) assert.False(t, hasErrors) assert.Len(t, app.Status.Conditions, 1) - assert.Equal(t, argoappv1.ApplicationConditionExcludedResourceWarning, app.Status.Conditions[0].Type) + assert.Equal(t, v1alpha1.ApplicationConditionExcludedResourceWarning, app.Status.Conditions[0].Type) }) t.Run("ReplacesSpecErrorCondition", func(t *testing.T) { app := newFakeApp() app.Spec.Project = "wrong project" - app.Status.SetConditions([]argoappv1.ApplicationCondition{{Type: argoappv1.ApplicationConditionInvalidSpecError, Message: "old message"}}, nil) + app.Status.SetConditions([]v1alpha1.ApplicationCondition{{Type: v1alpha1.ApplicationConditionInvalidSpecError, Message: "old message"}}, nil) ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}}) _, hasErrors := ctrl.refreshAppConditions(app) assert.True(t, hasErrors) assert.Len(t, app.Status.Conditions, 1) - assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, app.Status.Conditions[0].Type) + assert.Equal(t, v1alpha1.ApplicationConditionInvalidSpecError, app.Status.Conditions[0].Type) assert.Equal(t, "Application referencing project wrong project which does not exist", app.Status.Conditions[0].Message) }) } @@ -1145,8 +1162,8 @@ func TestRefreshAppConditions(t *testing.T) { func TestUpdateReconciledAt(t *testing.T) { app := newFakeApp() reconciledAt := metav1.NewTime(time.Now().Add(-1 * time.Second)) - app.Status = argoappv1.ApplicationStatus{ReconciledAt: &reconciledAt} - app.Status.Sync = argoappv1.SyncStatus{ComparedTo: argoappv1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination}} + app.Status = v1alpha1.ApplicationStatus{ReconciledAt: &reconciledAt} + app.Status.Sync = v1alpha1.SyncStatus{ComparedTo: v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination}} ctrl := newFakeController(&fakeData{ apps: []runtime.Object{app, &defaultProj}, manifestResponse: &apiclient.ManifestResponse{ @@ -1224,15 +1241,15 @@ func TestProjectErrorToCondition(t *testing.T) { obj, ok, err := ctrl.appInformer.GetIndexer().GetByKey(key) assert.True(t, ok) assert.NoError(t, err) - updatedApp := obj.(*argoappv1.Application) - assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) + updatedApp := obj.(*v1alpha1.Application) + assert.Equal(t, v1alpha1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) assert.Equal(t, "Application referencing project wrong project which does not exist", updatedApp.Status.Conditions[0].Message) - assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) + assert.Equal(t, v1alpha1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) } func TestFinalizeProjectDeletion_HasApplications(t *testing.T) { app := newFakeApp() - proj := &argoappv1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} + proj := &v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, proj}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1248,7 +1265,7 @@ func TestFinalizeProjectDeletion_HasApplications(t *testing.T) { } func TestFinalizeProjectDeletion_DoesNotHaveApplications(t *testing.T) { - proj := &argoappv1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} + proj := &v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} ctrl := newFakeController(&fakeData{apps: []runtime.Object{&defaultProj}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1272,8 +1289,8 @@ func TestFinalizeProjectDeletion_DoesNotHaveApplications(t *testing.T) { func TestProcessRequestedAppOperation_FailedNoRetries(t *testing.T) { app := newFakeApp() app.Spec.Project = "default" - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1294,8 +1311,8 @@ func TestProcessRequestedAppOperation_FailedNoRetries(t *testing.T) { func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) { app := newFakeAppWithDestMismatch() app.Spec.Project = "test-project" - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, } proj := defaultProj proj.Name = "test-project" @@ -1325,9 +1342,9 @@ func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) { func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) { app := newFakeApp() app.Spec.Project = "invalid-project" - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, - Retry: argoappv1.RetryStrategy{Limit: 1}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + Retry: v1alpha1.RetryStrategy{Limit: 1}, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1351,12 +1368,12 @@ func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) { func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) { app := newFakeApp() - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, - Retry: argoappv1.RetryStrategy{Limit: 1}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + Retry: v1alpha1.RetryStrategy{Limit: 1}, } app.Status.OperationState.Phase = synccommon.OperationRunning - app.Status.OperationState.SyncResult.Resources = []*argoappv1.ResourceResult{{ + app.Status.OperationState.SyncResult.Resources = []*v1alpha1.ResourceResult{{ Name: "guestbook", Kind: "Deployment", Group: "apps", @@ -1390,9 +1407,9 @@ func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) { func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) { app := newFakeApp() - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, - Retry: argoappv1.RetryStrategy{Limit: 10}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + Retry: v1alpha1.RetryStrategy{Limit: 10}, } app.Status.OperationState.Phase = synccommon.OperationTerminating @@ -1462,19 +1479,19 @@ func TestGetAppHosts(t *testing.T) { })).Return(nil) ctrl.stateCache = mockStateCache - hosts, err := ctrl.getAppHosts(app, []argoappv1.ResourceNode{{ - ResourceRef: argoappv1.ResourceRef{Name: "pod1", Namespace: "default", Kind: kube.PodKind}, - Info: []argoappv1.InfoItem{{ + hosts, err := ctrl.getAppHosts(app, []v1alpha1.ResourceNode{{ + ResourceRef: v1alpha1.ResourceRef{Name: "pod1", Namespace: "default", Kind: kube.PodKind}, + Info: []v1alpha1.InfoItem{{ Name: "Host", Value: "Minikube", }}, }}) assert.NoError(t, err) - assert.Equal(t, []argoappv1.HostInfo{{ + assert.Equal(t, []v1alpha1.HostInfo{{ Name: "minikube", SystemInfo: corev1.NodeSystemInfo{OSImage: "debian"}, - ResourcesInfo: []argoappv1.HostResourceInfo{{ + ResourcesInfo: []v1alpha1.HostResourceInfo{{ ResourceName: corev1.ResourceCPU, Capacity: 5000, RequestedByApp: 1000, RequestedByNeighbors: 2000}, }}}, hosts) } @@ -1524,13 +1541,13 @@ func Test_canProcessApp(t *testing.T) { }) t.Run("with cluster filter, good namespace", func(t *testing.T) { app.Namespace = "good" - ctrl.clusterFilter = func(_ *argoappv1.Cluster) bool { return true } + ctrl.clusterFilter = func(_ *v1alpha1.Cluster) bool { return true } canProcess := ctrl.canProcessApp(app) assert.True(t, canProcess) }) t.Run("with cluster filter, bad namespace", func(t *testing.T) { app.Namespace = "bad" - ctrl.clusterFilter = func(_ *argoappv1.Cluster) bool { return true } + ctrl.clusterFilter = func(_ *v1alpha1.Cluster) bool { return true } canProcess := ctrl.canProcessApp(app) assert.False(t, canProcess) }) @@ -1584,3 +1601,38 @@ func Test_syncDeleteOption(t *testing.T) { assert.False(t, delete) }) } + +func TestAddControllerNamespace(t *testing.T) { + t.Run("set controllerNamespace when the app is in the controller namespace", func(t *testing.T) { + app := newFakeApp() + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{app, &defaultProj}, + manifestResponse: &apiclient.ManifestResponse{}, + }) + + ctrl.processAppRefreshQueueItem() + + updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(ctrl.namespace).Get(context.Background(), app.Name, metav1.GetOptions{}) + assert.NoError(t, err) + assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) + }) + t.Run("set controllerNamespace when the app is in another namespace than the controller", func(t *testing.T) { + appNamespace := "app-namespace" + + app := newFakeApp() + app.ObjectMeta.Namespace = appNamespace + proj := defaultProj + proj.Spec.SourceNamespaces = []string{appNamespace} + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{app, &proj}, + manifestResponse: &apiclient.ManifestResponse{}, + applicationNamespaces: []string{appNamespace}, + }) + + ctrl.processAppRefreshQueueItem() + + updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(appNamespace).Get(context.Background(), app.Name, metav1.GetOptions{}) + assert.NoError(t, err) + assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) + }) +} diff --git a/controller/cache/cache.go b/controller/cache/cache.go index 133654d2f044d..797163be2e4c5 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -29,6 +29,7 @@ import ( "k8s.io/client-go/tools/cache" "github.com/argoproj/argo-cd/v2/controller/metrics" + "github.com/argoproj/argo-cd/v2/pkg/apis/application" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" @@ -149,6 +150,8 @@ type ResourceInfo struct { PodInfo *PodInfo // NodeInfo is available for nodes only NodeInfo *NodeInfo + + manifestHash string } func NewLiveStateCache( @@ -178,6 +181,11 @@ type cacheSettings struct { clusterSettings clustercache.Settings appInstanceLabelKey string trackingMethod appv1.TrackingMethod + // resourceOverrides provides a list of ignored differences to ignore watched resource updates + resourceOverrides map[string]appv1.ResourceOverride + + // ignoreResourceUpdates is a flag to enable resource-ignore rules. + ignoreResourceUpdatesEnabled bool } type liveStateCache struct { @@ -200,6 +208,14 @@ func (c *liveStateCache) loadCacheSettings() (*cacheSettings, error) { if err != nil { return nil, err } + resourceUpdatesOverrides, err := c.settingsMgr.GetIgnoreResourceUpdatesOverrides() + if err != nil { + return nil, err + } + ignoreResourceUpdatesEnabled, err := c.settingsMgr.GetIsIgnoreResourceUpdatesEnabled() + if err != nil { + return nil, err + } resourcesFilter, err := c.settingsMgr.GetResourcesFilter() if err != nil { return nil, err @@ -212,7 +228,8 @@ func (c *liveStateCache) loadCacheSettings() (*cacheSettings, error) { ResourceHealthOverride: lua.ResourceHealthOverrides(resourceOverrides), ResourcesFilter: resourcesFilter, } - return &cacheSettings{clusterSettings, appInstanceLabelKey, argo.GetTrackingMethod(c.settingsMgr)}, nil + + return &cacheSettings{clusterSettings, appInstanceLabelKey, argo.GetTrackingMethod(c.settingsMgr), resourceUpdatesOverrides, ignoreResourceUpdatesEnabled}, nil } func asResourceNode(r *clustercache.Resource) appv1.ResourceNode { @@ -309,6 +326,27 @@ func skipAppRequeuing(key kube.ResourceKey) bool { return ignoredRefreshResources[key.Group+"/"+key.Kind] } +func skipResourceUpdate(oldInfo, newInfo *ResourceInfo) bool { + if oldInfo == nil || newInfo == nil { + return false + } + isSameHealthStatus := (oldInfo.Health == nil && newInfo.Health == nil) || oldInfo.Health != nil && newInfo.Health != nil && oldInfo.Health.Status == newInfo.Health.Status + isSameManifest := oldInfo.manifestHash != "" && newInfo.manifestHash != "" && oldInfo.manifestHash == newInfo.manifestHash + return isSameHealthStatus && isSameManifest +} + +// shouldHashManifest validates if the API resource needs to be hashed. +// If there's an app name from resource tracking, or if this is itself an app, we should generate a hash. +// Otherwise, the hashing should be skipped to save CPU time. +func shouldHashManifest(appName string, gvk schema.GroupVersionKind) bool { + // Only hash if the resource belongs to an app. + // Best - Only hash for resources that are part of an app or their dependencies + // (current) - Only hash for resources that are part of an app + all apps that might be from an ApplicationSet + // Orphan - If orphan is enabled, hash should be made on all resource of that namespace and a config to disable it + // Worst - Hash all resources watched by Argo + return appName != "" || (gvk.Group == application.Group && gvk.Kind == application.ApplicationKind) +} + // isRetryableError is a helper method to see whether an error // returned from the dynamic client is potentially retryable. func isRetryableError(err error) bool { @@ -424,14 +462,25 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e c.lock.RLock() cacheSettings := c.cacheSettings c.lock.RUnlock() + res.Health, _ = health.GetResourceHealth(un, cacheSettings.clusterSettings.ResourceHealthOverride) appName := c.resourceTracking.GetAppName(un, cacheSettings.appInstanceLabelKey, cacheSettings.trackingMethod) if isRoot && appName != "" { res.AppName = appName } + gvk := un.GroupVersionKind() + if cacheSettings.ignoreResourceUpdatesEnabled && shouldHashManifest(appName, gvk) { + hash, err := generateManifestHash(un, nil, cacheSettings.resourceOverrides) + if err != nil { + log.Errorf("Failed to generate manifest hash: %v", err) + } else { + res.manifestHash = hash + } + } + // edge case. we do not label CRDs, so they miss the tracking label we inject. But we still // want the full resource to be available in our cache (to diff), so we store all CRDs return res, res.AppName != "" || gvk.Kind == kube.CustomResourceDefinitionKind @@ -450,6 +499,30 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e } else { ref = oldRes.Ref } + + c.lock.RLock() + cacheSettings := c.cacheSettings + c.lock.RUnlock() + + if cacheSettings.ignoreResourceUpdatesEnabled && oldRes != nil && newRes != nil && skipResourceUpdate(resInfo(oldRes), resInfo(newRes)) { + // Additional check for debug level so we don't need to evaluate the + // format string in case of non-debug scenarios + if log.GetLevel() >= log.DebugLevel { + namespace := ref.Namespace + if ref.Namespace == "" { + namespace = "(cluster-scoped)" + } + log.WithFields(log.Fields{ + "server": clusterCache.GetClusterInfo().Server, + "namespace": namespace, + "name": ref.Name, + "api-version": ref.APIVersion, + "kind": ref.Kind, + }).Debug("Ignoring change of object because none of the watched resource fields have changed") + } + return + } + for _, r := range []*clustercache.Resource{newRes, oldRes} { if r == nil { continue diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 9d1fad82b0279..3549f03f6e0ea 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -14,6 +14,7 @@ import ( "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/cache/mocks" + "github.com/argoproj/gitops-engine/pkg/health" "github.com/stretchr/testify/mock" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -202,3 +203,126 @@ func Test_asResourceNode_owner_refs(t *testing.T) { } assert.Equal(t, expected, resNode) } + +func TestSkipResourceUpdate(t *testing.T) { + var ( + hash1_x string = "x" + hash2_y string = "y" + hash3_x string = "x" + ) + info := &ResourceInfo{ + manifestHash: hash1_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "default", + }, + } + t.Run("Nil", func(t *testing.T) { + assert.False(t, skipResourceUpdate(nil, nil)) + }) + t.Run("From Nil", func(t *testing.T) { + assert.False(t, skipResourceUpdate(nil, info)) + }) + t.Run("To Nil", func(t *testing.T) { + assert.False(t, skipResourceUpdate(info, nil)) + }) + t.Run("No hash", func(t *testing.T) { + assert.False(t, skipResourceUpdate(&ResourceInfo{}, &ResourceInfo{})) + }) + t.Run("Same hash", func(t *testing.T) { + assert.True(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + }, &ResourceInfo{ + manifestHash: hash1_x, + })) + }) + t.Run("Same hash value", func(t *testing.T) { + assert.True(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + }, &ResourceInfo{ + manifestHash: hash3_x, + })) + }) + t.Run("Different hash value", func(t *testing.T) { + assert.False(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + }, &ResourceInfo{ + manifestHash: hash2_y, + })) + }) + t.Run("Same hash, empty health", func(t *testing.T) { + assert.True(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + Health: &health.HealthStatus{}, + }, &ResourceInfo{ + manifestHash: hash3_x, + Health: &health.HealthStatus{}, + })) + }) + t.Run("Same hash, old health", func(t *testing.T) { + assert.False(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy}, + }, &ResourceInfo{ + manifestHash: hash3_x, + Health: nil, + })) + }) + t.Run("Same hash, new health", func(t *testing.T) { + assert.False(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + Health: &health.HealthStatus{}, + }, &ResourceInfo{ + manifestHash: hash3_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy, + }, + })) + }) + t.Run("Same hash, same health", func(t *testing.T) { + assert.True(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "same", + }, + }, &ResourceInfo{ + manifestHash: hash3_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "same", + }, + })) + }) + t.Run("Same hash, different health status", func(t *testing.T) { + assert.False(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "same", + }, + }, &ResourceInfo{ + manifestHash: hash3_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusDegraded, + Message: "same", + }, + })) + }) + t.Run("Same hash, different health message", func(t *testing.T) { + assert.True(t, skipResourceUpdate(&ResourceInfo{ + manifestHash: hash1_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "same", + }, + }, &ResourceInfo{ + manifestHash: hash3_x, + Health: &health.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "different", + }, + })) + }) +} diff --git a/controller/cache/info.go b/controller/cache/info.go index 3cc7980ad8e12..cf0d12318a447 100644 --- a/controller/cache/info.go +++ b/controller/cache/info.go @@ -3,12 +3,14 @@ package cache import ( "errors" "fmt" + "strconv" "strings" "k8s.io/apimachinery/pkg/runtime/schema" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/argoproj/gitops-engine/pkg/utils/text" + "github.com/cespare/xxhash/v2" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" @@ -16,6 +18,7 @@ import ( "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/util/resource" ) @@ -386,3 +389,27 @@ func populateHostNodeInfo(un *unstructured.Unstructured, res *ResourceInfo) { SystemInfo: node.Status.NodeInfo, } } + +func generateManifestHash(un *unstructured.Unstructured, ignores []v1alpha1.ResourceIgnoreDifferences, overrides map[string]v1alpha1.ResourceOverride) (string, error) { + normalizer, err := normalizers.NewIgnoreNormalizer(ignores, overrides) + if err != nil { + return "", fmt.Errorf("error creating normalizer: %w", err) + } + + resource := un.DeepCopy() + err = normalizer.Normalize(resource) + if err != nil { + return "", fmt.Errorf("error normalizing resource: %w", err) + } + + data, err := resource.MarshalJSON() + if err != nil { + return "", fmt.Errorf("error marshaling resource: %w", err) + } + hash := hash(data) + return hash, nil +} + +func hash(data []byte) string { + return strconv.FormatUint(xxhash.Sum64(data), 16) +} diff --git a/controller/cache/info_test.go b/controller/cache/info_test.go index 0093c8120b7ef..8a06d3745e13b 100644 --- a/controller/cache/info_test.go +++ b/controller/cache/info_test.go @@ -694,3 +694,62 @@ func TestCustomLabel(t *testing.T) { assert.Equal(t, "other-label", info.Info[1].Name) assert.Equal(t, "value2", info.Info[1].Value) } + +func TestManifestHash(t *testing.T) { + manifest := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: helm-guestbook-pod + namespace: default + ownerReferences: + - apiVersion: extensions/v1beta1 + kind: ReplicaSet + name: helm-guestbook-rs + resourceVersion: "123" + labels: + app: guestbook + spec: + nodeName: minikube + containers: + - image: bar + resources: + requests: + memory: 128Mi +`) + + ignores := []v1alpha1.ResourceIgnoreDifferences{ + { + Group: "*", + Kind: "*", + JSONPointers: []string{"/metadata/resourceVersion"}, + }, + } + + data, _ := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: helm-guestbook-pod + namespace: default + ownerReferences: + - apiVersion: extensions/v1beta1 + kind: ReplicaSet + name: helm-guestbook-rs + labels: + app: guestbook + spec: + nodeName: minikube + containers: + - image: bar + resources: + requests: + memory: 128Mi +`).MarshalJSON() + + expected := hash(data) + + hash, err := generateManifestHash(manifest, ignores, nil) + assert.Equal(t, expected, hash) + assert.Nil(t, err) +} diff --git a/controller/sharding/sharding.go b/controller/sharding/sharding.go index 1c0615196bd06..8529171f9fae7 100644 --- a/controller/sharding/sharding.go +++ b/controller/sharding/sharding.go @@ -1,17 +1,127 @@ package sharding import ( + "context" "fmt" "hash/fnv" + "math" "os" + "sort" "strconv" "strings" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + + "github.com/argoproj/argo-cd/v2/util/db" + "github.com/argoproj/argo-cd/v2/util/env" + log "github.com/sirupsen/logrus" ) +// Make it overridable for testing +var osHostnameFunction = os.Hostname + +type DistributionFunction func(c *v1alpha1.Cluster) int +type ClusterFilterFunction func(c *v1alpha1.Cluster) bool + +// GetClusterFilter returns a ClusterFilterFunction which is a function taking a cluster as a parameter +// and returns wheter or not the cluster should be processed by a given shard. It calls the distributionFunction +// to determine which shard will process the cluster, and if the given shard is equal to the calculated shard +// the function will return true. +func GetClusterFilter(distributionFunction DistributionFunction, shard int) ClusterFilterFunction { + replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) + return func(c *v1alpha1.Cluster) bool { + clusterShard := 0 + if c != nil && c.Shard != nil { + requestedShard := int(*c.Shard) + if requestedShard < replicas { + clusterShard = requestedShard + } else { + log.Warnf("Specified cluster shard (%d) for cluster: %s is greater than the number of available shard. Assigning automatically.", requestedShard, c.Name) + } + } else { + clusterShard = distributionFunction(c) + } + return clusterShard == shard + } +} + +// GetDistributionFunction returns which DistributionFunction should be used based on the passed algorithm and +// the current datas. +func GetDistributionFunction(db db.ArgoDB, shardingAlgorithm string) DistributionFunction { + log.Infof("Using filter function: %s", shardingAlgorithm) + distributionFunction := LegacyDistributionFunction() + switch shardingAlgorithm { + case common.RoundRobinShardingAlgorithm: + distributionFunction = RoundRobinDistributionFunction(db) + case common.LegacyShardingAlgorithm: + distributionFunction = LegacyDistributionFunction() + default: + log.Warnf("distribution type %s is not supported, defaulting to %s", shardingAlgorithm, common.DefaultShardingAlgorithm) + } + return distributionFunction +} + +// LegacyDistributionFunction returns a DistributionFunction using a stable distribution algorithm: +// for a given cluster the function will return the shard number based on the cluster id. This function +// is lightweight and can be distributed easily, however, it does not ensure an homogenous distribution as +// some shards may get assigned more clusters than others. It is the legacy function distribution that is +// kept for compatibility reasons +func LegacyDistributionFunction() DistributionFunction { + replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) + return func(c *v1alpha1.Cluster) int { + if replicas == 0 { + return -1 + } + if c == nil { + return 0 + } + id := c.ID + log.Debugf("Calculating cluster shard for cluster id: %s", id) + if id == "" { + return 0 + } else { + h := fnv.New32a() + _, _ = h.Write([]byte(id)) + shard := int32(h.Sum32() % uint32(replicas)) + log.Infof("Cluster with id=%s will be processed by shard %d", id, shard) + return int(shard) + } + } +} + +// RoundRobinDistributionFunction returns a DistributionFunction using an homogeneous distribution algorithm: +// for a given cluster the function will return the shard number based on the modulo of the cluster rank in +// the cluster's list sorted by uid on the shard number. +// This function ensures an homogenous distribution: each shards got assigned the same number of +// clusters +/-1 , but with the drawback of a reshuffling of clusters accross shards in case of some changes +// in the cluster list +func RoundRobinDistributionFunction(db db.ArgoDB) DistributionFunction { + replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) + return func(c *v1alpha1.Cluster) int { + if replicas > 0 { + if c == nil { // in-cluster does not necessarly have a secret assigned. So we are receiving a nil cluster here. + return 0 + } else { + clusterIndexdByClusterIdMap := createClusterIndexByClusterIdMap(db) + clusterIndex, ok := clusterIndexdByClusterIdMap[c.ID] + if !ok { + log.Warnf("Cluster with id=%s not found in cluster map.", c.ID) + return -1 + } + shard := int(clusterIndex % replicas) + log.Infof("Cluster with id=%s will be processed by shard %d", c.ID, shard) + return shard + } + } + log.Warnf("The number of replicas (%d) is lower than 1", replicas) + return -1 + } +} + +// InferShard extracts the shard index based on its hostname. func InferShard() (int, error) { - hostname, err := os.Hostname() + hostname, err := osHostnameFunction() if err != nil { return 0, err } @@ -23,31 +133,32 @@ func InferShard() (int, error) { if err != nil { return 0, fmt.Errorf("hostname should ends with shard number separated by '-' but got: %s", hostname) } - return shard, nil + return int(shard), nil } -// GetShardByID calculates cluster shard as `clusterSecret.UID % replicas count` -func GetShardByID(id string, replicas int) int { - if id == "" { - return 0 - } else { - h := fnv.New32a() - _, _ = h.Write([]byte(id)) - return int(h.Sum32() % uint32(replicas)) +func getSortedClustersList(db db.ArgoDB) []v1alpha1.Cluster { + ctx := context.Background() + clustersList, dbErr := db.ListClusters(ctx) + if dbErr != nil { + log.Warnf("Error while querying clusters list from database: %v", dbErr) + return []v1alpha1.Cluster{} } + clusters := clustersList.Items + sort.Slice(clusters, func(i, j int) bool { + return clusters[i].ID < clusters[j].ID + }) + return clusters } -func GetClusterFilter(replicas int, shard int) func(c *v1alpha1.Cluster) bool { - return func(c *v1alpha1.Cluster) bool { - clusterShard := 0 - // cluster might be nil if app is using invalid cluster URL, assume shard 0 in this case. - if c != nil { - if c.Shard != nil { - clusterShard = int(*c.Shard) - } else { - clusterShard = GetShardByID(c.ID, replicas) - } - } - return clusterShard == shard +func createClusterIndexByClusterIdMap(db db.ArgoDB) map[string]int { + clusters := getSortedClustersList(db) + log.Debugf("ClustersList has %d items", len(clusters)) + clusterById := make(map[string]v1alpha1.Cluster) + clusterIndexedByClusterId := make(map[string]int) + for i, cluster := range clusters { + log.Debugf("Adding cluster with id=%s and name=%s to cluster's map", cluster.ID, cluster.Name) + clusterById[cluster.ID] = cluster + clusterIndexedByClusterId[cluster.ID] = i } + return clusterIndexedByClusterId } diff --git a/controller/sharding/sharding_test.go b/controller/sharding/sharding_test.go index dc27726f8a6fa..ca44bf32e2d6b 100644 --- a/controller/sharding/sharding_test.go +++ b/controller/sharding/sharding_test.go @@ -1,29 +1,330 @@ package sharding import ( + "errors" + "fmt" + "os" "testing" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - + dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" ) func TestGetShardByID_NotEmptyID(t *testing.T) { - assert.Equal(t, 0, GetShardByID("1", 2)) - assert.Equal(t, 1, GetShardByID("2", 2)) - assert.Equal(t, 0, GetShardByID("3", 2)) - assert.Equal(t, 1, GetShardByID("4", 2)) + os.Setenv(common.EnvControllerReplicas, "1") + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "1"})) + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "2"})) + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "3"})) + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "4"})) } func TestGetShardByID_EmptyID(t *testing.T) { - shard := GetShardByID("", 10) + os.Setenv(common.EnvControllerReplicas, "1") + distributionFunction := LegacyDistributionFunction + shard := distributionFunction()(&v1alpha1.Cluster{}) assert.Equal(t, 0, shard) } -func TestGetClusterFilter(t *testing.T) { - filter := GetClusterFilter(2, 1) +func TestGetShardByID_NoReplicas(t *testing.T) { + os.Setenv(common.EnvControllerReplicas, "0") + distributionFunction := LegacyDistributionFunction + shard := distributionFunction()(&v1alpha1.Cluster{}) + assert.Equal(t, -1, shard) +} + +func TestGetShardByID_NoReplicasUsingHashDistributionFunction(t *testing.T) { + os.Setenv(common.EnvControllerReplicas, "0") + distributionFunction := LegacyDistributionFunction + shard := distributionFunction()(&v1alpha1.Cluster{}) + assert.Equal(t, -1, shard) +} + +func TestGetShardByID_NoReplicasUsingHashDistributionFunctionWithClusters(t *testing.T) { + db, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() + // Test with replicas set to 0 + os.Setenv(common.EnvControllerReplicas, "0") + os.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) + distributionFunction := RoundRobinDistributionFunction(db) + assert.Equal(t, -1, distributionFunction(nil)) + assert.Equal(t, -1, distributionFunction(&cluster1)) + assert.Equal(t, -1, distributionFunction(&cluster2)) + assert.Equal(t, -1, distributionFunction(&cluster3)) + assert.Equal(t, -1, distributionFunction(&cluster4)) + assert.Equal(t, -1, distributionFunction(&cluster5)) + +} + +func TestGetClusterFilterDefault(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Unsetenv(common.EnvControllerShardingAlgorithm) + os.Setenv(common.EnvControllerReplicas, "2") + filter := GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), shardIndex) + assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) + assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) +} + +func TestGetClusterFilterLegacy(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) + filter := GetClusterFilter(GetDistributionFunction(nil, common.LegacyShardingAlgorithm), shardIndex) assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) } + +func TestGetClusterFilterUnknown(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, "unknown") + filter := GetClusterFilter(GetDistributionFunction(nil, "unknown"), shardIndex) + assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) + assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) +} + +func TestLegacyGetClusterFilterWithFixedShard(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + filter := GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), shardIndex) + assert.False(t, filter(nil)) + assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) + assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) + + var fixedShard int64 = 4 + filter = GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), int(fixedShard)) + assert.False(t, filter(&v1alpha1.Cluster{ID: "4", Shard: &fixedShard})) + + fixedShard = 1 + filter = GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), int(fixedShard)) + assert.True(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) + +} + +func TestRoundRobinGetClusterFilterWithFixedShard(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() + + filter := GetClusterFilter(GetDistributionFunction(db, common.RoundRobinShardingAlgorithm), shardIndex) + assert.False(t, filter(nil)) + assert.False(t, filter(&cluster1)) + assert.True(t, filter(&cluster2)) + assert.False(t, filter(&cluster3)) + assert.True(t, filter(&cluster4)) + + // a cluster with a fixed shard should be processed by the specified exact + // same shard unless the specified shard index is greater than the number of replicas. + var fixedShard int64 = 4 + filter = GetClusterFilter(GetDistributionFunction(db, common.RoundRobinShardingAlgorithm), int(fixedShard)) + assert.False(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) + + fixedShard = 1 + filter = GetClusterFilter(GetDistributionFunction(db, common.RoundRobinShardingAlgorithm), int(fixedShard)) + assert.True(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) +} + +func TestGetClusterFilterLegacyHash(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, "hash") + db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() + filter := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, filter(&cluster1)) + assert.True(t, filter(&cluster2)) + assert.False(t, filter(&cluster3)) + assert.True(t, filter(&cluster4)) + + // a cluster with a fixed shard should be processed by the specified exact + // same shard unless the specified shard index is greater than the number of replicas. + var fixedShard int64 = 4 + filter = GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), int(fixedShard)) + assert.False(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) + + fixedShard = 1 + filter = GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), int(fixedShard)) + assert.True(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) +} + +func TestGetClusterFilterWithEnvControllerShardingAlgorithms(t *testing.T) { + db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() + shardIndex := 1 + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) + shardShouldProcessCluster := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, shardShouldProcessCluster(&cluster1)) + assert.True(t, shardShouldProcessCluster(&cluster2)) + assert.False(t, shardShouldProcessCluster(&cluster3)) + assert.True(t, shardShouldProcessCluster(&cluster4)) + assert.False(t, shardShouldProcessCluster(nil)) + + os.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) + shardShouldProcessCluster = GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, shardShouldProcessCluster(&cluster1)) + assert.True(t, shardShouldProcessCluster(&cluster2)) + assert.False(t, shardShouldProcessCluster(&cluster3)) + assert.True(t, shardShouldProcessCluster(&cluster4)) + assert.False(t, shardShouldProcessCluster(nil)) +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunction2(t *testing.T) { + db, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() + // Test with replicas set to 1 + os.Setenv(common.EnvControllerReplicas, "1") + distributionFunction := RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 0, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + + // Test with replicas set to 2 + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction = RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 1, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + + // // Test with replicas set to 3 + os.Setenv(common.EnvControllerReplicas, "3") + distributionFunction = RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 2, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 1, distributionFunction(&cluster5)) +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterNumberIsHigh(t *testing.T) { + // Unit test written to evaluate the cost of calling db.ListCluster on every call of distributionFunction + // Doing that allows to accept added and removed clusters on the fly. + // Initial tests where showing that under 1024 clusters, execution time was around 400ms + // and for 4096 clusters, execution time was under 9s + // The other implementation was giving almost linear time of 400ms up to 10'000 clusters + db := dbmocks.ArgoDB{} + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{}} + for i := 0; i < 2048; i++ { + cluster := createCluster(fmt.Sprintf("cluster-%d", i), fmt.Sprintf("%d", i)) + clusterList.Items = append(clusterList.Items, cluster) + } + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction := RoundRobinDistributionFunction(&db) + for i, c := range clusterList.Items { + assert.Equal(t, i%2, distributionFunction(&c)) + } +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterIsAddedAndRemoved(t *testing.T) { + db := dbmocks.ArgoDB{} + cluster1 := createCluster("cluster1", "1") + cluster2 := createCluster("cluster2", "2") + cluster3 := createCluster("cluster3", "3") + cluster4 := createCluster("cluster4", "4") + cluster5 := createCluster("cluster5", "5") + cluster6 := createCluster("cluster6", "6") + + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{cluster1, cluster2, cluster3, cluster4, cluster5}} + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + + // Test with replicas set to 2 + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction := RoundRobinDistributionFunction(&db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 1, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + assert.Equal(t, -1, distributionFunction(&cluster6)) // as cluster6 is not in the DB, this one should not have a shard assigned + + // Now, the database knows cluster6. Shard should be assigned a proper shard + clusterList.Items = append(clusterList.Items, cluster6) + assert.Equal(t, 1, distributionFunction(&cluster6)) + + // Now, we remove the last added cluster, it should be unassigned as well + clusterList.Items = clusterList.Items[:len(clusterList.Items)-1] + assert.Equal(t, -1, distributionFunction(&cluster6)) + +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunction(t *testing.T) { + db, cluster1, cluster2, _, _, _ := createTestClusters() + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction := RoundRobinDistributionFunction(db) + + // Test that the function returns the correct shard for cluster1 and cluster2 + expectedShardForCluster1 := 0 + expectedShardForCluster2 := 1 + shardForCluster1 := distributionFunction(&cluster1) + shardForCluster2 := distributionFunction(&cluster2) + + if shardForCluster1 != expectedShardForCluster1 { + t.Errorf("Expected shard for cluster1 to be %d but got %d", expectedShardForCluster1, shardForCluster1) + } + if shardForCluster2 != expectedShardForCluster2 { + t.Errorf("Expected shard for cluster2 to be %d but got %d", expectedShardForCluster2, shardForCluster2) + } +} + +func TestInferShard(t *testing.T) { + // Override the os.Hostname function to return a specific hostname for testing + defer func() { osHostnameFunction = os.Hostname }() + + osHostnameFunction = func() (string, error) { return "example-shard-3", nil } + expectedShard := 3 + actualShard, _ := InferShard() + assert.Equal(t, expectedShard, actualShard) + + osHostnameError := errors.New("cannot resolve hostname") + osHostnameFunction = func() (string, error) { return "exampleshard", osHostnameError } + _, err := InferShard() + assert.NotNil(t, err) + assert.Equal(t, err, osHostnameError) + + osHostnameFunction = func() (string, error) { return "exampleshard", nil } + _, err = InferShard() + assert.NotNil(t, err) + + osHostnameFunction = func() (string, error) { return "example-shard", nil } + _, err = InferShard() + assert.NotNil(t, err) + +} + +func createTestClusters() (*dbmocks.ArgoDB, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster) { + db := dbmocks.ArgoDB{} + cluster1 := createCluster("cluster1", "1") + cluster2 := createCluster("cluster2", "2") + cluster3 := createCluster("cluster3", "3") + cluster4 := createCluster("cluster4", "4") + cluster5 := createCluster("cluster5", "5") + + db.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ + cluster1, cluster2, cluster3, cluster4, cluster5, + }}, nil) + return &db, cluster1, cluster2, cluster3, cluster4, cluster5 +} + +func createCluster(name string, id string) v1alpha1.Cluster { + cluster := v1alpha1.Cluster{ + Name: name, + ID: id, + Server: "https://kubernetes.default.svc?" + id, + } + return cluster +} diff --git a/controller/sharding/shuffle_test.go b/controller/sharding/shuffle_test.go new file mode 100644 index 0000000000000..2baaa6a758ca9 --- /dev/null +++ b/controller/sharding/shuffle_test.go @@ -0,0 +1,83 @@ +package sharding + +import ( + "fmt" + "math" + "os" + "testing" + + "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" +) + +func TestLargeShuffle(t *testing.T) { + t.Skip() + db := dbmocks.ArgoDB{} + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{}} + for i := 0; i < math.MaxInt/4096; i += 256 { + //fmt.Fprintf(os.Stdout, "%d", i) + cluster := createCluster(fmt.Sprintf("cluster-%d", i), fmt.Sprintf("%d", i)) + clusterList.Items = append(clusterList.Items, cluster) + } + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + // Test with replicas set to 256 + os.Setenv(common.EnvControllerReplicas, "256") + distributionFunction := RoundRobinDistributionFunction(&db) + for i, c := range clusterList.Items { + assert.Equal(t, i%2567, distributionFunction(&c)) + } + +} + +func TestShuffle(t *testing.T) { + t.Skip() + db := dbmocks.ArgoDB{} + cluster1 := createCluster("cluster1", "10") + cluster2 := createCluster("cluster2", "20") + cluster3 := createCluster("cluster3", "30") + cluster4 := createCluster("cluster4", "40") + cluster5 := createCluster("cluster5", "50") + cluster6 := createCluster("cluster6", "60") + cluster25 := createCluster("cluster6", "25") + + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{cluster1, cluster2, cluster3, cluster4, cluster5, cluster6}} + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + + // Test with replicas set to 3 + os.Setenv(common.EnvControllerReplicas, "3") + distributionFunction := RoundRobinDistributionFunction(&db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 2, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 1, distributionFunction(&cluster5)) + assert.Equal(t, 2, distributionFunction(&cluster6)) + + // Now, we remove cluster1, it should be unassigned, and all the other should be resuffled + clusterList.Items = Remove(clusterList.Items, 0) + assert.Equal(t, -1, distributionFunction(&cluster1)) + assert.Equal(t, 0, distributionFunction(&cluster2)) + assert.Equal(t, 1, distributionFunction(&cluster3)) + assert.Equal(t, 2, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + assert.Equal(t, 1, distributionFunction(&cluster6)) + + // Now, we add a cluster with an id=25 so it will be placed right after cluster2 + clusterList.Items = append(clusterList.Items, cluster25) + assert.Equal(t, -1, distributionFunction(&cluster1)) + assert.Equal(t, 0, distributionFunction(&cluster2)) + assert.Equal(t, 1, distributionFunction(&cluster25)) + assert.Equal(t, 2, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 1, distributionFunction(&cluster5)) + assert.Equal(t, 2, distributionFunction(&cluster6)) + +} + +func Remove(slice []v1alpha1.Cluster, s int) []v1alpha1.Cluster { + return append(slice[:s], slice[s+1:]...) +} diff --git a/controller/state.go b/controller/state.go index 62b55bea9ce75..9e6bdf9e44d09 100644 --- a/controller/state.go +++ b/controller/state.go @@ -27,7 +27,6 @@ import ( statecache "github.com/argoproj/argo-cd/v2/controller/cache" "github.com/argoproj/argo-cd/v2/controller/metrics" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/util/argo" @@ -62,7 +61,7 @@ type managedResource struct { // AppStateManager defines methods which allow to compare application spec and actual application state. type AppStateManager interface { - CompareAppState(app *v1alpha1.Application, project *appv1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) *comparisonResult + CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) *comparisonResult SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState) } @@ -107,7 +106,7 @@ type appStateManager struct { persistResourceHealth bool } -func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse, error) { +func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) { ts := stats.NewTimingStats() helmRepos, err := m.db.ListHelmRepositories(context.Background()) @@ -129,19 +128,11 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp return nil, nil, err } - plugins, err := m.settingsMgr.GetConfigManagementPlugins() - if err != nil { - return nil, nil, err - } enabledSourceTypes, err := m.settingsMgr.GetEnabledSourceTypes() if err != nil { return nil, nil, err } ts.AddCheckpoint("plugins_ms") - tools := make([]*appv1.ConfigManagementPlugin, len(plugins)) - for i := range plugins { - tools[i] = &plugins[i] - } kustomizeSettings, err := m.settingsMgr.GetKustomizeSettings() if err != nil { @@ -164,7 +155,7 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp } defer io.Close(conn) - manifestInfoMap := make(map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse) + manifestInfos := make([]*apiclient.ManifestResponse, 0) targetObjs := make([]*unstructured.Unstructured, 0) // Store the map of all sources having ref field into a map for applications with sources field @@ -199,7 +190,6 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp AppName: app.InstanceName(m.namespace), Namespace: app.Spec.Destination.Namespace, ApplicationSource: &source, - Plugins: tools, KustomizeOptions: kustomizeOptions, KubeVersion: serverVersion, ApiVersions: argo.APIResourcesToStrings(apiResources, true), @@ -210,25 +200,21 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp HelmOptions: helmOptions, HasMultipleSources: app.Spec.HasMultipleSources(), RefSources: refSources, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return nil, nil, err } - // GenerateManifest can return empty ManifestResponse without error if app has multiple sources - // and if any of the source does not have path and chart field not specified. - // In that scenario, we continue to the next source - if app.Spec.HasMultipleSources() && len(manifestInfo.Manifests) == 0 { - continue - } - targetObj, err := unmarshalManifests(manifestInfo.Manifests) if err != nil { return nil, nil, err } targetObjs = append(targetObjs, targetObj...) - manifestInfoMap[&source] = manifestInfo + + manifestInfos = append(manifestInfos, manifestInfo) } ts.AddCheckpoint("unmarshal_ms") @@ -238,7 +224,7 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp } logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) logCtx.Info("getRepoObjs stats") - return targetObjs, manifestInfoMap, nil + return targetObjs, manifestInfos, nil } func unmarshalManifests(manifests []string) ([]*unstructured.Unstructured, error) { @@ -282,8 +268,8 @@ func DeduplicateTargetObjects( for key, targets := range targetByKey { if len(targets) > 1 { now := metav1.Now() - conditions = append(conditions, appv1.ApplicationCondition{ - Type: appv1.ApplicationConditionRepeatedResourceWarning, + conditions = append(conditions, v1alpha1.ApplicationCondition{ + Type: v1alpha1.ApplicationConditionRepeatedResourceWarning, Message: fmt.Sprintf("Resource %s appeared %d times among application resources.", key.String(), len(targets)), LastTransitionTime: &now, }) @@ -314,9 +300,9 @@ func (m *appStateManager) getComparisonSettings() (string, map[string]v1alpha1.R // verifyGnuPGSignature verifies the result of a GnuPG operation for a given git // revision. -func verifyGnuPGSignature(revision string, project *appv1.AppProject, manifestInfo *apiclient.ManifestResponse) []appv1.ApplicationCondition { +func verifyGnuPGSignature(revision string, project *v1alpha1.AppProject, manifestInfo *apiclient.ManifestResponse) []v1alpha1.ApplicationCondition { now := metav1.Now() - conditions := make([]appv1.ApplicationCondition, 0) + conditions := make([]v1alpha1.ApplicationCondition, 0) // We need to have some data in the verification result to parse, otherwise there was no signature if manifestInfo.VerifyResult != "" { verifyResult := gpg.ParseGitCommitVerification(manifestInfo.VerifyResult) @@ -354,7 +340,7 @@ func verifyGnuPGSignature(revision string, project *appv1.AppProject, manifestIn // CompareAppState compares application git state to the live app state, using the specified // revision and supplied source. If revision or overrides are empty, then compares against // revision and overrides in the app spec. -func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *appv1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool) *comparisonResult { +func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool) *comparisonResult { ts := stats.NewTimingStats() appLabelKey, resourceOverrides, resFilter, err := m.getComparisonSettings() @@ -365,20 +351,20 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap if hasMultipleSources { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{Destination: app.Spec.Destination, Sources: sources}, - Status: appv1.SyncStatusCodeUnknown, + ComparedTo: v1alpha1.ComparedTo{Destination: app.Spec.Destination, Sources: sources}, + Status: v1alpha1.SyncStatusCodeUnknown, Revisions: revisions, }, - healthStatus: &appv1.HealthStatus{Status: health.HealthStatusUnknown}, + healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown}, } } else { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination}, - Status: appv1.SyncStatusCodeUnknown, + ComparedTo: v1alpha1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination}, + Status: v1alpha1.SyncStatusCodeUnknown, Revision: revisions[0], }, - healthStatus: &appv1.HealthStatus{Status: health.HealthStatusUnknown}, + healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown}, } } } @@ -399,7 +385,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap var targetObjs []*unstructured.Unstructured now := metav1.Now() - var manifestInfoMap map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse + var manifestInfos []*apiclient.ManifestResponse if len(localManifests) == 0 { // If the length of revisions is not same as the length of sources, @@ -411,7 +397,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } } - targetObjs, manifestInfoMap, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) + targetObjs, manifestInfos, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) if err != nil { targetObjs = make([]*unstructured.Unstructured, 0) conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) @@ -434,9 +420,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } } // empty out manifestInfoMap - for as := range manifestInfoMap { - delete(manifestInfoMap, as) - } + manifestInfos = make([]*apiclient.ManifestResponse, 0) } ts.AddCheckpoint("git_ms") @@ -475,7 +459,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap // filter out all resources which are not permitted in the application project for k, v := range liveObjByKey { - permitted, err := project.IsLiveResourcePermitted(v, app.Spec.Destination.Server, app.Spec.Destination.Name, func(project string) ([]*appv1.Cluster, error) { + permitted, err := project.IsLiveResourcePermitted(v, app.Spec.Destination.Server, app.Spec.Destination.Name, func(project string) ([]*v1alpha1.Cluster, error) { return m.db.GetProjectClusters(context.TODO(), project) }) @@ -516,13 +500,13 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } manifestRevisions := make([]string, 0) - for _, manifestInfo := range manifestInfoMap { + for _, manifestInfo := range manifestInfos { manifestRevisions = append(manifestRevisions, manifestInfo.Revision) } // restore comparison using cached diff result if previous comparison was performed for the same revision - revisionChanged := len(manifestInfoMap) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions) - specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, appv1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources}) + revisionChanged := len(manifestInfos) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions) + specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources}) _, refreshRequested := app.IsRefreshRequested() noCache = noCache || refreshRequested || app.Status.Expired(m.statusRefreshTimeout) || specChanged || revisionChanged @@ -622,7 +606,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } if isNamespaced && obj.GetNamespace() == "" { - conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionInvalidSpecError, Message: fmt.Sprintf("Namespace for %s %s is missing.", obj.GetName(), gvk.String()), LastTransitionTime: &now}) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionInvalidSpecError, Message: fmt.Sprintf("Namespace for %s %s is missing.", obj.GetName(), gvk.String()), LastTransitionTime: &now}) } // we can't say anything about the status if we were unable to get the target objects @@ -662,7 +646,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap var syncStatus v1alpha1.SyncStatus if hasMultipleSources { syncStatus = v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{ + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, Sources: sources, }, @@ -671,7 +655,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } } else { syncStatus = v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{ + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, Source: app.Spec.GetSource(), }, @@ -684,13 +668,13 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap healthStatus, err := setApplicationHealth(managedResources, resourceSummaries, resourceOverrides, app, m.persistResourceHealth) if err != nil { - conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: fmt.Sprintf("error setting app health: %s", err.Error()), LastTransitionTime: &now}) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: fmt.Sprintf("error setting app health: %s", err.Error()), LastTransitionTime: &now}) } // Git has already performed the signature verification via its GPG interface, and the result is available // in the manifest info received from the repository server. We now need to form our opinion about the result // and stop processing if we do not agree about the outcome. - for _, manifestInfo := range manifestInfoMap { + for _, manifestInfo := range manifestInfos { if gpg.IsGPGEnabled() && verifySignature && manifestInfo != nil { conditions = append(conditions, verifyGnuPGSignature(manifestInfo.Revision, project, manifestInfo)...) } @@ -707,21 +691,21 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } if hasMultipleSources { - for _, manifestInfo := range manifestInfoMap { - compRes.appSourceTypes = append(compRes.appSourceTypes, appv1.ApplicationSourceType(manifestInfo.SourceType)) + for _, manifestInfo := range manifestInfos { + compRes.appSourceTypes = append(compRes.appSourceTypes, v1alpha1.ApplicationSourceType(manifestInfo.SourceType)) } } else { - for _, manifestInfo := range manifestInfoMap { + for _, manifestInfo := range manifestInfos { compRes.appSourceType = v1alpha1.ApplicationSourceType(manifestInfo.SourceType) break } } - app.Status.SetConditions(conditions, map[appv1.ApplicationConditionType]bool{ - appv1.ApplicationConditionComparisonError: true, - appv1.ApplicationConditionSharedResourceWarning: true, - appv1.ApplicationConditionRepeatedResourceWarning: true, - appv1.ApplicationConditionExcludedResourceWarning: true, + app.Status.SetConditions(conditions, map[v1alpha1.ApplicationConditionType]bool{ + v1alpha1.ApplicationConditionComparisonError: true, + v1alpha1.ApplicationConditionSharedResourceWarning: true, + v1alpha1.ApplicationConditionRepeatedResourceWarning: true, + v1alpha1.ApplicationConditionExcludedResourceWarning: true, }) ts.AddCheckpoint("health_ms") compRes.timings = ts.Timings() diff --git a/controller/state_test.go b/controller/state_test.go index 623e04213e300..537c0208e734b 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -318,6 +318,74 @@ func TestCompareAppStateExtraHook(t *testing.T) { assert.Equal(t, 0, len(app.Status.Conditions)) } +// TestAppRevisions tests that revisions are properly propagated for a single source app +func TestAppRevisionsSingleSource(t *testing.T) { + obj1 := NewPod() + obj1.SetNamespace(test.FakeDestNamespace) + data := fakeData{ + manifestResponse: &apiclient.ManifestResponse{ + Manifests: []string{toJSON(t, obj1)}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "abc123", + }, + managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured), + } + ctrl := newFakeController(&data) + + app := newFakeApp() + revisions := make([]string, 0) + revisions = append(revisions, "") + compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.NotNil(t, compRes) + assert.NotNil(t, compRes.syncStatus) + assert.NotEmpty(t, compRes.syncStatus.Revision) + assert.Len(t, compRes.syncStatus.Revisions, 0) + +} + +// TestAppRevisions tests that revisions are properly propagated for a multi source app +func TestAppRevisionsMultiSource(t *testing.T) { + obj1 := NewPod() + obj1.SetNamespace(test.FakeDestNamespace) + data := fakeData{ + manifestResponses: []*apiclient.ManifestResponse{ + { + Manifests: []string{toJSON(t, obj1)}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "abc123", + }, + { + Manifests: []string{toJSON(t, obj1)}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "def456", + }, + { + Manifests: []string{}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "ghi789", + }, + }, + managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured), + } + ctrl := newFakeController(&data) + + app := newFakeMultiSourceApp() + revisions := make([]string, 0) + revisions = append(revisions, "") + compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.NotNil(t, compRes) + assert.NotNil(t, compRes.syncStatus) + assert.Empty(t, compRes.syncStatus.Revision) + assert.Len(t, compRes.syncStatus.Revisions, 3) + assert.Equal(t, "abc123", compRes.syncStatus.Revisions[0]) + assert.Equal(t, "def456", compRes.syncStatus.Revisions[1]) + assert.Equal(t, "ghi789", compRes.syncStatus.Revisions[2]) +} + func toJSON(t *testing.T, obj *unstructured.Unstructured) string { data, err := json.Marshal(obj) assert.NoError(t, err) diff --git a/docs/2.7-2.8.md b/docs/2.7-2.8.md deleted file mode 100644 index 32f9e4cf1759c..0000000000000 --- a/docs/2.7-2.8.md +++ /dev/null @@ -1,5 +0,0 @@ -# 2.7 to 2.8 - -## Tini as entrypoint - -With the 2.8 release `entrypoint.sh` will be removed from the containers, because starting with 2.7, the implicit entrypoint is set to `tini` in the `Dockerfile` explicitly, and the kubernetes manifests has been updated to use it. Simply updating the containers without updating the deployment manifests will result in pod startup failures, as the old manifests are relying on `entrypoint.sh` instead of `tini`. Please make sure the manifests are updated properly before moving to 2.8. diff --git a/docs/assets/keycloak-add-client.png b/docs/assets/keycloak-add-client.png index 36d598318cbe3..acdb3e725b8bf 100644 Binary files a/docs/assets/keycloak-add-client.png and b/docs/assets/keycloak-add-client.png differ diff --git a/docs/assets/keycloak-add-client_2.png b/docs/assets/keycloak-add-client_2.png new file mode 100644 index 0000000000000..b765bf89e5698 Binary files /dev/null and b/docs/assets/keycloak-add-client_2.png differ diff --git a/docs/assets/keycloak-add-scope.png b/docs/assets/keycloak-add-scope.png index 200486315e372..b2b759394619d 100644 Binary files a/docs/assets/keycloak-add-scope.png and b/docs/assets/keycloak-add-scope.png differ diff --git a/docs/assets/keycloak-client-scope-selected.png b/docs/assets/keycloak-client-scope-selected.png deleted file mode 100644 index f3ec6ded54c69..0000000000000 Binary files a/docs/assets/keycloak-client-scope-selected.png and /dev/null differ diff --git a/docs/assets/keycloak-client-scope.png b/docs/assets/keycloak-client-scope.png index 04d56583ab926..cd9609b5419b7 100644 Binary files a/docs/assets/keycloak-client-scope.png and b/docs/assets/keycloak-client-scope.png differ diff --git a/docs/assets/keycloak-client-secret.png b/docs/assets/keycloak-client-secret.png index b4679b0e9d4eb..c1a71c3d97f20 100644 Binary files a/docs/assets/keycloak-client-secret.png and b/docs/assets/keycloak-client-secret.png differ diff --git a/docs/assets/keycloak-configure-client.png b/docs/assets/keycloak-configure-client.png index d3805ed05df6a..cd711dfd602bf 100644 Binary files a/docs/assets/keycloak-configure-client.png and b/docs/assets/keycloak-configure-client.png differ diff --git a/docs/assets/keycloak-groups-mapper.png b/docs/assets/keycloak-groups-mapper.png index 3610aa5737a1a..b1ccabb30013a 100644 Binary files a/docs/assets/keycloak-groups-mapper.png and b/docs/assets/keycloak-groups-mapper.png differ diff --git a/docs/assets/keycloak-user-group.png b/docs/assets/keycloak-user-group.png index ff9825b99d708..5c9c21d4f555f 100644 Binary files a/docs/assets/keycloak-user-group.png and b/docs/assets/keycloak-user-group.png differ diff --git a/docs/cli_installation.md b/docs/cli_installation.md index 639a9317639fe..42938bcd751ba 100644 --- a/docs/cli_installation.md +++ b/docs/cli_installation.md @@ -115,6 +115,11 @@ $output = "argocd.exe" Invoke-WebRequest -Uri $url -OutFile $output ``` Also please note you will probably need to move the file into your PATH. +Use following command to add Argo CD into environment variables PATH + +```powershell +[Environment]::SetEnvironmentVariable("Path", "$env:Path;C:\Path\To\ArgoCD-CLI", "User") +``` After finishing the instructions above, you should now be able to run `argocd` commands. diff --git a/docs/developer-guide/release-process-and-cadence.md b/docs/developer-guide/release-process-and-cadence.md index 535c6fe84a66b..051de617f0776 100644 --- a/docs/developer-guide/release-process-and-cadence.md +++ b/docs/developer-guide/release-process-and-cadence.md @@ -9,9 +9,11 @@ These are the upcoming releases dates: | Release | Release Planning Meeting | Release Candidate 1 | General Availability | Release Champion | Checklist | |---------|--------------------------|-----------------------|----------------------|-------------------------------------------------------|---------------------------------------------------------------| | v2.6 | Monday, Dec. 12, 2022 | Monday, Dec. 19, 2022 | Monday, Feb. 6, 2023 | [William Tam](https://github.com/wtam2018) | [checklist](https://github.com/argoproj/argo-cd/issues/11563) | -| v2.7 | Monday, Mar. 6, 2023 | Monday, Mar. 20, 2023 | Monday, May. 1, 2023 | [Pavel Kostohrys](https://github.com/pasha-codefresh) | -| v2.8 | Monday, Jun. 5, 2023 | Monday, Jun. 19, 2023 | Monday, Aug. 7, 2023 | [Keith Chong](https://github.keithchong) -| v2.9 | Monday, Sep. 4, 2023 | Monday, Sep. 18, 2023 | Monday, Nov. 6, 2023 | +| v2.7 | Monday, Mar. 6, 2023 | Monday, Mar. 20, 2023 | Monday, May. 1, 2023 | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/12762) | +| v2.8 | Monday, Jun. 20, 2023 | Monday, Jun. 26, 2023 | Monday, Aug. 7, 2023 | [Keith Chong](https://github.com/keithchong) | [checklist](https://github.com/argoproj/argo-cd/issues/13742) | +| v2.9 | Monday, Sep. 4, 2023 | Monday, Sep. 18, 2023 | Monday, Nov. 6, 2023 | [Leonardo Almeida](https://github.com/leoluz) | [checklist](https://github.com/argoproj/argo-cd/issues/14078) | +| v2.10 | Monday, Dec. 4, 2023 | Monday, Dec. 18, 2023 | Monday, Feb. 5, 2024 | + Actual release dates might differ from the plan by a few days. diff --git a/docs/developer-guide/site.md b/docs/developer-guide/site.md index 4e95cb4c8d648..47c1f57e29bb7 100644 --- a/docs/developer-guide/site.md +++ b/docs/developer-guide/site.md @@ -9,12 +9,7 @@ To test: ```bash make serve-docs ``` - -Check for broken external links: - -```bash -make lint-docs -``` +Once running, you can view your locally built documentation at [http://0.0.0.0:8000/](http://0.0.0.0:8000/). ## Deploying diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 299da7eba4b95..26baa8e9e1771 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -6,7 +6,10 @@ metadata: namespace: argocd # Add this finalizer ONLY if you want these to cascade delete. finalizers: + # The default behaviour is foreground cascading deletion - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background # Add labels to your application object. labels: name: guestbook @@ -48,7 +51,7 @@ spec: # Ignore locally missing valueFiles when installing Helm chart. Defaults to false ignoreMissingValueFiles: false - # Values file as block file + # Values file as block file. Prefer to use valuesObject if possible (see below) values: | ingress: enabled: true @@ -64,6 +67,22 @@ spec: hosts: - mydomain.example.com + # Values file as block file. This takes precedence over values + valuesObject: + ingress: + enabled: true + path: / + hosts: + - mydomain.example.com + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + labels: {} + tls: + - secretName: mydomain-tls + hosts: + - mydomain.example.com + # Skip custom resource definition installation if chart contains custom resource definitions. Defaults to false skipCrds: false diff --git a/docs/operator-manual/applicationset.yaml b/docs/operator-manual/applicationset.yaml index 2267343a7c489..7e5a5b80d3583 100644 --- a/docs/operator-manual/applicationset.yaml +++ b/docs/operator-manual/applicationset.yaml @@ -11,6 +11,9 @@ spec: - cluster: https://kubernetes.default.svc # Determines whether go templating will be used in the `template` field below. goTemplate: false + # Optional list of go templating options, see https://pkg.go.dev/text/template#Template.Option + # This is only relevant if `goTemplate` is true + goTemplateOptions: ["missingkey="] # These fields are identical to the Application spec. template: metadata: diff --git a/docs/operator-manual/applicationset/Appset-Any-Namespace.md b/docs/operator-manual/applicationset/Appset-Any-Namespace.md new file mode 100644 index 0000000000000..86f0655f6a7e4 --- /dev/null +++ b/docs/operator-manual/applicationset/Appset-Any-Namespace.md @@ -0,0 +1,180 @@ +# ApplicationSet in any namespace + +**Current feature state**: Beta + +!!! warning + Please read this documentation carefully before you enable this feature. Misconfiguration could lead to potential security issues. + +## Introduction + +As of version 2.8, Argo CD supports managing `ApplicationSet` resources in namespaces other than the control plane's namespace (which is usually `argocd`), but this feature has to be explicitly enabled and configured appropriately. + +Argo CD administrators can define a certain set of namespaces where `ApplicationSet` resources may be created, updated and reconciled in. + +As Applications generated by an ApplicationSet are generated in the same namespace as the ApplicationSet itself, this works in combination with [App in any namespace](../app-any-namespace.md). + +## Prerequisites + +### App in any namespace configured + +This feature needs [App in any namespace](../app-any-namespace.md) feature activated. The list of namespaces must be the same. + +### Cluster-scoped Argo CD installation + +This feature can only be enabled and used when your Argo CD ApplicationSet controller is installed as a cluster-wide instance, so it has permissions to list and manipulate resources on a cluster scope. It will *not* work with an Argo CD installed in namespace-scoped mode. + +## Implementation details + +### Overview + +In order for an ApplicationSet to be managed and reconciled outside the Argo CD's control plane namespace, two prerequisites must match: + +1. The namespace list from which `argocd-applicationset-controller` can source `ApplicationSets` must be explicitly set using environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES` or alternatively using parameter `--applicationset-namespaces`. +2. The enabled namespaces must be entirely covered by the [App in any namespace](../app-any-namespace.md), otherwise the generated Applications generated outside the allowed Application namespaces won't be reconciled + +It can be achieved by setting the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES` to argocd-cmd-params-cm `applicationsetcontroller.namespaces` + +`ApplicationSets` in different namespaces can be created and managed just like any other `ApplicationSet` in the `argocd` namespace previously, either declaratively or through the Argo CD API (e.g. using the CLI, the web UI, the REST API, etc). + +### Reconfigure Argo CD to allow certain namespaces + +#### Change workload startup parameters + +In order to enable this feature, the Argo CD administrator must reconfigure the and `argocd-applicationset-controller` workloads to add the `--applicationset-namespaces` parameter to the container's startup command. + +### Safely template project + +As [App in any namespace](../app-any-namespace.md) is a prerequisite, it is possible to safely template project. + +Let's take an example with two teams and an infra project: + +```yaml +kind: AppProject +apiVersion: argoproj.io/v1alpha1 +metadata: + name: infra-project + namespace: argocd +spec: + destinations: + - namespace: '*' +``` + +```yaml +kind: AppProject +apiVersion: argoproj.io/v1alpha1 +metadata: + name: team-one-project + namespace: argocd +spec: + sourceNamespaces: + - team-one-cd +``` + +```yaml +kind: AppProject +apiVersion: argoproj.io/v1alpha1 +metadata: + name: team-two-project + namespace: argocd +spec: + sourceNamespaces: + - team-two-cd +``` + +Creating following `ApplicationSet` generates two Applications `infra-escalation` and `team-two-escalation`. Both will be rejected as they are outside `argocd` namespace, therefore `sourceNamespaces` will be checked + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: team-one-product-one + namespace: team-one-cd +spec: + generators: + list: + - id: infra + project: infra-project + - id: team-two + project: team-two-project + template: + metadata: + name: '{{name}}-escalation' + spec: + project: "{{project}}" +``` + +### ApplicationSet names + +For the CLI, applicationSets are now referred to and displayed as in the format `/`. + +For backwards compatibility, if the namespace of the ApplicationSet is the control plane's namespace (i.e. `argocd`), the `` can be omitted from the applicationset name when referring to it. For example, the application names `argocd/someappset` and `someappset` are semantically the same and refer to the same application in the CLI and the UI. + +### Applicationsets RBAC + +The RBAC syntax for Application objects has been changed from `/` to `//` to accomodate the need to restrict access based on the source namespace of the Application to be managed. + +For backwards compatibility, Applications in the argocd namespace can still be refered to as `/` in the RBAC policy rules. + +Wildcards do not make any distinction between project and applicationset namespaces yet. For example, the following RBAC rule would match any application belonging to project foo, regardless of the namespace it is created in: + + +``` +p, somerole, applicationsets, get, foo/*, allow +``` + +If you want to restrict access to be granted only to `ApplicationSets` with project `foo` within namespace `bar`, the rule would need to be adapted as follows: + +``` +p, somerole, applicationsets, get, foo/bar/*, allow +``` + +## Managing applicationSets in other namespaces + +### Using the CLI + +You can use all existing Argo CD CLI commands for managing applications in other namespaces, exactly as you would use the CLI to manage applications in the control plane's namespace. + +For example, to retrieve the `ApplicationSet` named `foo` in the namespace `bar`, you can use the following CLI command: + +```shell +argocd appset get foo/bar +``` + +Likewise, to manage this applicationSet, keep referring to it as `foo/bar`: + +```bash +# Delete the application +argocd appset delete foo/bar +``` + +There is no change on the create command as it is using a file. You just need to add the namespace in the `metadata.namespace` field. + +As stated previously, for applicationSets in the Argo CD's control plane namespace, you can omit the namespace from the application name. + +### Using the REST API + +If you are using the REST API, the namespace for `ApplicationSet` cannot be specified as the application name, and resources need to be specified using the optional `appNamespace` query parameter. For example, to work with the `ApplicationSet` resource named `foo` in the namespace `bar`, the request would look like follows: + +```bash +GET /api/v1/applicationsets/foo?appsetNamespace=bar +``` + +For other operations such as `POST` and `PUT`, the `appNamespace` parameter must be part of the request's payload. + +For `ApplicationSet` resources in the control plane namespace, this parameter can be omitted. + +## Secrets consideration + +By allowing ApplicationSet in any namespace you must be aware that clusters, API token secrets (etc...) can be discovered and used. + +Example: + +Following will discover all clusters + +```yaml +spec: + generators: + - clusters: {} # Automatically use all clusters defined within Argo CD +``` + +If you don't want to allow users to discover secrets with ApplicationSets from other namespaces you may consider deploying ArgoCD in namespace scope or use OPA rules. \ No newline at end of file diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index 0e1e29f43359c..f43a9dbd359ba 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -14,17 +14,51 @@ To enable dry-run, add `--dryrun true` to the ApplicationSet Deployment's contai See 'How to modify ApplicationSet container parameters' below for detailed steps on how to add this parameter to the controller. -### Policy - `create-only`: Prevent ApplicationSet controller from modifying or deleting Applications +### Managed Applications modification Policies The ApplicationSet controller supports a parameter `--policy`, which is specified on launch (within the controller Deployment container), and which restricts what types of modifications will be made to managed Argo CD `Application` resources. -The `--policy` parameter takes one of the following valid values: `sync`, `create-only`, `create-update`, and `create-delete`. (`sync` is the default, which is used if the `--policy` parameter is not specified; the other policies are described below). +The `--policy` parameter takes four values: `sync`, `create-only`, `create-delete`, and `create-update`. (`sync` is the default, which is used if the `--policy` parameter is not specified; the other policies are described below). + +It is also possible to set this policy per ApplicationSet. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +spec: + # (...) + syncPolicy: + applicationsSync: create-only # create-update, create-delete sync + +``` + +- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. +- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. +- Policy `create-delete`: Prevents ApplicationSet controller from modifying Applications. Delete is allowed. +- Policy `sync`: Update and Delete are allowed. + +If the controller parameter `--policy` is set, it takes precedence on the field `applicationsSync`. It is possible to allow per ApplicationSet sync policy by setting variable `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE` to argocd-cmd-params-cm `applicationsetcontroller.enable.policy.override` or directly with controller parameter `--enable-policy-override` (default to `false`). + +This does not prevent deletion of Applications if the ApplicationSet is deleted + +#### Controller parameter To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as deletion, or modification of Application fields, add this parameter in the ApplicationSet controller: ``` --policy create-only ``` +At ApplicationSet level + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +spec: + # (...) + syncPolicy: + applicationsSync: create-only +``` + ### Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications To allow the ApplicationSet controller to create or modify `Application` resources, but prevent Applications from being deleted, add the following parameter to the ApplicationSet controller `Deployment`: @@ -34,11 +68,15 @@ To allow the ApplicationSet controller to create or modify `Application` resourc This may be useful to users looking for additional protection against deletion of the Applications generated by the controller. -### Policy - `create-delete`: Prevent ApplicationSet controller from updating Applications +At ApplicationSet level -To allow the ApplicationSet controller to create or delete `Application` resources, but prevent Applications from being updated, add the following parameter to the ApplicationSet controller `Deployment`: -``` ---policy create-delete +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +spec: + # (...) + syncPolicy: + applicationsSync: create-update ``` ### Prevent an `Application`'s child resources from being deleted, when the parent Application is deleted @@ -57,6 +95,7 @@ spec: More information on the specific behaviour of `preserveResourcesOnDeletion`, and deletion in ApplicationSet controller and Argo CD in general, can be found on the [Application Deletion](Application-Deletion.md) page. + ### Prevent an Application's child resources from being modified Changes made to the ApplicationSet will propagate to the Applications managed by the ApplicationSet, and then Argo CD will propagate the Application changes to the underlying cluster resources (as per [Argo CD Integration](Argo-CD-Integration.md)). diff --git a/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md b/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md new file mode 100644 index 0000000000000..4f8967b5937fa --- /dev/null +++ b/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md @@ -0,0 +1,85 @@ +# Git File Generator Globbing + +## Problem Statement + +The original and default implementation of the Git file generator does very greedy globbing. This can trigger errors or catch users off-guard. For example, consider the following repository layout: + +``` +└── cluster-charts/ + ├── cluster1 + │ ├── mychart/ + │ │  ├── charts/ + │ │   │   └── mysubchart/ + │ │ │ ├── values.yaml + │ │   │   └── etc… + │ │   ├── values.yaml + │ │ └── etc… + │ └── myotherchart/ + │ ├── values.yaml + │ └── etc… + └── cluster2 + └── etc… +``` + +In `cluster1` we have two charts, one of them with a subchart. + +Assuming we need the ApplicationSet to template values in the `values.yaml`, then we need to use a Git file generator instead of a directory generator. The value of the `path` key of the Git file generator should be set to: + +``` +path: cluster-charts/*/*/values.yaml +``` + +However, the default implementation will interpret the above pattern as: + +``` +path: cluster-charts/**/values.yaml +``` + +Meaning, for `mychart` in `cluster1`, that it will pick up both the chart's `values.yaml` but also the one from its subchart. This will most likely fail, and even if it didn't it would be wrong. + +There are multiple other ways this undesirable globbing can fail. For example: + +``` +path: some-path/*.yaml +``` + +This will return all YAML files in any directory at any level under `some-path`, instead of only those directly under it. + +## Enabling the New Globbing + +Since some users may rely on the old behavior it was decided to make the fix optional and not enabled by default. + +It can be enabled in any of these ways: + +1. Pass `--enable-new-git-file-globbing` to the ApplicationSet controller args. +1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING=true` in the ApplicationSet controller environment variables. +1. Set `applicationsetcontroller.enable.new.git.file.globbing: true` in the Argo CD ConfigMap. + +Note that the default may change in the future. + +## Usage + +The new Git file generator globbing uses the `doublestar` package. You can find it [here](https://github.com/bmatcuk/doublestar). + +Below is a short excerpt from its documentation. + +doublestar patterns match files and directories recursively. For example, if +you had the following directory structure: + +```bash +grandparent +`-- parent + |-- child1 + `-- child2 +``` + +You could find the children with patterns such as: `**/child*`, +`grandparent/**/child?`, `**/parent/*`, or even just `**` by itself (which will +return all files and directories recursively). + +Bash's globstar is doublestar's inspiration and, as such, works similarly. +Note that the doublestar must appear as a path component by itself. A pattern +such as `/path**` is invalid and will be treated the same as `/path*`, but +`/path*/**` should achieve the desired result. Additionally, `/path/**` will +match all directories and files under the path directory, but `/path/**/` will +only match directories. diff --git a/docs/operator-manual/applicationset/Generators-Git.md b/docs/operator-manual/applicationset/Generators-Git.md index bed3f89e910b3..690495dccfee5 100644 --- a/docs/operator-manual/applicationset/Generators-Git.md +++ b/docs/operator-manual/applicationset/Generators-Git.md @@ -37,6 +37,8 @@ metadata: name: cluster-addons namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -45,16 +47,16 @@ spec: - path: applicationset/examples/git-generator-directory/cluster-addons/* template: metadata: - name: '{{path.basename}}' + name: '{{.path.basename}}' spec: project: "my-project" source: repoURL: https://github.com/argoproj/argo-cd.git targetRevision: HEAD - path: '{{path}}' + path: '{{.path.path}}' destination: server: https://kubernetes.default.svc - namespace: '{{path.basename}}' + namespace: '{{.path.basename}}' syncPolicy: syncOptions: - CreateNamespace=true @@ -63,14 +65,14 @@ spec: The generator parameters are: -- `{{path}}`: The directory paths within the Git repository that match the `path` wildcard. -- `{{path[n]}}`: The directory paths within the Git repository that match the `path` wildcard, split into array elements (`n` - array index) -- `{{path.basename}}`: For any directory path within the Git repository that matches the `path` wildcard, the right-most path name is extracted (e.g. `/directory/directory2` would produce `directory2`). -- `{{path.basenameNormalized}}`: This field is the same as `path.basename` with unsupported characters replaced with `-` (e.g. a `path` of `/directory/directory_2`, and `path.basename` of `directory_2` would produce `directory-2` here). +- `{{.path.path}}`: The directory paths within the Git repository that match the `path` wildcard. +- `{{index .path.segments n}}`: The directory paths within the Git repository that match the `path` wildcard, split into array elements (`n` - array index) +- `{{.path.basename}}`: For any directory path within the Git repository that matches the `path` wildcard, the right-most path name is extracted (e.g. `/directory/directory2` would produce `directory2`). +- `{{.path.basenameNormalized}}`: This field is the same as `path.basename` with unsupported characters replaced with `-` (e.g. a `path` of `/directory/directory_2`, and `path.basename` of `directory_2` would produce `directory-2` here). -**Note**: The right-most path name always becomes `{{path.basename}}`. For example, for `- path: /one/two/three/four`, `{{path.basename}}` is `four`. +**Note**: The right-most path name always becomes `{{.path.basename}}`. For example, for `- path: /one/two/three/four`, `{{.path.basename}}` is `four`. -**Note**: If the `pathParamPrefix` option is specified, all `path`-related parameter names above will be prefixed with the specified value and a dot separator. E.g., if `pathParamPrefix` is `myRepo`, then the generated parameter name would be `myRepo.path` instead of `path`. Using this option is necessary in a Matrix generator where both child generators are Git generators (to avoid conflicts when merging the child generators’ items). +**Note**: If the `pathParamPrefix` option is specified, all `path`-related parameter names above will be prefixed with the specified value and a dot separator. E.g., if `pathParamPrefix` is `myRepo`, then the generated parameter name would be `.myRepo.path` instead of `.path`. Using this option is necessary in a Matrix generator where both child generators are Git generators (to avoid conflicts when merging the child generators’ items). Whenever a new Helm chart/Kustomize YAML/Application/plain subdirectory is added to the Git repository, the ApplicationSet controller will detect this change and automatically deploy the resulting manifests within new `Application` resources. @@ -89,6 +91,8 @@ metadata: name: cluster-addons namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -99,16 +103,16 @@ spec: exclude: true template: metadata: - name: '{{path.basename}}' + name: '{{.path.basename}}' spec: project: "my-project" source: repoURL: https://github.com/argoproj/argo-cd.git targetRevision: HEAD - path: '{{path}}' + path: '{{.path.path}}' destination: server: https://kubernetes.default.svc - namespace: '{{path.basename}}' + namespace: '{{.path.basename}}' ``` (*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-directory/excludes).*) @@ -170,6 +174,8 @@ metadata: name: cluster-addons namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/example/example-repo.git @@ -178,6 +184,40 @@ spec: - path: '*' - path: donotdeploy exclude: true + template: + metadata: + name: '{{.path.basename}}' + spec: + project: "my-project" + source: + repoURL: https://github.com/example/example-repo.git + targetRevision: HEAD + path: '{{.path.path}}' + destination: + server: https://kubernetes.default.svc + namespace: '{{.path.basename}}' +``` + +### Pass additional key-value pairs via `values` field + +You may pass additional, arbitrary string key-value pairs via the `values` field of the git directory generator. Values added via the `values` field are added as `values.(field)`. + +In this example, a `cluster` parameter value is passed. It is interpolated from the `branch` and `path` variable, to then be used to determine the destination namespace. +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + generators: + - git: + repoURL: https://github.com/example/example-repo.git + revision: HEAD + directories: + - path: '*' + values: + cluster: '{{branch}}-{{path}}' template: metadata: name: '{{path.basename}}' @@ -189,9 +229,14 @@ spec: path: '{{path}}' destination: server: https://kubernetes.default.svc - namespace: '{{path.basename}}' + namespace: '{{values.cluster}}' ``` +!!! note + The `values.` prefix is always prepended to values provided via `generators.git.values` field. Ensure you include this prefix in the parameter name within the `template` when using it. + +In `values` we can also interpolate all fields set by the git directory generator as mentioned above. + ## Git Generator: Files The Git file generator is the second subtype of the Git generator. The Git file generator generates parameters using the contents of JSON/YAML files found within a specified repository. @@ -249,6 +294,8 @@ metadata: name: guestbook namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -257,7 +304,7 @@ spec: - path: "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" template: metadata: - name: '{{cluster.name}}-guestbook' + name: '{{.cluster.name}}-guestbook' spec: project: default source: @@ -265,7 +312,7 @@ spec: targetRevision: HEAD path: "applicationset/examples/git-generator-files-discovery/apps/guestbook" destination: - server: '{{cluster.address}}' + server: '{{.cluster.address}}' namespace: guestbook ``` (*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-files-discovery).*) @@ -288,6 +335,47 @@ The filename can always be accessed using `{{path.filename}}`. **Note**: If the `pathParamPrefix` option is specified, all `path`-related parameter names above will be prefixed with the specified value and a dot separator. E.g., if `pathParamPrefix` is `myRepo`, then the generated parameter name would be `myRepo.path` instead of `path`. Using this option is necessary in a Matrix generator where both child generators are Git generators (to avoid conflicts when merging the child generators’ items). +**Note**: The default behavior of the Git file generator is very greedy. Please see [Git File Generator Globbing](./Generators-Git-File-Globbing.md) for more information. + +### Pass additional key-value pairs via `values` field + +You may pass additional, arbitrary string key-value pairs via the `values` field of the git files generator. Values added via the `values` field are added as `values.(field)`. + +In this example, a `base_dir` parameter value is passed. It is interpolated from `path` segments, to then be used to determine the source path. +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: guestbook + namespace: argocd +spec: + generators: + - git: + repoURL: https://github.com/argoproj/argo-cd.git + revision: HEAD + files: + - path: "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" + values: + base_dir: "{{path[0]}}/{{path[1]}}/{{path[2]}}" + template: + metadata: + name: '{{cluster.name}}-guestbook' + spec: + project: default + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + path: "{{values.base_dir}}/apps/guestbook" + destination: + server: '{{cluster.address}}' + namespace: guestbook +``` + +!!! note + The `values.` prefix is always prepended to values provided via `generators.git.values` field. Ensure you include this prefix in the parameter name within the `template` when using it. + +In `values` we can also interpolate all fields set by the git files generator as mentioned above. + ## Webhook Configuration When using a Git generator, ApplicationSet polls Git repositories every three minutes to detect changes. To eliminate diff --git a/docs/operator-manual/applicationset/Generators-List.md b/docs/operator-manual/applicationset/Generators-List.md index 12ba0b820fb61..7cee47ae60f0e 100644 --- a/docs/operator-manual/applicationset/Generators-List.md +++ b/docs/operator-manual/applicationset/Generators-List.md @@ -64,6 +64,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: @@ -112,4 +113,4 @@ key: releaseName: component2 repoUrl: "ghcr.io/stefanprodan/charts" namespace: component2 -``` \ No newline at end of file +``` diff --git a/docs/operator-manual/applicationset/Generators-Matrix.md b/docs/operator-manual/applicationset/Generators-Matrix.md index c0316d61c333c..d918a1ff205a8 100644 --- a/docs/operator-manual/applicationset/Generators-Matrix.md +++ b/docs/operator-manual/applicationset/Generators-Matrix.md @@ -332,3 +332,14 @@ For example, the below example would be invalid (cluster-generator must come aft revision: HEAD files: - path: "examples/git-generator-files-discovery/cluster-config/engineering/{{name}}**/config.json" # {{name}} is produced by cluster generator + +1. When using a Matrix generator nested inside another Matrix or Merge generator, [Post Selectors](../../user-guide/application-set.md#post-selector-all-generators) for this nested generator's generators will only be applied when enabled via `spec.applyNestedSelectors`. + + - matrix: + generators: + - matrix: + generators: + - list + elements: + - # (...) + selector: { } # Only applied when applyNestedSelectors is true diff --git a/docs/operator-manual/applicationset/Generators-Merge.md b/docs/operator-manual/applicationset/Generators-Merge.md index eb32343accbf4..b074acac0f082 100644 --- a/docs/operator-manual/applicationset/Generators-Merge.md +++ b/docs/operator-manual/applicationset/Generators-Merge.md @@ -111,6 +111,70 @@ When merged with the updated base parameters, the `values.redis` value for the p values.redis: 'true' ``` +## Example: Use value interpolation in merge + +Some generators support additional values and interpolating from generated variables to selected values. This can be used to teach the merge generator which generated variables to use to combine different generators. + +The following example combines discovered clusters and a git repository by cluster labels and the branch name: +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-git +spec: + generators: + # merge 'parent' generator: + # Use the selector set by both child generators to combine them. + - merge: + mergeKeys: + # Note that this would not work with goTemplate enabled, + # nested merge keys are not supported there. + - values.selector + generators: + # Assuming, all configured clusters have a label for their location: + # Set the selector to this location. + - clusters: + values: + selector: '{{ metadata.labels.location }}' + # The git repo may have different directories which correspond to the + # cluster locations, using these as a selector. + - git: + repoURL: https://github.com/argoproj/argocd-example-apps/ + revision: HEAD + directories: + - path: '*' + values: + selector: '{{ path }}' + template: + metadata: + name: '{{name}}' + spec: + project: '{{metadata.labels.environment}}' + source: + repoURL: https://github.com/argoproj/argocd-example-apps/ + # The cluster values field for each generator will be substituted here: + targetRevision: HEAD + path: '{{path}}' + destination: + server: '{{server}}' + namespace: default +``` + +Assuming a cluster named `germany01` with the label `metadata.labels.location=Germany` and a git repository containing a directory called `Germany`, this could combine to values as follows: + +```yaml + # From the cluster generator +- name: germany01 + server: https://1.2.3.4 + # From the git generator + path: Germany + # Combining selector with the merge generator + values.selector: 'Germany' + # More values from cluster & git generator + # […] +``` + + ## Restrictions 1. You should specify only a single generator per array entry. This is not valid: @@ -142,3 +206,23 @@ When merged with the updated base parameters, the `values.redis` value for the p - list: elements: - # (...) + +1. Merging on nested values while using `goTemplate: true` is currently not supported, this will not work + + spec: + goTemplate: true + generators: + - merge: + mergeKeys: + - values.merge + +1. When using a Merge generator nested inside another Matrix or Merge generator, [Post Selectors](../../user-guide/application-set.md#post-selector-all-generators) for this nested generator's generators will only be applied when enabled via `spec.applyNestedSelectors`. + + - merge: + generators: + - merge: + generators: + - list + elements: + - # (...) + selector: { } # Only applied when applyNestedSelectors is true diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md new file mode 100644 index 0000000000000..187ec255fc446 --- /dev/null +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -0,0 +1,341 @@ +# Plugin Generator + +Plugins allow you to provide your own generator. + +- You can write in any language +- Simple: a plugin just responds to RPC HTTP requests. +- You can use it in a sidecar, or standalone deployment. +- You can get your plugin running today, no need to wait 3-5 months for review, approval, merge and an Argo software + release. +- You can combine it with Matrix or Merge. + +To start working on your own plugin, you can generate a new repository based on the example +[applicationset-hello-plugin](https://github.com/argoproj-labs/applicationset-hello-plugin). + +## Simple example + +Using a generator plugin without combining it with Matrix or Merge. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myplugin +spec: + generators: + - plugin: + # Specify the configMap where the plugin configuration is located. + configMapRef: + name: my-plugin + # You can pass arbitrary parameters to the plugin. `input.parameters` is a map, but values may be any type. + # These parameters will also be available on the generator's output under the `generator.input.parameters` key. + input: + parameters: + key1: "value1" + key2: "value2" + list: ["list", "of", "values"] + boolean: true + map: + key1: "value1" + key2: "value2" + key3: "value3" + + # You can also attach arbitrary values to the generator's output under the `values` key. These values will be + # available in templates under the `values` key. + values: + value1: something + + # When using a Plugin generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes. + requeueAfterSeconds: 30 + template: + metadata: + name: myplugin + annotations: + example.from.input.parameters: "{{ generator.input.parameters.map.key1 }}" + example.from.values: "{{ values.value1 }}" + # The plugin determines what else it produces. + example.from.plugin.output: "{{ something.from.the.plugin }}" +``` + +- `configMapRef.name`: A `ConfigMap` name containing the plugin configuration to use for RPC call. +- `input.parameters`: Input parameters included in the RPC call to the plugin. (Optional) + +!!! note + The concept of the plugin should not undermine the spirit of GitOps by externalizing data outside of Git. The goal is to be complementary in specific contexts. + For example, when using one of the PullRequest generators, it's impossible to retrieve parameters related to the CI (only the commit hash is available), which limits the possibilities. By using a plugin, it's possible to retrieve the necessary parameters from a separate data source and use them to extend the functionality of the generator. + +### Add a ConfigMap to configure the access of the plugin + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-plugin + namespace: argocd +data: + token: "$plugin.myplugin.token" # Alternatively $:plugin.myplugin.token + baseUrl: "http://myplugin.plugin-ns.svc.cluster.local." +``` + +- `token`: Pre-shared token used to authenticate HTTP request (points to the right key you created in the `argocd-secret` Secret) +- `baseUrl`: BaseUrl of the k8s service exposing your plugin in the cluster. + +### Store credentials + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + namespace: argocd + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd +type: Opaque +data: + # ... + # The secret value must be base64 encoded **once** + # this value corresponds to: `printf "strong-password" | base64` + plugin.myplugin.token: "c3Ryb25nLXBhc3N3b3Jk" + # ... +``` + +#### Alternative + +If you want to store sensitive data in **another** Kubernetes `Secret`, instead of `argocd-secret`, ArgoCD knows how to check the keys under `data` in your Kubernetes `Secret` for a corresponding key whenever a value in a configmap starts with `$`, then your Kubernetes `Secret` name and `:` (colon) followed by the key name. + +Syntax: `$:` + +> NOTE: Secret must have label `app.kubernetes.io/part-of: argocd` + +##### Example + +`another-secret`: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: another-secret + namespace: argocd + labels: + app.kubernetes.io/part-of: argocd +type: Opaque +data: + # ... + # Store client secret like below. + # Ensure the secret is base64 encoded + plugin.myplugin.token: + # ... +``` + +### HTTP server + +#### A Simple Python Plugin + +You can deploy it either as a sidecar or as a standalone deployment (the latter is recommended). + +In the example, the token is stored in a file at this location : `/var/run/argo/token` + +``` +string-password +``` + +```python +import json +from http.server import BaseHTTPRequestHandler, HTTPServer + +with open("/var/run/argo/token") as f: + plugin_token = f.read().strip() + + +class Plugin(BaseHTTPRequestHandler): + + def args(self): + return json.loads(self.rfile.read(int(self.headers.get('Content-Length')))) + + def reply(self, reply): + self.send_response(200) + self.end_headers() + self.wfile.write(json.dumps(reply).encode("UTF-8")) + + def forbidden(self): + self.send_response(403) + self.end_headers() + + def unsupported(self): + self.send_response(404) + self.end_headers() + + def do_POST(self): + if self.headers.get("Authorization") != "Bearer " + plugin_token: + self.forbidden() + + if self.path == '/api/v1/getparams.execute': + args = self.args() + self.reply({ + "output": { + "parameters": [ + { + "key1": "val1", + "key2": "val2" + }, + { + "key1": "val2", + "key2": "val2" + } + ] + } + }) + else: + self.unsupported() + + +if __name__ == '__main__': + httpd = HTTPServer(('', 4355), Plugin) + httpd.serve_forever() +``` + +Execute getparams with curl : + +``` +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +'{ + "applicationSetName": "fake-appset", + "input": { + "parameters": { + "param1": "value1" + } + } +}' +``` + +Some things to note here: + +- You only need to implement the calls `/api/v1/getparams.execute` +- You should check that the `Authorization` header contains the same bearer value as `/var/run/argo/token`. Return 403 if not +- The input parameters are included in the request body and can be accessed using the `input.parameters` variable. +- The output must always be a list of object maps nested under the `output.parameters` key in a map. +- `generator.input.parameters` and `values` are reserved keys. If present in the plugin output, these keys will be overwritten by the + contents of the `input.parameters` and `values` keys in the ApplicationSet's plugin generator spec. + +## With matrix and pull request example + +In the following example, the plugin implementation is returning a set of image digests for the given branch. The returned list contains only one item correspondng to the latest builded image for the branch. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: fb-matrix +spec: + goTemplate: true + generators: + - matrix: + generators: + - pullRequest: + github: ... + requeueAfterSeconds: 30 + - plugin: + configMapRef: + name: cm-plugin + input: + parameters: + branch: "{{.branch}}" # provided by generator pull request + values: + branchLink: "https://git.example.com/org/repo/tree/{{.branch}}" + template: + metadata: + name: "fb-matrix-{{.branch}}" + spec: + source: + repoURL: "https://github.com/myorg/myrepo.git" + targetRevision: "HEAD" + path: charts/my-chart + helm: + releaseName: fb-matrix-{{.branch}} + valueFiles: + - values.yaml + values: | + front: + image: myregistry:{{.branch}}@{{ .digestFront }} # digestFront is generated by the plugin + back: + image: myregistry:{{.branch}}@{{ .digestBack }} # digestBack is generated by the plugin + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + server: https://kubernetes.default.svc + namespace: "{{.branch}}" + info: + - name: Link to the Application's branch + value: "{{values.branchLink}}" +``` + +To illustrate : + +- The generator pullRequest would return, for example, 2 branches: `feature-branch-1` and `feature-branch-2`. + +- The generator plugin would then perform 2 requests as follows : + +```shell +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +'{ + "applicationSetName": "fb-matrix", + "input": { + "parameters": { + "branch": "feature-branch-1" + } + } +}' +``` + +Then, + +```shell +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +'{ + "applicationSetName": "fb-matrix", + "input": { + "parameters": { + "branch": "feature-branch-2" + } + } +}' +``` + +For each call, it would return a unique result such as : + +```json +{ + "output": { + "parameters": [ + { + "digestFront": "sha256:a3f18c17771cc1051b790b453a0217b585723b37f14b413ad7c5b12d4534d411", + "digestBack": "sha256:4411417d614d5b1b479933b7420079671facd434fd42db196dc1f4cc55ba13ce" + } + ] + } +} +``` + +Then, + +```json +{ + "output": { + "parameters": [ + { + "digestFront": "sha256:7c20b927946805124f67a0cb8848a8fb1344d16b4d0425d63aaa3f2427c20497", + "digestBack": "sha256:e55e7e40700bbab9e542aba56c593cb87d680cefdfba3dd2ab9cfcb27ec384c2" + } + ] + } +} +``` + +In this example, by combining the two, you ensure that one or more pull requests are available and that the generated tag has been properly generated. This wouldn't have been possible with just a commit hash because a hash alone does not certify the success of the build. diff --git a/docs/operator-manual/applicationset/Generators-Post-Selector.md b/docs/operator-manual/applicationset/Generators-Post-Selector.md index 20f367ada7a1f..d8570859084ff 100644 --- a/docs/operator-manual/applicationset/Generators-Post-Selector.md +++ b/docs/operator-manual/applicationset/Generators-Post-Selector.md @@ -36,8 +36,24 @@ spec: ``` The List generator + Post Selector generates a single set of parameters: + ```yaml - cluster: engineering-dev url: https://kubernetes.default.svc env: staging -``` \ No newline at end of file +``` + +It is also possible to use `matchExpressions` for more powerful selectors. + +```yaml +spec: + generators: + - clusters: {} + selector: + matchExpressions: + - key: server + operator: In + values: + - https://kubernetes.default.svc + - https://some-other-cluster +``` diff --git a/docs/operator-manual/applicationset/Generators-Pull-Request.md b/docs/operator-manual/applicationset/Generators-Pull-Request.md index f84a58731ce30..bf5d1b07da794 100644 --- a/docs/operator-manual/applicationset/Generators-Pull-Request.md +++ b/docs/operator-manual/applicationset/Generators-Pull-Request.md @@ -180,6 +180,102 @@ If you want to access a private repository, you must also provide the credential * `username`: The username to authenticate with. It only needs read access to the relevant repo. * `passwordRef`: A `Secret` name and key containing the password or personal access token to use for requests. +## Bitbucket Cloud + +Fetch pull requests from a repo hosted on a Bitbucket Cloud. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myapps +spec: + generators: + - pullRequest: + bitbucket: + # Workspace name where the repoistory is stored under. Required. + owner: myproject + # Repository slug. Required. + repo: myrepository + # URL of the Bitbucket Server. (optional) Will default to 'https://api.bitbucket.org/2.0'. + api: https://api.bitbucket.org/2.0 + # Credentials for Basic authentication (App Password). Either basicAuth or bearerToken + # authentication is required to access private repositories + basicAuth: + # The username to authenticate with + username: myuser + # Reference to a Secret containing the password or personal access token. + passwordRef: + secretName: mypassword + key: password + # Credentials for Bearer Token (App Token) authentication. Either basicAuth or bearerToken + # authentication is required to access private repositories + bearerToken: + tokenRef: + secretName: repotoken + key: token + # Labels are not supported by Bitbucket Cloud, so filtering by label is not possible. + # Filter PRs using the source branch name. (optional) + filters: + - branchMatch: ".*-argocd" + template: + # ... +``` + +- `owner`: Required name of the Bitbucket workspace +- `repo`: Required name of the Bitbucket repository. +- `api`: Optional URL to access the Bitbucket REST API. For the example above, an API request would be made to `https://api.bitbucket.org/2.0/repositories/{workspace}/{repo_slug}/pullrequests`. If not set, defaults to `https://api.bitbucket.org/2.0` +- `branchMatch`: Optional regexp filter which should match the source branch name. This is an alternative to labels which are not supported by Bitbucket server. + +If you want to access a private repository, ArgoCD will need credentials to access repository in Bitbucket Cloud. You can use Bitbucket App Password (generated per user, with access to whole workspace), or Bitbucket App Token (generated per repository, with access limited to repository scope only). If both App Password and App Token are defined, App Token will be used. + +To use Bitbucket App Password, use `basicAuth` section. +- `username`: The username to authenticate with. It only needs read access to the relevant repo. +- `passwordRef`: A `Secret` name and key containing the password or personal access token to use for requests. + +In case of Bitbucket App Token, go with `bearerToken` section. +- `tokenRef`: A `Secret` name and key containing the app token to use for requests. + +## Azure DevOps + +Specify the organization, project and repository from which you want to fetch pull requests. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myapps +spec: + generators: + - pullRequest: + azuredevops: + # Azure DevOps org to scan. Required. + organization: myorg + # Azure DevOps project name to scan. Required. + project: myproject + # Azure DevOps repo name to scan. Required. + repo: myrepository + # The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/. + api: https://dev.azure.com/ + # Reference to a Secret containing an access token. (optional) + tokenRef: + secretName: azure-devops-token + key: token + # Labels is used to filter the PRs that you want to target. (optional) + labels: + - preview + requeueAfterSeconds: 1800 + template: + # ... +``` + +* `organization`: Required name of the Azure DevOps organization. +* `project`: Required name of the Azure DevOps project. +* `repo`: Required name of the Azure DevOps repository. +* `api`: If using self-hosted Azure DevOps Repos, the URL to access it. (Optional) +* `tokenRef`: A `Secret` name and key containing the Azure DevOps access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories. (Optional) +* `labels`: Filter the PRs to those containing **all** of the labels listed. (Optional) + ## Filters Filters allow selecting which pull requests to generate for. Each filter can declare one or more conditions, all of which must pass. If multiple filters are present, any can match for a repository to be included. If no filters are specified, all pull requests will be processed. @@ -202,6 +298,7 @@ spec: ``` * `branchMatch`: A regexp matched against source branch names. +* `targetBranchMatch`: A regexp matched against target branch names. [GitHub](#github) and [GitLab](#gitlab) also support a `labels` filter. @@ -272,6 +369,8 @@ spec: * `number`: The ID number of the pull request. * `branch`: The name of the branch of the pull request head. * `branch_slug`: The branch name will be cleaned to be conform to the DNS label standard as defined in [RFC 1123](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names), and truncated to 50 characters to give room to append/suffix-ing it with 13 more characters. +* `target_branch`: The name of the target branch of the pull request. +* `target_branch_slug`: The target branch name will be cleaned to be conform to the DNS label standard as defined in [RFC 1123](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names), and truncated to 50 characters to give room to append/suffix-ing it with 13 more characters. * `head_sha`: This is the SHA of the head of the pull request. * `head_short_sha`: This is the short SHA of the head of the pull request (8 characters long or the length of the head SHA if it's shorter). * `head_short_sha_7`: This is the short SHA of the head of the pull request (7 characters long or the length of the head SHA if it's shorter). diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index 24c2ad71a333b..376401db9fd53 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -255,6 +255,87 @@ This SCM provider does not yet support label filtering Available clone protocols are `ssh` and `https`. +## AWS CodeCommit (Alpha) + +Uses AWS ResourceGroupsTagging and AWS CodeCommit APIs to scan repos across AWS accounts and regions. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myapps +spec: + generators: + - scmProvider: + awsCodeCommit: + # AWS region to scan repos. + # default to the environmental region from ApplicationSet controller. + region: us-east-1 + # AWS role to assume to scan repos. + # default to the environmental role from ApplicationSet controller. + role: arn:aws:iam::111111111111:role/argocd-application-set-discovery + # If true, scan every branch of every repository. If false, scan only the main branch. Defaults to false. + allBranches: true + # AWS resource tags to filter repos with. + # see https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetResources.html#resourcegrouptagging-GetResources-request-TagFilters for details + # default to no tagFilters, to include all repos in the region. + tagFilters: + - key: organization + value: platform-engineering + - key: argo-ready + template: + # ... +``` + +* `region`: (Optional) AWS region to scan repos. By default, use ApplicationSet controller's current region. +* `role`: (Optional) AWS role to assume to scan repos. By default, use ApplicationSet controller's current role. +* `allBranches`: (Optional) If `true`, scans every branch of eligible repositories. If `false`, check only the default branch of the eligible repositories. Default `false`. +* `tagFilters`: (Optional) A list of tagFilters to filter AWS CodeCommit repos with. See [AWS ResourceGroupsTagging API](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetResources.html#resourcegrouptagging-GetResources-request-TagFilters) for details. By default, no filter is included. + +This SCM provider does not support the following features + +* label filtering +* `sha`, `short_sha` and `short_sha_7` template parameters + +Available clone protocols are `ssh`, `https` and `https-fips`. + +### AWS IAM Permission Considerations + +In order to call AWS APIs to discover AWS CodeCommit repos, ApplicationSet controller must be configured with valid environmental AWS config, like current AWS region and AWS credentials. +AWS config can be provided via all standard options, like Instance Metadata Service (IMDS), config file, environment variables, or IAM roles for service accounts (IRSA). + +Depending on whether `role` is provided in `awsCodeCommit` property, AWS IAM permission requirement is different. + +#### Discover AWS CodeCommit Repositories in the same AWS Account as ApplicationSet Controller + +Without specifying `role`, ApplicationSet controller will use its own AWS identity to scan AWS CodeCommit repos. +This is suitable when you have a simple setup that all AWS CodeCommit repos reside in the same AWS account as your ArgoCD. + +As the ApplicationSet controller AWS identity is used directly for repo discovery, it must be granted below AWS permissions. + +* `tag:GetResources` +* `codecommit:ListRepositories` +* `codecommit:GetRepository` +* `codecommit:GetFolder` +* `codecommit:ListBranches` + +#### Discover AWS CodeCommit Repositories across AWS Accounts and Regions + +By specifying `role`, ApplicationSet controller will first assume the `role`, and use it for repo discovery. +This enables more complicated use cases to discover repos from different AWS accounts and regions. + +The ApplicationSet controller AWS identity should be granted permission to assume target AWS roles. + +* `sts:AssumeRole` + +All AWS roles must have repo discovery related permissions. + +* `tag:GetResources` +* `codecommit:ListRepositories` +* `codecommit:GetRepository` +* `codecommit:GetFolder` +* `codecommit:ListBranches` + ## Filters Filters allow selecting which repositories to generate for. Each filter can declare one or more conditions, all of which must pass. If multiple filters are present, any can match for a repository to be included. If no filters are specified, all repositories will be processed. @@ -322,3 +403,47 @@ spec: * `short_sha_7`: The abbreviated Git commit SHA for the branch (7 chars or the length of the `sha` if it's shorter). * `labels`: A comma-separated list of repository labels. * `branchNormalized`: The value of `branch` normalized to contain only lowercase alphanumeric characters, '-' or '.'. + +## Pass additional key-value pairs via `values` field + +You may pass additional, arbitrary string key-value pairs via the `values` field of any SCM generator. Values added via the `values` field are added as `values.(field)`. + +In this example, a `name` parameter value is passed. It is interpolated from `organization` and `repository` to generate a different template name. +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myapps +spec: + generators: + - scmProvider: + bitbucketServer: + project: myproject + api: https://mycompany.bitbucket.org + allBranches: true + basicAuth: + username: myuser + passwordRef: + secretName: mypassword + key: password + values: + name: "{{organization}}-{{repository}}" + + template: + metadata: + name: '{{ values.name }}' + spec: + source: + repoURL: '{{ url }}' + targetRevision: '{{ branch }}' + path: kubernetes/ + project: default + destination: + server: https://kubernetes.default.svc + namespace: default +``` + +!!! note + The `values.` prefix is always prepended to values provided via `generators.scmProvider.values` field. Ensure you include this prefix in the parameter name within the `template` when using it. + +In `values` we can also interpolate all fields set by the SCM generator as mentioned above. diff --git a/docs/operator-manual/applicationset/Generators.md b/docs/operator-manual/applicationset/Generators.md index 5c162463d6e89..4a2982c740aa7 100644 --- a/docs/operator-manual/applicationset/Generators.md +++ b/docs/operator-manual/applicationset/Generators.md @@ -4,7 +4,7 @@ Generators are responsible for generating *parameters*, which are then rendered Generators are primarily based on the data source that they use to generate the template parameters. For example: the List generator provides a set of parameters from a *literal list*, the Cluster generator uses the *Argo CD cluster list* as a source, the Git generator uses files/directories from a *Git repository*, and so. -As of this writing there are eight generators: +As of this writing there are nine generators: - [List generator](Generators-List.md): The List generator allows you to target Argo CD Applications to clusters based on a fixed list of cluster name/URL values. - [Cluster generator](Generators-Cluster.md): The Cluster generator allows you to target Argo CD Applications to clusters, based on the list of clusters defined within (and managed by) Argo CD (which includes automatically responding to cluster addition/removal events from Argo CD). @@ -14,6 +14,7 @@ As of this writing there are eight generators: - [SCM Provider generator](Generators-SCM-Provider.md): The SCM Provider generator uses the API of an SCM provider (eg GitHub) to automatically discover repositories within an organization. - [Pull Request generator](Generators-Pull-Request.md): The Pull Request generator uses the API of an SCMaaS provider (eg GitHub) to automatically discover open pull requests within an repository. - [Cluster Decision Resource generator](Generators-Cluster-Decision-Resource.md): The Cluster Decision Resource generator is used to interface with Kubernetes custom resources that use custom resource-specific logic to decide which set of Argo CD clusters to deploy to. +- [Plugin generator](Generators-Plugin.md): The Plugin generator make RPC HTTP request to provide parameters. All generators can be filtered by using the [Post Selector](Generators-Post-Selector.md) diff --git a/docs/operator-manual/applicationset/GoTemplate.md b/docs/operator-manual/applicationset/GoTemplate.md index 911754009ab14..e8700ea8d31d2 100644 --- a/docs/operator-manual/applicationset/GoTemplate.md +++ b/docs/operator-manual/applicationset/GoTemplate.md @@ -12,6 +12,14 @@ An additional `normalize` function makes any string parameter usable as a valid with hyphens and truncating at 253 characters. This is useful when making parameters safe for things like Application names. +If you want to customize [options defined by text/template](https://pkg.go.dev/text/template#Template.Option), you can +add the `goTemplateOptions: ["opt1", "opt2", ...]` key to your ApplicationSet next to `goTemplate: true`. Note that at +the time of writing, there is only one useful option defined, which is `missingkey=error`. + +The recommended setting of `goTemplateOptions` is `["missingkey=error"]`, which ensures that if undefined values are +looked up by your template then an error is reported instead of being ignored silently. This is not currently the default +behavior, for backwards compatibility. + ## Motivation Go Template is the Go Standard for string templating. It is also more powerful than fasttemplate (the default templating @@ -29,6 +37,7 @@ possible with Go text templates: kind: ApplicationSet spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] template: spec: source: @@ -42,6 +51,7 @@ possible with Go text templates: kind: ApplicationSet spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] template: spec: syncPolicy: "{{.syncPolicy}}" # This field may NOT be templated, because it is an object field. @@ -53,6 +63,7 @@ possible with Go text templates: kind: ApplicationSet spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] template: spec: source: @@ -87,6 +98,10 @@ By activating Go Templating, `{{ .path }}` becomes an object. Therefore, some ch generators' templating: - `{{ path }}` becomes `{{ .path.path }}` +- `{{ path.basename }}` becomes `{{ .path.basename }}` +- `{{ path.basenameNormalized }}` becomes `{{ .path.basenameNormalized }}` +- `{{ path.filename }}` becomes `{{ .path.filename }}` +- `{{ path.filenameNormalized }}` becomes `{{ .path.filenameNormalized }}` - `{{ path[n] }}` becomes `{{ index .path.segments n }}` Here is an example: @@ -126,6 +141,7 @@ metadata: name: cluster-addons spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -170,6 +186,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: @@ -205,6 +222,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: @@ -215,7 +233,7 @@ spec: nameSuffix: -my-name-suffix template: metadata: - name: '{{.cluster}}{{default "" .nameSuffix}}' + name: '{{.cluster}}{{dig "nameSuffix" . ""}}' spec: project: default source: @@ -229,3 +247,7 @@ spec: This ApplicationSet will produce an Application called `engineering-dev` and another called `engineering-prod-my-name-suffix`. + +Note that unset parameters are an error, so you need to avoid looking up a property that doesn't exist. Instead, use +template functions like `dig` to do the lookup with a default. If you prefer to have unset parameters default to zero, +you can remove `goTemplateOptions: ["missingkey=error"]` or set it to `goTemplateOptions: ["missingkey=invalid"]` diff --git a/docs/operator-manual/applicationset/Progressive-Syncs.md b/docs/operator-manual/applicationset/Progressive-Syncs.md index 4a6a5edeea996..f29689af6dfc3 100644 --- a/docs/operator-manual/applicationset/Progressive-Syncs.md +++ b/docs/operator-manual/applicationset/Progressive-Syncs.md @@ -94,6 +94,7 @@ spec: - env-prod maxUpdate: 10% # maxUpdate supports both integer and percentage string values (rounds down, but floored at 1 Application for >0%) goTemplate: true + goTemplateOptions: ["missingkey=error"] template: metadata: name: '{{.cluster}}-guestbook' diff --git a/docs/operator-manual/applicationset/applicationset-specification.md b/docs/operator-manual/applicationset/applicationset-specification.md new file mode 100644 index 0000000000000..8899057bf7ff6 --- /dev/null +++ b/docs/operator-manual/applicationset/applicationset-specification.md @@ -0,0 +1,7 @@ +# ApplicationSet Specification + +The following describes all the available fields of an ApplicationSet: + +```yaml +{!docs/operator-manual/applicationset.yaml!} +``` diff --git a/docs/operator-manual/argocd-cm-yaml.md b/docs/operator-manual/argocd-cm-yaml.md new file mode 100644 index 0000000000000..666e78d03fc1b --- /dev/null +++ b/docs/operator-manual/argocd-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-cm.yaml example + +An example of an argocd-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-cm.yaml b/docs/operator-manual/argocd-cm.yaml index 549c01ff58774..748471498798a 100644 --- a/docs/operator-manual/argocd-cm.yaml +++ b/docs/operator-manual/argocd-cm.yaml @@ -85,6 +85,7 @@ data: # Configuration to customize resource behavior (optional) can be configured via splitted sub keys. # Keys are in the form: resource.customizations.ignoreDifferences., resource.customizations.health. # resource.customizations.actions., resource.customizations.knownTypeFields. + # resource.customizations.ignoreResourceUpdates. resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle @@ -101,6 +102,33 @@ data: jsonPointers: - /spec/replicas + # Enable resource.customizations.ignoreResourceUpdates rules. If "false," those rules are not applied, and all updates + # to resources are applied to the cluster cache. Default is false. + resource.ignoreResourceUpdatesEnabled: "false" + + # Configuration to define customizations ignoring differences during watched resource updates to skip application reconciles. + resource.customizations.ignoreResourceUpdates.all: | + jsonPointers: + - /metadata/resourceVersion + + # Configuration to define customizations ignoring differences during watched resource updates can be configured via splitted sub key. + resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | + jsonPointers: + - /status + + # jsonPointers and jqPathExpressions can be specified. + resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | + jqPathExpressions: + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' + jsonPointers: + - /metadata/annotations/autoscaling.alpha.kubernetes.io~1behavior + - /metadata/annotations/autoscaling.alpha.kubernetes.io~1conditions + - /metadata/annotations/autoscaling.alpha.kubernetes.io~1metrics + - /metadata/annotations/autoscaling.alpha.kubernetes.io~1current-metrics + resource.customizations.health.certmanager.k8s.io-Certificate: | hs = {} if obj.status ~= nil then diff --git a/docs/operator-manual/argocd-cmd-params-cm-yaml.md b/docs/operator-manual/argocd-cmd-params-cm-yaml.md new file mode 100644 index 0000000000000..1cdba010fcfc6 --- /dev/null +++ b/docs/operator-manual/argocd-cmd-params-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-cmd-params-cm.yaml example + +An example of an argocd-cmd-params-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-cmd-params-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 6ee41dee44cd6..6f0cbd518a63a 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -9,9 +9,6 @@ data: # Repo server address. (default "argocd-repo-server:8081") repo.server: "argocd-repo-server:8081" - # Dex server address (default "http://argocd-dex-server:5556") - dex.server: "http://argocd-dex-server:5556" - # Redis server hostname and port (e.g. argocd-redis:6379) redis.server: "argocd-redis:6379" # Enable compression for data sent to Redis with the required compression algorithm. (default 'gzip') @@ -57,10 +54,16 @@ data: controller.resource.health.persist: "true" # Cache expiration default (default 24h0m0s) controller.default.cache.expiration: "24h0m0s" + # Sharding algorithm used to balance clusters accross application controller shards (default "legacy") + controller.sharding.algorithm: legacy # Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. controller.kubectl.parallelism.limit: "20" ## Server properties + # Listen on given address for incoming connections (default "0.0.0.0") + server.listen.address: "0.0.0.0" + # Listen on given address for metrics (default "0.0.0.0") + server.metrics.listen.address: "0.0.0.0" # Run server without TLS server.insecure: "false" # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/") @@ -80,14 +83,16 @@ data: server.repo.server.plaintext: "false" # Perform strict validation of TLS certificates when connecting to repo server server.repo.server.strict.tls: "false" + # Dex server address (default "http://argocd-dex-server:5556") + server.dex.server: "http://argocd-dex-server:5556" # Use a plaintext client (non-TLS) to connect to dex server server.dex.server.plaintext: "false" # Perform strict validation of TLS certificates when connecting to dex server server.dex.server.strict.tls: "false" # Disable client authentication server.disable.auth: "false" - # Enable GZIP compression - server.enable.gzip: "false" + # Toggle GZIP compression + server.enable.gzip: "true" # Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin") server.x.frame.options: "sameorigin" # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") @@ -110,6 +115,10 @@ data: server.enable.proxy.extension: "false" ## Repo-server properties + # Listen on given address for incoming connections (default "0.0.0.0") + reposerver.listen.address: "0.0.0.0" + # Listen on given address for metrics (default "0.0.0.0") + reposerver.metrics.listen.address: "0.0.0.0" # Set the logging format. One of: text|json (default "text") reposerver.log.format: "text" # Set the logging level. One of: debug|info|warn|error (default "info") @@ -152,8 +161,6 @@ data: ## ApplicationSet Controller Properties # Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. applicationsetcontroller.enable.leader.election: "false" - # Argo CD repo namespace (default: argocd) - applicationsetcontroller.namespace: "" # "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)" applicationsetcontroller.policy: "sync" # Print debug logs. Takes precedence over loglevel @@ -168,3 +175,11 @@ data: applicationsetcontroller.enable.git.submodule: "true" # Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: "false" + # A list of glob patterns specifying where to look for ApplicationSet resources. (default is only the ns where the controller is installed) + applicationsetcontroller.namespaces: "argocd,argocd-appsets-*" + + ## Argo CD Notifications Controller Properties + # Set the logging level. One of: debug|info|warn|error (default "info") + notificationscontroller.log.level: "info" + # Set the logging format. One of: text|json (default "text") + notificationscontroller.log.format: "text" diff --git a/docs/operator-manual/argocd-rbac-cm-yaml.md b/docs/operator-manual/argocd-rbac-cm-yaml.md new file mode 100644 index 0000000000000..c0dbcde428543 --- /dev/null +++ b/docs/operator-manual/argocd-rbac-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-rbac-cm.yaml example + +An example of an argocd-rbac-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-rbac-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-rbac-cm.yaml b/docs/operator-manual/argocd-rbac-cm.yaml index 12ec17f8e9e14..b68d93ecc4f89 100644 --- a/docs/operator-manual/argocd-rbac-cm.yaml +++ b/docs/operator-manual/argocd-rbac-cm.yaml @@ -19,6 +19,15 @@ data: # Grant all members of 'my-org:team-beta' admins g, my-org:team-beta, role:admin + # it is possible to provide additional entries in this configmap to compose the final policy csv. + # In this case the key must follow the pattern 'policy..csv'. Argo CD will concatenate + # all additional policies it finds with this pattern below the main one ('policy.csv'). This is useful + # to allow composing policies in config management tools like Kustomize, Helm, etc. + policy.overlay.csv: | + p, role:tester, applications, *, */*, allow + p, role:tester, projects, *, *, allow + g, my-org:team-qa, role:tester + # policy.default is the name of the default role which Argo CD will falls back to, when # authorizing API requests (optional). If omitted or empty, users may be still be able to login, # but will see no apps, projects, etc... diff --git a/docs/operator-manual/argocd-repo-creds-yaml.md b/docs/operator-manual/argocd-repo-creds-yaml.md new file mode 100644 index 0000000000000..dca214068405c --- /dev/null +++ b/docs/operator-manual/argocd-repo-creds-yaml.md @@ -0,0 +1,7 @@ +# argocd-repo-creds.yaml example + +An example of an argocd-repo-creds.yaml file: + +```yaml +{!docs/operator-manual/argocd-repo-creds.yaml!} +``` diff --git a/docs/operator-manual/argocd-repositories-yaml.md b/docs/operator-manual/argocd-repositories-yaml.md new file mode 100644 index 0000000000000..c9c99357c391a --- /dev/null +++ b/docs/operator-manual/argocd-repositories-yaml.md @@ -0,0 +1,7 @@ +# argocd-repositories.yaml example + +An example of an argocd-repositories.yaml file: + +```yaml +{!docs/operator-manual/argocd-repositories.yaml!} +``` diff --git a/docs/operator-manual/argocd-secret-yaml.md b/docs/operator-manual/argocd-secret-yaml.md new file mode 100644 index 0000000000000..33a88a8e96ee2 --- /dev/null +++ b/docs/operator-manual/argocd-secret-yaml.md @@ -0,0 +1,7 @@ +# argocd-secret.yaml example + +An example of an argocd-secret.yaml file: + +```yaml +{!docs/operator-manual/argocd-secret.yaml!} +``` diff --git a/docs/operator-manual/argocd-ssh-known-hosts-cm-yaml.md b/docs/operator-manual/argocd-ssh-known-hosts-cm-yaml.md new file mode 100644 index 0000000000000..4a5977f61e842 --- /dev/null +++ b/docs/operator-manual/argocd-ssh-known-hosts-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-ssh-known-hosts-cm.yaml example + +An example of an argocd-ssh-known-hosts-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-ssh-known-hosts-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml b/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml index 8011572939ab6..7bd88fda144ee 100644 --- a/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml +++ b/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml @@ -7,12 +7,18 @@ metadata: name: argocd-ssh-known-hosts-cm data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl diff --git a/docs/operator-manual/argocd-tls-certs-cm-yaml.md b/docs/operator-manual/argocd-tls-certs-cm-yaml.md new file mode 100644 index 0000000000000..e18b54d6e117e --- /dev/null +++ b/docs/operator-manual/argocd-tls-certs-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-tls-certs-cm.yaml example + +An example of an argocd-tls-certs-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-tls-certs-cm.yaml!} +``` diff --git a/docs/operator-manual/config-management-plugins.md b/docs/operator-manual/config-management-plugins.md index 0334b2c168faa..8e8f05594d25b 100644 --- a/docs/operator-manual/config-management-plugins.md +++ b/docs/operator-manual/config-management-plugins.md @@ -18,18 +18,6 @@ The following sections will describe how to create, install, and use plugins. Ch ## Installing a config management plugin -There are two ways to install a Config Management Plugin: - - * **Sidecar plugin** - - This is a good option for a more complex plugin that would clutter the Argo CD ConfigMap. A copy of the repository is - sent to the sidecar container as a tarball and processed individually per application. - - * **ConfigMap plugin** (**this method is deprecated and will be removed in a future - version**) - - The repo-server container will run your plugin's commands. - ### Sidecar plugin An operator can configure a plugin tool via a sidecar to repo-server. The following changes are required to configure a new plugin: @@ -67,8 +55,8 @@ spec: # Only one of fileName, find.glob, or find.command should be specified. If multiple are specified then only the # first (in that order) is evaluated. discover: - # fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the repository's root - # directory (not the Application source directory). If there is a match, this plugin may be used for the repository. + # fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the Application's source + # directory. If there is a match, this plugin may be used for the Application. fileName: "./subdir/s*.yaml" find: # This does the same thing as fileName, but it supports double-start (nested directory) glob patterns. @@ -216,45 +204,11 @@ volumes: 2. Make sure that sidecar container is running as user 999. 3. Make sure that plugin configuration file is present at `/home/argocd/cmp-server/config/plugin.yaml`. It can either be volume mapped via configmap or baked into image. -### ConfigMap plugin - -!!! warning "Deprecated" - ConfigMap plugins are deprecated and will no longer be supported in 2.7. - -The following changes are required to configure a new plugin: - -1. Make sure required binaries are available in `argocd-repo-server` pod. The binaries can be added via volume mounts or - using a custom image (see [custom_tools](../operator-manual/custom_tools.md) for examples of both). -2. Register a new plugin in `argocd-cm` ConfigMap: - - data: - configManagementPlugins: | - - name: pluginName - init: # Optional command to initialize application source directory - command: ["sample command"] - args: ["sample args"] - generate: # Command to generate manifests YAML - command: ["sample command"] - args: ["sample args"] - lockRepo: true # Defaults to false. See below. - - The `generate` command must print a valid YAML or JSON stream to stdout. Both `init` and `generate` commands are executed inside the application source directory or in `path` when specified for the app. - -3. [Create an Application which uses your new CMP](#using-a-cmp). - -More CMP examples are available in [argocd-example-apps](https://github.com/argoproj/argocd-example-apps/tree/master/plugins). - -!!!note "Repository locking" - If your plugin makes use of `git` (e.g. `git crypt`), it is advised to set - `lockRepo` to `true` so that your plugin will have exclusive access to the - repository at the time it is executed. Otherwise, two applications synced - at the same time may result in a race condition and sync failure. - ### Using environment variables in your plugin Plugin commands have access to -1. The system environment variables (of the repo-server container for argocd-cm plugins or of the sidecar for sidecar plugins) +1. The system environment variables of the sidecar 2. [Standard build environment variables](../user-guide/build-environment.md) 3. Variables in the Application spec (References to system and build variables will get interpolated in the variables' values): @@ -268,19 +222,12 @@ Plugin commands have access to value: bar - name: REV value: test-$ARGOCD_APP_REVISION - - !!! note - The `discover.find.command` command only has access to the above environment starting with v2.4. Before reaching the `init.command`, `generate.command`, and `discover.find.command` commands, Argo CD prefixes all user-supplied environment variables (#3 above) with `ARGOCD_ENV_`. This prevents users from directly setting potentially-sensitive environment variables. - - If your plugin was written before 2.4 and depends on user-supplied environment variables, then you will need to update - your plugin's behavior to work with 2.4. If you use a third-party plugin, make sure they explicitly advertise support - for 2.4. -4. (Starting in v2.6) Parameters in the Application spec: +4. Parameters in the Application spec: apiVersion: argoproj.io/v1alpha1 kind: Application @@ -327,14 +274,7 @@ Plugin commands have access to ## Using a config management plugin with an Application -If your CMP is defined in the `argocd-cm` ConfigMap, you can create a new Application using the CLI. Replace -`` with the name configured in `argocd-cm`. - -```bash -argocd app create --config-management-plugin -``` - -If your CMP is defined as a sidecar, you must manually define the Application manifest. You may leave the `name` field +You may leave the `name` field empty in the `plugin` section for the plugin to be automatically matched with the Application based on its discovery rules. If you do mention the name make sure it is either `-` if version is mentioned in the `ConfigManagementPlugin` spec or else just ``. When name is explicitly specified only that particular plugin will be used iff its discovery pattern/command matches the provided application repo. @@ -352,7 +292,6 @@ spec: targetRevision: HEAD path: guestbook plugin: - # For either argocd-cm- or sidecar-installed CMPs, you can pass environment variables to the CMP. env: - name: FOO value: bar @@ -365,7 +304,7 @@ If you don't need to set any environment variables, you can set an empty plugin ``` !!! important - If your sidecar CMP command runs too long, the command will be killed, and the UI will show an error. The CMP server + If your CMP command runs too long, the command will be killed, and the UI will show an error. The CMP server respects the timeouts set by the `server.repo.server.timeout.seconds` and `controller.repo.server.timeout.seconds` items in `argocd-cm`. Increase their values from the default of 60s. diff --git a/docs/operator-manual/custom-styles.md b/docs/operator-manual/custom-styles.md index 21fa79efeeb2f..8f2499a2d636a 100644 --- a/docs/operator-manual/custom-styles.md +++ b/docs/operator-manual/custom-styles.md @@ -56,7 +56,7 @@ metadata: name: argocd-styles-cm data: my-styles.css: | - .nav-bar { + .sidebar { background: linear-gradient(to bottom, #999, #777, #333, #222, #111); } ``` diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index c2f2e7baf775a..e41c5170e3773 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -8,16 +8,16 @@ All resources, including `Application` and `AppProject` specs, have to be instal ### Atomic configuration -| Sample File | Resource Name | Kind | Description | -|-------------|---------------|------|-------------| -| [`argocd-cm.yaml`](argocd-cm.yaml) | argocd-cm | ConfigMap | General Argo CD configuration | -| [`argocd-repositories.yaml`](argocd-repositories.yaml) | my-private-repo / istio-helm-repo / private-helm-repo / private-repo | Secrets | Sample repository connection details | -| [`argocd-repo-creds.yaml`](argocd-repo-creds.yaml) | argoproj-https-creds / argoproj-ssh-creds / github-creds / github-enterprise-creds | Secrets | Sample repository credential templates | -| [`argocd-cmd-params-cm.yaml`](argocd-cmd-params-cm.yaml) | argocd-cmd-params-cm | ConfigMap | Argo CD env variables configuration | -| [`argocd-secret.yaml`](argocd-secret.yaml) | argocd-secret | Secret | User Passwords, Certificates (deprecated), Signing Key, Dex secrets, Webhook secrets | -| [`argocd-rbac-cm.yaml`](argocd-rbac-cm.yaml) | argocd-rbac-cm | ConfigMap | RBAC Configuration | -| [`argocd-tls-certs-cm.yaml`](argocd-tls-certs-cm.yaml) | argocd-tls-certs-cm | ConfigMap | Custom TLS certificates for connecting Git repositories via HTTPS (v1.2 and later) | -| [`argocd-ssh-known-hosts-cm.yaml`](argocd-ssh-known-hosts-cm.yaml) | argocd-ssh-known-hosts-cm | ConfigMap | SSH known hosts data for connecting Git repositories via SSH (v1.2 and later) | +| Sample File | Resource Name | Kind | Description | +|-----------------------------------------------------------------------|------------------------------------------------------------------------------------|-----------|--------------------------------------------------------------------------------------| +| [`argocd-cm.yaml`](argocd-cm-yaml.md) | argocd-cm | ConfigMap | General Argo CD configuration | +| [`argocd-repositories.yaml`](argocd-repositories-yaml.md) | my-private-repo / istio-helm-repo / private-helm-repo / private-repo | Secrets | Sample repository connection details | +| [`argocd-repo-creds.yaml`](argocd-repo-creds.yaml) | argoproj-https-creds / argoproj-ssh-creds / github-creds / github-enterprise-creds | Secrets | Sample repository credential templates | +| [`argocd-cmd-params-cm.yaml`](argocd-cmd-params-cm-yaml.md) | argocd-cmd-params-cm | ConfigMap | Argo CD env variables configuration | +| [`argocd-secret.yaml`](argocd-secret-yaml.md) | argocd-secret | Secret | User Passwords, Certificates (deprecated), Signing Key, Dex secrets, Webhook secrets | +| [`argocd-rbac-cm.yaml`](argocd-rbac-cm-yaml.md) | argocd-rbac-cm | ConfigMap | RBAC Configuration | +| [`argocd-tls-certs-cm.yaml`](argocd-tls-certs-cm-yaml.md) | argocd-tls-certs-cm | ConfigMap | Custom TLS certificates for connecting Git repositories via HTTPS (v1.2 and later) | +| [`argocd-ssh-known-hosts-cm.yaml`](argocd-ssh-known-hosts-cm-yaml.md) | argocd-ssh-known-hosts-cm | ConfigMap | SSH known hosts data for connecting Git repositories via SSH (v1.2 and later) | For each specific kind of ConfigMap and Secret resource, there is only a single supported resource name (as listed in the above table) - if you need to merge things you need to do it before creating them. @@ -26,11 +26,11 @@ For each specific kind of ConfigMap and Secret resource, there is only a single ### Multiple configuration objects -| Sample File | Kind | Description | -|-------------|------|-------------| -| [`application.yaml`](application.yaml) | Application | Example application spec | -| [`project.yaml`](project.yaml) | AppProject | Example project spec | -| - | Secret | Repository credentials | +| Sample File | Kind | Description | +|------------------------------------------------------------------|-------------|--------------------------| +| [`application.yaml`](../user-guide/application-specification.md) | Application | Example application spec | +| [`project.yaml`](./project-specification.md) | AppProject | Example project spec | +| - | Secret | Repository credentials | For `Application` and `AppProject` resources, the name of the resource equals the name of the application or project within Argo CD. This also means that application and project names are unique within a given Argo CD installation - you cannot have the same application name for two different applications. @@ -209,7 +209,7 @@ metadata: argocd.argoproj.io/secret-type: repository stringData: type: git - url: git@github.com:argoproj/my-private-repository + url: git@github.com:argoproj/my-private-repository.git sshPrivateKey: | -----BEGIN OPENSSH PRIVATE KEY----- ... @@ -424,22 +424,27 @@ An example ConfigMap object: apiVersion: v1 kind: ConfigMap metadata: - name: argocd-ssh-known-hosts-cm - namespace: argocd labels: - app.kubernetes.io/name: argocd-cm + app.kubernetes.io/name: argocd-ssh-known-hosts-cm app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl ``` !!! note @@ -581,6 +586,132 @@ stringData: } ``` +EKS cluster secret example using argocd-k8s-auth and [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html): + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: mycluster-secret + labels: + argocd.argoproj.io/secret-type: cluster +type: Opaque +stringData: + name: "mycluster.com" + server: "https://mycluster.com" + config: | + { + "awsAuthConfig": { + "clusterName": "my-eks-cluster-name", + "roleARN": "arn:aws:iam:::role/" + }, + "tlsClientConfig": { + "insecure": false, + "caData": "" + } + } +``` + +Note that you should have IRSA enabled on your EKS cluster, create an appropriate IAM role which allows it to assume +other IAM roles (whichever `roleARN`s that Argo CD needs to assume) and have an assume role policy which allows +the argocd-application-controller and argocd-server pods to assume said role via OIDC. + +Example trust relationship config for `:role/`, which +is required for Argo CD to perform actions via IAM. Ensure that the cluster has an [IAM OIDC provider configured](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) +for it. + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam:::oidc-provider/oidc.eks..amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks..amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": ["system:serviceaccount:argocd:argocd-application-controller", "system:serviceaccount:argocd:argocd-server"], + "oidc.eks..amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com" + } + } + } + ] +} +``` + +The Argo CD management role also needs to be allowed to assume other roles, in this case we want it to assume +`arn:aws:iam:::role/` so that it can manage the cluster mapped to that role. This can be +extended to allow assumption of multiple roles, either as an explicit array of role ARNs or by using `*` where appropriate. + +```json +{ + "Version" : "2012-10-17", + "Statement" : { + "Effect" : "Allow", + "Action" : "sts:AssumeRole", + "Principal" : { + "AWS" : ":role/" + } + } + } +``` + +Example service account configs for `argocd-application-controller` and `argocd-server`. Note that once the annotations +have been set on the service accounts, both the application controller and server pods need to be restarted. + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + eks.amazonaws.com/role-arn: ":role/" + name: argocd-application-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + eks.amazonaws.com/role-arn: ":role/" + name: argocd-server +``` + +In turn, the `roleARN` of each managed cluster needs to be added to each respective cluster's `aws-auth` config map (see +[Enabling IAM principal access to your cluster](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html)), as +well as having an assume role policy which allows it to be assumed by the Argo CD pod role. + +Example assume role policy for a cluster which is managed by Argo CD: + +```json +{ + "Version" : "2012-10-17", + "Statement" : { + "Effect" : "Allow", + "Action" : "sts:AssumeRole", + "Principal" : { + "AWS" : ":role/" + } + } + } +``` + +Example kube-system/aws-auth configmap for your cluster managed by Argo CD: + +```yaml +apiVersion: v1 +data: + # Other groups and accounts omitted for brevity. Ensure that no other rolearns and/or groups are inadvertently removed, + # or you risk borking access to your cluster. + # + # The group name is a RoleBinding which you use to map to a [Cluster]Role. See https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-binding-examples + mapRoles: | + - "groups": + - "" + "rolearn": ":role/" + "username": "" +``` + GKE cluster secret example using argocd-k8s-auth and [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity): ```yaml @@ -650,7 +781,7 @@ stringData: ## Resource Exclusion/Inclusion -Resources can be excluded from discovery and sync so that Argo CD is unaware of them. For example, `events.k8s.io` and `metrics.k8s.io` are always excluded. Use cases: +Resources can be excluded from discovery and sync so that Argo CD is unaware of them. For example, the apiGroup/kind `events.k8s.io/*`, `metrics.k8s.io/*`, `coordination.k8s.io/Lease`, and `""/Endpoints` are always excluded. Use cases: * You have temporal issues and you want to exclude problematic resources. * There are many of a kind of resources that impacts Argo CD's performance. diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index 7e512415031c8..2998a9c863697 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -11,38 +11,42 @@ or individual resources (pods, services, etc.). ## Configuring Deep Links The configuration for Deep Links is present in `argocd-cm` as `.links` fields where -`` determines where it will be displayed. The possible values for `` are : -- `project` : all links under this field will show up in the project tab in the Argo CD UI -- `application` : all links under this field will show up in the application summary tab -- `resource` : all links under this field will show up in the resource (deployments, pods, services, etc.) summary tab +`` determines where it will be displayed. The possible values for `` are: -Each link in the list has five subfields : -1. `title` : title/tag that will be displayed in the UI corresponding to that link -2. `url` : the actual URL where the deep link will redirect to, this field can be templated to use data from the +- `project`: all links under this field will show up in the project tab in the Argo CD UI +- `application`: all links under this field will show up in the application summary tab +- `resource`: all links under this field will show up in the resource (deployments, pods, services, etc.) summary tab + +Each link in the list has five subfields: + +1. `title`: title/tag that will be displayed in the UI corresponding to that link +2. `url`: the actual URL where the deep link will redirect to, this field can be templated to use data from the corresponding application, project or resource objects (depending on where it is located). This uses [text/template](pkg.go.dev/text/template) pkg for templating -3. `description` (optional) : a description for what the deep link is about -4. `icon.class` (optional) : a font-awesome icon class to be used when displaying the links in dropdown menus -5. `if` (optional) : a conditional statement that results in either `true` or `false`, it also has access to the same +3. `description` (optional): a description for what the deep link is about +4. `icon.class` (optional): a font-awesome icon class to be used when displaying the links in dropdown menus +5. `if` (optional): a conditional statement that results in either `true` or `false`, it also has access to the same data as the `url` field. If the condition resolves to `true` the deep link will be displayed - else it will be hidden. If the field is omitted, by default the deep links will be displayed. This uses [antonmedv/expr](https://github.com/antonmedv/expr/tree/master/docs) for evaluating conditions !!!note - For resources of kind Secret the data fields are redacted but other fields are accessible for templating the deep links. + For resources of kind Secret the data fields are redacted but other fields are accessible for templating the deep links. !!!warning - Make sure to validate the url templates and inputs to prevent data leaks or possible generation of any malicious links. + Make sure to validate the url templates and inputs to prevent data leaks or possible generation of any malicious links. As mentioned earlier the links and conditions can be templated to use data from the resource, each category of links can access different types of data linked to that resource. -Overall we have these 4 resources available for templating in the system : -- `application` : this key is used to access the application resource data. -- `resource` : this key is used to access values for the actual k8s resource. -- `cluster` : this key is used to access the related destination cluster data like name, server, namespaces etc. -- `project` : this key is used to access the project resource data. +Overall we have these 4 resources available for templating in the system: + +- `application`: this key is used to access the application resource data. +- `resource`: this key is used to access values for the actual k8s resource. +- `cluster`: this key is used to access the related destination cluster data like name, server, namespaces etc. +- `project`: this key is used to access the project resource data. + +The above resources are accessible in particular link categories, here's a list of resources available in each category: -The above resources are accessible in particular link categories, here's a list of resources available in each category : -- `resource.links` : `resource`, `application`, `cluster` and `project` -- `application.links` : `application` and `cluster` -- `project.links` : `project` +- `resource.links`: `resource`, `application`, `cluster` and `project` +- `application.links`: `application` and `cluster` +- `project.links`: `project` An example `argocd-cm.yaml` file with deep links and their variations : @@ -65,7 +69,7 @@ An example `argocd-cm.yaml` file with deep links and their variations : if: application.spec.project == "default" - url: https://{{.application.metadata.annotations.splunkhost}}?search={{.application.spec.destination.namespace}} title: Splunk - if: application.metadata.annotations.splunkhost + if: application.metadata.annotations.splunkhost != "" # sample resource level links resource.links: | - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.label.env}} diff --git a/docs/operator-manual/disaster_recovery.md b/docs/operator-manual/disaster_recovery.md index 6bb52847d978a..97d2868051d65 100644 --- a/docs/operator-manual/disaster_recovery.md +++ b/docs/operator-manual/disaster_recovery.md @@ -15,13 +15,13 @@ export VERSION=v1.0.1 Export to a backup: ```bash -docker run -v ~/.kube:/home/argocd/.kube --rm argoproj/argocd:$VERSION argocd admin export > backup.yaml +docker run -v ~/.kube:/home/argocd/.kube --rm quay.io/argoproj/argocd:$VERSION argocd admin export > backup.yaml ``` Import from a backup: ```bash -docker run -i -v ~/.kube:/home/argocd/.kube --rm argoproj/argocd:$VERSION argocd admin import - < backup.yaml +docker run -i -v ~/.kube:/home/argocd/.kube --rm quay.io/argoproj/argocd:$VERSION argocd admin import - < backup.yaml ``` !!! note diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index 4afa5882dca7b..ad37e06437e17 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -137,9 +137,11 @@ setting `resource.customizations.useOpenLibs.`. In the following exa ```yaml data: - resource.customizations.useOpenLibs.cert-manager.io_Certificate: "true" - resource.customizations.health.cert-manager.io_Certificate: - -- Lua standard libraries are enabled for this script + resource.customizations: | + cert-manager.io/Certificate: + health.lua.useOpenLibs: true + health.lua: | + # Lua standard libraries are enabled for this script ``` ### Way 2. Contribute a Custom Health Check diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 8e69c0cfb01ef..56030fa2e9a57 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -80,6 +80,34 @@ spec: value: "2" ``` +* The shard distribution algorithm of the `argocd-application-controller` can be set by using the `--sharding-method` parameter. Supported sharding methods are : [legacy (default), round-robin]. `legacy` mode uses an `uid` based distribution (non-uniform). `round-robin` uses an equal distribution across all shards. The `--sharding-method` parameter can also be overriden by setting the key `controller.sharding.algorithm` in the `argocd-cmd-params-cm` `configMap` (preferably) or by setting the `ARGOCD_CONTROLLER_SHARDING_ALGORITHM` environment variable and by specifiying the same possible values. + +!!! warning "Alpha Feature" + The `round-robin` shard distribution algorithm is an experimental feature. Reshuffling is known to occur in certain scenarios with cluster removal. If the cluster at rank-0 is removed, reshuffling all clusters across shards will occur and may temporarly have negative performance impacts. + +* A cluster can be manually assigned and forced to a `shard` by patching the `shard` field in the cluster secret to contain the shard number, e.g. +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: mycluster-secret + labels: + argocd.argoproj.io/secret-type: cluster +type: Opaque +stringData: + shard: 1 + name: mycluster.com + server: https://mycluster.com + config: | + { + "bearerToken": "", + "tlsClientConfig": { + "insecure": false, + "caData": "" + } + } +``` + * `ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM` - environment variable that enables collecting RPC performance metrics. Enable it if you need to troubleshoot performance issues. Note: This metric is expensive to both query and store! **metrics** diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index 35fdef22dd3f4..a8387b352f6fd 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -242,10 +242,11 @@ spec: secretName: argocd-server-tls # as expected by argocd-server ``` -### Option 2: Multiple Ingress Objects And Hosts +### Option 2: SSL Termination at Ingress Controller -Since ingress-nginx Ingress supports only a single protocol per Ingress object, an alternative -way would be to define two Ingress objects. One for HTTP/HTTPS, and the other for gRPC: +An alternative approach is to perform the SSL termination at the Ingress. Since an `ingress-nginx` Ingress supports only a single protocol per Ingress object, two Ingress objects need to be defined using the `nginx.ingress.kubernetes.io/backend-protocol` annotation, one for HTTP/HTTPS and the other for gRPC. + +Each ingress will be for a different domain (`argocd.example.com` and `grpc.argocd.example.com`). This requires that the Ingress resources use different TLS `secretName`s to avoid unexpected behavior. HTTP/HTTPS Ingress: ```yaml @@ -273,7 +274,7 @@ spec: tls: - hosts: - argocd.example.com - secretName: argocd-server-tls # do not change, this is provided by Argo CD + secretName: argocd-ingress-http ``` gRPC Ingress: @@ -301,7 +302,7 @@ spec: tls: - hosts: - grpc.argocd.example.com - secretName: argocd-server-tls # do not change, this is provided by Argo CD + secretName: argocd-ingress-grpc ``` The API server should then be run with TLS disabled. Edit the `argocd-server` deployment to add the @@ -413,6 +414,132 @@ Once we create this service, we can configure the Ingress to conditionally route - argocd.argoproj.io ``` +## [Istio](https://www.istio.io) +You can put ArgoCD behind Istio using following configurations. Here we will achive both serving ArgoCD behind istio and using subpath on Istio + +First we need to make sure that we can run ArgoCD with subpath (ie /argocd). For this we have used install.yaml from argocd project as is + +```bash +curl -kLs -o install.yaml https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml +``` + +save following file as kustomization.yml + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./install.yaml + +patches: +- path: ./patch.yml +``` + +And following lines as patch.yml + +```yaml +# Use --insecure so Ingress can send traffic with HTTP +# --bashref /argocd is the subpath like https://IP/argocd +# env was added because of https://github.com/argoproj/argo-cd/issues/3572 error +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-server +spec: + template: + spec: + containers: + - args: + - /usr/local/bin/argocd-server + - --staticassets + - /shared/app + - --redis + - argocd-redis-ha-haproxy:6379 + - --insecure + - --basehref + - /argocd + - --rootpath + - /argocd + name: argocd-server + env: + - name: ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT + value: "0" +``` + +After that install ArgoCD (there should be only 3 yml file defined above in current directory ) + +```bash +kubectl apply -k ./ -n argocd --wait=true +``` + +Be sure you create secret for Isito ( in our case secretname is argocd-server-tls on argocd Namespace). After that we create Istio Resources + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: argocd-gateway + namespace: argocd +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + tls: + httpsRedirect: true + - port: + number: 443 + name: https + protocol: HTTPS + hosts: + - "*" + tls: + credentialName: argocd-server-tls + maxProtocolVersion: TLSV1_3 + minProtocolVersion: TLSV1_2 + mode: SIMPLE + cipherSuites: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-SHA + - AES128-GCM-SHA256 + - AES128-SHA + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-AES256-SHA + - AES256-GCM-SHA384 + - AES256-SHA +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: argocd-virtualservice + namespace: argocd +spec: + hosts: + - "*" + gateways: + - argocd-gateway + http: + - match: + - uri: + prefix: /argocd + route: + - destination: + host: argocd-server + port: + number: 80 +``` + +And now we can browse http://{{ IP }}/argocd (it will be rewritten to https://{{ IP }}/argocd + + ## Google Cloud load balancers with Kubernetes Ingress You can make use of the integration of GKE with Google Cloud to deploy Load Balancers using just Kubernetes objects. @@ -537,15 +664,15 @@ spec: - secretName: secret-yourdomain-com rules: - host: argocd.yourdomain.com - http: - paths: - - pathType: ImplementationSpecific - path: "/*" # "*" is needed. Without this, the UI Javascript and CSS will not load properly - backend: - service: - name: argocd-server - port: - number: 80 + http: + paths: + - pathType: ImplementationSpecific + path: "/*" # "*" is needed. Without this, the UI Javascript and CSS will not load properly + backend: + service: + name: argocd-server + port: + number: 80 ``` If you use the version `1.21.3-gke.1600` or later, you should use the following Ingress resource: @@ -562,15 +689,15 @@ spec: - secretName: secret-yourdomain-com rules: - host: argocd.yourdomain.com - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: argocd-server - port: - number: 80 + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: argocd-server + port: + number: 80 ``` As you may know already, it can take some minutes to deploy the load balancer and become ready to accept connections. Once it's ready, get the public IP address for your Load Balancer, go to your DNS server (Google or third party) and point your domain or subdomain (i.e. argocd.yourdomain.com) to that IP address. diff --git a/docs/operator-manual/installation.md b/docs/operator-manual/installation.md index 243794fa26bb9..11c6fcdb22bd5 100644 --- a/docs/operator-manual/installation.md +++ b/docs/operator-manual/installation.md @@ -72,7 +72,7 @@ kind: Kustomization namespace: argocd resources: -- github.com/argoproj/argo-cd/manifests/ha/base?ref=v2.6.2 +- https://raw.githubusercontent.com/argoproj/argo-cd/v2.7.2/manifests/install.yaml ``` For an example of this, see the [kustomization.yaml](https://github.com/argoproj/argoproj-deployments/blob/master/argocd/kustomization.yaml) @@ -99,3 +99,9 @@ For example if the latest minor version of ArgoCD are 2.4.3 and 2.3.5 while sup * Argo CD 2.3.5 on Kubernetes 1.24 * Argo CD 2.3.5 on Kubernetes 1.23 * Argo CD 2.3.5 on Kubernetes 1.22 + +## Tested versions + +The following table shows the versions of Kubernetes that are tested with each version of Argo CD. + +{!docs/operator-manual/tested-kubernetes-versions.md!} diff --git a/docs/operator-manual/notifications/services/email.md b/docs/operator-manual/notifications/services/email.md index e3c4b7d9e6380..b81ab6cde8b4c 100755 --- a/docs/operator-manual/notifications/services/email.md +++ b/docs/operator-manual/notifications/services/email.md @@ -46,7 +46,7 @@ data: ## Template -Notification templates support specifying subject for email notifications: +[Notification templates](../templates.md) support specifying subject for email notifications: ```yaml apiVersion: v1 diff --git a/docs/operator-manual/notifications/services/github.md b/docs/operator-manual/notifications/services/github.md index 2b5bbf1e8c6ce..c24ea00f433d7 100755 --- a/docs/operator-manual/notifications/services/github.md +++ b/docs/operator-manual/notifications/services/github.md @@ -12,7 +12,7 @@ The GitHub notification service changes commit status using [GitHub Apps](https: ## Configuration 1. Create a GitHub Apps using https://github.com/settings/apps/new -2. Change repository permissions to enable write commit statuses +2. Change repository permissions to enable write commit statuses and/or deployments ![2](https://user-images.githubusercontent.com/18019529/108397381-3ca57980-725b-11eb-8d17-5b8992dc009e.png) 3. Generate a private key, and download it automatically ![3](https://user-images.githubusercontent.com/18019529/108397926-d4a36300-725b-11eb-83fe-74795c8c3e03.png) @@ -69,6 +69,12 @@ template.app-deployed: | state: success label: "continuous-delivery/{{.app.metadata.name}}" targetURL: "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + deployment: + state: success + environment: production + environmentURL: "https://{{.app.metadata.name}}.example.com" + logURL: "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + requiredContexts: [] ``` **Notes**: diff --git a/docs/operator-manual/notifications/services/pagerduty.md b/docs/operator-manual/notifications/services/pagerduty.md index 849b4db802d9d..0e1ab965332e1 100755 --- a/docs/operator-manual/notifications/services/pagerduty.md +++ b/docs/operator-manual/notifications/services/pagerduty.md @@ -35,7 +35,7 @@ data: ## Template -Notification templates support specifying subject for pagerduty notifications: +[Notification templates](../templates.md) support specifying subject for pagerduty notifications: ```yaml apiVersion: v1 @@ -63,4 +63,4 @@ kind: Rollout metadata: annotations: notifications.argoproj.io/subscribe.on-rollout-aborted.pagerduty: "" -``` \ No newline at end of file +``` diff --git a/docs/operator-manual/notifications/services/pagerduty_v2.md b/docs/operator-manual/notifications/services/pagerduty_v2.md new file mode 100755 index 0000000000000..21e8d942e4e93 --- /dev/null +++ b/docs/operator-manual/notifications/services/pagerduty_v2.md @@ -0,0 +1,78 @@ +# PagerDuty V2 + +## Parameters + +The PagerDuty notification service is used to trigger PagerDuty events and requires specifying the following settings: + +* `serviceKeys` - a dictionary with the following structure: + * `service-name: $pagerduty-key-service-name` where `service-name` is the name you want to use for the service to make events for, and `$pagerduty-key-service-name` is a reference to the secret that contains the actual PagerDuty integration key (Events API v2 integration) + +If you want multiple Argo apps to trigger events to their respective PagerDuty services, create an integration key in each service you want to setup alerts for. + +To create a PagerDuty integration key, [follow these instructions](https://support.pagerduty.com/docs/services-and-integrations#create-a-generic-events-api-integration) to add an Events API v2 integration to the service of your choice. + +## Configuration + +The following snippet contains sample PagerDuty service configuration. It assumes the service you want to alert on is called `my-service`. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: +stringData: + pagerduty-key-my-service: +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: +data: + service.pagerdutyv2: | + serviceKeys: + my-service: $pagerduty-key-my-service +``` + +## Template + +[Notification templates](../templates.md) support specifying subject for PagerDuty notifications: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: +data: + template.rollout-aborted: | + message: Rollout {{.rollout.metadata.name}} is aborted. + pagerdutyv2: + summary: "Rollout {{.rollout.metadata.name}} is aborted." + severity: "critical" + source: "{{.rollout.metadata.name}}" +``` + +The parameters for the PagerDuty configuration in the template generally match with the payload for the Events API v2 endpoint. All parameters are strings. + +* `summary` - (required) A brief text summary of the event, used to generate the summaries/titles of any associated alerts. +* `severity` - (required) The perceived severity of the status the event is describing with respect to the affected system. Allowed values: `critical`, `warning`, `error`, `info` +* `source` - (required) The unique location of the affected system, preferably a hostname or FQDN. +* `component` - Component of the source machine that is responsible for the event. +* `group` - Logical grouping of components of a service. +* `class` - The class/type of the event. +* `url` - The URL that should be used for the link "View in ArgoCD" in PagerDuty. + +The `timestamp` and `custom_details` parameters are not currently supported. + +## Annotation + +Annotation sample for PagerDuty notifications: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Rollout +metadata: + annotations: + notifications.argoproj.io/subscribe.on-rollout-aborted.pagerdutyv2: "" +``` diff --git a/docs/operator-manual/notifications/services/rocketchat.md b/docs/operator-manual/notifications/services/rocketchat.md index 554f42a808f01..f1157050139d0 100755 --- a/docs/operator-manual/notifications/services/rocketchat.md +++ b/docs/operator-manual/notifications/services/rocketchat.md @@ -64,7 +64,7 @@ metadata: ## Templates -Notification templates can be customized with RocketChat [attachments](https://developer.rocket.chat/api/rest-api/methods/chat/postmessage#attachments-detail). +[Notification templates](../templates.md) can be customized with RocketChat [attachments](https://developer.rocket.chat/api/rest-api/methods/chat/postmessage#attachments-detail). *Note: Attachments structure in Rocketchat is same with Slack attachments [feature](https://api.slack.com/messaging/composing/layouts).* diff --git a/docs/operator-manual/notifications/services/slack.md b/docs/operator-manual/notifications/services/slack.md index 0cd9a0f17708e..876445bfec61e 100755 --- a/docs/operator-manual/notifications/services/slack.md +++ b/docs/operator-manual/notifications/services/slack.md @@ -50,7 +50,7 @@ The Slack notification service configuration includes following settings: token: $slack-token ``` -1. Add annotation in application yaml file to enable notifications for specific argocd app +1. Add annotation in application yaml file to enable notifications for specific argocd app. The following example uses the [on-sync-succeeded trigger](../catalog.md#triggers): ```yaml apiVersion: argoproj.io/v1alpha1 @@ -60,7 +60,7 @@ The Slack notification service configuration includes following settings: notifications.argoproj.io/subscribe.on-sync-succeeded.slack: my_channel ``` -1. Annotation with more than one trigger multiple of destinations and recipients +1. Annotation with more than one [trigger](../catalog.md#triggers), with multiple destinations and recipients ```yaml apiVersion: argoproj.io/v1alpha1 @@ -82,7 +82,7 @@ The Slack notification service configuration includes following settings: ## Templates -Notification templates can be customized to leverage slack message blocks and attachments +[Notification templates](../templates.md) can be customized to leverage slack message blocks and attachments [feature](https://api.slack.com/messaging/composing/layouts). ![](https://user-images.githubusercontent.com/426437/72776856-6dcef880-3bc8-11ea-8e3b-c72df16ee8e6.png) diff --git a/docs/operator-manual/notifications/services/teams.md b/docs/operator-manual/notifications/services/teams.md index eb50f5538c8b6..b5b9a228c43eb 100755 --- a/docs/operator-manual/notifications/services/teams.md +++ b/docs/operator-manual/notifications/services/teams.md @@ -48,7 +48,7 @@ metadata: ![](https://user-images.githubusercontent.com/18019529/114271500-9d2b8880-9a4c-11eb-85c1-f6935f0431d5.png) -Notification templates can be customized to leverage teams message sections, facts, themeColor, summary and potentialAction [feature](https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using). +[Notification templates](../templates.md) can be customized to leverage teams message sections, facts, themeColor, summary and potentialAction [feature](https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using). ```yaml template.app-sync-succeeded: | @@ -123,4 +123,4 @@ You can set a summary of the message that will be shown on Notifcation & Activit template.app-sync-succeeded: | teams: summary: "Sync Succeeded" -``` \ No newline at end of file +``` diff --git a/docs/operator-manual/notifications/triggers.md b/docs/operator-manual/notifications/triggers.md index aecaee81b80c6..c5fe7aa68967f 100644 --- a/docs/operator-manual/notifications/triggers.md +++ b/docs/operator-manual/notifications/triggers.md @@ -28,7 +28,6 @@ The end users just need to subscribe to the trigger and specify the notification triggers might include multiple conditions with a different set of templates for each condition. For example, the following trigger covers all stages of sync status operation and use a different template for different cases: - ```yaml apiVersion: v1 kind: ConfigMap @@ -66,6 +65,10 @@ data: send: [app-sync-succeeded] ``` +**Mono Repo Usage** + +When one repo is used to sync multiple applications, the `oncePer: app.status.sync.revision` field will trigger a notification for each commit. For mono repos, the better approach will be using `oncePer: app.status.operationState.syncResult.revision` statement. This way a notification will be sent only for a particular Application's revision. + ### oncePer The `oncePer` filed is supported like as follows. diff --git a/docs/operator-manual/project-specification.md b/docs/operator-manual/project-specification.md new file mode 100644 index 0000000000000..4d18eb1a9dd1b --- /dev/null +++ b/docs/operator-manual/project-specification.md @@ -0,0 +1,7 @@ +# Project Specification + +The following describes all the available fields of a Project: + +```yaml +{!docs/operator-manual/project.yaml!} +``` diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 37680045fe406..b6fdc87ac2e23 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -171,6 +171,36 @@ g, db-admins, role:staging-db-admins This example defines a *role* called `staging-db-admins` with *nine permissions* that allow that role to perform the *actions* (`create`/`delete`/`get`/`override`/`sync`/`update` applications, `get` logs, `create` exec and `get` appprojects) against `*` (all) objects in the `staging-db-admins` Argo CD AppProject. +## Policy CSV Composition + +It is possible to provide additional entries in the `argocd-rbac-cm` +configmap to compose the final policy csv. In this case the key must +follow the pattern `policy..csv`. Argo CD will concatenate +all additional policies it finds with this pattern below the main one +('policy.csv'). The order of additional provided policies are +determined by the key string. Example: if two additional policies are +provided with keys `policy.A.csv` and `policy.B.csv`, it will first +concatenate `policy.A.csv` and then `policy.B.csv`. + +This is useful to allow composing policies in config management tools +like Kustomize, Helm, etc. + +The example below shows how a Kustomize patch can be provided in an +overlay to add additional configuration to an existing RBAC policy. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + namespace: argocd +data: + policy.tester-overlay.csv: | + p, role:tester, applications, *, */*, allow + p, role:tester, projects, *, *, allow + g, my-org:team-qa, role:tester +``` + ## Anonymous Access The anonymous access to Argo CD can be enabled using `users.anonymous.enabled` field in `argocd-cm` (see [argocd-cm.yaml](argocd-cm.yaml)). diff --git a/docs/operator-manual/reconcile.md b/docs/operator-manual/reconcile.md new file mode 100644 index 0000000000000..a3273c97d9922 --- /dev/null +++ b/docs/operator-manual/reconcile.md @@ -0,0 +1,64 @@ +# Reconcile Optimization + +By default, an Argo CD Application is refreshed everytime a resource that belongs to it changes. + +Kubernetes controllers often update the resources they watch periodically, causing continuous reconcile operation on the Application +and a high CPU usage on the `argocd-application-controller`. Argo CD allows you to optionally ignore resource updates on specific fields +for [tracked resources](../user-guide/resource_tracking.md). + +When a resource update is ignored, if the resource's [health status](./health.md) does not change, the Application that this resource belongs to will not be reconciled. + +## System-Level Configuration + +Argo CD allows ignoring resource updates at a specific JSON path, using [RFC6902 JSON patches](https://tools.ietf.org/html/rfc6902) and [JQ path expressions](https://stedolan.github.io/jq/manual/#path(path_expression)). It can be configured for a specified group and kind +in `resource.customizations` key of the `argocd-cm` ConfigMap. + +The feature is behind a flag. To enable it, set `resource.ignoreResourceUpdatesEnabled` to `"true"` in the `argocd-cm` ConfigMap. + +Following is an example of a customization which ignores the `refreshTime` status field of an [`ExternalSecret`](https://external-secrets.io/main/api/externalsecret/) resource: + +```yaml +data: + resource.customizations.ignoreResourceUpdates.external-secrets.io_ExternalSecret: | + jsonPointers: + - /status/refreshTime +``` + +It is possible to configure `ignoreResourceUpdates` to be applied to all tracked resources in every Application managed by an Argo CD instance. In order to do so, resource customizations can be configured like in the example below: + +```yaml +data: + resource.customizations.ignoreResourceUpdates.all: | + jsonPointers: + - /status +``` + +### Using ignoreDifferences to ignore reconcile + +It is possible to use existing system-level `ignoreDifferences` customizations to ignore resource updates as well. Instead of copying all configurations, +the `ignoreDifferencesOnResourceUpdates` setting can be used to add all ignored differences as ignored resource updates: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm +data: + resource.compareoptions: | + ignoreDifferencesOnResourceUpdates: true +``` + +## Default Configuration + +By default, the metadata fields `generation`, `resourceVersion` and `managedFields` are always ignored for all resources. + +## Finding Resources to Ignore + +The application controller logs when a resource change triggers a refresh. You can use these logs to find +high-churn resource kinds and then inspect those resources to find which fields to ignore. + +To find these logs, search for `"Requesting app refresh caused by object update"`. The logs include structured +fields for `api-version` and `kind`. Counting the number of refreshes triggered, by api-version/kind should +reveal the high-churn resource kinds. + +Note that these logs are at the `debug` level. Configure the application-controller's log level to `debug`. diff --git a/docs/operator-manual/resource_actions.md b/docs/operator-manual/resource_actions.md index 2dbe58749cad4..b720f589ae8d0 100644 --- a/docs/operator-manual/resource_actions.md +++ b/docs/operator-manual/resource_actions.md @@ -12,11 +12,30 @@ Argo CD supports custom resource actions written in [Lua](https://www.lua.org/). * Have a custom resource for which Argo CD does not provide any built-in actions. * Have a commonly performed manual task that might be error prone if executed by users via `kubectl` +The resource actions act on a single object. + You can define your own custom resource actions in the `argocd-cm` ConfigMap. +### Custom Resource Action Types + +#### An action that modifies the source resource + +This action modifies and returns the source resource. +This kind of action was the only one available till 2.8, and it is still supported. + +#### An action that produces a list of new or modified resources + +**An alpha feature, introduced in 2.8.** + +This action returns a list of impacted resources, each impacted resource has a K8S resource and an operation to perform on. +Currently supported operations are "create" and "patch", "patch" is only supported for the source resource. +Creating new resources is possible, by specifying a "create" operation for each such resource in the returned list. +One of the returned resources can be the modified source object, with a "patch" operation, if needed. +See the definition examples below. + ### Define a Custom Resource Action in `argocd-cm` ConfigMap -Custom resource actions can be defined in `resource.customizations.actions.` field of `argocd-cm`. Following example demonstrates a set of custom actions for `CronJob` resources. +Custom resource actions can be defined in `resource.customizations.actions.` field of `argocd-cm`. Following example demonstrates a set of custom actions for `CronJob` resources, each such action returns the modified CronJob. The customizations key is in the format of `resource.customizations.actions.`. ```yaml @@ -51,4 +70,114 @@ resource.customizations.actions.batch_CronJob: | The `discovery.lua` script must return a table where the key name represents the action name. You can optionally include logic to enable or disable certain actions based on the current object state. -Each action name must be represented in the list of `definitions` with an accompanying `action.lua` script to control the resource modifications. The `obj` is a global variable which contains the resource. Each action script must return an optionally modified version of the resource. In this example, we are simply setting `.spec.suspend` to either `true` or `false`. +Each action name must be represented in the list of `definitions` with an accompanying `action.lua` script to control the resource modifications. The `obj` is a global variable which contains the resource. Each action script returns an optionally modified version of the resource. In this example, we are simply setting `.spec.suspend` to either `true` or `false`. + +#### Creating new resources with a custom action + +!!! important + Creating resources via the Argo CD UI is an intentional, strategic departure from GitOps principles. We recommend + that you use this feature sparingly and only for resources that are not part of the desired state of the + application. + +The resource the action is invoked on would be referred to as the `source resource`. +The new resource and all the resources implicitly created as a result, must be permitted on the AppProject level, otherwise the creation will fail. + +##### Creating a source resource child resources with a custom action + +If the new resource represents a k8s child of the source resource, the source resource ownerReference must be set on the new resource. +Here is an example Lua snippet, that takes care of constructing a Job resource that is a child of a source CronJob resource - the `obj` is a global variable, which contains the source resource: + +```lua +-- ... +ownerRef = {} +ownerRef.apiVersion = obj.apiVersion +ownerRef.kind = obj.kind +ownerRef.name = obj.metadata.name +ownerRef.uid = obj.metadata.uid +job = {} +job.metadata = {} +job.metadata.ownerReferences = {} +job.metadata.ownerReferences[1] = ownerRef +-- ... +``` + +##### Creating independent child resources with a custom action + +If the new resource is independent of the source resource, the default behavior of such new resource is that it is not known by the App of the source resource (as it is not part of the desired state and does not have an `ownerReference`). +To make the App aware of the new resource, the `app.kubernetes.io/instance` label (or other ArgoCD tracking label, if configured) must be set on the resource. +It can be copied from the source resource, like this: + +```lua +-- ... +newObj = {} +newObj.metadata = {} +newObj.metadata.labels = {} +newObj.metadata.labels["app.kubernetes.io/instance"] = obj.metadata.labels["app.kubernetes.io/instance"] +-- ... +``` + +While the new resource will be part of the App with the tracking label in place, it will be immediately deleted if auto prune is set on the App. +To keep the resource, set `Prune=false` annotation on the resource, with this Lua snippet: + +```lua +-- ... +newObj.metadata.annotations = {} +newObj.metadata.annotations["argocd.argoproj.io/sync-options"] = "Prune=false" +-- ... +``` + +(If setting `Prune=false` behavior, the resource will not be deleted upon the deletion of the App, and will require a manual cleanup). + +The resource and the App will now appear out of sync - which is the expected ArgoCD behavior upon creating a resource that is not part of the desired state. + +If you wish to treat such an App as a synced one, add the following resource annotation in Lua code: + +```lua +-- ... +newObj.metadata.annotations["argocd.argoproj.io/compare-options"] = "IgnoreExtraneous" +-- ... +``` + +#### An action that produces a list of resources - a complete example: + +```yaml +resource.customizations.actions.ConfigMap: | + discovery.lua: | + actions = {} + actions["do-things"] = {} + return actions + definitions: + - name: do-things + action.lua: | + -- Create a new ConfigMap + cm1 = {} + cm1.apiVersion = "v1" + cm1.kind = "ConfigMap" + cm1.metadata = {} + cm1.metadata.name = "cm1" + cm1.metadata.namespace = obj.metadata.namespace + cm1.metadata.labels = {} + -- Copy ArgoCD tracking label so that the resource is recognized by the App + cm1.metadata.labels["app.kubernetes.io/instance"] = obj.metadata.labels["app.kubernetes.io/instance"] + cm1.metadata.annotations = {} + -- For Apps with auto-prune, set the prune false on the resource, so it does not get deleted + cm1.metadata.annotations["argocd.argoproj.io/sync-options"] = "Prune=false" + -- Keep the App synced even though it has a resource that is not in Git + cm1.metadata.annotations["argocd.argoproj.io/compare-options"] = "IgnoreExtraneous" + cm1.data = {} + cm1.data.myKey1 = "myValue1" + impactedResource1 = {} + impactedResource1.operation = "create" + impactedResource1.resource = cm1 + + -- Patch the original cm + obj.metadata.labels["aKey"] = "aValue" + impactedResource2 = {} + impactedResource2.operation = "patch" + impactedResource2.resource = obj + + result = {} + result[1] = impactedResource1 + result[2] = impactedResource2 + return result +``` \ No newline at end of file diff --git a/docs/operator-manual/server-commands/argocd-application-controller.md b/docs/operator-manual/server-commands/argocd-application-controller.md index fb27a3c176e71..d21763afa7404 100644 --- a/docs/operator-manual/server-commands/argocd-application-controller.md +++ b/docs/operator-manual/server-commands/argocd-application-controller.md @@ -59,6 +59,7 @@ argocd-application-controller [flags] --sentinel stringArray Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). --sentinelmaster string Redis sentinel master group name. (default "master") --server string The address and port of the Kubernetes API server + --sharding-method string Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] (default "legacy") --status-processors int Number of application status processors (default 20) --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. --token string Bearer token for authentication to the API server diff --git a/docs/operator-manual/server-commands/argocd-repo-server.md b/docs/operator-manual/server-commands/argocd-repo-server.md index faf5a804d222b..35d8cbe8dfed5 100644 --- a/docs/operator-manual/server-commands/argocd-repo-server.md +++ b/docs/operator-manual/server-commands/argocd-repo-server.md @@ -13,6 +13,7 @@ argocd-repo-server [flags] ### Options ``` + --address string Listen on given address for incoming connections (default "0.0.0.0") --allow-oob-symlinks Allow out-of-bounds symlinks in repositories (not recommended) --default-cache-expiration duration Cache expiration default (default 24h0m0s) --disable-tls Disable TLS on the gRPC endpoint @@ -20,6 +21,7 @@ argocd-repo-server [flags] --logformat string Set the logging format. One of: text|json (default "text") --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") --max-combined-directory-manifests-size string Max combined size of manifest files in a directory-type Application (default "10M") + --metrics-address string Listen on given address for metrics (default "0.0.0.0") --metrics-port int Start metrics server on given port (default 8084) --otlp-address string OpenTelemetry collector address to send traces to --parallelismlimit int Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 7fcf0cc992a36..e120c757b2ec1 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -13,6 +13,7 @@ argocd-server [flags] ### Options ``` + --address string Listen on given address (default "0.0.0.0") --app-state-cache-expiration duration Cache expiration for app state (default 1h0m0s) --application-namespaces strings List of additional namespaces where application resources can be managed in --as string Username to impersonate for the operation @@ -31,7 +32,7 @@ argocd-server [flags] --dex-server-plaintext Use a plaintext client (non-TLS) to connect to dex server --dex-server-strict-tls Perform strict validation of TLS certificates when connecting to dex server --disable-auth Disable client authentication - --enable-gzip Enable GZIP compression + --enable-gzip Enable GZIP compression (default true) --enable-proxy-extension Enable Proxy Extension feature --gloglevel int Set the glog logging level -h, --help help for argocd-server @@ -41,6 +42,7 @@ argocd-server [flags] --logformat string Set the logging format. One of: text|json (default "text") --login-attempts-expiration duration Cache expiration for failed login attempts (default 24h0m0s) --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --metrics-address string Listen for metrics on given address (default "0.0.0.0") --metrics-port int Start metrics on given port (default 8083) -n, --namespace string If present, the namespace scope for this CLI request --oidc-cache-expiration duration Cache expiration for OIDC state (default 3m0s) diff --git a/docs/operator-manual/tested-kubernetes-versions.md b/docs/operator-manual/tested-kubernetes-versions.md new file mode 100644 index 0000000000000..897620296a515 --- /dev/null +++ b/docs/operator-manual/tested-kubernetes-versions.md @@ -0,0 +1,6 @@ +| Argo CD version | Kubernetes versions | +|-----------------|---------------------| +| 2.7 | v1.26, v1.25, v1.24, v1.23 | +| 2.6 | v1.24, v1.23, v1.22 | +| 2.5 | v1.24, v1.23, v1.22 | + diff --git a/docs/operator-manual/tls.md b/docs/operator-manual/tls.md index 3b80e765f17dd..43409fc568f43 100644 --- a/docs/operator-manual/tls.md +++ b/docs/operator-manual/tls.md @@ -224,7 +224,10 @@ to not use TLS at all. In this case, you will need to: * Configure `argocd-repo-server` with TLS on the gRPC API disabled by specifying - the `--disable-tls` parameter to the pod container's startup arguments + the `--disable-tls` parameter to the pod container's startup arguments. + Also, consider restricting listening addresses to the loopback interface by specifying + `--listen 127.0.0.1` parameter, so that insecure endpoint is not exposed on + the pod's network interfaces, but still available to the side-car container. * Configure `argocd-server` and `argocd-application-controller` to not use TLS for connections to the `argocd-repo-server` by specifying the parameter `--repo-server-plaintext` to the pod container's startup arguments diff --git a/docs/operator-manual/upgrading/2.4-2.5.md b/docs/operator-manual/upgrading/2.4-2.5.md index a9376abdc49c9..8971c7cd8e3a4 100644 --- a/docs/operator-manual/upgrading/2.4-2.5.md +++ b/docs/operator-manual/upgrading/2.4-2.5.md @@ -197,3 +197,8 @@ response and will therefore fail to create/update the Application. To solve the issue, upgrade the CLI to at least 2.5.16, or 2.6.7. CLIs older than 2.5.0-rc1 are unaffected. + +## Golang upgrade in 2.5.20 + +In 2.5.20, we upgrade the Golang version used to build Argo CD from 1.18 to 1.19. If you use Argo CD as a library, you +may need to upgrade your Go version. diff --git a/docs/operator-manual/upgrading/2.6-2.7.md b/docs/operator-manual/upgrading/2.6-2.7.md index 1eff785703f9c..fa7fba02bf1b7 100644 --- a/docs/operator-manual/upgrading/2.6-2.7.md +++ b/docs/operator-manual/upgrading/2.6-2.7.md @@ -90,3 +90,19 @@ If your environment uses Kustomize JSON patches to modify the Redis server name, to the 2.7 manifests. If it does, you can remove the patch and instead set the Redis server name via the `redis.server` field in the argocd-cmd-params-cm ConfigMap. That value will be passed to the necessary components via `valueFrom` environment variables. + +## `argocd applicationset` CLI incompatibilities for ApplicationSets with list generators + +If you are running Argo CD v2.7.0-2.7.2 server-side, then CLI versions outside that range will incorrectly handle list +generators. That is because the gRPC interface for those versions used the `elements` field number for the new +`elementsYaml` field. + +If you are running the Argo CD CLI versions v2.7.0-2.7.2 with a server-side version of v2.7.3 or later, then the CLI +will send the contents of the `elements` field to the server, which will interpret it as the `elementsYaml` field. This +will cause the ApplicationSet to fail at runtime with an error similar to this: + +``` +error unmarshling decoded ElementsYaml error converting YAML to JSON: yaml: control characters are not allowed +``` + +Be sure to use CLI version v2.7.3 or later with server-side version v2.7.3 or later. diff --git a/docs/operator-manual/upgrading/2.7-2.8.md b/docs/operator-manual/upgrading/2.7-2.8.md new file mode 100644 index 0000000000000..12622642d5eff --- /dev/null +++ b/docs/operator-manual/upgrading/2.7-2.8.md @@ -0,0 +1,67 @@ +# v2.7 to 2.8 + +## Support dropped for argocd-cm plugins + +Config Management Plugins installed via the argocd-cm ConfigMap will not work starting with v2.8. + +See the [migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) +to upgrade your plugin. + +## Tini as entrypoint + +With the 2.8 release `entrypoint.sh` will be removed from the containers, +because starting with 2.7, the implicit entrypoint is set to `tini` in the +`Dockerfile` explicitly, and the kubernetes manifests has been updated to use +it. Simply updating the containers without updating the deployment manifests +will result in pod startup failures, as the old manifests are relying on +`entrypoint.sh` instead of `tini`. Please make sure the manifests are updated +properly before moving to 2.8. + +## Filtering applied to cluster `List` API endpoint + +Prior to `v2.8`, the `List` endpoint on the `ClusterService` did **not** filter +clusters when responding, despite accepting query parameters. This bug has +been addressed, and query parameters are now taken into account to filter the +resulting list of clusters. + +## Configure RBAC to account for new actions + +2.8 introduces three new actions: +* Create a Job from a CronJob +* Create a Workflow from a CronWorkflow +* Create a Workflow from a WorkflowTemplate + +When you upgrade to 2.8, RBAC policies with `applications` in the *resource* +field and `*` or `action/*` in the action field, it will automatically grant the +ability to use these new actions. + +If you would like to avoid granting these new permissions, you can update your RBAC policies to be more specific. + +### Example + +Old: + +```csv +p, role:action-runner, applications, actions/, *, allow +``` + +New: + +```csv +p, role:action-runner, applications, action/argoproj.io/Rollout/abort, *, allow +p, role:action-runner, applications, action/argoproj.io/Rollout/promote-full, *, allow +p, role:action-runner, applications, action/argoproj.io/Rollout/retry, *, allow +p, role:action-runner, applications, action/argoproj.io/Rollout/resume, *, allow +p, role:action-runner, applications, action/argoproj.io/Rollout/restart, *, allow +p, role:action-runner, applications, action/argoproj.io/AnalysisRun/terminate, *, allow +p, role:action-runner, applications, action/apps/DaemonSet/restart, *, allow +p, role:action-runner, applications, action/apps/StatefulSet/restart, *, allow +p, role:action-runner, applications, action/apps/Deployment/pause, *, allow +p, role:action-runner, applications, action/apps/Deployment/resume, *, allow +p, role:action-runner, applications, action/apps/Deployment/restart, *, allow + +# If you don't want to grant the new permissions, don't include the following lines +p, role:action-runner, applications, action/argoproj.io/WorkflowTemplate/create-workflow, *, allow +p, role:action-runner, applications, action/argoproj.io/CronWorkflow/create-workflow, *, allow +p, role:action-runner, applications, action/batch/CronJob/create-job, *, allow +``` diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md index 0c1ede757c324..419fc7bbb1353 100644 --- a/docs/operator-manual/upgrading/overview.md +++ b/docs/operator-manual/upgrading/overview.md @@ -37,6 +37,7 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/ +* [v2.7 to v2.8](./2.7-2.8.md) * [v2.6 to v2.7](./2.6-2.7.md) * [v2.5 to v2.6](./2.5-2.6.md) * [v2.4 to v2.5](./2.4-2.5.md) diff --git a/docs/operator-manual/user-management/keycloak.md b/docs/operator-manual/user-management/keycloak.md index f43f82b3e0113..6f0c99de0dec2 100644 --- a/docs/operator-manual/user-management/keycloak.md +++ b/docs/operator-manual/user-management/keycloak.md @@ -9,19 +9,24 @@ to determine privileges in Argo. ## Creating a new client in Keycloak First we need to setup a new client. Start by logging into your keycloak server, select the realm you want to use (`master` by default) -and then go to __Clients__ and click the __create__ button top right. +and then go to __Clients__ and click the __Create client__ button at the top. ![Keycloak add client](../../assets/keycloak-add-client.png "Keycloak add client") -Configure the client by setting the __Access Type__ to _confidential_ and set the Valid Redirect URIs to the callback url for your ArgoCD -hostname. It should be https://{hostname}/auth/callback (you can also leave the default less secure https://{hostname}/* ). You can also set the -__Base URL__ to _/applications_. +Enable the __Client authentication__. -If you want to allow command line access, __Access Type__ must be set to _public_ and you also need to add http://localhost:8085/auth/callback in the list of Valid Redirect URIs. Then users can login using `argocd login {hostname} --sso`. +![Keycloak add client Step 2](../../assets/keycloak-add-client_2.png "Keycloak add client Step 2") + +Configure the client by setting the __Root URL__, __Web origins__, __Admin URL__ to the hostname (https://{hostname}). + +Also you can set __Home URL__ to your _/applications_ path and __Valid Post logout redirect URIs__ to "+". + +The Valid Redirect URIs should be set to https://{hostname}/auth/callback (you can also set the less secure https://{hostname}/* for testing/development purposes, +but it's not recommended in production). ![Keycloak configure client](../../assets/keycloak-configure-client.png "Keycloak configure client") -Make sure to click __Save__. You should now have a new tab called __Credentials__. You can copy the Secret that we'll use in our ArgoCD +Make sure to click __Save__. There should be a tab called __Credentials__. You can copy the Secret that we'll use in our ArgoCD configuration. ![Keycloak client secret](../../assets/keycloak-client-secret.png "Keycloak client secret") @@ -34,21 +39,18 @@ To do this we'll start by creating a new __Client Scope__ called _groups_. ![Keycloak add scope](../../assets/keycloak-add-scope.png "Keycloak add scope") Once you've created the client scope you can now add a Token Mapper which will add the groups claim to the token when the client requests -the groups scope. Make sure to set the __Name__ as well as the __Token Claim Name__ to _groups_. +the groups scope. In the Tab "Mappers", click on "Configure a new mapper" and choose __Group Membership__. +Make sure to set the __Name__ as well as the __Token Claim Name__ to _groups_. Also disable the "Full group path". ![Keycloak groups mapper](../../assets/keycloak-groups-mapper.png "Keycloak groups mapper") -We can now configure the client to provide the _groups_ scope. You can now assign the _groups_ scope either to the __Assigned Default Client Scopes__ -or to the __Assigned Optional Client Scopes__. If you put it in the Optional category you will need to make sure that ArgoCD requests the scope in -it's OIDC configuration. +We can now configure the client to provide the _groups_ scope. Go back to the client we've created earlier and go to the Tab "Client Scopes". +Click on "Add client scope", choose the _groups_ scope and add it either to the __Default__ or to the __Optional__ Client Scope. If you put it in the Optional +category you will need to make sure that ArgoCD requests the scope in its OIDC configuration. Since we will always want group information, I recommend +using the Default category. ![Keycloak client scope](../../assets/keycloak-client-scope.png "Keycloak client scope") -Since we will always want group information, I recommend using the Default category. Make sure you click __Add selected__ -and that the _groups_ claim is in the correct list on the __right__. - -![Keycloak client scope selected](../../assets/keycloak-client-scope-selected.png "Keycloak client scope selected") - Create a group called _ArgoCDAdmins_ and have your current user join the group. ![Keycloak user group](../../assets/keycloak-user-group.png "Keycloak user group") diff --git a/docs/operator-manual/user-management/openunison.md b/docs/operator-manual/user-management/openunison.md index 469d85f14935b..fecaafd074aa1 100644 --- a/docs/operator-manual/user-management/openunison.md +++ b/docs/operator-manual/user-management/openunison.md @@ -19,7 +19,7 @@ metadata: spec: accessTokenSkewMillis: 120000 accessTokenTimeToLive: 1200000 - authChainName: LoginService + authChainName: login-service clientId: argocd codeLastMileKeyName: lastmile-oidc codeTokenSkewMilis: 60000 diff --git a/docs/proposals/002-ui-extensions.md b/docs/proposals/002-ui-extensions.md index 8fa02d25fd11c..583888da68c66 100644 --- a/docs/proposals/002-ui-extensions.md +++ b/docs/proposals/002-ui-extensions.md @@ -63,7 +63,7 @@ As an operator, I would like to configure Argo CD to perform pre-defined actions ## Proposal -A new `ArgoCDExtension` CRD would be introduced which will allow operators configure Argo CD to understand how to handle and visualize custom resources. Visualizing a object requires javascript to render the object, and health/actions require lua scripts. Aas such, the extension CR would need to point to some location where the javascript/lua code would be hosted. +A new `ArgoCDExtension` CRD would be introduced which will allow operators configure Argo CD to understand how to handle and visualize custom resources. Visualizing a object requires javascript to render the object, and health/actions require lua scripts. As such, the extension CR would need to point to some location where the javascript/lua code would be hosted. It is proposed that a git repository be used to contain the javascript code, as well as the lua scripts necessary to assess health or perform actions of a resource. diff --git a/docs/proposals/applicationset-plugin-generator.md b/docs/proposals/applicationset-plugin-generator.md new file mode 100644 index 0000000000000..6a3b2ec484c8a --- /dev/null +++ b/docs/proposals/applicationset-plugin-generator.md @@ -0,0 +1,216 @@ +--- +title: applicationset-plugin-generator +authors: + - "@binboum" + - "@scrocquesel" +sponsors: + - TBD +reviewers: + - TBD +approvers: + - "@alexmt" + - TBD + +creation-date: 2022-03-21 +last-updated: 2022-03-21 +--- + +# ApplicationSet `plugin` generator + +Provide a generator that request its values through a RPC call. + +## Summary + +ApplicationSet generators are useful for modeling templates using external data sources to deploy applications. + +Today, generators have been developed based on the needs of the community, and when a new need arises, it's necessary to modify the Appset codebase. + +The proposal here is to have a "plugin" generator that would allow extending the codebase according to specific needs, without having to modify it directly. + +## Motivation + +Using the current generators, we sometimes encounter a need that arises, which may or may not be useful for the community. In such cases, several procedures need to be undertaken to make the modification, and sometimes it may be rejected because it's not in everyone's interest. + +The plugin approach also reduces the burden on community developers by externalizing feature requests into plugins that are outside the Appset controller's scope. From a security and scalability perspective, this can be advantageous. + +With this approach, it becomes possible to offer a catalog of plugins and encourage people with specific needs to develop standalone plugins that are independent of the controller's codebase. + +### Goals + +Empowering community developers to develop and use plugins that extend the list of generators can be a significant advantage. It would be possible to offer a page listing plugins maintained by the community, which can help promote the development of a rich ecosystem of plugins for various use cases. This can enhance the overall user experience by providing more options for generating application templates. + +Additionally, allowing developers to create plugins and share them with the community can foster innovation and encourage experimentation with new features and functionalities. It can also reduce the workload on the Appset development team, enabling them to focus on core features and functionalities. + +Overall, giving autonomy to community developers through plugins is a practical way to enhance the Appset platform and provide more value to users. + +### Non-Goals + +The concept of the plugin should not undermine the spirit of GitOps by externalizing data outside of Git. The goal is to be complementary in specific contexts. + +For example, when using one of the PullRequest generators, it's impossible to retrieve parameters related to the CI (only the commit hash is available), which limits the possibilities. By using a plugin, it's possible to retrieve the necessary parameters from a separate data source and use them to extend the functionality of the generator. This approach allows for greater flexibility and can help overcome limitations imposed by GitOps. + +Overall, the use of plugins should be considered as a way to enhance the capabilities of existing tools and processes rather than as a replacement for them. By leveraging plugins, developers can take advantage of the strengths of different tools and technologies, resulting in a more robust and flexible development process. + +## Proposal + +### Add a new `generator` plugin + +``` +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: fb-plugin + namespace: argo-system +spec: + generators: + - plugin: + configMapRef: fb-plugin + name: feature-branch-plugin + params: + repo: "my-repo" + branch: "my-branch" + requeueAfterSeconds: 10 + template: +... +``` + +### Add a configMap to configure the plugin + +The configMap name must match the configMapRef value in the plugin configuration. The configMap must be in the namespace of argo. + +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: fb-plugin + namespace: argo-system +data: + token: $plugin.myplugin.token # Alternatively $:plugin.myplugin.token + baseUrl: http://myplugin.plugin.svc.cluster.local +``` + +- token is used a a bearer token in the RPC request. It could be a [sensitive reference](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets). + +### Reconciliation logic + +Here is a diagram describing what the plugin generator should do to get the params to return: + +```mermaid +sequenceDiagram + alt generator is plugin + Generator->>K8S: Get configmap {configMapRef} + K8S-->>Generator: (url,token) + Generator->>Plugin endpoint: POST {url}/v1/generator.getParams
Authorization: Bearer {token}
Content-Type: application/json
{params} + Plugin endpoint-->>Generator: []map{string}interface{} + end +``` + + +### Use cases + +#### Use case 1: +As a user, I would like to enrich PullRequest generator params with digests of images generated by the pull request CI pipeline. + +I could define a generator matrix like + +```yaml + generators: + - matrix: + generators: + - pullRequest: + github: + owner: binboum + repo: argo-test + labels: + - preview-matrix + tokenRef: + secretName: github-secret + key: token + - plugin: + configMapRef: cm-plugin + name: plugin-matrix + params: + repo: "argo-test" + branch: "{{.branch}}" +``` + +When pullRequest returns a new PR matching my labels, the plugin will be called with the branch name and would return a set of digests like + +```json +[ + { + "digestFront": "xxxxxxxx", + "digestBack": "xxxxxxxx", + } +] +``` + +Values can then be used in the template section : + +```yaml + template: + metadata: + name: "fb-matrix-{{.branch}}" + spec: + source: + repoURL: "git@github.com:binboum/argo-test.git" + targetRevision: "HEAD" + path: charts/app-client + helm: + releaseName: feature-test-matrix-{{.branch}} + valueFiles: + - values.yaml + values: | + front: + image: registry.my/argo-test/front:{{.branch}}@{{ .digestFront }} + back: + image: registry.my/argo-test/back:{{.branch}}@{{ .digestBack }} + destination: + server: https://kubernetes.default.svc + namespace: "{{.branch}}" +``` + +### Detailed examples + +### Security Considerations + +* Plugin server only has access to the params content. When deployed outside of the applicationset controller pod, operator must ensure the communication between applicationset controller and the plugin server is properly secured (https/network policy...). A few authentication mechanism are handled to help the plugin server authenticate the request. +* For now, the response payload is considered trusted and returned params are used as-is upstream + +### Risks and Mitigations + +TBD + +### Upgrade / Downgrade Strategy + +On the evolution of the plugin, and calls : + +The RPC method is standardized with a versioning system, which allows for a version parameter to be included in the API call. This makes it possible to avoid breaking changes in case of architecture changes in the future. + +Thought that the contract interface with the plugin server is kept simple to reduce future changes and breaking changes + +## Drawbacks + +No idea + +## Alternatives + +1. A design similar to Argo Workflow executor plugin : + + ``` + generators: + - plugin: + hello: {} + ``` + + A set of ConfigMaps or a specific CRDs to express configuration of the plugin endpoint would be walk by ApplicationSet server. For each configuration, call the plugin endpoint with the content of plugin until one return a valid response. + + Reconciliation should be fast as fast as possible and trying out every endpoint to figure out which one is able to handle the plugin payload could induce a lot of delay. + + Configuration rely on implicit and weakly typed convention which make the usage of the plugin less self documented. + +2. Plugin server as defacto sidecars + + Some magic could have inject a container image for the plugin in the ApplicationSet controller in a similar way, Argo Workflow does when creating a pod to execute a job. + + Require an external controler or manual configuration. The plugin would not scale independently of the ApplicationSet controller. \ No newline at end of file diff --git a/docs/proposals/rebalancing-clusters-across-shards-dynamically.md b/docs/proposals/rebalancing-clusters-across-shards-dynamically.md new file mode 100644 index 0000000000000..63ed973004cf5 --- /dev/null +++ b/docs/proposals/rebalancing-clusters-across-shards-dynamically.md @@ -0,0 +1,142 @@ +--- +title: Neat-enhancement-idea +authors: + - "@ishitasequeira" # Authors' github accounts here. +sponsors: + - TBD # List all interested parties here. +reviewers: + - "@alexmt" + - TBD +approvers: + - "@alexmt" + - TBD + +creation-date: yyyy-mm-dd +last-updated: yyyy-mm-dd +--- + +# Neat Enhancement Idea + +Rebalance clusters across shards automatically on changes to the number of available shards. + + +## Open Questions [optional] + +This is where to call out areas of the design that require closure before deciding to implement the +design. + + +## Summary + +Current implementation of sharding uses StatefulSet for the application controller and the goal is to move towards an agile stateless Deployment. Although the application controller does not have any state to preserve, stateful sets were used to get predictable hostnames and the serial number in the hostname was used to get the shard id of a particular instance. Using StatefulSet has the following limitations: + +Any change done to the StatefulSet would cause all the child pods to restart in a serial fashion. This makes scaling up/down of the application controller slow as even existing healthy instances need to be restarted as well. +Scaling up or down happens one at a time. If there are 10 instances and if scaled to 20, then the scaling happens one at a time, causing considerable delay for the scaling to complete. + +Each shard replica knows about the total number of available shards by evaluating the environment variable ARGOCD_CONTROLLER_REPLICAS, which needs to be kept up-to-date with the actual number of available replicas (shards). If the number of replicas does not equal the number set in ARGOCD_CONTROLLER_REPLICAS, sharding will not work as intended, leading to both, unused and overused replicas. As this environment variable is set on the StatefulSet and propagated to the pods, all the pods in the StatefulSet need to be restarted in order to pick up the new number of total shards. + +The current sharding mechanism relies on predictable pod names for the application controller to determine which shard a given replica should impersonate, e.g. the first replica of the StatefulSet (argocd-application-controller-0) will be the first shard, the second replica (argocd-application-controller-1) will be the second and so forth. + +## Motivation + +If the number of available shards is changed (i.e. one or more application controller replicas are added or removed), all pods in the statefulset have to be restarted so that the managed clusters are redistributed over the available shards. Additionally, the application controller workload is deployed as a StatefulSet, which is not intended for dynamic horizontal scaling. + +### Goals + +- Improve the application controller’s ability to scale horizontally with a growing number of clusters +- Remove the need to run application controller as a StatefulSet workload + +### Non-Goals + +- Expand the scope of sharding to other assets than clusters (e.g. applications) +- Make a single shard highly available (e.g. by having 2 or more replicas by shard) + +## Proposal + +### Why use Deployments instead of StatefulSet: +StatefulSet is a Kubernetes resource that manages multiple pods that have unique identities, and are not interchangeable (unlike a regular Kubernetes Deployment, in which pods are stateless and can be destroyed and recreated as often as needed). + +Stateless applications scale horizontally very easily as compared to stateful applications due to the fact that infrastructure allows adding as many computing resources as needed. Changing the StatefulSet to Deployments for Application Controller will allow us to dynamically scale the replicas without restarting existing application controller pods. Also, the shard to application controller assignment would help in making sure the shards are scaled and distributed across the available healhty replicas of application controllers. + +### Distributing shards among Application Controllers: + +Inorder to be able to accurately know which shards are being managed by which application-controller, especially in scenarios of redistribution of load, addition/removal of `application controller`, etc., we would need to have a mechanism to assign clusters to the shards. + +In most scenarios, the service account used by the application controller has read access to all the resources in the cluster. Thus, instead of setting the environment variable ARGOCD_CONTROLLER_REPLICAS representing the number of replicas, the number of replicas can be read directly from the number of healthy replicas of the application controller deployment. + +For other scenarios, some users install controller with only `argocd-application-controller-role` role and use it to manage remote clusters only. In this case, we would need to update the `argocd-application-controller-role` role and allow controller inspect it's own deployment and find out the number of replicas. + +The application controllers will claim one of the available shards by checking which shard is not present in the ConfigMap or is assigned to an unhealthy controller. We will store the assignment list of Application Controller to Shard in ConfigMap. The mapping of Application Controller to Shard will store the below information: + +* Name/Id of the shard +* Name of the Application Controller currently managing the shard +* Last time of successful update to ConfigMap (Heartbeat) + +The mapping will be updated in ConfigMap every X (heartbeat interval) seconds with the help of heartbeat process performed by every application controller. If the heartbeat was not performed by the application controller for a certain time, the application controller is assumed to be unhealthy and the number of healthy/managed shards would be reduced, that is, the number of healthy replicas of the application controller deployment changes. + +The heartbeat interval will be a configurable parameter initialized while setting up the application controller. This way, users will be able to control the frequency at which they want the heartbeat process to take place. + +As part of the readiness probe, we will also add a check whether application controller was able to claim a shard successfully or not. If the shard claim failed, the readiness probe will fail marking the controller as unhealthy. Anytime the number of healthy replicas of application controllers is different from the number of application controllers to shard mappings, we would re-distribute the clusters among the healthy replicas again. We can summarize the above statement using the below formula: + +``` +Number of Replicas ≠ Count of {Application Controller, Shard} mapping +``` + +The below logic can be used to perform application controller to shard assignment: + +1) If a new application controller is added, that is, a new shard is added, we would perform the re-distribution of clusters among the shards with the existing sharding algorithm being used. + +2) In scenarios when one of the application controllers is identified to be unhealthy, we will not trigger the re-ditribution of clusters across shards. The new instance of the application controller will claim this unassigned shard and start managing the shard. + +How will this work? +* The application controller will query the ConfigMap for the status of all the application controllers and last updated heartbeat timestamps. +* It will check if any application controller is flagged as Unhealthy or has not updated its status in ConfigMap during the heartbeat process for a certain period of time. +* If the status for an application controller was already flagged as Unhealthy, we will not re-trigger the redistribution of clusters across healthy shards. The new application controller will come online and try to claim this unassigned shard. +* If the status is not flagged and an application controller has not updated the last active timestamp in a long time, then we mark the Application Controller as Unhealthy and unassign the shard in the ConfigMap. + +*Note:* We will continue to use the cluster to shard assignment approach being used today. + +### Pros +* Every Application Controller would be able to take action on finding the distribution of load. +* Every Application Controller will monitor the status of Unhealthy shard and would be able to take action or flag for action. + +### Cons + +* ~~Possibility of race conditions while flagging the shard as Unhealthy during the heartbeat process. Although this can be handled using the [distributed locks](https://redis.io/docs/manual/patterns/distributed-locks/) in Redis.~~ +As we are using ConfigMap, this Con get's removed. Kubernetes would give conflict errors in case multiple edits are tried on the ConfigMap at the same time. We can leverage this error messages to avoid race conditions. + +* ~~In scenarios when Redis becomes unavailable, the heartbeat mechanism will pause working till the redis comes back online again. This will also pause the dynamic redistribution of clusters till Redis comes back online. The redistribution of clusters will be triggered again when Redis comes back online.~~ We would not see this issue by using ConfigMap instead of Redis. + + +### Security Considerations + +* This would be a breaking change of converting StatefulSets to Deployments. Any automation done by customers which is based on the assumption that the controller is modelled as a StatefulSet would break with this change. + +* ~~We would rely on Redis to store the current Application Controller to Shard mapping. In case the Redis is not available, it would not affect the regular working of ArgoCD. The dynamic distribution of clusters among healthy shards would stop working with the heartbeat process till Redis comes back up online, but the application controllers will continue managing their workloads.~~ We would not rely on Redis by using ConfigMap avoiding this issue. + + +### Upgrade / Downgrade Strategy + +* Working ArgoCD itself should not affected. An initial restart of all the application controller pods is expected when we switch from StatefulSet to Deployment or vice-versa. + +* There would be some initial delays in the reconciliation process during the transistion from StatefulSet to Deployment. If someone is not using sharding at all, they should not face any issues. + +## Alternatives + +An alternative approach would be to use Leader Election strategy. By implementing leader election, one of the healthy application controllers will be appointed as leader. The leader controller will be responsible for assigning clusters to the shards and balancing load across the shards. + +The leader controller will continue sending heartbeats to every replica controller and monitor the health of the controllers. In case one of the replica controllers crashes, the leader will distribute the shards managed by the unhealthy replica among the healthy replicas. + +If the leader goes down, the leader election process will be initiated among the healthy candidates and one of the candidates will be marked as leader who will perform the heartbeat process and redistribution of resources. + +One of the possible examples for selecting the leader is by checking the load handled by each healthy candidate and selecting the candidate which has the least load / number of resources running on it. + +### Pros of Leader Election + +* We can refrain from performing multiple calls to ConfigMap about the load and status of the shards and store it in a local cache within the leader while updating data in ConfigMap on a timely manner (for e.g. every 10 mins). +* Single leaders can easily offer clients consistency because they can see and control all the changes made to the state of the system. + + +### Cons of Leader Election +* A single leader is a single point of failure. If the leader becomes bad, that is, does not distribute clusters properly across shards, it is very difficult to identify or fix the bad behavior and can become a single point of failure +* A single leader means a single point of scaling, both in data size and request rate. When a leader-elected system needs to grow beyond a single leader, it requires a complete re-architecture. diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 11338843e2eef..ab6ad1e3fd0ce 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -14,62 +14,49 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 2 | 0 | -| [haproxy:2.6.9-alpine](master/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.9-alpine](master/redis_7.0.9-alpine.html) | 0 | 1 | 2 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.7.0-rc2 +### v2.7.6 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.7.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.7.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 2 | 0 | -| [haproxy:2.6.9-alpine](v2.7.0-rc2/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:v2.7.0-rc2](v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.9-alpine](v2.7.0-rc2/redis_7.0.9-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.7.0-rc2/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.7.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.6/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.7.6/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.36.0](v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.7.6/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.7.6](v2.7.6/quay.io_argoproj_argocd_v2.7.6.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.7.6/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.7.6/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.6/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.6.7 +### v2.6.11 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.6.7/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.6.7/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.35.3](v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 | -| [haproxy:2.6.9-alpine](v2.6.7/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:v2.6.7](v2.6.7/quay.io_argoproj_argocd_v2.6.7.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.8-alpine](v2.6.7/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.6.7/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.6.7/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.6.11/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.6.11/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.36.0](v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.6.11/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.6.11](v2.6.11/quay.io_argoproj_argocd_v2.6.11.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.6.11/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.6.11/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.11/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.16 +### v2.5.19 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.16/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.16/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.35.3](v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 | -| [haproxy:2.6.9-alpine](v2.5.16/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:v2.5.16](v2.5.16/quay.io_argoproj_argocd_v2.5.16.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.8-alpine](v2.5.16/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.5.16/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.16/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.4.28 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.4.28/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.4.28/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.35.3](v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 | -| [haproxy:2.0.31-alpine](v2.4.28/haproxy_2.0.31-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.28](v2.4.28/quay.io_argoproj_argocd_v2.4.28.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.8-alpine](v2.4.28/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.4.28/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.4.28/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.19/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.19/argocd-test.html) | 0 | 0 | 5 | 0 | +| [dex:v2.36.0](v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.5.19/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.5.19](v2.5.19/quay.io_argoproj_argocd_v2.5.19.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.5.19/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.5.19/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.19/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 299c7884ae778..cf18cf0689f48 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

April 16th 2023, 12:17:00 am

+

June 25th 2023, 12:20:31 am (UTC+00:00)

Scanned the following path: @@ -466,7 +466,7 @@

Snyk test report

-
41 total issues
+
40 total issues
@@ -494,7 +494,7 @@

Role with dangerous permissions

  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
  • Introduced through: @@ -507,7 +507,7 @@

    Role with dangerous permissions

  • - Line number: 16324 + Line number: 17965
@@ -524,7 +524,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -540,7 +540,7 @@

Role with dangerous permissions

  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
  • Introduced through: @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 16401 + Line number: 18042
@@ -570,7 +570,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -586,7 +586,7 @@

Role with dangerous permissions

  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
  • Introduced through: @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 16429 + Line number: 18070
@@ -616,7 +616,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -632,7 +632,7 @@

Role with dangerous permissions

  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
  • Introduced through: @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 16477 + Line number: 18118
@@ -662,7 +662,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -678,7 +678,7 @@

Role with dangerous permissions

  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
  • Introduced through: @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 16459 + Line number: 18100
@@ -708,7 +708,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -724,7 +724,7 @@

Role with dangerous permissions

  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
  • Introduced through: @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 16493 + Line number: 18134
@@ -754,7 +754,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -770,11 +770,11 @@

Container could be running with outdated image

  • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
  • Introduced through: - [DocId: 46] + [DocId: 45] spec @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 17517 + Line number: 19218
@@ -806,7 +806,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -822,11 +822,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 16974 + Line number: 18605
@@ -864,7 +864,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -880,11 +880,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 17146 + Line number: 18826
@@ -922,7 +922,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -938,11 +938,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 17112 + Line number: 18792
@@ -980,7 +980,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -996,11 +996,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 17206 + Line number: 18886
@@ -1038,7 +1038,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1054,11 +1054,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 17280 + Line number: 18973
@@ -1096,7 +1096,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1112,11 +1112,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 17517 + Line number: 19218
@@ -1154,7 +1154,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1170,11 +1170,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 17339 + Line number: 19030
@@ -1212,7 +1212,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1228,11 +1228,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 17602 + Line number: 19303
@@ -1270,7 +1270,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1286,11 +1286,11 @@

Container has no CPU limit

  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 17906 + Line number: 19619
@@ -1328,7 +1328,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1344,11 +1344,11 @@

Container is running with multiple open ports

  • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 17126 + Line number: 18806
@@ -1380,63 +1380,7 @@

Remediation

-

More about this issue

-
- - -
-

Container is running with writable root filesystem

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-8 -
    • - -
  • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
    • - -
  • - Line number: 17293 -
    • -
- -
- -

Impact

-

Compromised process could abuse writable root filesystem to elevate privileges

- -

Remediation

-

Set `securityContext.readOnlyRootFilesystem` to `true`

- - -
-
- -
-

More about this issue

+

More about this issue

@@ -1452,11 +1396,11 @@

Container is running without liveness probe

  • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
  • Introduced through: - [DocId: 42] + [DocId: 41] spec @@ -1471,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 16974 + Line number: 18605
@@ -1488,7 +1432,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1504,11 +1448,11 @@

Container is running without liveness probe

  • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1523,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 17112 + Line number: 18792
@@ -1540,7 +1484,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1556,11 +1500,11 @@

Container is running without liveness probe

  • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1575,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 17146 + Line number: 18826
@@ -1592,7 +1536,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1608,11 +1552,11 @@

Container is running without liveness probe

  • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
  • Introduced through: - [DocId: 45] + [DocId: 44] spec @@ -1627,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 17280 + Line number: 18973
@@ -1644,7 +1588,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1660,11 +1604,11 @@

Container is running without liveness probe

  • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
  • Introduced through: - [DocId: 46] + [DocId: 45] spec @@ -1679,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 17517 + Line number: 19218
@@ -1696,7 +1640,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1712,11 +1656,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -1737,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 16974 + Line number: 18605
@@ -1754,7 +1698,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1770,11 +1714,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -1795,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 17112 + Line number: 18792
@@ -1812,7 +1756,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1828,11 +1772,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -1853,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 17146 + Line number: 18826
@@ -1870,7 +1814,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1886,11 +1830,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1911,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 17206 + Line number: 18886
@@ -1928,7 +1872,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -1944,11 +1888,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1969,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 17280 + Line number: 18973
@@ -1986,7 +1930,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -2002,11 +1946,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2027,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 17517 + Line number: 19218
@@ -2044,7 +1988,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -2060,11 +2004,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2085,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 17339 + Line number: 19030
@@ -2102,7 +2046,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -2118,11 +2062,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2143,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 17602 + Line number: 19303
@@ -2160,7 +2104,7 @@

Remediation

-

More about this issue

+

More about this issue

@@ -2176,11 +2120,11 @@

Container is running without memory limit

  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2201,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 17906 + Line number: 19619
@@ -2218,12 +2162,12 @@

Remediation

-

More about this issue

+

More about this issue

-

Container's UID could clash with host's UID

+

Container's or Pod's UID could clash with host's UID

@@ -2234,11 +2178,11 @@

Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -2257,7 +2201,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17049 + Line number: 18716
    • @@ -2267,19 +2211,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2290,11 +2234,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -2313,7 +2257,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17154 + Line number: 18834
    • @@ -2323,19 +2267,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2346,11 +2290,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -2369,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17129 + Line number: 18809
    • @@ -2379,19 +2323,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2402,11 +2346,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2425,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17214 + Line number: 18907
    • @@ -2435,19 +2379,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2458,11 +2402,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -2481,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17293 + Line number: 18983
    • @@ -2491,19 +2435,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2514,11 +2458,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2537,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17524 + Line number: 19225
    • @@ -2547,19 +2491,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2570,11 +2514,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2593,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17490 + Line number: 19191
    • @@ -2603,19 +2547,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2626,11 +2570,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2649,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17816 + Line number: 19529
    • @@ -2659,19 +2603,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2682,11 +2626,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2705,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 18048 + Line number: 19767
    • @@ -2715,14 +2659,14 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index f8957a067ba8d..ec9d1f8e97380 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:17:12 am

    +

    June 25th 2023, 12:20:44 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    41 total issues
    +
    40 total issues
    @@ -494,7 +494,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -540,7 +540,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -586,7 +586,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -632,7 +632,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -678,7 +678,7 @@

    Role with dangerous permissions

    • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
    • Introduced through: @@ -708,7 +708,7 @@

      Remediation

      -

      More about this issue

      +

      More about this issue

      @@ -724,7 +724,7 @@

      Role with dangerous permissions

      • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
      • Introduced through: @@ -754,7 +754,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -770,11 +770,11 @@

        Container could be running with outdated image

        • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
        • Introduced through: - [DocId: 39] + [DocId: 38] spec @@ -789,7 +789,7 @@

          Container could be running with outdated image

        • - Line number: 1177 + Line number: 1237
        @@ -806,7 +806,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -822,11 +822,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 35] + [DocId: 34] input @@ -847,7 +847,7 @@

          Container has no CPU limit

        • - Line number: 634 + Line number: 624
        @@ -864,7 +864,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -880,11 +880,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -905,7 +905,7 @@

          Container has no CPU limit

        • - Line number: 806 + Line number: 845
        @@ -922,7 +922,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -938,11 +938,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -963,7 +963,7 @@

          Container has no CPU limit

        • - Line number: 772 + Line number: 811
        @@ -980,7 +980,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -996,11 +996,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1021,7 +1021,7 @@

          Container has no CPU limit

        • - Line number: 866 + Line number: 905
        @@ -1038,7 +1038,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1054,11 +1054,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -1079,7 +1079,7 @@

          Container has no CPU limit

        • - Line number: 940 + Line number: 992
        @@ -1096,7 +1096,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1112,11 +1112,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -1137,7 +1137,7 @@

          Container has no CPU limit

        • - Line number: 1177 + Line number: 1237
        @@ -1154,7 +1154,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1170,11 +1170,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -1195,7 +1195,7 @@

          Container has no CPU limit

        • - Line number: 999 + Line number: 1049
        @@ -1212,7 +1212,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1228,11 +1228,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -1253,7 +1253,7 @@

          Container has no CPU limit

        • - Line number: 1262 + Line number: 1322
        @@ -1270,7 +1270,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1286,11 +1286,11 @@

        Container has no CPU limit

        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
        • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -1311,7 +1311,7 @@

          Container has no CPU limit

        • - Line number: 1566 + Line number: 1638
        @@ -1328,7 +1328,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1344,11 +1344,11 @@

        Container is running with multiple open ports

        • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
        • Introduced through: - [DocId: 36] + [DocId: 35] spec @@ -1363,7 +1363,7 @@

          Container is running with multiple open ports

        • - Line number: 786 + Line number: 825
        @@ -1380,63 +1380,7 @@

        Remediation

        -

        More about this issue

        -
        - - -
        -

        Container is running with writable root filesystem

        -
        - -
        - low severity -
        - -
        - -
          -
        • - Public ID: SNYK-CC-K8S-8 -
          • - -
        • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
          • - -
        • - Line number: 953 -
          • -
        - -
        - -

        Impact

        -

        Compromised process could abuse writable root filesystem to elevate privileges

        - -

        Remediation

        -

        Set `securityContext.readOnlyRootFilesystem` to `true`

        - - -
        -
        - -
        -

        More about this issue

        +

        More about this issue

        @@ -1452,11 +1396,11 @@

        Container is running without liveness probe

        • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
        • Introduced through: - [DocId: 35] + [DocId: 34] spec @@ -1471,7 +1415,7 @@

          Container is running without liveness probe

        • - Line number: 634 + Line number: 624
        @@ -1488,7 +1432,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1504,11 +1448,11 @@

        Container is running without liveness probe

        • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
        • Introduced through: - [DocId: 36] + [DocId: 35] spec @@ -1523,7 +1467,7 @@

          Container is running without liveness probe

        • - Line number: 772 + Line number: 811
        @@ -1540,7 +1484,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1556,11 +1500,11 @@

        Container is running without liveness probe

        • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
        • Introduced through: - [DocId: 36] + [DocId: 35] spec @@ -1575,7 +1519,7 @@

          Container is running without liveness probe

        • - Line number: 806 + Line number: 845
        @@ -1592,7 +1536,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1608,11 +1552,11 @@

        Container is running without liveness probe

        • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
        • Introduced through: - [DocId: 38] + [DocId: 37] spec @@ -1627,7 +1571,7 @@

          Container is running without liveness probe

        • - Line number: 940 + Line number: 992
        @@ -1644,7 +1588,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1660,11 +1604,11 @@

        Container is running without liveness probe

        • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
        • Introduced through: - [DocId: 39] + [DocId: 38] spec @@ -1679,7 +1623,7 @@

          Container is running without liveness probe

        • - Line number: 1177 + Line number: 1237
        @@ -1696,7 +1640,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1712,11 +1656,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 35] + [DocId: 34] input @@ -1737,7 +1681,7 @@

          Container is running without memory limit

        • - Line number: 634 + Line number: 624
        @@ -1754,7 +1698,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1770,11 +1714,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -1795,7 +1739,7 @@

          Container is running without memory limit

        • - Line number: 772 + Line number: 811
        @@ -1812,7 +1756,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1828,11 +1772,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -1853,7 +1797,7 @@

          Container is running without memory limit

        • - Line number: 806 + Line number: 845
        @@ -1870,7 +1814,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1886,11 +1830,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1911,7 +1855,7 @@

          Container is running without memory limit

        • - Line number: 866 + Line number: 905
        @@ -1928,7 +1872,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -1944,11 +1888,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -1969,7 +1913,7 @@

          Container is running without memory limit

        • - Line number: 940 + Line number: 992
        @@ -1986,7 +1930,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -2002,11 +1946,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2027,7 +1971,7 @@

          Container is running without memory limit

        • - Line number: 1177 + Line number: 1237
        @@ -2044,7 +1988,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -2060,11 +2004,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2085,7 +2029,7 @@

          Container is running without memory limit

        • - Line number: 999 + Line number: 1049
        @@ -2102,7 +2046,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -2118,11 +2062,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -2143,7 +2087,7 @@

          Container is running without memory limit

        • - Line number: 1262 + Line number: 1322
        @@ -2160,7 +2104,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -2176,11 +2120,11 @@

        Container is running without memory limit

        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
        • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -2201,7 +2145,7 @@

          Container is running without memory limit

        • - Line number: 1566 + Line number: 1638
        @@ -2218,12 +2162,12 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        -

        Container's UID could clash with host's UID

        +

        Container's or Pod's UID could clash with host's UID

        @@ -2234,11 +2178,11 @@

        Container's UID could clash with host's UID
      • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
      • Introduced through: - [DocId: 35] + [DocId: 34] input @@ -2257,7 +2201,7 @@

        Container's UID could clash with host's UID
      • - Line number: 709 + Line number: 735

      @@ -2267,19 +2211,19 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      -

      More about this issue

      +

      More about this issue

      -

      Container's UID could clash with host's UID

      +

      Container's or Pod's UID could clash with host's UID

      @@ -2290,11 +2234,11 @@

      Container's UID could clash with host's UID
    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
    • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -2313,7 +2257,7 @@

      Container's UID could clash with host's UID
    • - Line number: 814 + Line number: 853

    @@ -2323,19 +2267,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2346,11 +2290,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -2369,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 789 + Line number: 828
    • @@ -2379,19 +2323,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2402,11 +2346,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -2425,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 874 + Line number: 926
    • @@ -2435,19 +2379,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2458,11 +2402,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -2481,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 953 + Line number: 1002
    • @@ -2491,19 +2435,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2514,11 +2458,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2537,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1184 + Line number: 1244
    • @@ -2547,19 +2491,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2570,11 +2514,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2593,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1150 + Line number: 1210
    • @@ -2603,19 +2547,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2626,11 +2570,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -2649,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1476 + Line number: 1548
    • @@ -2659,19 +2603,19 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    -

    Container's UID could clash with host's UID

    +

    Container's or Pod's UID could clash with host's UID

    @@ -2682,11 +2626,11 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -2705,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1708 + Line number: 1786
    • @@ -2715,14 +2659,14 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    • -

    More about this issue

    +

    More about this issue

    diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 157240634b201..bdf5f2c6056ef 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:14:42 am

    +

    June 25th 2023, 12:17:47 am (UTC+00:00)

    Scanned the following paths: @@ -466,16 +466,167 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    1748 dependencies
    +
    1 known vulnerabilities
    +
    1 vulnerable dependency paths
    +
    1799 dependencies
    - No known vulnerabilities detected. +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + semver +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@8.0.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@8.0.9 + + semver@7.3.8 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    semver is a semantic version parser used by npm.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

    +

    PoC

    + 
    
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade semver to version 7.5.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html index 2f13ac0d8ff3a..310ff9f6365eb 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:14:59 am

    +

    June 25th 2023, 12:17:59 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    3 known vulnerabilities
    -
    21 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    35 vulnerable dependency paths
    760 dependencies
    @@ -591,7 +591,14 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    A security vulnerability has been identified in all supported versions

    +

    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    References

    @@ -601,6 +608,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -609,6 +618,183 @@

    References

    More about this vulnerability

    +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Certificate Validation

    @@ -743,6 +929,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -891,6 +1079,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -900,6 +1090,153 @@

    References

    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.4.28/haproxy_2.0.31-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html similarity index 98% rename from docs/snyk/v2.4.28/haproxy_2.0.31-alpine.html rename to docs/snyk/master/haproxy_2.6.14-alpine.html index 2b4200b9048f6..f8134d7f2d603 100644 --- a/docs/snyk/v2.4.28/haproxy_2.0.31-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -456,19 +456,19 @@

    Snyk test report

    -

    April 16th 2023, 12:24:53 am

    +

    June 25th 2023, 12:18:06 am (UTC+00:00)

    Scanned the following path:
      -
    • haproxy:2.0.31-alpine (apk)
      • +
    • haproxy:2.6.14-alpine (apk)
    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    17 dependencies
    +
    18 dependencies
    @@ -477,7 +477,7 @@

    Snyk test report

    - + diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index ed282d60e11a9..6ab33d6b7c9f6 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:15:31 am

    +

    June 25th 2023, 12:18:33 am (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    21 known vulnerabilities
    -
    112 vulnerable dependency paths
    -
    2065 dependencies
    +
    17 known vulnerabilities
    +
    64 vulnerable dependency paths
    +
    2108 dependencies
    @@ -476,30 +476,30 @@

    Snyk test report

    -
    -

    Denial of Service (DoS)

    +
    +

    CVE-2022-46908

    -
    - high severity +
    + low severity
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/net/http2/hpack + sqlite3/libsqlite3-0
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 + docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    @@ -511,9 +511,11 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@latest - golang.org/x/net/http2/hpack@v0.5.0 + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 @@ -524,60 +526,51 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

      Remediation

      -

      Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Denial of Service (DoS)

    +
    +

    Arbitrary Code Injection

    -
    - high severity +
    + low severity
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/net/http2 + shadow/passwd
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + docker-image|quay.io/argoproj/argocd@latest and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -590,91 +583,40 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@latest - golang.org/x/net/http2@v0.5.0 + shadow/passwd@1:4.8.1-2ubuntu2.1
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-46908

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + -
      +
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg@2.2.27-3ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 - sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + shadow/login@1:4.8.1-2ubuntu2.1 @@ -686,24 +628,24 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

      +

      In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 sqlite3.

      +

      There is no fixed version for Ubuntu:22.04 shadow.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -931,7 +873,7 @@

    References

    -

    Improper Locking

    +

    Information Exposure

    @@ -947,12 +889,12 @@

    Improper Locking

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -963,115 +905,11 @@

    Improper Locking

    Detailed paths

      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 @@ -1083,27 +921,33 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

      +

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Certificate Validation

    +

    CVE-2023-28531

    @@ -1119,12 +963,12 @@

    Improper Certificate Validation

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1134,952 +978,82 @@

    Improper Certificate Validation

    Detailed paths

    -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Privilege Management

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-28531

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and ncurses/libtinfo6@6.3-2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
      • +
      • Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - +
      - -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2 - - ncurses/libtinfo6@6.3-2 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncursesw6@6.3-2 - - +
    • +
    +

    NULL Pointer Dereference

    +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - +
    + low severity +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncurses6@6.3-2 - - +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: -
      • + openldap/libldap-2.5-0 + + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest - procps@2:3.3.17-6ubuntu2 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - ncurses/libncurses6@6.3-2 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2088,7 +1062,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/ncurses-base@6.3-2 + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2097,7 +1075,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/ncurses-bin@6.3-2 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2109,25 +1087,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

      +

      A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 openldap.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -2222,7 +1197,7 @@

    Integer Overflow or Wraparound

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • @@ -2237,7 +1212,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2256,9 +1231,9 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2277,11 +1252,11 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2290,7 +1265,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2309,9 +1284,9 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2320,7 +1295,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2331,7 +1306,7 @@

    Detailed paths

    openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2340,11 +1315,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2353,13 +1328,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2378,7 +1353,7 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2389,7 +1364,7 @@

    Detailed paths

    meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -2468,7 +1443,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2901,7 +1876,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others
    • @@ -2915,9 +1890,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9 @@ -2926,7 +1901,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -2935,9 +1910,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -2967,6 +1942,150 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Certificate Validation

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    diff --git a/docs/snyk/v2.6.7/argocd-test.html b/docs/snyk/master/redis_7.0.11-alpine.html similarity index 93% rename from docs/snyk/v2.6.7/argocd-test.html rename to docs/snyk/master/redis_7.0.11-alpine.html index 1c67b4ab7060a..6875043b87b13 100644 --- a/docs/snyk/v2.6.7/argocd-test.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -456,24 +456,33 @@

    Snyk test report

    -

    April 16th 2023, 12:20:00 am

    +

    June 25th 2023, 12:18:41 am (UTC+00:00)

    - Scanned the following paths: + Scanned the following path:
      -
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
      • +
    • redis:7.0.11-alpine (apk)
    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    1730 dependencies
    +
    18 dependencies
    - +
    +
    Project docker-image|haproxy
    Path haproxy:2.0.31-alpine
    Path haproxy:2.6.14-alpine
    Package Manager apk
    + + + + + + +
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk
    +
    No known vulnerabilities detected.
    diff --git a/docs/snyk/master/redis_7.0.9-alpine.html b/docs/snyk/master/redis_7.0.9-alpine.html deleted file mode 100644 index 16dbeeed589fe..0000000000000 --- a/docs/snyk/master/redis_7.0.9-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:15:38 am

    -
    -
    - Scanned the following path: -
      -
    • redis:7.0.9-alpine (apk)
      • -
    -
    - -
    -
    3 known vulnerabilities
    -
    27 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:7.0.9-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.28/argocd-iac-install.html b/docs/snyk/v2.4.28/argocd-iac-install.html deleted file mode 100644 index 5909758108231..0000000000000 --- a/docs/snyk/v2.4.28/argocd-iac-install.html +++ /dev/null @@ -1,2735 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:26:06 am

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    41 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
      • - -
    • - Line number: 9063 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
      • - -
    • - Line number: 9140 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 9168 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
      • - -
    • - Line number: 9212 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
      • - -
    • - Line number: 9194 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
      • - -
    • - Line number: 9228 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9686 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9786 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9763 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9829 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9901 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9955 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 10183 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 10443 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 9770 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 9911 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 42] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 9686 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 9763 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 9786 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 45] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 9901 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9686 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9763 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9786 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9829 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9901 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9955 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 10183 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 10443 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9702 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9794 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9773 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9837 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9911 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10107 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10075 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10366 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10567 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.4.28/argocd-iac-namespace-install.html b/docs/snyk/v2.4.28/argocd-iac-namespace-install.html deleted file mode 100644 index 511e34d07ce76..0000000000000 --- a/docs/snyk/v2.4.28/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2735 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:26:16 am

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
      • -
    -
    - -
    -
    41 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 7] - - rules[0] - - resources - -
      • - -
    • - Line number: 73 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 8] - - rules[4] - - resources - -
      • - -
    • - Line number: 150 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 9] - - rules[0] - - resources - -
      • - -
    • - Line number: 178 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[3] - - resources - -
      • - -
    • - Line number: 222 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[1] - - resources - -
      • - -
    • - Line number: 204 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[0] - - resources - -
      • - -
    • - Line number: 238 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 611 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 711 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 688 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 754 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 826 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 880 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1108 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1368 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 36] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 695 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 836 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 611 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 36] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 688 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 36] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 711 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 38] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 826 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 611 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 688 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 711 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 754 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 826 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 880 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1108 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1368 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 627 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 719 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 698 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 762 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 836 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1032 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1000 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1291 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1492 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.4.28/argocd-test.html b/docs/snyk/v2.4.28/argocd-test.html deleted file mode 100644 index bb73085e2e934..0000000000000 --- a/docs/snyk/v2.4.28/argocd-test.html +++ /dev/null @@ -1,4822 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:24:39 am

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
      • -
    -
    - -
    -
    6 known vulnerabilities
    -
    197 vulnerable dependency paths
    -
    1655 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too. - Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too. - Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - @redocly/openapi-core@1.0.0-beta.82 - - minimatch@3.0.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    minimatch is a minimal matching utility. - Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade minimatch to version 3.0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and gopkg.in/yaml.v2@2.2.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/spf13/cobra/doc@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/yaml@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/google/go-jsonnet@0.18.0 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.0 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/util/misc@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@0.7.3 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kube-openapi/pkg/common@#e816edb12b65 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#567361917320 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.23.1 - - k8s.io/api/core/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/resource@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.23.1 - - k8s.io/api/core/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.23.1 - - k8s.io/client-go/pkg/apis/clientauthentication@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.23.1 - - k8s.io/apimachinery/pkg/api/errors@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.23.1 - - k8s.io/client-go/tools/reference@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@0.7.3 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1/fake@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - k8s.io/kubectl/pkg/util/podutils@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@0.7.3 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/v1@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.23.1 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/v1@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.23.1 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/leaderelection@0.11.0 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.23.1 - - k8s.io/client-go/kubernetes/typed/core/v1@0.23.1 - - k8s.io/client-go/applyconfigurations/core/v1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v2 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/go-openapi/runtime/middleware@0.19.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsoncodec@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. - Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    -

    Remediation

    -

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - cookiejar -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, superagent@7.1.3 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - superagent@7.1.3 - - cookiejar@2.1.3 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

    -

    PoC

    - 
    const { CookieJar } = require("cookiejar");
-        
-        const jar = new CookieJar();
-        
-        const start = performance.now();
-        const attack = "a" + "t".repeat(50_000);
-        jar.setCookie(attack);
-        console.log(`CookieJar.setCookie(): ${performance.now() - start}`);
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade cookiejar to version 2.1.4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html deleted file mode 100644 index 8dfdad71664f1..0000000000000 --- a/docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html +++ /dev/null @@ -1,1698 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:24:47 am

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.35.3/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
      • -
    -
    - -
    -
    11 known vulnerabilities
    -
    51 vulnerable dependency paths
    -
    756 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Double Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Access of Resource Using Incompatible Type ('Type Confusion')

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2/hpack -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-4304

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/text/language -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/text/language@v0.3.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/text/language@v0.3.7 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    -

    Remediation

    -

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.28/quay.io_argoproj_argocd_v2.4.28.html b/docs/snyk/v2.4.28/quay.io_argoproj_argocd_v2.4.28.html deleted file mode 100644 index 6c64c34bdadb0..0000000000000 --- a/docs/snyk/v2.4.28/quay.io_argoproj_argocd_v2.4.28.html +++ /dev/null @@ -1,3995 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:25:13 am

    -
    -
    - Scanned the following paths: -
      -
    • quay.io/argoproj/argocd:v2.4.28/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.4.28/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.4.28/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.4.28/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.4.28/git-lfs/git-lfs (gomodules)
      • -
    -
    - -
    -
    32 known vulnerabilities
    -
    126 vulnerable dependency paths
    -
    1963 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v3 -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    -

    PoC

    - 
    package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("0: [:!00 \xef"), &t)
-        }
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v3 to version 3.0.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v3 -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    -

    PoC

    - 
    package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("#\n-\n-\n0"), &t)
-        }
-
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2/hpack -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http2/hpack@v0.0.0-20201110031124-69a78807bb2b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/net/http2/hpack@v0.0.0-20201110031124-69a78807bb2b - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/prometheus/client_golang/prometheus/promhttp -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

    -

    Note: In order to be affected, an instrumented software must:

    -
      -

    1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

      -
      2. -

    2. not filter any specific methods (e.g GET) before middleware

      -
      3. -

    3. pass metric with method label name to the middleware

      -
      4. -

    4. not have any firewall/LB/proxy that filters away requests with unknown method.

      -
      5. -
    -

    Workarounds:

    -
      -

    1. removing the method label name from counter/gauge used in the InstrumentHandler

      -
      2. -

    2. turning off affected promhttp handlers

      -
      3. -

    3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

      -
      4. -

    4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

      -
      5. -
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Authorization Bypass

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/emicklei/go-restful -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/emicklei/go-restful@v2.9.5+incompatible - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/emicklei/go-restful@v2.9.5+incompatible - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Authorization Bypass when using CORS Filter with a configurable AllowedDomains parameter (which is an array of domains allowed in CORS policy), with the same value as exists in allowedOriginPatterns parameter (used for matching origin using regular expression), it causes for all domains in AllowedDomains to be also used as regular expression for matching origin validation. - This behavior means that if example.com exists in AllowedDomains, all domains starting with example.com would be acceptable, including example.com.hacker.domain.

    -

    Remediation

    -

    Upgrade github.com/emicklei/go-restful to version 2.16.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Command Injection

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Masterminds/vcs -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/Masterminds/vcs@v1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/Masterminds/vcs@v1.13.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Masterminds/vcs is a VCS Repo management through a common interface in Go. - Affected versions of this package are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

    -

    PoC

    - 
    package main
-        
-        import (
-            "github.com/Masterminds/vcs"
-        )
-        
-        func main(){
-              local := "--config=alias.init=!touch ./HELLO"
-            repo, _ := vcs.NewHgRepo("remote", local)
-            repo.Init()
-        }
-
    -

    Remediation

    -

    Upgrade github.com/Masterminds/vcs to version 1.13.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/yaml.v2@v2.2.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v2 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20211216021012-1d35b9e2eb4e - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/sys/unix@v0.0.0-20211216021012-1d35b9e2eb4e - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http/httpguts -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http/httpguts is a package providing functions implementing various details of the HTTP specification - Affected versions of this package are vulnerable to Denial of Service (DoS) when processing a large header to ReadRequest or ReadResponse. Servers are only vulnerable if the default max header of 1MB is increased by setting Server.MaxHeaderBytes.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http/httpguts to version 0.0.0-20210428140749-89ef3d95e781 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. - Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    -

    Remediation

    -

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-46908

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.28, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Locking

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Privilege Management

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-28531

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and ncurses/libtinfo6@6.3-2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncurses6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncurses6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/ncurses-base@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/ncurses-bin@6.3-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.28, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - meta-common-packages@meta - - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libzstd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Integer Overflow or Wraparound

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - krb5/libk5crypto3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libk5crypto3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - krb5/libk5crypto3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnupg2/gpgv -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - apt@2.4.8 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnupg2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - glibc/libc-bin -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and glibc/libc-bin@2.35-0ubuntu3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - glibc/libc-bin@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - meta-common-packages@meta - - glibc/libc6@2.35-0ubuntu3.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.28, git@1:2.34.1-1ubuntu1.8 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - git/git-man@1:2.34.1-1ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git-lfs@3.0.2-1ubuntu0.1 - - git@1:2.34.1-1ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 git.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - coreutils -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and coreutils@8.32-4.1ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - coreutils@8.32-4.1ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 coreutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - bash -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and bash@5.1-6ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - bash@5.1-6ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 bash.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html deleted file mode 100644 index a27157c285b02..0000000000000 --- a/docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html +++ /dev/null @@ -1,1698 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:22:49 am

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.35.3/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
      • -
    -
    - -
    -
    11 known vulnerabilities
    -
    51 vulnerable dependency paths
    -
    756 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Double Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Access of Resource Using Incompatible Type ('Type Confusion')

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2/hpack -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-4304

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/text/language -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/text/language@v0.3.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/text/language@v0.3.7 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    -

    Remediation

    -

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.5.16/redis_7.0.8-alpine.html b/docs/snyk/v2.5.16/redis_7.0.8-alpine.html deleted file mode 100644 index cb63394816bb7..0000000000000 --- a/docs/snyk/v2.5.16/redis_7.0.8-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:23:19 am

    -
    -
    - Scanned the following path: -
      -
    • redis:7.0.8-alpine (apk)
      • -
    -
    - -
    -
    3 known vulnerabilities
    -
    27 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:7.0.8-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.5.16/argocd-iac-install.html b/docs/snyk/v2.5.19/argocd-iac-install.html similarity index 89% rename from docs/snyk/v2.5.16/argocd-iac-install.html rename to docs/snyk/v2.5.19/argocd-iac-install.html index ec390402fc3a4..121123f582315 100644 --- a/docs/snyk/v2.5.16/argocd-iac-install.html +++ b/docs/snyk/v2.5.19/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:24:11 am

    +

    June 25th 2023, 12:28:57 am (UTC+00:00)

    Scanned the following path: @@ -494,7 +494,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -540,7 +540,7 @@

    Role with dangerous permissions

    • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
    • Introduced through: @@ -570,7 +570,7 @@

      Remediation

      -

      More about this issue

      +

      More about this issue

      @@ -586,7 +586,7 @@

      Role with dangerous permissions

      • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
      • Introduced through: @@ -616,7 +616,7 @@

        Remediation

        -

        More about this issue

        +

        More about this issue

        @@ -632,7 +632,7 @@

        Role with dangerous permissions

        • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
        • Introduced through: @@ -662,7 +662,7 @@

          Remediation

          -

          More about this issue

          +

          More about this issue

          @@ -678,7 +678,7 @@

          Role with dangerous permissions

          • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
          • Introduced through: @@ -708,7 +708,7 @@

            Remediation

            -

            More about this issue

            +

            More about this issue

            @@ -724,7 +724,7 @@

            Role with dangerous permissions

            • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
            • Introduced through: @@ -754,7 +754,7 @@

              Remediation

              -

              More about this issue

              +

              More about this issue

              @@ -770,7 +770,7 @@

              Container could be running with outdated image

              • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
              • Introduced through: @@ -806,7 +806,7 @@

                Remediation

                -

                More about this issue

                +

                More about this issue

                @@ -822,7 +822,7 @@

                Container has no CPU limit

                • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                • Introduced through: @@ -864,7 +864,7 @@

                  Remediation

                  -

                  More about this issue

                  +

                  More about this issue

                  @@ -880,7 +880,7 @@

                  Container has no CPU limit

                  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                  • Introduced through: @@ -922,7 +922,7 @@

                    Remediation

                    -

                    More about this issue

                    +

                    More about this issue

                    @@ -938,7 +938,7 @@

                    Container has no CPU limit

                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                    • Introduced through: @@ -980,7 +980,7 @@

                      Remediation

                      -

                      More about this issue

                      +

                      More about this issue

                      @@ -996,7 +996,7 @@

                      Container has no CPU limit

                      • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                      • Introduced through: @@ -1038,7 +1038,7 @@

                        Remediation

                        -

                        More about this issue

                        +

                        More about this issue

                        @@ -1054,7 +1054,7 @@

                        Container has no CPU limit

                        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                        • Introduced through: @@ -1096,7 +1096,7 @@

                          Remediation

                          -

                          More about this issue

                          +

                          More about this issue

                          @@ -1112,7 +1112,7 @@

                          Container has no CPU limit

                          • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                          • Introduced through: @@ -1154,7 +1154,7 @@

                            Remediation

                            -

                            More about this issue

                            +

                            More about this issue

                            @@ -1170,7 +1170,7 @@

                            Container has no CPU limit

                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                            • Introduced through: @@ -1212,7 +1212,7 @@

                              Remediation

                              -

                              More about this issue

                              +

                              More about this issue

                              @@ -1228,7 +1228,7 @@

                              Container has no CPU limit

                              • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                              • Introduced through: @@ -1270,7 +1270,7 @@

                                Remediation

                                -

                                More about this issue

                                +

                                More about this issue

                                @@ -1286,7 +1286,7 @@

                                Container has no CPU limit

                                • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                • Introduced through: @@ -1328,7 +1328,7 @@

                                  Remediation

                                  -

                                  More about this issue

                                  +

                                  More about this issue

                                  @@ -1344,7 +1344,7 @@

                                  Container is running with multiple open ports

                                  • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
                                  • Introduced through: @@ -1380,63 +1380,7 @@

                                    Remediation

                                    -

                                    More about this issue

                                    -
                                    - - -
                                    -

                                    Container is running with writable root filesystem

                                    -
                                    - -
                                    - low severity -
                                    - -
                                    - -
                                      -
                                    • - Public ID: SNYK-CC-K8S-8 -
                                      • - -
                                    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
                                      • - -
                                    • - Line number: 10203 -
                                      • -
                                    - -
                                    - -

                                    Impact

                                    -

                                    Compromised process could abuse writable root filesystem to elevate privileges

                                    - -

                                    Remediation

                                    -

                                    Set `securityContext.readOnlyRootFilesystem` to `true`

                                    - - -
                                    -
                                    - -
                                    -

                                    More about this issue

                                    +

                                    More about this issue

                                    @@ -1452,7 +1396,7 @@

                                    Container is running without liveness probe

                                    • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                    • Introduced through: @@ -1488,7 +1432,7 @@

                                      Remediation

                                      -

                                      More about this issue

                                      +

                                      More about this issue

                                      @@ -1504,7 +1448,7 @@

                                      Container is running without liveness probe

                                      • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                      • Introduced through: @@ -1540,7 +1484,7 @@

                                        Remediation

                                        -

                                        More about this issue

                                        +

                                        More about this issue

                                        @@ -1556,7 +1500,7 @@

                                        Container is running without liveness probe

                                        • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                        • Introduced through: @@ -1592,7 +1536,7 @@

                                          Remediation

                                          -

                                          More about this issue

                                          +

                                          More about this issue

                                          @@ -1608,7 +1552,7 @@

                                          Container is running without liveness probe

                                          • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                          • Introduced through: @@ -1644,7 +1588,7 @@

                                            Remediation

                                            -

                                            More about this issue

                                            +

                                            More about this issue

                                            @@ -1660,7 +1604,7 @@

                                            Container is running without liveness probe

                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                            • Introduced through: @@ -1696,7 +1640,7 @@

                                              Remediation

                                              -

                                              More about this issue

                                              +

                                              More about this issue

                                              @@ -1712,7 +1656,7 @@

                                              Container is running without memory limit

                                              • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                              • Introduced through: @@ -1754,7 +1698,7 @@

                                                Remediation

                                                -

                                                More about this issue

                                                +

                                                More about this issue

                                                @@ -1770,7 +1714,7 @@

                                                Container is running without memory limit

                                                • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                • Introduced through: @@ -1812,7 +1756,7 @@

                                                  Remediation

                                                  -

                                                  More about this issue

                                                  +

                                                  More about this issue

                                                  @@ -1828,7 +1772,7 @@

                                                  Container is running without memory limit

                                                  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                  • Introduced through: @@ -1870,7 +1814,7 @@

                                                    Remediation

                                                    -

                                                    More about this issue

                                                    +

                                                    More about this issue

                                                    @@ -1886,7 +1830,7 @@

                                                    Container is running without memory limit

                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                    • Introduced through: @@ -1928,7 +1872,7 @@

                                                      Remediation

                                                      -

                                                      More about this issue

                                                      +

                                                      More about this issue

                                                      @@ -1944,7 +1888,7 @@

                                                      Container is running without memory limit

                                                      • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                      • Introduced through: @@ -1986,7 +1930,7 @@

                                                        Remediation

                                                        -

                                                        More about this issue

                                                        +

                                                        More about this issue

                                                        @@ -2002,7 +1946,7 @@

                                                        Container is running without memory limit

                                                        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                        • Introduced through: @@ -2044,7 +1988,7 @@

                                                          Remediation

                                                          -

                                                          More about this issue

                                                          +

                                                          More about this issue

                                                          @@ -2060,7 +2004,7 @@

                                                          Container is running without memory limit

                                                          • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                          • Introduced through: @@ -2102,7 +2046,7 @@

                                                            Remediation

                                                            -

                                                            More about this issue

                                                            +

                                                            More about this issue

                                                            @@ -2118,7 +2062,7 @@

                                                            Container is running without memory limit

                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                            • Introduced through: @@ -2160,7 +2104,7 @@

                                                              Remediation

                                                              -

                                                              More about this issue

                                                              +

                                                              More about this issue

                                                              @@ -2176,7 +2120,7 @@

                                                              Container is running without memory limit

                                                              • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                              • Introduced through: @@ -2218,12 +2162,68 @@

                                                                Remediation

                                                                -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                +
                                                                + + +
                                                                +

                                                                Container or Pod is running with writable root filesystem

                                                                +
                                                                + +
                                                                + low severity +
                                                                + +
                                                                + +
                                                                  +
                                                                • + Public ID: SNYK-CC-K8S-8 +
                                                                  • + +
                                                                • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
                                                                  • + +
                                                                • + Line number: 10203 +
                                                                  • +
                                                                + +
                                                                + +

                                                                Impact

                                                                +

                                                                Compromised process could abuse writable root filesystem to elevate privileges

                                                                + +

                                                                Remediation

                                                                +

                                                                Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                + + +
                                                                +
                                                                + +
                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2234,7 +2234,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2267,19 +2267,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2290,7 +2290,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2323,19 +2323,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2346,7 +2346,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2379,19 +2379,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2402,7 +2402,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2435,19 +2435,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2458,7 +2458,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2491,19 +2491,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2514,7 +2514,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2547,19 +2547,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2570,7 +2570,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2603,19 +2603,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2626,7 +2626,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2659,19 +2659,19 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                -

                                                                Container's UID could clash with host's UID

                                                                +

                                                                Container's or Pod's UID could clash with host's UID

                                                                @@ -2682,7 +2682,7 @@

                                                                Container's UID could clash with host's UID
                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                              • Introduced through: @@ -2715,14 +2715,14 @@

                                                                Impact

                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                Remediation

                                                                -

                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                +

                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                • -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                diff --git a/docs/snyk/v2.5.16/argocd-iac-namespace-install.html b/docs/snyk/v2.5.19/argocd-iac-namespace-install.html similarity index 89% rename from docs/snyk/v2.5.16/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.19/argocd-iac-namespace-install.html index de358a79e26bd..2ae5c37f1c052 100644 --- a/docs/snyk/v2.5.16/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.19/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

                                                                Snyk test report

                                                                -

                                                                April 16th 2023, 12:24:21 am

                                                                +

                                                                June 25th 2023, 12:29:09 am (UTC+00:00)

                                                                Scanned the following path: @@ -494,7 +494,7 @@

                                                                Role with dangerous permissions

                                                                -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                @@ -540,7 +540,7 @@

                                                                Role with dangerous permissions

                                                                -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                @@ -586,7 +586,7 @@

                                                                Role with dangerous permissions

                                                                -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                @@ -632,7 +632,7 @@

                                                                Role with dangerous permissions

                                                                -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                @@ -678,7 +678,7 @@

                                                                Role with dangerous permissions

                                                                -

                                                                More about this issue

                                                                +

                                                                More about this issue

                                                                @@ -724,7 +724,7 @@

                                                                Role with dangerous permissions

                                                                • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                • Introduced through: @@ -754,7 +754,7 @@

                                                                  Remediation

                                                                  -

                                                                  More about this issue

                                                                  +

                                                                  More about this issue

                                                                  @@ -770,7 +770,7 @@

                                                                  Container could be running with outdated image

                                                                  • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
                                                                  • Introduced through: @@ -806,7 +806,7 @@

                                                                    Remediation

                                                                    -

                                                                    More about this issue

                                                                    +

                                                                    More about this issue

                                                                    @@ -822,7 +822,7 @@

                                                                    Container has no CPU limit

                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                    • Introduced through: @@ -864,7 +864,7 @@

                                                                      Remediation

                                                                      -

                                                                      More about this issue

                                                                      +

                                                                      More about this issue

                                                                      @@ -880,7 +880,7 @@

                                                                      Container has no CPU limit

                                                                      • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                      • Introduced through: @@ -922,7 +922,7 @@

                                                                        Remediation

                                                                        -

                                                                        More about this issue

                                                                        +

                                                                        More about this issue

                                                                        @@ -938,7 +938,7 @@

                                                                        Container has no CPU limit

                                                                        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                        • Introduced through: @@ -980,7 +980,7 @@

                                                                          Remediation

                                                                          -

                                                                          More about this issue

                                                                          +

                                                                          More about this issue

                                                                          @@ -996,7 +996,7 @@

                                                                          Container has no CPU limit

                                                                          • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                          • Introduced through: @@ -1038,7 +1038,7 @@

                                                                            Remediation

                                                                            -

                                                                            More about this issue

                                                                            +

                                                                            More about this issue

                                                                            @@ -1054,7 +1054,7 @@

                                                                            Container has no CPU limit

                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                            • Introduced through: @@ -1096,7 +1096,7 @@

                                                                              Remediation

                                                                              -

                                                                              More about this issue

                                                                              +

                                                                              More about this issue

                                                                              @@ -1112,7 +1112,7 @@

                                                                              Container has no CPU limit

                                                                              • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                              • Introduced through: @@ -1154,7 +1154,7 @@

                                                                                Remediation

                                                                                -

                                                                                More about this issue

                                                                                +

                                                                                More about this issue

                                                                                @@ -1170,7 +1170,7 @@

                                                                                Container has no CPU limit

                                                                                • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                • Introduced through: @@ -1212,7 +1212,7 @@

                                                                                  Remediation

                                                                                  -

                                                                                  More about this issue

                                                                                  +

                                                                                  More about this issue

                                                                                  @@ -1228,7 +1228,7 @@

                                                                                  Container has no CPU limit

                                                                                  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                  • Introduced through: @@ -1270,7 +1270,7 @@

                                                                                    Remediation

                                                                                    -

                                                                                    More about this issue

                                                                                    +

                                                                                    More about this issue

                                                                                    @@ -1286,7 +1286,7 @@

                                                                                    Container has no CPU limit

                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                    • Introduced through: @@ -1328,7 +1328,7 @@

                                                                                      Remediation

                                                                                      -

                                                                                      More about this issue

                                                                                      +

                                                                                      More about this issue

                                                                                      @@ -1344,7 +1344,7 @@

                                                                                      Container is running with multiple open ports

                                                                                      • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
                                                                                      • Introduced through: @@ -1380,63 +1380,7 @@

                                                                                        Remediation

                                                                                        -

                                                                                        More about this issue

                                                                                        -
                                                                                        - - -
                                                                                        -

                                                                                        Container is running with writable root filesystem

                                                                                        -
                                                                                        - -
                                                                                        - low severity -
                                                                                        - -
                                                                                        - -
                                                                                          -
                                                                                        • - Public ID: SNYK-CC-K8S-8 -
                                                                                          • - -
                                                                                        • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
                                                                                          • - -
                                                                                        • - Line number: 869 -
                                                                                          • -
                                                                                        - -
                                                                                        - -

                                                                                        Impact

                                                                                        -

                                                                                        Compromised process could abuse writable root filesystem to elevate privileges

                                                                                        - -

                                                                                        Remediation

                                                                                        -

                                                                                        Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                        - - -
                                                                                        -
                                                                                        - -
                                                                                        -

                                                                                        More about this issue

                                                                                        +

                                                                                        More about this issue

                                                                                        @@ -1452,7 +1396,7 @@

                                                                                        Container is running without liveness probe

                                                                                        • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                        • Introduced through: @@ -1488,7 +1432,7 @@

                                                                                          Remediation

                                                                                          -

                                                                                          More about this issue

                                                                                          +

                                                                                          More about this issue

                                                                                          @@ -1504,7 +1448,7 @@

                                                                                          Container is running without liveness probe

                                                                                          • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                          • Introduced through: @@ -1540,7 +1484,7 @@

                                                                                            Remediation

                                                                                            -

                                                                                            More about this issue

                                                                                            +

                                                                                            More about this issue

                                                                                            @@ -1556,7 +1500,7 @@

                                                                                            Container is running without liveness probe

                                                                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                            • Introduced through: @@ -1592,7 +1536,7 @@

                                                                                              Remediation

                                                                                              -

                                                                                              More about this issue

                                                                                              +

                                                                                              More about this issue

                                                                                              @@ -1608,7 +1552,7 @@

                                                                                              Container is running without liveness probe

                                                                                              • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                              • Introduced through: @@ -1644,7 +1588,7 @@

                                                                                                Remediation

                                                                                                -

                                                                                                More about this issue

                                                                                                +

                                                                                                More about this issue

                                                                                                @@ -1660,7 +1604,7 @@

                                                                                                Container is running without liveness probe

                                                                                                • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                • Introduced through: @@ -1696,7 +1640,7 @@

                                                                                                  Remediation

                                                                                                  -

                                                                                                  More about this issue

                                                                                                  +

                                                                                                  More about this issue

                                                                                                  @@ -1712,7 +1656,7 @@

                                                                                                  Container is running without memory limit

                                                                                                  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                  • Introduced through: @@ -1754,7 +1698,7 @@

                                                                                                    Remediation

                                                                                                    -

                                                                                                    More about this issue

                                                                                                    +

                                                                                                    More about this issue

                                                                                                    @@ -1770,7 +1714,7 @@

                                                                                                    Container is running without memory limit

                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                    • Introduced through: @@ -1812,7 +1756,7 @@

                                                                                                      Remediation

                                                                                                      -

                                                                                                      More about this issue

                                                                                                      +

                                                                                                      More about this issue

                                                                                                      @@ -1828,7 +1772,7 @@

                                                                                                      Container is running without memory limit

                                                                                                      • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                      • Introduced through: @@ -1870,7 +1814,7 @@

                                                                                                        Remediation

                                                                                                        -

                                                                                                        More about this issue

                                                                                                        +

                                                                                                        More about this issue

                                                                                                        @@ -1886,7 +1830,7 @@

                                                                                                        Container is running without memory limit

                                                                                                        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                        • Introduced through: @@ -1928,7 +1872,7 @@

                                                                                                          Remediation

                                                                                                          -

                                                                                                          More about this issue

                                                                                                          +

                                                                                                          More about this issue

                                                                                                          @@ -1944,7 +1888,7 @@

                                                                                                          Container is running without memory limit

                                                                                                          • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                          • Introduced through: @@ -1986,7 +1930,7 @@

                                                                                                            Remediation

                                                                                                            -

                                                                                                            More about this issue

                                                                                                            +

                                                                                                            More about this issue

                                                                                                            @@ -2002,7 +1946,7 @@

                                                                                                            Container is running without memory limit

                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                            • Introduced through: @@ -2044,7 +1988,7 @@

                                                                                                              Remediation

                                                                                                              -

                                                                                                              More about this issue

                                                                                                              +

                                                                                                              More about this issue

                                                                                                              @@ -2060,7 +2004,7 @@

                                                                                                              Container is running without memory limit

                                                                                                              • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                              • Introduced through: @@ -2102,7 +2046,7 @@

                                                                                                                Remediation

                                                                                                                -

                                                                                                                More about this issue

                                                                                                                +

                                                                                                                More about this issue

                                                                                                                @@ -2118,7 +2062,7 @@

                                                                                                                Container is running without memory limit

                                                                                                                • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                • Introduced through: @@ -2160,7 +2104,7 @@

                                                                                                                  Remediation

                                                                                                                  -

                                                                                                                  More about this issue

                                                                                                                  +

                                                                                                                  More about this issue

                                                                                                                  @@ -2176,7 +2120,7 @@

                                                                                                                  Container is running without memory limit

                                                                                                                  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                  • Introduced through: @@ -2218,12 +2162,68 @@

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    +
                                                                                                                    + + +
                                                                                                                    +

                                                                                                                    Container or Pod is running with writable root filesystem

                                                                                                                    +
                                                                                                                    + +
                                                                                                                    + low severity +
                                                                                                                    + +
                                                                                                                    + +
                                                                                                                      +
                                                                                                                    • + Public ID: SNYK-CC-K8S-8 +
                                                                                                                      • + +
                                                                                                                    • Introduced through: + [DocId: 38] + + input + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
                                                                                                                      • + +
                                                                                                                    • + Line number: 869 +
                                                                                                                      • +
                                                                                                                    + +
                                                                                                                    + +

                                                                                                                    Impact

                                                                                                                    +

                                                                                                                    Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                    + +

                                                                                                                    Remediation

                                                                                                                    +

                                                                                                                    Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                    + + +
                                                                                                                    +
                                                                                                                    + +
                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2234,7 +2234,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2267,19 +2267,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2290,7 +2290,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2323,19 +2323,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2346,7 +2346,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2379,19 +2379,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2402,7 +2402,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2435,19 +2435,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2458,7 +2458,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2491,19 +2491,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2514,7 +2514,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2547,19 +2547,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2570,7 +2570,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2603,19 +2603,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2626,7 +2626,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2659,19 +2659,19 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    -

                                                                                                                    Container's UID could clash with host's UID

                                                                                                                    +

                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                    @@ -2682,7 +2682,7 @@

                                                                                                                    Container's UID could clash with host's UID
                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                  • Introduced through: @@ -2715,14 +2715,14 @@

                                                                                                                    Impact

                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                    +

                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                    • -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    diff --git a/docs/snyk/v2.5.16/argocd-test.html b/docs/snyk/v2.5.19/argocd-test.html similarity index 95% rename from docs/snyk/v2.5.16/argocd-test.html rename to docs/snyk/v2.5.19/argocd-test.html index 839e161ecc28b..b37a0df06074f 100644 --- a/docs/snyk/v2.5.16/argocd-test.html +++ b/docs/snyk/v2.5.19/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

                                                                                                                    Snyk test report

                                                                                                                    -

                                                                                                                    April 16th 2023, 12:22:40 am

                                                                                                                    +

                                                                                                                    June 25th 2023, 12:27:11 am (UTC+00:00)

                                                                                                                    Scanned the following paths: @@ -466,7 +466,7 @@

                                                                                                                    Snyk test report

                                                                                                                    -
                                                                                                                    6 known vulnerabilities
                                                                                                                    +
                                                                                                                    7 known vulnerabilities
                                                                                                                    216 vulnerable dependency paths
                                                                                                                    1719 dependencies
                                                                                                                    @@ -476,6 +476,156 @@

                                                                                                                    Snyk test report

                                                                                                                    +
                                                                                                                    +

                                                                                                                    Regular Expression Denial of Service (ReDoS)

                                                                                                                    +
                                                                                                                    + +
                                                                                                                    + medium severity +
                                                                                                                    + +
                                                                                                                    + +
                                                                                                                      +
                                                                                                                    • + Package Manager: npm +
                                                                                                                      • +
                                                                                                                    • + Vulnerable module: + + semver +
                                                                                                                      • + +
                                                                                                                    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@7.1.6 and others +
                                                                                                                      • +
                                                                                                                    + +
                                                                                                                    + + +

                                                                                                                    Detailed paths

                                                                                                                    + +
                                                                                                                      +
                                                                                                                    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@7.1.6 + + semver@7.3.7 + + + +
                                                                                                                      • +
                                                                                                                    + +
                                                                                                                    + +
                                                                                                                    + +

                                                                                                                    Overview

                                                                                                                    +

                                                                                                                    semver is a semantic version parser used by npm.

                                                                                                                    +

                                                                                                                    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

                                                                                                                    +

                                                                                                                    PoC

                                                                                                                    + 
                                                                                                                    
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
                                                                                                                    +

                                                                                                                    Details

                                                                                                                    +

                                                                                                                    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

                                                                                                                    +

                                                                                                                    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

                                                                                                                    +

                                                                                                                    Let’s take the following regular expression as an example:

                                                                                                                    + 
                                                                                                                    regex = /A(B|C+)+D/
+
                                                                                                                    +

                                                                                                                    This regular expression accomplishes the following:

                                                                                                                    +
                                                                                                                      +
                                                                                                                    • A The string must start with the letter 'A'
                                                                                                                      • +
                                                                                                                    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
                                                                                                                      • +
                                                                                                                    • D Finally, we ensure this section of the string ends with a 'D'
                                                                                                                      • +
                                                                                                                    +

                                                                                                                    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

                                                                                                                    +

                                                                                                                    It most cases, it doesn't take very long for a regex engine to find a match:

                                                                                                                    + 
                                                                                                                    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
                                                                                                                    +

                                                                                                                    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

                                                                                                                    +

                                                                                                                    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

                                                                                                                    +

                                                                                                                    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

                                                                                                                    +
                                                                                                                      +
                                                                                                                    1. CCC
                                                                                                                      2. +
                                                                                                                    2. CC+C
                                                                                                                      3. +
                                                                                                                    3. C+CC
                                                                                                                      4. +
                                                                                                                    4. C+C+C.
                                                                                                                      5. +
                                                                                                                    +

                                                                                                                    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

                                                                                                                    +

                                                                                                                    From there, the number of steps the engine must use to validate a string just continues to grow.

                                                                                                                    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                                                                                                    StringNumber of C'sNumber of steps
                                                                                                                    ACCCX338
                                                                                                                    ACCCCX471
                                                                                                                    ACCCCCX5136
                                                                                                                    ACCCCCCCCCCCCCCX1465,553
                                                                                                                    +

                                                                                                                    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

                                                                                                                    +

                                                                                                                    Remediation

                                                                                                                    +

                                                                                                                    Upgrade semver to version 7.5.2 or higher.

                                                                                                                    +

                                                                                                                    References

                                                                                                                    + + +
                                                                                                                    + +
                                                                                                                    +

                                                                                                                    More about this vulnerability

                                                                                                                    +
                                                                                                                    + +

                                                                                                                    Server-side Request Forgery (SSRF)

                                                                                                                    @@ -529,8 +679,8 @@

                                                                                                                    Detailed paths

                                                                                                                    Overview

                                                                                                                    -

                                                                                                                    parse-url is an An advanced url parser supporting git urls too. - Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

                                                                                                                    +

                                                                                                                    parse-url is an An advanced url parser supporting git urls too.

                                                                                                                    +

                                                                                                                    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

                                                                                                                    PoC:

                                                                                                                    import parseUrl from "parse-url";
         import fetch from 'node-fetch';
@@ -611,8 +761,8 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
               
                                                                                                                    
               
               
                                                                                                                    Overview
                                                                                                                    
-        
                                                                                                                    parse-url is an An advanced url parser supporting git urls too.
-        Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
                                                                                                                    
+        
                                                                                                                    parse-url is an An advanced url parser supporting git urls too.
                                                                                                                    
+        
                                                                                                                    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
                                                                                                                    
         
                                                                                                                    
         const parseUrl = require("parse-url");
         const Url = require("url");
@@ -705,8 +855,8 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
               
                                                                                                                    
               
               
                                                                                                                    Overview
                                                                                                                    
-        
                                                                                                                    minimatch is a minimal matching utility.
-        Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
                                                                                                                    
+        
                                                                                                                    minimatch is a minimal matching utility.
                                                                                                                    
+        
                                                                                                                    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
                                                                                                                    
         
                                                                                                                    Details
                                                                                                                    
         
                                                                                                                    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.
                                                                                                                    
         
                                                                                                                    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.
                                                                                                                    
@@ -898,7 +1048,7 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/util/managedfields@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -911,7 +1061,7 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/util/managedfields@0.24.2
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -924,7 +1074,7 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -950,7 +1100,7 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.1
+                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
@@ -963,7 +1113,7 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
+                                        sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.1
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
@@ -1049,32 +1199,6 @@ 
                                                                                                                    Detailed paths
                                                                                                                    
                                         
                                                                                                                                                     
         
-
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#4d8552b0775f - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#4d8552b0775f - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - -
                                                                                                                  • Introduced through: @@ -1093,7 +1217,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + github.com/argoproj/notifications-engine/pkg/subscriptions@#4d8552b0775f github.com/ghodss/yaml@1.0.0 @@ -1254,7 +1378,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1269,7 +1393,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1284,7 +1408,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/core/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1299,7 +1423,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/rbac/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1314,7 +1438,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/rbac/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1329,7 +1453,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 + k8s.io/client-go/tools/clientcmd/api@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1344,7 +1468,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/errors@0.24.2 + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1359,9 +1483,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/managedfields@0.24.2 + k8s.io/apimachinery/pkg/api/errors@0.24.2 - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1 + k8s.io/apimachinery/pkg/runtime@0.24.2 sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 @@ -1374,7 +1498,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9 + k8s.io/apimachinery/pkg/util/managedfields@0.24.2 sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1 @@ -1389,7 +1513,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9 + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9 sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1 @@ -1444,6 +1568,21 @@

                                                                                                                    Detailed paths

                                                                                                                     +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + + sigs.k8s.io/yaml@1.3.0 + + gopkg.in/yaml.v2@2.2.4 + + +
                                                                                                                  • Introduced through: @@ -1489,6 +1628,36 @@

                                                                                                                    Detailed paths

                                                                                                                     +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/util/misc@#4d8552b0775f + + github.com/ghodss/yaml@1.0.0 + + gopkg.in/yaml.v2@2.2.4 + + + +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/subscriptions@#4d8552b0775f + + github.com/ghodss/yaml@1.0.0 + + gopkg.in/yaml.v2@2.2.4 + + +
                                                                                                                  • Introduced through: @@ -1645,7 +1814,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/portforward@0.24.2 + k8s.io/kubectl/pkg/util/resource@0.24.2 k8s.io/api/core/v1@0.24.2 @@ -1713,7 +1882,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + k8s.io/client-go/dynamic@0.24.2 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 @@ -1730,7 +1899,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 + github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 @@ -1747,7 +1916,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9 + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#98ccd3d43fd9 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 @@ -1764,7 +1933,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#98ccd3d43fd9 + github.com/argoproj/gitops-engine/pkg/utils/testing@#98ccd3d43fd9 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 @@ -1781,9 +1950,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/testing@#98ccd3d43fd9 + k8s.io/client-go/tools/portforward@0.24.2 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1815,9 +1984,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/resource@0.24.2 + sigs.k8s.io/controller-runtime@0.11.0 - k8s.io/api/core/v1@0.24.2 + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1832,9 +2001,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + k8s.io/client-go/util/retry@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + k8s.io/apimachinery/pkg/api/errors@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -1849,62 +2018,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 + github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9 - k8s.io/client-go/pkg/apis/clientauthentication@0.24.2 + sigs.k8s.io/structured-merge-diff/v4/merge@4.2.1 - k8s.io/apimachinery/pkg/runtime@0.24.2 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/runtime@0.24.2 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.24.2 - - k8s.io/apimachinery/pkg/api/errors@0.24.2 - - k8s.io/apimachinery/pkg/runtime@0.24.2 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.2 - - k8s.io/client-go/tools/reference@0.24.2 - - k8s.io/apimachinery/pkg/runtime@0.24.2 + sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.1 sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 @@ -2050,25 +2168,6 @@

                                                                                                                    Detailed paths

                                                                                                                     -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 - - k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8 - - gopkg.in/yaml.v2@2.2.4 - - -
                                                                                                                  • Introduced through: @@ -2093,11 +2192,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2112,11 +2211,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/dynamic@0.24.2 + k8s.io/client-go/tools/record@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/tools/reference@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2131,11 +2230,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/transport/spdy@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 - k8s.io/client-go/rest@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2150,7 +2249,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + k8s.io/client-go/transport/spdy@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -2169,7 +2268,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/testing@0.24.2 + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 k8s.io/client-go/rest@0.24.2 @@ -2188,7 +2287,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes@0.24.2 + k8s.io/client-go/testing@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -2264,30 +2363,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/runtime@0.24.2 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 - k8s.io/client-go/tools/cache@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/resource@#98ccd3d43fd9 - k8s.io/client-go/tools/pager@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2302,11 +2382,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - k8s.io/client-go/tools/pager@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2321,7 +2401,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.2 k8s.io/client-go/tools/cache@0.24.2 @@ -2506,6 +2586,25 @@

                                                                                                                    Detailed paths

                                                                                                                     +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/kubernetes/scheme@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + + sigs.k8s.io/yaml@1.3.0 + + gopkg.in/yaml.v2@2.2.4 + + +
                                                                                                                  • Introduced through: @@ -2568,11 +2667,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 + k8s.io/client-go/discovery@0.24.2 - github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + k8s.io/client-go/openapi@0.24.2 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/kube-openapi/pkg/handler3@#011e075b9cb8 k8s.io/kube-openapi/pkg/validation/spec@#011e075b9cb8 @@ -2587,7 +2686,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 @@ -2606,11 +2705,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 - k8s.io/client-go/openapi@0.24.2 + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 - k8s.io/kube-openapi/pkg/handler3@#011e075b9cb8 + k8s.io/kubectl/pkg/util/openapi@0.24.2 k8s.io/kube-openapi/pkg/validation/spec@#011e075b9cb8 @@ -2744,6 +2843,27 @@

                                                                                                                    Detailed paths

                                                                                                                     +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 + + k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8 + + gopkg.in/yaml.v2@2.2.4 + + +
                                                                                                                  • Introduced through: @@ -2833,13 +2953,13 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 + k8s.io/client-go/discovery@0.24.2 - k8s.io/kubectl/pkg/util/podutils@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2854,9 +2974,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/client-go/discovery/fake@0.24.2 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/testing@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -2875,7 +2995,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.24.2 + k8s.io/client-go/kubernetes/fake@0.24.2 k8s.io/client-go/testing@0.24.2 @@ -2896,9 +3016,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.2 + k8s.io/client-go/tools/remotecommand@0.24.2 - k8s.io/client-go/testing@0.24.2 + k8s.io/client-go/transport/spdy@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -2917,13 +3037,13 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.2 + k8s.io/client-go/tools/clientcmd@0.24.2 - k8s.io/client-go/transport/spdy@0.24.2 + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2938,13 +3058,13 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.24.2 + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f - k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.2 - k8s.io/client-go/tools/clientcmd/api/v1@0.24.2 + k8s.io/client-go/tools/cache@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/client-go/tools/pager@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -2959,9 +3079,30 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/validation@0.24.2 + k8s.io/client-go/informers/core/v1@0.24.2 - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/runtime@0.24.2 + + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 + + gopkg.in/yaml.v2@2.2.4 + + + +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 + + k8s.io/apimachinery/pkg/api/equality@0.24.2 k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 @@ -2980,17 +3121,17 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9 + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 + k8s.io/apimachinery/pkg/api/equality@0.24.2 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#98ccd3d43fd9 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + k8s.io/apimachinery/pkg/watch@0.24.2 - github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + k8s.io/apimachinery/pkg/runtime@0.24.2 - sigs.k8s.io/yaml@1.3.0 + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 gopkg.in/yaml.v2@2.2.4 @@ -3001,17 +3142,17 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9 + k8s.io/apimachinery/pkg/api/validation@0.24.2 - k8s.io/kubernetes/pkg/apis/storage/install@1.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 - k8s.io/kubernetes/pkg/api/legacyscheme@1.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + k8s.io/apimachinery/pkg/runtime@0.24.2 - sigs.k8s.io/yaml@1.3.0 + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 gopkg.in/yaml.v2@2.2.4 @@ -3022,15 +3163,15 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/cache@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9 - k8s.io/client-go/rest@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#98ccd3d43fd9 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 - k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 sigs.k8s.io/yaml@1.3.0 @@ -3043,11 +3184,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery@0.24.2 + k8s.io/kubectl/pkg/util/openapi@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 @@ -3064,11 +3205,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/dynamic@0.24.2 + k8s.io/client-go/kubernetes@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 @@ -3085,7 +3226,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/transport/spdy@0.24.2 + k8s.io/client-go/tools/cache@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -3106,7 +3247,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + k8s.io/client-go/transport/spdy@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -3127,7 +3268,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/testing@0.24.2 + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 k8s.io/client-go/rest@0.24.2 @@ -3148,7 +3289,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes@0.24.2 + k8s.io/client-go/testing@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -3345,38 +3486,15 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9 - k8s.io/kubectl/pkg/util/openapi@0.24.2 k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/tools/clientcmd/api@0.24.2 - - k8s.io/apimachinery/pkg/runtime@0.24.2 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -3391,15 +3509,15 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + k8s.io/client-go/kubernetes@0.24.2 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -3443,9 +3561,9 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - k8s.io/client-go/tools/clientcmd/api/v1@0.24.2 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -3506,36 +3624,13 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 + github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9 + k8s.io/kubectl/pkg/util/openapi@0.24.2 k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 @@ -3552,13 +3647,13 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9 - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/kubectl/pkg/util/openapi@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 @@ -3575,7 +3670,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.2 k8s.io/client-go/tools/cache@0.24.2 @@ -3790,36 +3885,11 @@

                                                                                                                    Detailed paths

                                                                                                                    github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/kube-openapi/pkg/validation/spec@#011e075b9cb8 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - -                                                                                                                     - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + k8s.io/kubectl/pkg/util/openapi@0.24.2 - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 + k8s.io/kube-openapi/pkg/validation/spec@#011e075b9cb8 - k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8 + github.com/go-openapi/swag@0.19.14 gopkg.in/yaml.v2@2.2.4 @@ -3830,17 +3900,17 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime@0.11.0 + github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 - sigs.k8s.io/controller-runtime/pkg/leaderelection@0.11.0 + k8s.io/kubectl/pkg/cmd/util@0.24.2 - k8s.io/client-go/tools/leaderelection/resourcelock@0.24.2 + k8s.io/client-go/kubernetes@0.24.2 - k8s.io/client-go/kubernetes/typed/core/v1@0.24.2 + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - k8s.io/client-go/applyconfigurations/core/v1@0.24.2 + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2 k8s.io/client-go/applyconfigurations/meta/v1@0.24.2 @@ -3855,7 +3925,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 @@ -3880,21 +3950,21 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9 - github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + k8s.io/kubectl/pkg/util/openapi@0.24.2 - k8s.io/kubectl/pkg/cmd/util@0.24.2 + k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/kubernetes@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2 + k8s.io/api/core/v1@0.24.2 - k8s.io/client-go/applyconfigurations/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/runtime@0.24.2 - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1 + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 gopkg.in/yaml.v2@2.2.4 @@ -3905,17 +3975,42 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9 - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + k8s.io/kubectl/pkg/util/openapi@0.24.2 - k8s.io/client-go/restmapper@0.24.2 + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/kubernetes/scheme@0.24.2 + + k8s.io/api/storage/v1beta1@0.24.2 + + k8s.io/api/core/v1@0.24.2 + + k8s.io/apimachinery/pkg/runtime@0.24.2 + + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 + + gopkg.in/yaml.v2@2.2.4 + + + +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 + + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -3955,12 +4050,37 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9 + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + + sigs.k8s.io/yaml@1.3.0 + + gopkg.in/yaml.v2@2.2.4 + + + +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + k8s.io/client-go/listers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + k8s.io/client-go/rest@0.24.2 k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 @@ -3980,11 +4100,11 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9 + k8s.io/client-go/informers/core/v1@0.24.2 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.2 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/tools/cache@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -4180,23 +4300,50 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8 - k8s.io/client-go/restmapper@0.24.2 + gopkg.in/yaml.v2@2.2.4 + + + +
                                                                                                                    • +
                                                                                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery@0.24.2 + sigs.k8s.io/controller-runtime@0.11.0 - k8s.io/client-go/rest@0.24.2 + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + sigs.k8s.io/controller-runtime/pkg/leaderelection@0.11.0 - k8s.io/apimachinery/pkg/runtime@0.24.2 + k8s.io/client-go/tools/leaderelection/resourcelock@0.24.2 - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 + k8s.io/client-go/kubernetes@0.24.2 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2 + + k8s.io/client-go/applyconfigurations/meta/v1@0.24.2 + + sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1 gopkg.in/yaml.v2@2.2.4 @@ -4207,7 +4354,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 @@ -4217,13 +4364,13 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - k8s.io/apimachinery/pkg/runtime@0.24.2 + k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 + sigs.k8s.io/yaml@1.3.0 gopkg.in/yaml.v2@2.2.4 @@ -4234,7 +4381,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 @@ -4242,9 +4391,7 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 @@ -4400,8 +4547,6 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 @@ -4412,9 +4557,11 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 + + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -4429,7 +4576,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 @@ -4439,15 +4586,15 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + k8s.io/api/core/v1@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + k8s.io/apimachinery/pkg/runtime@0.24.2 - sigs.k8s.io/yaml@1.3.0 + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 gopkg.in/yaml.v2@2.2.4 @@ -4458,7 +4605,9 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 @@ -4468,9 +4617,7 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 @@ -4721,9 +4868,7 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 sigs.k8s.io/controller-runtime/pkg/client@0.11.0 @@ -4735,9 +4880,11 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 + + k8s.io/api/core/v1@0.24.2 k8s.io/apimachinery/pkg/runtime@0.24.2 @@ -4752,21 +4899,21 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime@0.11.0 + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/client-go/restmapper@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 @@ -4783,17 +4930,17 @@

                                                                                                                    Detailed paths

                                                                                                                    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + sigs.k8s.io/controller-runtime@0.11.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - k8s.io/client-go/restmapper@0.24.2 + sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/tools/cache@0.24.2 k8s.io/client-go/rest@0.24.2 @@ -4849,7 +4996,7 @@

                                                                                                                    Detailed paths

                                                                                                                    sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 @@ -4880,7 +5027,7 @@

                                                                                                                    Detailed paths

                                                                                                                    sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 @@ -4890,15 +5037,15 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + k8s.io/api/core/v1@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + k8s.io/apimachinery/pkg/runtime@0.24.2 - sigs.k8s.io/yaml@1.3.0 + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 gopkg.in/yaml.v2@2.2.4 @@ -4927,13 +5074,13 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/tools/clientcmd/api@0.24.2 + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - k8s.io/apimachinery/pkg/runtime@0.24.2 + k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 - sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 + sigs.k8s.io/yaml@1.3.0 gopkg.in/yaml.v2@2.2.4 @@ -4997,15 +5144,15 @@

                                                                                                                    Detailed paths

                                                                                                                    k8s.io/client-go/discovery@0.24.2 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/kubernetes/scheme@0.24.2 - k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2 + k8s.io/api/storage/v1beta1@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + k8s.io/api/core/v1@0.24.2 - k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2 + k8s.io/apimachinery/pkg/runtime@0.24.2 - sigs.k8s.io/yaml@1.3.0 + sigs.k8s.io/structured-merge-diff/v4/value@4.2.1 gopkg.in/yaml.v2@2.2.4 @@ -5026,7 +5173,7 @@

                                                                                                                    Detailed paths

                                                                                                                    sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 @@ -5056,8 +5203,8 @@

                                                                                                                    Detailed paths

                                                                                                                    Overview

                                                                                                                    -

                                                                                                                    gopkg.in/yaml.v2 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

                                                                                                                    +

                                                                                                                    gopkg.in/yaml.v2 is a YAML support package for the Go language.

                                                                                                                    +

                                                                                                                    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

                                                                                                                    Details

                                                                                                                    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                    @@ -5162,8 +5309,8 @@

                                                                                                                    Detailed paths

                                                                                                                    Overview

                                                                                                                    -

                                                                                                                    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. - Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

                                                                                                                    +

                                                                                                                    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

                                                                                                                    +

                                                                                                                    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

                                                                                                                    Remediation

                                                                                                                    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

                                                                                                                    References

                                                                                                                    diff --git a/docs/snyk/v2.5.16/haproxy_2.6.9-alpine.html b/docs/snyk/v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html similarity index 65% rename from docs/snyk/v2.5.16/haproxy_2.6.9-alpine.html rename to docs/snyk/v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html index 92c0d5749b882..975132ade0e2e 100644 --- a/docs/snyk/v2.5.16/haproxy_2.6.9-alpine.html +++ b/docs/snyk/v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,33 +456,24 @@

                                                                                                                    Snyk test report

                                                                                                                    -

                                                                                                                    April 16th 2023, 12:22:53 am

                                                                                                                    +

                                                                                                                    June 25th 2023, 12:27:20 am (UTC+00:00)

                                                                                                                    - Scanned the following path: + Scanned the following paths:
                                                                                                                      -
                                                                                                                    • haproxy:2.6.9-alpine (apk)
                                                                                                                      • +
                                                                                                                    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
                                                                                                                    • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
                                                                                                                    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                    -
                                                                                                                    3 known vulnerabilities
                                                                                                                    -
                                                                                                                    27 vulnerable dependency paths
                                                                                                                    -
                                                                                                                    18 dependencies
                                                                                                                    +
                                                                                                                    5 known vulnerabilities
                                                                                                                    +
                                                                                                                    35 vulnerable dependency paths
                                                                                                                    +
                                                                                                                    760 dependencies
                                                                                                                    -
                                                                                                                    - - - - - - - -
                                                                                                                    Project docker-image|haproxy
                                                                                                                    Path haproxy:2.6.9-alpine
                                                                                                                    Package Manager apk
                                                                                                                    -
                                                                                                                    +
                                                                                                                    @@ -507,7 +498,7 @@

                                                                                                                    Improper Certificate Validation

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                  @@ -520,7 +511,7 @@

                                                                                                                  Detailed paths

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -529,7 +520,7 @@

                                                                                                                    Detailed paths

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -540,18 +531,7 @@

                                                                                                                    Detailed paths

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -562,7 +542,7 @@

                                                                                                                    Detailed paths

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -573,18 +553,7 @@

                                                                                                                    Detailed paths

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                    • -
                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -593,7 +562,7 @@

                                                                                                                    Detailed paths

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -604,7 +573,7 @@

                                                                                                                    Detailed paths

                                                                                                                  • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -622,7 +591,14 @@

                                                                                                                    Detailed paths

                                                                                                                    NVD Description

                                                                                                                    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                    -

                                                                                                                    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                    +

                                                                                                                    A security vulnerability has been identified in all supported versions

                                                                                                                    +

                                                                                                                    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

                                                                                                                    +

                                                                                                                    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                    Remediation

                                                                                                                    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                    References

                                                                                                                    @@ -632,6 +608,8 @@

                                                                                                                    References

                                                                                                                  • openssl-security@openssl.org
                                                                                                                  • openssl-security@openssl.org
                                                                                                                  • openssl-security@openssl.org
                                                                                                                    • +
                                                                                                                  • openssl-security@openssl.org
                                                                                                                    • +
                                                                                                                  • openssl-security@openssl.org
                                                                                                                  @@ -641,12 +619,12 @@

                                                                                                                  References

                                                                                                                  -
                                                                                                                  -

                                                                                                                  Improper Certificate Validation

                                                                                                                  +
                                                                                                                  +

                                                                                                                  Allocation of Resources Without Limits or Throttling

                                                                                                                  -
                                                                                                                  - medium severity +
                                                                                                                  + high severity
                                                                                                                  @@ -663,7 +641,7 @@

                                                                                                                  Improper Certificate Validation

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                @@ -676,7 +654,7 @@

                                                                                                                Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -685,7 +663,7 @@

                                                                                                                  Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -696,9 +674,9 @@

                                                                                                                  Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - .haproxy-rundeps@20230214.193603 + apk-tools/apk-tools@2.12.10-r1 openssl/libcrypto3@3.0.8-r0 @@ -707,9 +685,9 @@

                                                                                                                  Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.12.10-r1 + busybox/ssl_client@1.35.0-r29 openssl/libcrypto3@3.0.8-r0 @@ -718,10 +696,143 @@

                                                                                                                  Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                  • +
                                                                                                                • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                  • +
                                                                                                                • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                  • +
                                                                                                                + + + +
                                                                                                                + +

                                                                                                                NVD Description

                                                                                                                +

                                                                                                                Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                +

                                                                                                                Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

                                                                                                                +

                                                                                                                Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

                                                                                                                +

                                                                                                                An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

                                                                                                                +

                                                                                                                When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

                                                                                                                +

                                                                                                                With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

                                                                                                                +

                                                                                                                Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

                                                                                                                +

                                                                                                                Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

                                                                                                                +

                                                                                                                In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

                                                                                                                +

                                                                                                                The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

                                                                                                                +

                                                                                                                In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

                                                                                                                +

                                                                                                                Remediation

                                                                                                                +

                                                                                                                Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

                                                                                                                +

                                                                                                                References

                                                                                                                + + +
                                                                                                                + +
                                                                                                                +

                                                                                                                More about this vulnerability

                                                                                                                +
                                                                                                                + + +
                                                                                                                +

                                                                                                                Improper Certificate Validation

                                                                                                                +
                                                                                                                + +
                                                                                                                + medium severity +
                                                                                                                + +
                                                                                                                + +
                                                                                                                  +
                                                                                                                • + Package Manager: alpine:3.17 +
                                                                                                                  • +
                                                                                                                • + Vulnerable module: + + openssl/libcrypto3 +
                                                                                                                  • + +
                                                                                                                • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
                                                                                                                  • +
                                                                                                                + +
                                                                                                                + + +

                                                                                                                Detailed paths

                                                                                                                + +
                                                                                                                  +
                                                                                                                • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + openssl/libcrypto3@3.0.8-r0 @@ -729,18 +840,40 @@

                                                                                                                  Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0
                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - .haproxy-rundeps@20230214.193603 + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                  • +
                                                                                                                • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                  • +
                                                                                                                • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -749,7 +882,7 @@

                                                                                                                  Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -760,7 +893,7 @@

                                                                                                                  Detailed paths

                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -796,6 +929,8 @@

                                                                                                                  References

                                                                                                                • openssl-security@openssl.org
                                                                                                                • openssl-security@openssl.org
                                                                                                                • openssl-security@openssl.org
                                                                                                                  • +
                                                                                                                • openssl-security@openssl.org
                                                                                                                  • +
                                                                                                                • openssl-security@openssl.org
                                                                                                                @@ -827,7 +962,7 @@

                                                                                                                Improper Certificate Validation

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                              @@ -840,7 +975,7 @@

                                                                                                              Detailed paths

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -849,7 +984,7 @@

                                                                                                                Detailed paths

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -860,18 +995,7 @@

                                                                                                                Detailed paths

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                • -
                                                                                                              • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -882,7 +1006,7 @@

                                                                                                                Detailed paths

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -893,7 +1017,7 @@

                                                                                                                Detailed paths

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -902,18 +1026,7 @@

                                                                                                                Detailed paths

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                • -
                                                                                                              • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -924,7 +1037,7 @@

                                                                                                                Detailed paths

                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -966,6 +1079,8 @@

                                                                                                                References

                                                                                                              • openssl-security@openssl.org
                                                                                                              • openssl-security@openssl.org
                                                                                                              • openssl-security@openssl.org
                                                                                                                • +
                                                                                                              • openssl-security@openssl.org
                                                                                                                • +
                                                                                                              • openssl-security@openssl.org
                                                                                                              @@ -975,6 +1090,153 @@

                                                                                                              References

                                                                                                              +
                                                                                                              +

                                                                                                              Out-of-bounds Read

                                                                                                              +
                                                                                                              + +
                                                                                                              + medium severity +
                                                                                                              + +
                                                                                                              + +
                                                                                                                +
                                                                                                              • + Package Manager: alpine:3.17 +
                                                                                                                • +
                                                                                                              • + Vulnerable module: + + openssl/libcrypto3 +
                                                                                                                • + +
                                                                                                              • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
                                                                                                                • +
                                                                                                              + +
                                                                                                              + + +

                                                                                                              Detailed paths

                                                                                                              + +
                                                                                                                +
                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                • +
                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                • +
                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                • +
                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                • +
                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                • +
                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                • +
                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                • +
                                                                                                              + +
                                                                                                              + +
                                                                                                              + +

                                                                                                              NVD Description

                                                                                                              +

                                                                                                              Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                              +

                                                                                                              Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

                                                                                                              +

                                                                                                              Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

                                                                                                              +

                                                                                                              The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

                                                                                                              +

                                                                                                              If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

                                                                                                              +

                                                                                                              Remediation

                                                                                                              +

                                                                                                              Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

                                                                                                              +

                                                                                                              References

                                                                                                              + + +
                                                                                                              + +
                                                                                                              +

                                                                                                              More about this vulnerability

                                                                                                              +
                                                                                                              + +
                                                                                                              diff --git a/docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html b/docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..1df40c85fcb4f --- /dev/null +++ b/docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                                                                                              +
                                                                                                              +
                                                                                                              +
                                                                                                              + + + Snyk - Open Source Security + + + + + + + +
                                                                                                              +

                                                                                                              Snyk test report

                                                                                                              + +

                                                                                                              June 25th 2023, 12:27:25 am (UTC+00:00)

                                                                                                              +
                                                                                                              +
                                                                                                              + Scanned the following path: +
                                                                                                                +
                                                                                                              • haproxy:2.6.14-alpine (apk)
                                                                                                                • +
                                                                                                              +
                                                                                                              + +
                                                                                                              +
                                                                                                              0 known vulnerabilities
                                                                                                              +
                                                                                                              0 vulnerable dependency paths
                                                                                                              +
                                                                                                              18 dependencies
                                                                                                              +
                                                                                                              +
                                                                                                              +
                                                                                                              +
                                                                                                              +
                                                                                                              + + + + + + + +
                                                                                                              Project docker-image|haproxy
                                                                                                              Path haproxy:2.6.14-alpine
                                                                                                              Package Manager apk
                                                                                                              +
                                                                                                              +
                                                                                                              + No known vulnerabilities detected. +
                                                                                                              +
                                                                                                              + + + diff --git a/docs/snyk/v2.6.7/quay.io_argoproj_argocd_v2.6.7.html b/docs/snyk/v2.5.19/quay.io_argoproj_argocd_v2.5.19.html similarity index 71% rename from docs/snyk/v2.6.7/quay.io_argoproj_argocd_v2.6.7.html rename to docs/snyk/v2.5.19/quay.io_argoproj_argocd_v2.5.19.html index 6568d084437ab..b83ede07842b2 100644 --- a/docs/snyk/v2.6.7/quay.io_argoproj_argocd_v2.6.7.html +++ b/docs/snyk/v2.5.19/quay.io_argoproj_argocd_v2.5.19.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

                                                                                                              Snyk test report

                                                                                                              -

                                                                                                              April 16th 2023, 12:20:43 am

                                                                                                              +

                                                                                                              June 25th 2023, 12:27:50 am (UTC+00:00)

                                                                                                              Scanned the following paths:
                                                                                                                -
                                                                                                              • quay.io/argoproj/argocd:v2.6.7/argoproj/argocd (deb)
                                                                                                              • quay.io/argoproj/argocd:v2.6.7/argoproj/argo-cd/v2 (gomodules)
                                                                                                              • quay.io/argoproj/argocd:v2.6.7/kustomize/kustomize/v4 (gomodules)
                                                                                                              • quay.io/argoproj/argocd:v2.6.7/helm/v3 (gomodules)
                                                                                                              • quay.io/argoproj/argocd:v2.6.7/git-lfs/git-lfs (gomodules)
                                                                                                                • +
                                                                                                              • quay.io/argoproj/argocd:v2.5.19/argoproj/argocd (deb)
                                                                                                              • quay.io/argoproj/argocd:v2.5.19/argoproj/argo-cd/v2 (gomodules)
                                                                                                              • quay.io/argoproj/argocd:v2.5.19/kustomize/kustomize/v4 (gomodules)
                                                                                                              • quay.io/argoproj/argocd:v2.5.19/helm/v3 (gomodules)
                                                                                                              • quay.io/argoproj/argocd:v2.5.19/git-lfs/git-lfs (gomodules)
                                                                                                              27 known vulnerabilities
                                                                                                              -
                                                                                                              120 vulnerable dependency paths
                                                                                                              -
                                                                                                              2063 dependencies
                                                                                                              +
                                                                                                              76 vulnerable dependency paths
                                                                                                              +
                                                                                                              2047 dependencies
                                                                                                              @@ -525,8 +525,8 @@

                                                                                                              Detailed paths

                                                                                                              Overview

                                                                                                              -

                                                                                                              gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

                                                                                                              +

                                                                                                              gopkg.in/yaml.v3 is a YAML support package for the Go language.

                                                                                                              +

                                                                                                              Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

                                                                                                              PoC

                                                                                                              package main
         
@@ -615,8 +615,8 @@ 
                                                                                                              Detailed paths
                                                                                                              
               
                                                                                                              
               
               
                                                                                                              Overview
                                                                                                              
-        
                                                                                                              gopkg.in/yaml.v3 is a YAML support package for the Go language.
-        Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
                                                                                                              
+        
                                                                                                              gopkg.in/yaml.v3 is a YAML support package for the Go language.
                                                                                                              
+        
                                                                                                              Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
                                                                                                              
         
                                                                                                              PoC
                                                                                                              
         
                                                                                                              package main
         
@@ -781,8 +781,8 @@ 
                                                                                                              Detailed paths
                                                                                                              
               
                                                                                                              
               
               
                                                                                                              Overview
                                                                                                              
-        
                                                                                                              golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
-        Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.
                                                                                                              
+        
                                                                                                              golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
                                                                                                              
+        
                                                                                                              Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.
                                                                                                              
         
                                                                                                              Remediation
                                                                                                              
         
                                                                                                              Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.
                                                                                                              
         
                                                                                                              References
                                                                                                              
@@ -847,8 +847,8 @@ 
                                                                                                              Detailed paths
                                                                                                              
               
                                                                                                              
               
               
                                                                                                              Overview
                                                                                                              
-        
                                                                                                              golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
-        Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.
                                                                                                              
+        
                                                                                                              golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
                                                                                                              
+        
                                                                                                              Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.
                                                                                                              
         
                                                                                                              Details
                                                                                                              
         
                                                                                                              Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
                                                                                                              
         
                                                                                                              Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
                                                                                                              
@@ -877,6 +877,85 @@ 
                                                                                                              References
                                                                                                              
                 
                                                                                                              More about this vulnerability
                                                                                                              
             
         
+        
+        
                                                                                                              
+            
                                                                                                              Denial of Service (DoS)
                                                                                                              
+            
                                                                                                              
+        
+                
                                                                                                              
+                    medium severity
+                
                                                                                                              
+        
+                
                                                                                                              
+        
+                
                                                                                                                
+                    
                                                                                                              • 
+                        Package Manager: golang
+                    
                                                                                                                • 
+                    
                                                                                                              • 
+                            Vulnerable module:
+        
+                            gopkg.in/yaml.v2
+                    
                                                                                                                • 
+        
+                    
                                                                                                              • Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4
+        
+                    
                                                                                                                • 
+                
                                                                                                              
+        
+                
                                                                                                              
+        
+        
+                        
                                                                                                              Detailed paths
                                                                                                              
+        
+                    
                                                                                                                
+                                
                                                                                                              • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@*
+                                          
+                                        gopkg.in/yaml.v2@v2.2.4
+                                        
+                                
+        
+                            
                                                                                                                • 
+                    
                                                                                                              
+        
+            
                                                                                                              
+        
+              
                                                                                                              
+              
+              
                                                                                                              Overview
                                                                                                              
+        
                                                                                                              gopkg.in/yaml.v2 is a YAML support package for the Go language.
                                                                                                              
+        
                                                                                                              Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
                                                                                                              
+        
                                                                                                              Details
                                                                                                              
+        
                                                                                                              Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
                                                                                                              
+        
                                                                                                              Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
                                                                                                              
+        
                                                                                                              One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
                                                                                                              
+        
                                                                                                              When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
                                                                                                              
+        
                                                                                                              Two common types of DoS vulnerabilities:
                                                                                                              
+        
                                                                                                                
+        
                                                                                                              • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
                                                                                                                
+        
                                                                                                                • 
+        
                                                                                                              • Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  npm ws package
                                                                                                                
+        
                                                                                                                • 
+        
                                                                                                              
+        
                                                                                                              Remediation
                                                                                                              
+        
                                                                                                              Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.
                                                                                                              
+        
                                                                                                              References
                                                                                                              
+        
+        
+              
                                                                                                              
+        
+            
                                                                                                              
+                
                                                                                                              More about this vulnerability
                                                                                                              
+            
                                                                                                              
+        
         
                                                                                                              
         
                                                                                                              
             
                                                                                                              Improper Input Validation
                                                                                                              
@@ -1069,8 +1148,8 @@ 
                                                                                                              Detailed paths
                                                                                                              
               
                                                                                                              
               
               
                                                                                                              Overview
                                                                                                              
-        
                                                                                                              golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
-        Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.
                                                                                                              
+        
                                                                                                              golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
                                                                                                              
+        
                                                                                                              Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.
                                                                                                              
         
                                                                                                              Details
                                                                                                              
         
                                                                                                              Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
                                                                                                              
         
                                                                                                              Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
                                                                                                              
@@ -1099,6 +1178,73 @@ 
                                                                                                              References
                                                                                                              
                 
                                                                                                              More about this vulnerability
                                                                                                              
             
                                                                                                              
         
+        
+        
                                                                                                              
+            
                                                                                                              Improper Input Validation
                                                                                                              
+            
                                                                                                              
+        
+                
                                                                                                              
+                    medium severity
+                
                                                                                                              
+        
+                
                                                                                                              
+        
+                
                                                                                                                
+                    
                                                                                                              • 
+                        Package Manager: golang
+                    
                                                                                                                • 
+                    
                                                                                                              • 
+                            Vulnerable module:
+        
+                            go.mongodb.org/mongo-driver/bson/bsonrw
+                    
                                                                                                                • 
+        
+                    
                                                                                                              • Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2
+        
+                    
                                                                                                                • 
+                
                                                                                                              
+        
+                
                                                                                                              
+        
+        
+                        
                                                                                                              Detailed paths
                                                                                                              
+        
+                    
                                                                                                                
+                                
                                                                                                              • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@*
+                                          
+                                        go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2
+                                        
+                                
+        
+                            
                                                                                                                • 
+                    
                                                                                                              
+        
+            
                                                                                                              
+        
+              
                                                                                                              
+              
+              
                                                                                                              Overview
                                                                                                              
+        
                                                                                                              go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.
                                                                                                              
+        
                                                                                                              Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.
                                                                                                              
+        
                                                                                                              Remediation
                                                                                                              
+        
                                                                                                              Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.
                                                                                                              
+        
                                                                                                              References
                                                                                                              
+        
+        
+              
                                                                                                              
+        
+            
                                                                                                              
+                
                                                                                                              More about this vulnerability
                                                                                                              
+            
                                                                                                              
+        
         
                                                                                                              
         
                                                                                                              
             
                                                                                                              CVE-2022-46908
                                                                                                              
@@ -1123,7 +1269,7 @@ 
                                                                                                              CVE-2022-46908
                                                                                                              
                     
                                                                                                            • Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v2.6.7, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
+                                    docker-image|quay.io/argoproj/argocd@v2.5.19, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
                     
                                                                                                              •
                                                                                                            @@ -1135,7 +1281,7 @@

                                                                                                            Detailed paths

                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1173,7 +1319,7 @@

                                                                                                              References

                                                                                                              -

                                                                                                              Uncontrolled Recursion

                                                                                                              +

                                                                                                              Arbitrary Code Injection

                                                                                                              @@ -1189,12 +1335,12 @@

                                                                                                              Uncontrolled Recursion

                                                                                                            • Vulnerable module: - pcre3/libpcre3 + shadow/passwd
                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and shadow/passwd@1:4.8.1-2ubuntu2.1
                                                                                                            @@ -1207,20 +1353,40 @@

                                                                                                            Detailed paths

                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + shadow/passwd@1:4.8.1-2ubuntu2.1
                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - grep@3.7-1build1 + adduser@3.118ubuntu5 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
                                                                                                              • +
                                                                                                            • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.19 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
                                                                                                              • +
                                                                                                            • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.19 + + shadow/login@1:4.8.1-2ubuntu2.1 @@ -1232,32 +1398,29 @@

                                                                                                              Detailed paths

                                                                                                              NVD Description

                                                                                                              -

                                                                                                              Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. +

                                                                                                              Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                              -

                                                                                                              In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

                                                                                                              +

                                                                                                              In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

                                                                                                              Remediation

                                                                                                              -

                                                                                                              There is no fixed version for Ubuntu:22.04 pcre3.

                                                                                                              +

                                                                                                              There is no fixed version for Ubuntu:22.04 shadow.

                                                                                                              References

                                                                                                              -

                                                                                                              More about this vulnerability

                                                                                                              +

                                                                                                              More about this vulnerability

                                                                                                              -

                                                                                                              Release of Invalid Pointer or Reference

                                                                                                              +

                                                                                                              Uncontrolled Recursion

                                                                                                              @@ -1273,12 +1436,12 @@

                                                                                                              Release of Invalid Pointer or Reference

                                                                                                            • Vulnerable module: - patch + pcre3/libpcre3
                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.19 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
                                                                                                            @@ -1291,9 +1454,20 @@

                                                                                                            Detailed paths

                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - patch@2.7.6-7build2 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
                                                                                                              • +
                                                                                                            • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.19 + + grep@3.7-1build1 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1305,26 +1479,32 @@

                                                                                                              Detailed paths

                                                                                                              NVD Description

                                                                                                              -

                                                                                                              Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. +

                                                                                                              Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                              -

                                                                                                              An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

                                                                                                              +

                                                                                                              In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

                                                                                                              Remediation

                                                                                                              -

                                                                                                              There is no fixed version for Ubuntu:22.04 patch.

                                                                                                              +

                                                                                                              There is no fixed version for Ubuntu:22.04 pcre3.

                                                                                                              References

                                                                                                              -

                                                                                                              More about this vulnerability

                                                                                                              +

                                                                                                              More about this vulnerability

                                                                                                              -

                                                                                                              Double Free

                                                                                                              +

                                                                                                              Release of Invalid Pointer or Reference

                                                                                                              @@ -1345,7 +1525,7 @@

                                                                                                              Double Free

                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.19 and patch@2.7.6-7build2
                                                                                                            @@ -1358,7 +1538,7 @@

                                                                                                            Detailed paths

                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 patch@2.7.6-7build2 @@ -1374,29 +1554,24 @@

                                                                                                              Detailed paths

                                                                                                              NVD Description

                                                                                                              Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                              -

                                                                                                              A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

                                                                                                              +

                                                                                                              An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

                                                                                                              Remediation

                                                                                                              There is no fixed version for Ubuntu:22.04 patch.

                                                                                                              References

                                                                                                              -

                                                                                                              More about this vulnerability

                                                                                                              +

                                                                                                              More about this vulnerability

                                                                                                              -

                                                                                                              Improper Locking

                                                                                                              +

                                                                                                              Double Free

                                                                                                              @@ -1412,12 +1587,12 @@

                                                                                                              Improper Locking

                                                                                                            • Vulnerable module: - openssl/libssl3 + patch
                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.5.19 and patch@2.7.6-7build2
                                                                                                            @@ -1430,765 +1605,40 @@

                                                                                                            Detailed paths

                                                                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                              • -
                                                                                                            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                              • -
                                                                                                            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 + patch@2.7.6-7build2
                                                                                                              • -
                                                                                                            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
                                                                                                            -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          - - - -
                                                                                                          - -

                                                                                                          NVD Description

                                                                                                          -

                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          -

                                                                                                          If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

                                                                                                          -

                                                                                                          Remediation

                                                                                                          -

                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                          -

                                                                                                          References

                                                                                                          - - -
                                                                                                          - -
                                                                                                          -

                                                                                                          More about this vulnerability

                                                                                                          -
                                                                                                          - - -
                                                                                                          -

                                                                                                          Improper Certificate Validation

                                                                                                          -
                                                                                                          - -
                                                                                                          - low severity -
                                                                                                          - -
                                                                                                          - -
                                                                                                            -
                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                            • -
                                                                                                          • - Vulnerable module: - - openssl/libssl3 -
                                                                                                            • - -
                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          - - -

                                                                                                          Detailed paths

                                                                                                          - -
                                                                                                            -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          - -
                                                                                                          - -

                                                                                                          NVD Description

                                                                                                          -

                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          -

                                                                                                          A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                          -

                                                                                                          Remediation

                                                                                                          -

                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                          -

                                                                                                          References

                                                                                                          - - -
                                                                                                          - -
                                                                                                          -

                                                                                                          More about this vulnerability

                                                                                                          -
                                                                                                          - -
                                                                                                          -
                                                                                                          -

                                                                                                          Improper Certificate Validation

                                                                                                          -
                                                                                                          - -
                                                                                                          - low severity -
                                                                                                          - -
                                                                                                          - -
                                                                                                            -
                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                            • -
                                                                                                          • - Vulnerable module: - - openssl/libssl3 -
                                                                                                            • - -
                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          - - -

                                                                                                          Detailed paths

                                                                                                          - -
                                                                                                            -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          - -
                                                                                                          - -

                                                                                                          NVD Description

                                                                                                          -

                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          -

                                                                                                          The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                          -

                                                                                                          As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                          -

                                                                                                          Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                          -

                                                                                                          Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                          -

                                                                                                          Remediation

                                                                                                          -

                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                          -

                                                                                                          References

                                                                                                          - - -
                                                                                                          - -
                                                                                                          -

                                                                                                          More about this vulnerability

                                                                                                          -
                                                                                                          - -
                                                                                                          -
                                                                                                          -

                                                                                                          Improper Certificate Validation

                                                                                                          -
                                                                                                          - -
                                                                                                          - low severity -
                                                                                                          - -
                                                                                                          - -
                                                                                                            -
                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                            • -
                                                                                                          • - Vulnerable module: - - openssl/libssl3 -
                                                                                                            • - -
                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          - - -

                                                                                                          Detailed paths

                                                                                                          - -
                                                                                                            -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          - -
                                                                                                          - -

                                                                                                          NVD Description

                                                                                                          -

                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          -

                                                                                                          Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                          -

                                                                                                          Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                          -

                                                                                                          Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                          -

                                                                                                          Remediation

                                                                                                          -

                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                          -

                                                                                                          References

                                                                                                          - - -
                                                                                                          - -
                                                                                                          -

                                                                                                          More about this vulnerability

                                                                                                          -
                                                                                                          - -
                                                                                                          -
                                                                                                          -

                                                                                                          Improper Privilege Management

                                                                                                          -
                                                                                                          - -
                                                                                                          - low severity -
                                                                                                          - -
                                                                                                          - -
                                                                                                            -
                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                            • -
                                                                                                          • - Vulnerable module: - - openssh/openssh-client -
                                                                                                            • - -
                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          - - -

                                                                                                          Detailed paths

                                                                                                          - -
                                                                                                            -
                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
                                                                                                            • -
                                                                                                          - -
                                                                                                          +

                                                                                                          NVD Description

                                                                                                          -

                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

                                                                                                          Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          -

                                                                                                          sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

                                                                                                          +

                                                                                                          A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

                                                                                                          Remediation

                                                                                                          -

                                                                                                          There is no fixed version for Ubuntu:22.04 openssh.

                                                                                                          +

                                                                                                          There is no fixed version for Ubuntu:22.04 patch.

                                                                                                          References

                                                                                                          -

                                                                                                          More about this vulnerability

                                                                                                          +

                                                                                                          More about this vulnerability

                                                                                                          @@ -2214,7 +1664,7 @@

                                                                                                          Information Exposure

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                                                                                        @@ -2227,7 +1677,7 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2288,7 +1738,7 @@

                                                                                                          CVE-2023-28531

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                                                                                        @@ -2301,7 +1751,7 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2335,7 +1785,7 @@

                                                                                                          References

                                                                                                          -

                                                                                                          Out-of-bounds Read

                                                                                                          +

                                                                                                          NULL Pointer Dereference

                                                                                                          @@ -2351,13 +1801,13 @@

                                                                                                          Out-of-bounds Read

                                                                                                        • Vulnerable module: - ncurses/libtinfo6 + openldap/libldap-2.5-0
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.5.19, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
                                                                                                        @@ -2369,200 +1819,33 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - ncurses/libncurses6@6.3-2 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - procps@2:3.3.17-6ubuntu2 + git@1:2.34.1-1ubuntu1.9 - ncurses/libncurses6@6.3-2 - - - -
                                                                                                          • -
                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - ncurses/ncurses-base@6.3-2 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - ncurses/ncurses-bin@6.3-2 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2574,25 +1857,22 @@

                                                                                                          Detailed paths

                                                                                                          NVD Description

                                                                                                          -

                                                                                                          Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

                                                                                                          Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          -

                                                                                                          ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

                                                                                                          +

                                                                                                          A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

                                                                                                          Remediation

                                                                                                          -

                                                                                                          There is no fixed version for Ubuntu:22.04 ncurses.

                                                                                                          +

                                                                                                          There is no fixed version for Ubuntu:22.04 openldap.

                                                                                                          References

                                                                                                          -

                                                                                                          More about this vulnerability

                                                                                                          +

                                                                                                          More about this vulnerability

                                                                                                          @@ -2619,7 +1899,7 @@

                                                                                                          Resource Exhaustion

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.5.19, meta-common-packages@meta and others
                                                                                                        @@ -2631,7 +1911,7 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 meta-common-packages@meta @@ -2687,7 +1967,7 @@

                                                                                                          Integer Overflow or Wraparound

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                        @@ -2700,16 +1980,16 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2721,16 +2001,16 @@

                                                                                                          Detailed paths

                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2742,27 +2022,27 @@

                                                                                                          Detailed paths

                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2774,64 +2054,64 @@

                                                                                                          Detailed paths

                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2843,18 +2123,18 @@

                                                                                                          Detailed paths

                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -2909,7 +2189,7 @@

                                                                                                          Out-of-bounds Write

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                                                                                                        @@ -2922,7 +2202,7 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2931,9 +2211,9 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2942,7 +2222,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2953,7 +2233,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2964,7 +2244,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2975,7 +2255,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2988,7 +2268,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3001,7 +2281,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3010,7 +2290,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3021,7 +2301,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3034,7 +2314,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3043,7 +2323,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3054,7 +2334,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3063,7 +2343,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3074,7 +2354,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3083,7 +2363,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3094,7 +2374,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3107,7 +2387,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3120,7 +2400,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3129,7 +2409,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3140,7 +2420,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3153,7 +2433,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3166,7 +2446,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3175,7 +2455,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3186,7 +2466,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3195,7 +2475,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3206,7 +2486,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3215,7 +2495,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3226,7 +2506,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3285,7 +2565,7 @@

                                                                                                          Allocation of Resources Without Limits or Throttling

                                                                                                          Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and glibc/libc-bin@2.35-0ubuntu3.1
                                                                                                        @@ -3298,7 +2578,7 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3307,7 +2587,7 @@

                                                                                                          Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 meta-common-packages@meta @@ -3366,7 +2646,7 @@

                                                                                                          Improper Input Validation

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.5.19, git@1:2.34.1-1ubuntu1.9 and others
                                                                                                        @@ -3378,31 +2658,31 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9
                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -3432,6 +2712,150 @@

                                                                                                          References

                                                                                                          More about this vulnerability

                                                                                                          + +
                                                                                                          +

                                                                                                          CVE-2023-28322

                                                                                                          +
                                                                                                          + +
                                                                                                          + low severity +
                                                                                                          + +
                                                                                                          + +
                                                                                                            +
                                                                                                          • + Package Manager: ubuntu:22.04 +
                                                                                                            • +
                                                                                                          • + Vulnerable module: + + curl/libcurl3-gnutls +
                                                                                                            • + +
                                                                                                          • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.19, git@1:2.34.1-1ubuntu1.9 and others +
                                                                                                            • +
                                                                                                          + +
                                                                                                          + + +

                                                                                                          Detailed paths

                                                                                                          + +
                                                                                                            +
                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.19 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
                                                                                                            • +
                                                                                                          + +
                                                                                                          + +
                                                                                                          + +

                                                                                                          NVD Description

                                                                                                          +

                                                                                                          Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          +

                                                                                                          An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

                                                                                                          +

                                                                                                          Remediation

                                                                                                          +

                                                                                                          There is no fixed version for Ubuntu:22.04 curl.

                                                                                                          +

                                                                                                          References

                                                                                                          + + +
                                                                                                          + +
                                                                                                          +

                                                                                                          More about this vulnerability

                                                                                                          +
                                                                                                          + +
                                                                                                          +
                                                                                                          +

                                                                                                          Improper Certificate Validation

                                                                                                          +
                                                                                                          + +
                                                                                                          + low severity +
                                                                                                          + +
                                                                                                          + +
                                                                                                            +
                                                                                                          • + Package Manager: ubuntu:22.04 +
                                                                                                            • +
                                                                                                          • + Vulnerable module: + + curl/libcurl3-gnutls +
                                                                                                            • + +
                                                                                                          • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.19, git@1:2.34.1-1ubuntu1.9 and others +
                                                                                                            • +
                                                                                                          + +
                                                                                                          + + +

                                                                                                          Detailed paths

                                                                                                          + +
                                                                                                            +
                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.19 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
                                                                                                            • +
                                                                                                          + +
                                                                                                          + +
                                                                                                          + +

                                                                                                          NVD Description

                                                                                                          +

                                                                                                          Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                          +

                                                                                                          An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

                                                                                                          +

                                                                                                          Remediation

                                                                                                          +

                                                                                                          There is no fixed version for Ubuntu:22.04 curl.

                                                                                                          +

                                                                                                          References

                                                                                                          + + +
                                                                                                          + +
                                                                                                          +

                                                                                                          More about this vulnerability

                                                                                                          +
                                                                                                          +

                                                                                                          Improper Input Validation

                                                                                                          @@ -3455,7 +2879,7 @@

                                                                                                          Improper Input Validation

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and coreutils@8.32-4.1ubuntu1
                                                                                                        @@ -3468,7 +2892,7 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 coreutils@8.32-4.1ubuntu1 @@ -3525,7 +2949,7 @@

                                                                                                          Out-of-bounds Write

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and bash@5.1-6ubuntu1
                                                                                                        @@ -3538,7 +2962,7 @@

                                                                                                        Detailed paths

                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.5.19 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.7.0-rc2/argocd-test.html b/docs/snyk/v2.5.19/redis_7.0.11-alpine.html similarity index 93% rename from docs/snyk/v2.7.0-rc2/argocd-test.html rename to docs/snyk/v2.5.19/redis_7.0.11-alpine.html index 6f565fda92d96..16d9350161d9a 100644 --- a/docs/snyk/v2.7.0-rc2/argocd-test.html +++ b/docs/snyk/v2.5.19/redis_7.0.11-alpine.html @@ -456,24 +456,33 @@

                                                                                                          Snyk test report

                                                                                                          -

                                                                                                          April 16th 2023, 12:17:33 am

                                                                                                          +

                                                                                                          June 25th 2023, 12:27:55 am (UTC+00:00)

                                                                                                          - Scanned the following paths: + Scanned the following path:
                                                                                                            -
                                                                                                          • /argo-cd/argoproj/argo-cd/v2 (gomodules)
                                                                                                          • /argo-cd (yarn)
                                                                                                            • +
                                                                                                          • redis:7.0.11-alpine (apk)
                                                                                                          0 known vulnerabilities
                                                                                                          0 vulnerable dependency paths
                                                                                                          -
                                                                                                          1748 dependencies
                                                                                                          +
                                                                                                          18 dependencies
                                                                                                          - +
                                                                                                          + + + + + + + +
                                                                                                          Project docker-image|redis
                                                                                                          Path redis:7.0.11-alpine
                                                                                                          Package Manager apk
                                                                                                          +
                                                                                                          No known vulnerabilities detected.
                                                                                                          diff --git a/docs/snyk/v2.6.7/argocd-iac-install.html b/docs/snyk/v2.6.11/argocd-iac-install.html similarity index 89% rename from docs/snyk/v2.6.7/argocd-iac-install.html rename to docs/snyk/v2.6.11/argocd-iac-install.html index dd0af7c9c7391..91c5319a8d3de 100644 --- a/docs/snyk/v2.6.7/argocd-iac-install.html +++ b/docs/snyk/v2.6.11/argocd-iac-install.html @@ -456,7 +456,7 @@

                                                                                                          Snyk test report

                                                                                                          -

                                                                                                          April 16th 2023, 12:22:08 am

                                                                                                          +

                                                                                                          June 25th 2023, 12:26:38 am (UTC+00:00)

                                                                                                          Scanned the following path: @@ -494,7 +494,7 @@

                                                                                                          Role with dangerous permissions

                                                                                                          -

                                                                                                          More about this issue

                                                                                                          +

                                                                                                          More about this issue

                                                                                                          @@ -540,7 +540,7 @@

                                                                                                          Role with dangerous permissions

                                                                                                          • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                          • Introduced through: @@ -570,7 +570,7 @@

                                                                                                            Remediation

                                                                                                            -

                                                                                                            More about this issue

                                                                                                            +

                                                                                                            More about this issue

                                                                                                            @@ -586,7 +586,7 @@

                                                                                                            Role with dangerous permissions

                                                                                                            • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                            • Introduced through: @@ -616,7 +616,7 @@

                                                                                                              Remediation

                                                                                                              -

                                                                                                              More about this issue

                                                                                                              +

                                                                                                              More about this issue

                                                                                                              @@ -632,7 +632,7 @@

                                                                                                              Role with dangerous permissions

                                                                                                              • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                              • Introduced through: @@ -662,7 +662,7 @@

                                                                                                                Remediation

                                                                                                                -

                                                                                                                More about this issue

                                                                                                                +

                                                                                                                More about this issue

                                                                                                                @@ -678,7 +678,7 @@

                                                                                                                Role with dangerous permissions

                                                                                                                • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                • Introduced through: @@ -708,7 +708,7 @@

                                                                                                                  Remediation

                                                                                                                  -

                                                                                                                  More about this issue

                                                                                                                  +

                                                                                                                  More about this issue

                                                                                                                  @@ -724,7 +724,7 @@

                                                                                                                  Role with dangerous permissions

                                                                                                                  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                  • Introduced through: @@ -754,7 +754,7 @@

                                                                                                                    Remediation

                                                                                                                    -

                                                                                                                    More about this issue

                                                                                                                    +

                                                                                                                    More about this issue

                                                                                                                    @@ -770,7 +770,7 @@

                                                                                                                    Container could be running with outdated image

                                                                                                                    • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
                                                                                                                    • Introduced through: @@ -806,7 +806,7 @@

                                                                                                                      Remediation

                                                                                                                      -

                                                                                                                      More about this issue

                                                                                                                      +

                                                                                                                      More about this issue

                                                                                                                      @@ -822,7 +822,7 @@

                                                                                                                      Container has no CPU limit

                                                                                                                      • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                      • Introduced through: @@ -864,7 +864,7 @@

                                                                                                                        Remediation

                                                                                                                        -

                                                                                                                        More about this issue

                                                                                                                        +

                                                                                                                        More about this issue

                                                                                                                        @@ -880,7 +880,7 @@

                                                                                                                        Container has no CPU limit

                                                                                                                        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                        • Introduced through: @@ -922,7 +922,7 @@

                                                                                                                          Remediation

                                                                                                                          -

                                                                                                                          More about this issue

                                                                                                                          +

                                                                                                                          More about this issue

                                                                                                                          @@ -938,7 +938,7 @@

                                                                                                                          Container has no CPU limit

                                                                                                                          • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                          • Introduced through: @@ -980,7 +980,7 @@

                                                                                                                            Remediation

                                                                                                                            -

                                                                                                                            More about this issue

                                                                                                                            +

                                                                                                                            More about this issue

                                                                                                                            @@ -996,7 +996,7 @@

                                                                                                                            Container has no CPU limit

                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                            • Introduced through: @@ -1038,7 +1038,7 @@

                                                                                                                              Remediation

                                                                                                                              -

                                                                                                                              More about this issue

                                                                                                                              +

                                                                                                                              More about this issue

                                                                                                                              @@ -1054,7 +1054,7 @@

                                                                                                                              Container has no CPU limit

                                                                                                                              • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                              • Introduced through: @@ -1096,7 +1096,7 @@

                                                                                                                                Remediation

                                                                                                                                -

                                                                                                                                More about this issue

                                                                                                                                +

                                                                                                                                More about this issue

                                                                                                                                @@ -1112,7 +1112,7 @@

                                                                                                                                Container has no CPU limit

                                                                                                                                • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                • Introduced through: @@ -1154,7 +1154,7 @@

                                                                                                                                  Remediation

                                                                                                                                  -

                                                                                                                                  More about this issue

                                                                                                                                  +

                                                                                                                                  More about this issue

                                                                                                                                  @@ -1170,7 +1170,7 @@

                                                                                                                                  Container has no CPU limit

                                                                                                                                  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                  • Introduced through: @@ -1212,7 +1212,7 @@

                                                                                                                                    Remediation

                                                                                                                                    -

                                                                                                                                    More about this issue

                                                                                                                                    +

                                                                                                                                    More about this issue

                                                                                                                                    @@ -1228,7 +1228,7 @@

                                                                                                                                    Container has no CPU limit

                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                    • Introduced through: @@ -1270,7 +1270,7 @@

                                                                                                                                      Remediation

                                                                                                                                      -

                                                                                                                                      More about this issue

                                                                                                                                      +

                                                                                                                                      More about this issue

                                                                                                                                      @@ -1286,7 +1286,7 @@

                                                                                                                                      Container has no CPU limit

                                                                                                                                      • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                      • Introduced through: @@ -1328,7 +1328,7 @@

                                                                                                                                        Remediation

                                                                                                                                        -

                                                                                                                                        More about this issue

                                                                                                                                        +

                                                                                                                                        More about this issue

                                                                                                                                        @@ -1344,7 +1344,7 @@

                                                                                                                                        Container is running with multiple open ports

                                                                                                                                        • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
                                                                                                                                        • Introduced through: @@ -1380,63 +1380,7 @@

                                                                                                                                          Remediation

                                                                                                                                          -

                                                                                                                                          More about this issue

                                                                                                                                          -
                                                                                                                                          - - -
                                                                                                                                          -

                                                                                                                                          Container is running with writable root filesystem

                                                                                                                                          -
                                                                                                                                          - -
                                                                                                                                          - low severity -
                                                                                                                                          - -
                                                                                                                                          - -
                                                                                                                                            -
                                                                                                                                          • - Public ID: SNYK-CC-K8S-8 -
                                                                                                                                            • - -
                                                                                                                                          • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
                                                                                                                                            • - -
                                                                                                                                          • - Line number: 16125 -
                                                                                                                                            • -
                                                                                                                                          - -
                                                                                                                                          - -

                                                                                                                                          Impact

                                                                                                                                          -

                                                                                                                                          Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                          - -

                                                                                                                                          Remediation

                                                                                                                                          -

                                                                                                                                          Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                          - - -
                                                                                                                                          -
                                                                                                                                          - -
                                                                                                                                          -

                                                                                                                                          More about this issue

                                                                                                                                          +

                                                                                                                                          More about this issue

                                                                                                                                          @@ -1452,7 +1396,7 @@

                                                                                                                                          Container is running without liveness probe

                                                                                                                                          • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                          • Introduced through: @@ -1488,7 +1432,7 @@

                                                                                                                                            Remediation

                                                                                                                                            -

                                                                                                                                            More about this issue

                                                                                                                                            +

                                                                                                                                            More about this issue

                                                                                                                                            @@ -1504,7 +1448,7 @@

                                                                                                                                            Container is running without liveness probe

                                                                                                                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                            • Introduced through: @@ -1540,7 +1484,7 @@

                                                                                                                                              Remediation

                                                                                                                                              -

                                                                                                                                              More about this issue

                                                                                                                                              +

                                                                                                                                              More about this issue

                                                                                                                                              @@ -1556,7 +1500,7 @@

                                                                                                                                              Container is running without liveness probe

                                                                                                                                              • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                              • Introduced through: @@ -1592,7 +1536,7 @@

                                                                                                                                                Remediation

                                                                                                                                                -

                                                                                                                                                More about this issue

                                                                                                                                                +

                                                                                                                                                More about this issue

                                                                                                                                                @@ -1608,7 +1552,7 @@

                                                                                                                                                Container is running without liveness probe

                                                                                                                                                • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                • Introduced through: @@ -1644,7 +1588,7 @@

                                                                                                                                                  Remediation

                                                                                                                                                  -

                                                                                                                                                  More about this issue

                                                                                                                                                  +

                                                                                                                                                  More about this issue

                                                                                                                                                  @@ -1660,7 +1604,7 @@

                                                                                                                                                  Container is running without liveness probe

                                                                                                                                                  • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                  • Introduced through: @@ -1696,7 +1640,7 @@

                                                                                                                                                    Remediation

                                                                                                                                                    -

                                                                                                                                                    More about this issue

                                                                                                                                                    +

                                                                                                                                                    More about this issue

                                                                                                                                                    @@ -1712,7 +1656,7 @@

                                                                                                                                                    Container is running without memory limit

                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                    • Introduced through: @@ -1754,7 +1698,7 @@

                                                                                                                                                      Remediation

                                                                                                                                                      -

                                                                                                                                                      More about this issue

                                                                                                                                                      +

                                                                                                                                                      More about this issue

                                                                                                                                                      @@ -1770,7 +1714,7 @@

                                                                                                                                                      Container is running without memory limit

                                                                                                                                                      • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                      • Introduced through: @@ -1812,7 +1756,7 @@

                                                                                                                                                        Remediation

                                                                                                                                                        -

                                                                                                                                                        More about this issue

                                                                                                                                                        +

                                                                                                                                                        More about this issue

                                                                                                                                                        @@ -1828,7 +1772,7 @@

                                                                                                                                                        Container is running without memory limit

                                                                                                                                                        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                        • Introduced through: @@ -1870,7 +1814,7 @@

                                                                                                                                                          Remediation

                                                                                                                                                          -

                                                                                                                                                          More about this issue

                                                                                                                                                          +

                                                                                                                                                          More about this issue

                                                                                                                                                          @@ -1886,7 +1830,7 @@

                                                                                                                                                          Container is running without memory limit

                                                                                                                                                          • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                          • Introduced through: @@ -1928,7 +1872,7 @@

                                                                                                                                                            Remediation

                                                                                                                                                            -

                                                                                                                                                            More about this issue

                                                                                                                                                            +

                                                                                                                                                            More about this issue

                                                                                                                                                            @@ -1944,7 +1888,7 @@

                                                                                                                                                            Container is running without memory limit

                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                            • Introduced through: @@ -1986,7 +1930,7 @@

                                                                                                                                                              Remediation

                                                                                                                                                              -

                                                                                                                                                              More about this issue

                                                                                                                                                              +

                                                                                                                                                              More about this issue

                                                                                                                                                              @@ -2002,7 +1946,7 @@

                                                                                                                                                              Container is running without memory limit

                                                                                                                                                              • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                              • Introduced through: @@ -2044,7 +1988,7 @@

                                                                                                                                                                Remediation

                                                                                                                                                                -

                                                                                                                                                                More about this issue

                                                                                                                                                                +

                                                                                                                                                                More about this issue

                                                                                                                                                                @@ -2060,7 +2004,7 @@

                                                                                                                                                                Container is running without memory limit

                                                                                                                                                                • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                • Introduced through: @@ -2102,7 +2046,7 @@

                                                                                                                                                                  Remediation

                                                                                                                                                                  -

                                                                                                                                                                  More about this issue

                                                                                                                                                                  +

                                                                                                                                                                  More about this issue

                                                                                                                                                                  @@ -2118,7 +2062,7 @@

                                                                                                                                                                  Container is running without memory limit

                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                  • Introduced through: @@ -2160,7 +2104,7 @@

                                                                                                                                                                    Remediation

                                                                                                                                                                    -

                                                                                                                                                                    More about this issue

                                                                                                                                                                    +

                                                                                                                                                                    More about this issue

                                                                                                                                                                    @@ -2176,7 +2120,7 @@

                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                    • Introduced through: @@ -2218,12 +2162,68 @@

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +
                                                                                                                                                                      + + +
                                                                                                                                                                      +

                                                                                                                                                                      Container or Pod is running with writable root filesystem

                                                                                                                                                                      +
                                                                                                                                                                      + +
                                                                                                                                                                      + low severity +
                                                                                                                                                                      + +
                                                                                                                                                                      + +
                                                                                                                                                                        +
                                                                                                                                                                      • + Public ID: SNYK-CC-K8S-8 +
                                                                                                                                                                        • + +
                                                                                                                                                                      • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
                                                                                                                                                                        • + +
                                                                                                                                                                      • + Line number: 16125 +
                                                                                                                                                                        • +
                                                                                                                                                                      + +
                                                                                                                                                                      + +

                                                                                                                                                                      Impact

                                                                                                                                                                      +

                                                                                                                                                                      Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                                                      + +

                                                                                                                                                                      Remediation

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                                                      + + +
                                                                                                                                                                      +
                                                                                                                                                                      + +
                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2234,7 +2234,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2267,19 +2267,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2290,7 +2290,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2323,19 +2323,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2346,7 +2346,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2379,19 +2379,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2402,7 +2402,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2435,19 +2435,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2458,7 +2458,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2491,19 +2491,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2514,7 +2514,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2547,19 +2547,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2570,7 +2570,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2603,19 +2603,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2626,7 +2626,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2659,19 +2659,19 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      -

                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                      +

                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                      @@ -2682,7 +2682,7 @@

                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                    • Introduced through: @@ -2715,14 +2715,14 @@

                                                                                                                                                                      Impact

                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                      Remediation

                                                                                                                                                                      -

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                      +

                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                      • -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      diff --git a/docs/snyk/v2.6.7/argocd-iac-namespace-install.html b/docs/snyk/v2.6.11/argocd-iac-namespace-install.html similarity index 89% rename from docs/snyk/v2.6.7/argocd-iac-namespace-install.html rename to docs/snyk/v2.6.11/argocd-iac-namespace-install.html index 2a97e0f83f223..84ff3692269ec 100644 --- a/docs/snyk/v2.6.7/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.11/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

                                                                                                                                                                      Snyk test report

                                                                                                                                                                      -

                                                                                                                                                                      April 16th 2023, 12:22:20 am

                                                                                                                                                                      +

                                                                                                                                                                      June 25th 2023, 12:26:50 am (UTC+00:00)

                                                                                                                                                                      Scanned the following path: @@ -494,7 +494,7 @@

                                                                                                                                                                      Role with dangerous permissions

                                                                                                                                                                      -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      @@ -540,7 +540,7 @@

                                                                                                                                                                      Role with dangerous permissions

                                                                                                                                                                      -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      @@ -586,7 +586,7 @@

                                                                                                                                                                      Role with dangerous permissions

                                                                                                                                                                      -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      @@ -632,7 +632,7 @@

                                                                                                                                                                      Role with dangerous permissions

                                                                                                                                                                      -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      @@ -678,7 +678,7 @@

                                                                                                                                                                      Role with dangerous permissions

                                                                                                                                                                      -

                                                                                                                                                                      More about this issue

                                                                                                                                                                      +

                                                                                                                                                                      More about this issue

                                                                                                                                                                      @@ -724,7 +724,7 @@

                                                                                                                                                                      Role with dangerous permissions

                                                                                                                                                                      • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                      • Introduced through: @@ -754,7 +754,7 @@

                                                                                                                                                                        Remediation

                                                                                                                                                                        -

                                                                                                                                                                        More about this issue

                                                                                                                                                                        +

                                                                                                                                                                        More about this issue

                                                                                                                                                                        @@ -770,7 +770,7 @@

                                                                                                                                                                        Container could be running with outdated image

                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
                                                                                                                                                                        • Introduced through: @@ -806,7 +806,7 @@

                                                                                                                                                                          Remediation

                                                                                                                                                                          -

                                                                                                                                                                          More about this issue

                                                                                                                                                                          +

                                                                                                                                                                          More about this issue

                                                                                                                                                                          @@ -822,7 +822,7 @@

                                                                                                                                                                          Container has no CPU limit

                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                          • Introduced through: @@ -864,7 +864,7 @@

                                                                                                                                                                            Remediation

                                                                                                                                                                            -

                                                                                                                                                                            More about this issue

                                                                                                                                                                            +

                                                                                                                                                                            More about this issue

                                                                                                                                                                            @@ -880,7 +880,7 @@

                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                            • Introduced through: @@ -922,7 +922,7 @@

                                                                                                                                                                              Remediation

                                                                                                                                                                              -

                                                                                                                                                                              More about this issue

                                                                                                                                                                              +

                                                                                                                                                                              More about this issue

                                                                                                                                                                              @@ -938,7 +938,7 @@

                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                              • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                              • Introduced through: @@ -980,7 +980,7 @@

                                                                                                                                                                                Remediation

                                                                                                                                                                                -

                                                                                                                                                                                More about this issue

                                                                                                                                                                                +

                                                                                                                                                                                More about this issue

                                                                                                                                                                                @@ -996,7 +996,7 @@

                                                                                                                                                                                Container has no CPU limit

                                                                                                                                                                                • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                • Introduced through: @@ -1038,7 +1038,7 @@

                                                                                                                                                                                  Remediation

                                                                                                                                                                                  -

                                                                                                                                                                                  More about this issue

                                                                                                                                                                                  +

                                                                                                                                                                                  More about this issue

                                                                                                                                                                                  @@ -1054,7 +1054,7 @@

                                                                                                                                                                                  Container has no CPU limit

                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                  • Introduced through: @@ -1096,7 +1096,7 @@

                                                                                                                                                                                    Remediation

                                                                                                                                                                                    -

                                                                                                                                                                                    More about this issue

                                                                                                                                                                                    +

                                                                                                                                                                                    More about this issue

                                                                                                                                                                                    @@ -1112,7 +1112,7 @@

                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                    • Introduced through: @@ -1154,7 +1154,7 @@

                                                                                                                                                                                      Remediation

                                                                                                                                                                                      -

                                                                                                                                                                                      More about this issue

                                                                                                                                                                                      +

                                                                                                                                                                                      More about this issue

                                                                                                                                                                                      @@ -1170,7 +1170,7 @@

                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                      • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                      • Introduced through: @@ -1212,7 +1212,7 @@

                                                                                                                                                                                        Remediation

                                                                                                                                                                                        -

                                                                                                                                                                                        More about this issue

                                                                                                                                                                                        +

                                                                                                                                                                                        More about this issue

                                                                                                                                                                                        @@ -1228,7 +1228,7 @@

                                                                                                                                                                                        Container has no CPU limit

                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                        • Introduced through: @@ -1270,7 +1270,7 @@

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          More about this issue

                                                                                                                                                                                          +

                                                                                                                                                                                          More about this issue

                                                                                                                                                                                          @@ -1286,7 +1286,7 @@

                                                                                                                                                                                          Container has no CPU limit

                                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                          • Introduced through: @@ -1328,7 +1328,7 @@

                                                                                                                                                                                            Remediation

                                                                                                                                                                                            -

                                                                                                                                                                                            More about this issue

                                                                                                                                                                                            +

                                                                                                                                                                                            More about this issue

                                                                                                                                                                                            @@ -1344,7 +1344,7 @@

                                                                                                                                                                                            Container is running with multiple open ports

                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
                                                                                                                                                                                            • Introduced through: @@ -1380,63 +1380,7 @@

                                                                                                                                                                                              Remediation

                                                                                                                                                                                              -

                                                                                                                                                                                              More about this issue

                                                                                                                                                                                              -
                                                                                                                                                                                              - - -
                                                                                                                                                                                              -

                                                                                                                                                                                              Container is running with writable root filesystem

                                                                                                                                                                                              -
                                                                                                                                                                                              - -
                                                                                                                                                                                              - low severity -
                                                                                                                                                                                              - -
                                                                                                                                                                                              - -
                                                                                                                                                                                                -
                                                                                                                                                                                              • - Public ID: SNYK-CC-K8S-8 -
                                                                                                                                                                                                • - -
                                                                                                                                                                                              • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
                                                                                                                                                                                                • - -
                                                                                                                                                                                              • - Line number: 929 -
                                                                                                                                                                                                • -
                                                                                                                                                                                              - -
                                                                                                                                                                                              - -

                                                                                                                                                                                              Impact

                                                                                                                                                                                              -

                                                                                                                                                                                              Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                                                                              - -

                                                                                                                                                                                              Remediation

                                                                                                                                                                                              -

                                                                                                                                                                                              Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                                                                              - - -
                                                                                                                                                                                              -
                                                                                                                                                                                              - -
                                                                                                                                                                                              -

                                                                                                                                                                                              More about this issue

                                                                                                                                                                                              +

                                                                                                                                                                                              More about this issue

                                                                                                                                                                                              @@ -1452,7 +1396,7 @@

                                                                                                                                                                                              Container is running without liveness probe

                                                                                                                                                                                              • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                              • Introduced through: @@ -1488,7 +1432,7 @@

                                                                                                                                                                                                Remediation

                                                                                                                                                                                                -

                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                +

                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                @@ -1504,7 +1448,7 @@

                                                                                                                                                                                                Container is running without liveness probe

                                                                                                                                                                                                • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                • Introduced through: @@ -1540,7 +1484,7 @@

                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                  -

                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                  +

                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                  @@ -1556,7 +1500,7 @@

                                                                                                                                                                                                  Container is running without liveness probe

                                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                  • Introduced through: @@ -1592,7 +1536,7 @@

                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                    -

                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                    +

                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                    @@ -1608,7 +1552,7 @@

                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                    • Introduced through: @@ -1644,7 +1588,7 @@

                                                                                                                                                                                                      Remediation

                                                                                                                                                                                                      -

                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                      +

                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                      @@ -1660,7 +1604,7 @@

                                                                                                                                                                                                      Container is running without liveness probe

                                                                                                                                                                                                      • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                      • Introduced through: @@ -1696,7 +1640,7 @@

                                                                                                                                                                                                        Remediation

                                                                                                                                                                                                        -

                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                        +

                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                        @@ -1712,7 +1656,7 @@

                                                                                                                                                                                                        Container is running without memory limit

                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                        • Introduced through: @@ -1754,7 +1698,7 @@

                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                          -

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          +

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          @@ -1770,7 +1714,7 @@

                                                                                                                                                                                                          Container is running without memory limit

                                                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                          • Introduced through: @@ -1812,7 +1756,7 @@

                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                            -

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            +

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            @@ -1828,7 +1772,7 @@

                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                            • Introduced through: @@ -1870,7 +1814,7 @@

                                                                                                                                                                                                              Remediation

                                                                                                                                                                                                              -

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              +

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              @@ -1886,7 +1830,7 @@

                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                              • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                              • Introduced through: @@ -1928,7 +1872,7 @@

                                                                                                                                                                                                                Remediation

                                                                                                                                                                                                                -

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                +

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                @@ -1944,7 +1888,7 @@

                                                                                                                                                                                                                Container is running without memory limit

                                                                                                                                                                                                                • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                • Introduced through: @@ -1986,7 +1930,7 @@

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  @@ -2002,7 +1946,7 @@

                                                                                                                                                                                                                  Container is running without memory limit

                                                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                  • Introduced through: @@ -2044,7 +1988,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -2060,7 +2004,7 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: @@ -2102,7 +2046,7 @@

                                                                                                                                                                                                                      Remediation

                                                                                                                                                                                                                      -

                                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                                      @@ -2118,7 +2062,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                      • Introduced through: @@ -2160,7 +2104,7 @@

                                                                                                                                                                                                                        Remediation

                                                                                                                                                                                                                        -

                                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                                        +

                                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                                        @@ -2176,7 +2120,7 @@

                                                                                                                                                                                                                        Container is running without memory limit

                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                        • Introduced through: @@ -2218,12 +2162,68 @@

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + + +
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container or Pod is running with writable root filesystem

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + low severity +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                            +
                                                                                                                                                                                                                          • + Public ID: SNYK-CC-K8S-8 +
                                                                                                                                                                                                                            • + +
                                                                                                                                                                                                                          • Introduced through: + [DocId: 38] + + input + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
                                                                                                                                                                                                                            • + +
                                                                                                                                                                                                                          • + Line number: 929 +
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + +

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                                                                                                          + +

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                                                                                                          + + +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2234,7 +2234,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2267,19 +2267,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2290,7 +2290,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2323,19 +2323,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2346,7 +2346,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2379,19 +2379,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2402,7 +2402,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2435,19 +2435,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2458,7 +2458,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2491,19 +2491,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2514,7 +2514,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2547,19 +2547,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2570,7 +2570,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2603,19 +2603,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2626,7 +2626,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2659,19 +2659,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2682,7 +2682,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2715,14 +2715,14 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          • -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          diff --git a/docs/snyk/v2.6.11/argocd-test.html b/docs/snyk/v2.6.11/argocd-test.html new file mode 100644 index 0000000000000..56c82cec44500 --- /dev/null +++ b/docs/snyk/v2.6.11/argocd-test.html @@ -0,0 +1,634 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + + + Snyk - Open Source Security + + + + + + + +
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Snyk test report

                                                                                                                                                                                                                          + +

                                                                                                                                                                                                                          June 25th 2023, 12:24:05 am (UTC+00:00)

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + Scanned the following paths: +
                                                                                                                                                                                                                            +
                                                                                                                                                                                                                          • /argo-cd/argoproj/argo-cd/v2 (gomodules)
                                                                                                                                                                                                                          • /argo-cd (yarn)
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          1 known vulnerabilities
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          1 vulnerable dependency paths
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          1728 dependencies
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Regular Expression Denial of Service (ReDoS)

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + medium severity +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                            +
                                                                                                                                                                                                                          • + Package Manager: npm +
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          • + Vulnerable module: + + semver +
                                                                                                                                                                                                                            • + +
                                                                                                                                                                                                                          • Introduced through: + + + argo-cd-ui@1.0.0, superagent@7.1.6 and others +
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + + +

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                            +
                                                                                                                                                                                                                          • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@7.1.6 + + semver@7.3.7 + + + +
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          + +

                                                                                                                                                                                                                          Overview

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          semver is a semantic version parser used by npm.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          PoC

                                                                                                                                                                                                                          + 
                                                                                                                                                                                                                          
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Details

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Let’s take the following regular expression as an example:

                                                                                                                                                                                                                          + 
                                                                                                                                                                                                                          regex = /A(B|C+)+D/
+
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          This regular expression accomplishes the following:

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                            +
                                                                                                                                                                                                                          • A The string must start with the letter 'A'
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          • D Finally, we ensure this section of the string ends with a 'D'
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          It most cases, it doesn't take very long for a regex engine to find a match:

                                                                                                                                                                                                                          + 
                                                                                                                                                                                                                          $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                            +
                                                                                                                                                                                                                          1. CCC
                                                                                                                                                                                                                            2. +
                                                                                                                                                                                                                          2. CC+C
                                                                                                                                                                                                                            3. +
                                                                                                                                                                                                                          3. C+CC
                                                                                                                                                                                                                            4. +
                                                                                                                                                                                                                          4. C+C+C.
                                                                                                                                                                                                                            5. +
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          From there, the number of steps the engine must use to validate a string just continues to grow.

                                                                                                                                                                                                                          + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                                                                                                                                                                                                          StringNumber of C'sNumber of steps
                                                                                                                                                                                                                          ACCCX338
                                                                                                                                                                                                                          ACCCCX471
                                                                                                                                                                                                                          ACCCCCX5136
                                                                                                                                                                                                                          ACCCCCCCCCCCCCCX1465,553
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Upgrade semver to version 7.5.2 or higher.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          References

                                                                                                                                                                                                                          + + +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          + + + diff --git a/docs/snyk/v2.4.28/redis_7.0.8-alpine.html b/docs/snyk/v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html similarity index 65% rename from docs/snyk/v2.4.28/redis_7.0.8-alpine.html rename to docs/snyk/v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html index 7b834f3067484..c28883993a4ff 100644 --- a/docs/snyk/v2.4.28/redis_7.0.8-alpine.html +++ b/docs/snyk/v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,33 +456,24 @@

                                                                                                                                                                                                                          Snyk test report

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          April 16th 2023, 12:25:18 am

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          June 25th 2023, 12:24:13 am (UTC+00:00)

                                                                                                                                                                                                                          - Scanned the following path: + Scanned the following paths:
                                                                                                                                                                                                                            -
                                                                                                                                                                                                                          • redis:7.0.8-alpine (apk)
                                                                                                                                                                                                                            • +
                                                                                                                                                                                                                          • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
                                                                                                                                                                                                                          • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
                                                                                                                                                                                                                          • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                                                                                                                          • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                                                                                                                          -
                                                                                                                                                                                                                          3 known vulnerabilities
                                                                                                                                                                                                                          -
                                                                                                                                                                                                                          27 vulnerable dependency paths
                                                                                                                                                                                                                          -
                                                                                                                                                                                                                          18 dependencies
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          5 known vulnerabilities
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          35 vulnerable dependency paths
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          760 dependencies
                                                                                                                                                                                                                          -
                                                                                                                                                                                                                          - - - - - - - -
                                                                                                                                                                                                                          Project docker-image|redis
                                                                                                                                                                                                                          Path redis:7.0.8-alpine
                                                                                                                                                                                                                          Package Manager apk
                                                                                                                                                                                                                          -
                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          @@ -507,7 +498,7 @@

                                                                                                                                                                                                                          Improper Certificate Validation

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                                                        @@ -520,7 +511,7 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -529,7 +520,7 @@

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -540,18 +531,7 @@

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                          • -
                                                                                                                                                                                                                        • - Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -562,7 +542,7 @@

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -573,18 +553,7 @@

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                          • -
                                                                                                                                                                                                                        • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -593,7 +562,7 @@

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -604,7 +573,7 @@

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                        • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -622,7 +591,14 @@

                                                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                                                          NVD Description

                                                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          A security vulnerability has been identified in all supported versions

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                                                                                                                          References

                                                                                                                                                                                                                          @@ -632,6 +608,8 @@

                                                                                                                                                                                                                          References

                                                                                                                                                                                                                        • openssl-security@openssl.org
                                                                                                                                                                                                                        • openssl-security@openssl.org
                                                                                                                                                                                                                        • openssl-security@openssl.org
                                                                                                                                                                                                                          • +
                                                                                                                                                                                                                        • openssl-security@openssl.org
                                                                                                                                                                                                                          • +
                                                                                                                                                                                                                        • openssl-security@openssl.org
                                                                                                                                                                                                                        @@ -641,12 +619,12 @@

                                                                                                                                                                                                                        References

                                                                                                                                                                                                                        -
                                                                                                                                                                                                                        -

                                                                                                                                                                                                                        Improper Certificate Validation

                                                                                                                                                                                                                        +
                                                                                                                                                                                                                        +

                                                                                                                                                                                                                        Allocation of Resources Without Limits or Throttling

                                                                                                                                                                                                                        -
                                                                                                                                                                                                                        - medium severity +
                                                                                                                                                                                                                        + high severity
                                                                                                                                                                                                                        @@ -663,7 +641,7 @@

                                                                                                                                                                                                                        Improper Certificate Validation

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                                                      @@ -676,7 +654,7 @@

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -685,7 +663,7 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -696,9 +674,9 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - .redis-rundeps@20230211.132806 + apk-tools/apk-tools@2.12.10-r1 openssl/libcrypto3@3.0.8-r0 @@ -707,9 +685,9 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.12.10-r1 + busybox/ssl_client@1.35.0-r29 openssl/libcrypto3@3.0.8-r0 @@ -718,10 +696,143 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      + + + +
                                                                                                                                                                                                                      + +

                                                                                                                                                                                                                      NVD Description

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Remediation

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      References

                                                                                                                                                                                                                      + + +
                                                                                                                                                                                                                      + +
                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      More about this vulnerability

                                                                                                                                                                                                                      +
                                                                                                                                                                                                                      + + +
                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Improper Certificate Validation

                                                                                                                                                                                                                      +
                                                                                                                                                                                                                      + +
                                                                                                                                                                                                                      + medium severity +
                                                                                                                                                                                                                      + +
                                                                                                                                                                                                                      + +
                                                                                                                                                                                                                        +
                                                                                                                                                                                                                      • + Package Manager: alpine:3.17 +
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      • + Vulnerable module: + + openssl/libcrypto3 +
                                                                                                                                                                                                                        • + +
                                                                                                                                                                                                                      • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      + +
                                                                                                                                                                                                                      + + +

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                      + +
                                                                                                                                                                                                                        +
                                                                                                                                                                                                                      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + openssl/libcrypto3@3.0.8-r0 @@ -729,18 +840,40 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - .redis-rundeps@20230211.132806 + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -749,7 +882,7 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -760,7 +893,7 @@

                                                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                                                      • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -796,6 +929,8 @@

                                                                                                                                                                                                                        References

                                                                                                                                                                                                                      • openssl-security@openssl.org
                                                                                                                                                                                                                      • openssl-security@openssl.org
                                                                                                                                                                                                                      • openssl-security@openssl.org
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      • openssl-security@openssl.org
                                                                                                                                                                                                                        • +
                                                                                                                                                                                                                      • openssl-security@openssl.org
                                                                                                                                                                                                                      @@ -827,7 +962,7 @@

                                                                                                                                                                                                                      Improper Certificate Validation

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                                                    @@ -840,7 +975,7 @@

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -849,7 +984,7 @@

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -860,18 +995,7 @@

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                      • -
                                                                                                                                                                                                                    • - Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -882,7 +1006,7 @@

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -893,7 +1017,7 @@

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -902,18 +1026,7 @@

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                      • -
                                                                                                                                                                                                                    • - Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -924,7 +1037,7 @@

                                                                                                                                                                                                                      Detailed paths

                                                                                                                                                                                                                    • Introduced through: - docker-image|redis@7.0.8-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -966,6 +1079,8 @@

                                                                                                                                                                                                                      References

                                                                                                                                                                                                                    • openssl-security@openssl.org
                                                                                                                                                                                                                    • openssl-security@openssl.org
                                                                                                                                                                                                                    • openssl-security@openssl.org
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • openssl-security@openssl.org
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • openssl-security@openssl.org
                                                                                                                                                                                                                    @@ -975,6 +1090,153 @@

                                                                                                                                                                                                                    References

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Out-of-bounds Read

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    + medium severity +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                      +
                                                                                                                                                                                                                    • + Package Manager: alpine:3.17 +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • + Vulnerable module: + + openssl/libcrypto3 +
                                                                                                                                                                                                                      • + +
                                                                                                                                                                                                                    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    + + +

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                      +
                                                                                                                                                                                                                    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    + +

                                                                                                                                                                                                                    NVD Description

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    References

                                                                                                                                                                                                                    + + +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    diff --git a/docs/snyk/v2.6.11/haproxy_2.6.14-alpine.html b/docs/snyk/v2.6.11/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..cfa12a3490ad0 --- /dev/null +++ b/docs/snyk/v2.6.11/haproxy_2.6.14-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + + + Snyk - Open Source Security + + + + + + + +
                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Snyk test report

                                                                                                                                                                                                                    + +

                                                                                                                                                                                                                    June 25th 2023, 12:24:19 am (UTC+00:00)

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + Scanned the following path: +
                                                                                                                                                                                                                      +
                                                                                                                                                                                                                    • haproxy:2.6.14-alpine (apk)
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    0 known vulnerabilities
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    0 vulnerable dependency paths
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    18 dependencies
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + + + + + + + +
                                                                                                                                                                                                                    Project docker-image|haproxy
                                                                                                                                                                                                                    Path haproxy:2.6.14-alpine
                                                                                                                                                                                                                    Package Manager apk
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + No known vulnerabilities detected. +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    + + + diff --git a/docs/snyk/v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html b/docs/snyk/v2.6.11/quay.io_argoproj_argocd_v2.6.11.html similarity index 69% rename from docs/snyk/v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html rename to docs/snyk/v2.6.11/quay.io_argoproj_argocd_v2.6.11.html index 035feec2af812..da97d1f0c6061 100644 --- a/docs/snyk/v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html +++ b/docs/snyk/v2.6.11/quay.io_argoproj_argocd_v2.6.11.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

                                                                                                                                                                                                                    Snyk test report

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    April 16th 2023, 12:18:06 am

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    June 25th 2023, 12:24:53 am (UTC+00:00)

                                                                                                                                                                                                                    Scanned the following paths:
                                                                                                                                                                                                                      -
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.7.0-rc2/argoproj/argocd (deb)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.7.0-rc2/argoproj/argo-cd/v2 (gomodules)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.7.0-rc2/kustomize/kustomize/v5 (gomodules)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.7.0-rc2/helm/v3 (gomodules)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.7.0-rc2/git-lfs/git-lfs (gomodules)
                                                                                                                                                                                                                      • +
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.6.11/argoproj/argocd (deb)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.6.11/argoproj/argo-cd/v2 (gomodules)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.6.11/kustomize/kustomize/v4 (gomodules)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.6.11/helm/v3 (gomodules)
                                                                                                                                                                                                                    • quay.io/argoproj/argocd:v2.6.11/git-lfs/git-lfs (gomodules)
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    21 known vulnerabilities
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    112 vulnerable dependency paths
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    2065 dependencies
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    25 known vulnerabilities
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    74 vulnerable dependency paths
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    2064 dependencies
                                                                                                                                                                                                                    @@ -493,12 +493,12 @@

                                                                                                                                                                                                                    Denial of Service (DoS)

                                                                                                                                                                                                                  • Vulnerable module: - golang.org/x/net/http2/hpack + gopkg.in/yaml.v3
                                                                                                                                                                                                                  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 + sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b
                                                                                                                                                                                                                  @@ -511,9 +511,9 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  • Introduced through: - helm.sh/helm/v3@* + sigs.k8s.io/kustomize/kustomize/v4@* - golang.org/x/net/http2/hpack@v0.5.0 + gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b @@ -525,7 +525,20 @@

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    Overview

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    gopkg.in/yaml.v3 is a YAML support package for the Go language.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    PoC

                                                                                                                                                                                                                    + 
                                                                                                                                                                                                                    package main
+        
+        import (
+            "gopkg.in/yaml.v3"
+        )
+        
+        func main() {
+            var t interface{}
+            yaml.Unmarshal([]byte("0: [:!00 \xef"), &t)
+        }
+

                                                                                                                                                                                                                    Details

                                                                                                                                                                                                                    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                                                    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                                                    @@ -539,19 +552,95 @@

                                                                                                                                                                                                                    Details

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Upgrade gopkg.in/yaml.v3 to version 3.0.0 or higher.

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + + +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  NULL Pointer Dereference

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + high severity +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • + Package Manager: golang +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  • + Vulnerable module: + + gopkg.in/yaml.v3 +
                                                                                                                                                                                                                    • + +
                                                                                                                                                                                                                  • Introduced through: + + sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b + +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + + +

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • + Introduced through: + sigs.k8s.io/kustomize/kustomize/v4@* + + gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b + + + +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  gopkg.in/yaml.v3 is a YAML support package for the Go language.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  PoC

                                                                                                                                                                                                                  + 
                                                                                                                                                                                                                  package main
+        
+        import (
+            "gopkg.in/yaml.v3"
+        )
+        
+        func main() {
+            var t interface{}
+            yaml.Unmarshal([]byte("#\n-\n-\n0"), &t)
+        }
+
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Upgrade gopkg.in/yaml.v3 to version 3.0.1 or higher.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  + + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  @@ -572,12 +661,12 @@

                                                                                                                                                                                                                  Denial of Service (DoS)

                                                                                                                                                                                                                • Vulnerable module: - golang.org/x/net/http2 + golang.org/x/net/http2/hpack
                                                                                                                                                                                                                • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd
                                                                                                                                                                                                                @@ -588,11 +677,20 @@

                                                                                                                                                                                                                Denial of Service (DoS)

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                • + Introduced through: + sigs.k8s.io/kustomize/kustomize/v4@* + + golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd + + + +
                                                                                                                                                                                                                • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.5.0 + golang.org/x/net/http2/hpack@v0.0.0-20220722155237-a158d28d115b @@ -604,8 +702,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                                                  Details

                                                                                                                                                                                                                  Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                                                  Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                                                  @@ -619,7 +716,7 @@

                                                                                                                                                                                                                  Details

                                                                                                                                                                                                                Remediation

                                                                                                                                                                                                                -

                                                                                                                                                                                                                Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

                                                                                                                                                                                                                +

                                                                                                                                                                                                                Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

                                                                                                                                                                                                                References

                                                                                                                                                                                                                • GitHub Commit
                                                                                                                                                                                                                  • @@ -631,34 +728,34 @@

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  CVE-2022-46908

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Denial of Service

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - low severity +
                                                                                                                                                                                                                  + high severity
                                                                                                                                                                                                                  • - Package Manager: ubuntu:22.04 + Package Manager: golang
                                                                                                                                                                                                                  • Vulnerable module: - sqlite3/libsqlite3-0 + golang.org/x/net/http2
                                                                                                                                                                                                                  • Introduced through: + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
                                                                                                                                                                                                                  @@ -670,11 +767,9 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - gnupg2/gpg@2.2.27-3ubuntu2.1 + helm.sh/helm/v3@* - sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -685,51 +780,47 @@

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    NVD Description

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Overview

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    There is no fixed version for Ubuntu:22.04 sqlite3.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

                                                                                                                                                                                                                    References

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Uncontrolled Recursion

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Denial of Service (DoS)

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - low severity +
                                                                                                                                                                                                                  + high severity
                                                                                                                                                                                                                  • - Package Manager: ubuntu:22.04 + Package Manager: golang
                                                                                                                                                                                                                  • Vulnerable module: - pcre3/libpcre3 + golang.org/x/net/http2
                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
                                                                                                                                                                                                                  @@ -742,20 +833,9 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - grep@3.7-1build1 + helm.sh/helm/v3@* - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -766,54 +846,61 @@

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    NVD Description

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Overview

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Details

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Two common types of DoS vulnerabilities:

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                      +

                                                                                                                                                                                                                    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                                                      +
                                                                                                                                                                                                                      • +

                                                                                                                                                                                                                    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                                                      +
                                                                                                                                                                                                                      • +

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    There is no fixed version for Ubuntu:22.04 pcre3.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

                                                                                                                                                                                                                    References

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Release of Invalid Pointer or Reference

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Improper Input Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - low severity +
                                                                                                                                                                                                                  + medium severity
                                                                                                                                                                                                                  • - Package Manager: ubuntu:22.04 + Package Manager: golang
                                                                                                                                                                                                                  • Vulnerable module: - patch + golang.org/x/text/language
                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and patch@2.7.6-7build2 + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7
                                                                                                                                                                                                                  @@ -826,9 +913,18 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + sigs.k8s.io/kustomize/kustomize/v4@* - patch@2.7.6-7build2 + golang.org/x/text/language@v0.3.7 + + + +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/text/language@v0.3.7 @@ -839,48 +935,49 @@

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    NVD Description

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Overview

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

                                                                                                                                                                                                                    References

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Double Free

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Incorrect Privilege Assignment

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - low severity +
                                                                                                                                                                                                                  + medium severity
                                                                                                                                                                                                                  • - Package Manager: ubuntu:22.04 + Package Manager: golang
                                                                                                                                                                                                                  • Vulnerable module: - patch + golang.org/x/sys/unix
                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and patch@2.7.6-7build2 + helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f
                                                                                                                                                                                                                  @@ -893,9 +990,9 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + helm.sh/helm/v3@* - patch@2.7.6-7build2 + golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f @@ -906,53 +1003,46 @@

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    NVD Description

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Overview

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

                                                                                                                                                                                                                    References

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Locking

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Denial of Service (DoS)

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - low severity +
                                                                                                                                                                                                                  + medium severity
                                                                                                                                                                                                                  • - Package Manager: ubuntu:22.04 + Package Manager: golang
                                                                                                                                                                                                                  • Vulnerable module: - openssl/libssl3 + golang.org/x/net/http2
                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
                                                                                                                                                                                                                  @@ -965,113 +1055,91 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libfido2/libfido2-1@1.10.0-1 + helm.sh/helm/v3@* - openssl/libssl3@3.0.2-0ubuntu1.8 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
                                                                                                                                                                                                                  • - -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
                                                                                                                                                                                                                  + +

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Details

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Two common types of DoS vulnerabilities:

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                    +

                                                                                                                                                                                                                  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    • +

                                                                                                                                                                                                                  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  + -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl@3.0.2-0ubuntu1.8 - - +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  • +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  CVE-2022-46908

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + low severity +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • + Package Manager: ubuntu:22.04 +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  • + Vulnerable module: + + sqlite3/libsqlite3-0 +
                                                                                                                                                                                                                    • + +
                                                                                                                                                                                                                  • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.11, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + + +

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - ca-certificates@20211016ubuntu0.22.04.1 + gnupg2/gpg@2.2.27-3ubuntu2.1 - openssl@3.0.2-0ubuntu1.8 + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 @@ -1083,27 +1151,29 @@

                                                                                                                                                                                                                    Detailed paths

                                                                                                                                                                                                                    NVD Description

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

                                                                                                                                                                                                                    Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    There is no fixed version for Ubuntu:22.04 sqlite3.

                                                                                                                                                                                                                    References

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this vulnerability

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Arbitrary Code Injection

                                                                                                                                                                                                                  @@ -1119,12 +1189,12 @@

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                • Vulnerable module: - openssl/libssl3 + shadow/passwd
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.6.11 and shadow/passwd@1:4.8.1-2ubuntu2.1
                                                                                                                                                                                                                @@ -1137,113 +1207,40 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 + shadow/passwd@1:4.8.1-2ubuntu2.1
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - libfido2/libfido2-1@1.10.0-1 + adduser@3.118ubuntu5 - openssl/libssl3@3.0.2-0ubuntu1.8 + shadow/passwd@1:4.8.1-2ubuntu2.1
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 + shadow/login@1:4.8.1-2ubuntu2.1 @@ -1255,30 +1252,29 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 shadow.

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Uncontrolled Recursion

                                                                                                                                                                                                                  @@ -1294,12 +1290,12 @@

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                • Vulnerable module: - openssl/libssl3 + pcre3/libpcre3
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.6.11 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
                                                                                                                                                                                                                @@ -1312,113 +1308,20 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl@3.0.2-0ubuntu1.8 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - ca-certificates@20211016ubuntu0.22.04.1 + grep@3.7-1build1 - openssl@3.0.2-0ubuntu1.8 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1430,44 +1333,32 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 pcre3.

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Release of Invalid Pointer or Reference

                                                                                                                                                                                                                  @@ -1483,12 +1374,12 @@

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                • Vulnerable module: - openssl/libssl3 + patch
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.6.11 and patch@2.7.6-7build2
                                                                                                                                                                                                                @@ -1501,113 +1392,9 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 + patch@2.7.6-7build2 @@ -1619,38 +1406,26 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Privilege Management

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Double Free

                                                                                                                                                                                                                  @@ -1666,12 +1441,12 @@

                                                                                                                                                                                                                  Improper Privilege Management

                                                                                                                                                                                                                • Vulnerable module: - openssh/openssh-client + patch
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and patch@2.7.6-7build2
                                                                                                                                                                                                                @@ -1684,9 +1459,9 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + patch@2.7.6-7build2 @@ -1698,32 +1473,26 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 openssh.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  @@ -1749,7 +1518,7 @@

                                                                                                                                                                                                                  Information Exposure

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                                                                                                                                                                                                @@ -1762,7 +1531,7 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1823,7 +1592,7 @@

                                                                                                                                                                                                                  CVE-2023-28531

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                                                                                                                                                                                                @@ -1836,7 +1605,7 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1870,7 +1639,7 @@

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Out-of-bounds Read

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  NULL Pointer Dereference

                                                                                                                                                                                                                  @@ -1886,13 +1655,13 @@

                                                                                                                                                                                                                  Out-of-bounds Read

                                                                                                                                                                                                                • Vulnerable module: - ncurses/libtinfo6 + openldap/libldap-2.5-0
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.6.11, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
                                                                                                                                                                                                                @@ -1904,200 +1673,33 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - ncurses/libncurses6@6.3-2 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - procps@2:3.3.17-6ubuntu2 + git@1:2.34.1-1ubuntu1.9 - ncurses/libncurses6@6.3-2 - - - -
                                                                                                                                                                                                                  • -
                                                                                                                                                                                                                • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - ncurses/ncurses-base@6.3-2 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - ncurses/ncurses-bin@6.3-2 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2109,25 +1711,22 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 ncurses.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 openldap.

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  @@ -2154,7 +1753,7 @@

                                                                                                                                                                                                                  Resource Exhaustion

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.6.11, meta-common-packages@meta and others
                                                                                                                                                                                                                @@ -2166,7 +1765,7 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 meta-common-packages@meta @@ -2222,7 +1821,7 @@

                                                                                                                                                                                                                  Integer Overflow or Wraparound

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                @@ -2235,16 +1834,16 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2256,16 +1855,16 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2277,27 +1876,27 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2309,64 +1908,64 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2378,18 +1977,18 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -2444,7 +2043,7 @@

                                                                                                                                                                                                                  Out-of-bounds Write

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                                                                                                                                                                                                                @@ -2457,7 +2056,7 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2466,9 +2065,9 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2477,7 +2076,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2488,7 +2087,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2499,7 +2098,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2510,7 +2109,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2523,7 +2122,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2536,7 +2135,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2545,7 +2144,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2556,7 +2155,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2569,7 +2168,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2578,7 +2177,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2589,7 +2188,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2598,7 +2197,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2609,7 +2208,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2618,7 +2217,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2629,7 +2228,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2642,7 +2241,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2655,7 +2254,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2664,7 +2263,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2675,7 +2274,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2688,7 +2287,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2701,7 +2300,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2710,7 +2309,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2721,7 +2320,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2730,7 +2329,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2741,7 +2340,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2750,7 +2349,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2761,7 +2360,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2820,7 +2419,7 @@

                                                                                                                                                                                                                  Allocation of Resources Without Limits or Throttling

                                                                                                                                                                                                                  Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and glibc/libc-bin@2.35-0ubuntu3.1
                                                                                                                                                                                                                @@ -2833,7 +2432,7 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2842,7 +2441,7 @@

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 meta-common-packages@meta @@ -2901,7 +2500,7 @@

                                                                                                                                                                                                                  Improper Input Validation

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.6.11, git@1:2.34.1-1ubuntu1.9 and others
                                                                                                                                                                                                                @@ -2913,31 +2512,31 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9
                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -2967,6 +2566,150 @@

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  CVE-2023-28322

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + low severity +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • + Package Manager: ubuntu:22.04 +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  • + Vulnerable module: + + curl/libcurl3-gnutls +
                                                                                                                                                                                                                    • + +
                                                                                                                                                                                                                  • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.11, git@1:2.34.1-1ubuntu1.9 and others +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + + +

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.11 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 curl.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  + + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + low severity +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • + Package Manager: ubuntu:22.04 +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  • + Vulnerable module: + + curl/libcurl3-gnutls +
                                                                                                                                                                                                                    • + +
                                                                                                                                                                                                                  • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.11, git@1:2.34.1-1ubuntu1.9 and others +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + + +

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.11 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  + +

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  There is no fixed version for Ubuntu:22.04 curl.

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  + + +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Improper Input Validation

                                                                                                                                                                                                                  @@ -2990,7 +2733,7 @@

                                                                                                                                                                                                                  Improper Input Validation

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and coreutils@8.32-4.1ubuntu1
                                                                                                                                                                                                                @@ -3003,7 +2746,7 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 coreutils@8.32-4.1ubuntu1 @@ -3060,7 +2803,7 @@

                                                                                                                                                                                                                  Out-of-bounds Write

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and bash@5.1-6ubuntu1
                                                                                                                                                                                                                @@ -3073,7 +2816,7 @@

                                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.6.11 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.6.11/redis_7.0.11-alpine.html b/docs/snyk/v2.6.11/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..1dba88fbadc20 --- /dev/null +++ b/docs/snyk/v2.6.11/redis_7.0.11-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + + + Snyk - Open Source Security + + + + + + + +
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  + +

                                                                                                                                                                                                                  June 25th 2023, 12:24:58 am (UTC+00:00)

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + Scanned the following path: +
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                  • redis:7.0.11-alpine (apk)
                                                                                                                                                                                                                    • +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  0 known vulnerabilities
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  0 vulnerable dependency paths
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  18 dependencies
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + + + + + + + +
                                                                                                                                                                                                                  Project docker-image|redis
                                                                                                                                                                                                                  Path redis:7.0.11-alpine
                                                                                                                                                                                                                  Package Manager apk
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + No known vulnerabilities detected. +
                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  + + + diff --git a/docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html deleted file mode 100644 index a7b0d8740127e..0000000000000 --- a/docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html +++ /dev/null @@ -1,1698 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - Snyk - Open Source Security - - - - - - - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  April 16th 2023, 12:20:10 am

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - Scanned the following paths: -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.35.3/hairyhenderson/gomplate/v3 (gomodules)
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  11 known vulnerabilities
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  51 vulnerable dependency paths
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  756 dependencies
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Double Free

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.16 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto1.1 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Access of Resource Using Incompatible Type ('Type Confusion')

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.16 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto1.1 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Use After Free

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.16 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto1.1 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.16 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto1.1 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.16 openssl to version 1.1.1t-r1 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Denial of Service (DoS)

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: golang -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - golang.org/x/net/http2/hpack -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Details

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Two common types of DoS vulnerabilities:

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                    -

                                                                                                                                                                                                                  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    • -

                                                                                                                                                                                                                  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Denial of Service (DoS)

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: golang -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - golang.org/x/net/http2 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Details

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Two common types of DoS vulnerabilities:

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                    -

                                                                                                                                                                                                                  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    • -

                                                                                                                                                                                                                  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  CVE-2022-4304

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.16 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto1.1 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.16 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto1.1 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.16 openssl to version 1.1.1t-r2 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Input Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: golang -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - golang.org/x/text/language -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/text/language@v0.3.7 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/text/language@v0.3.7 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade golang.org/x/text/language to version 0.3.8 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Incorrect Privilege Assignment

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: golang -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - golang.org/x/sys/unix -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Denial of Service (DoS)

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: golang -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - golang.org/x/net/http2 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  Overview

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Details

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Two common types of DoS vulnerabilities:

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                    -

                                                                                                                                                                                                                  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    • -

                                                                                                                                                                                                                  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - diff --git a/docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html b/docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html deleted file mode 100644 index 79007c2b55b0b..0000000000000 --- a/docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - Snyk - Open Source Security - - - - - - - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  April 16th 2023, 12:20:15 am

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - Scanned the following path: -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • haproxy:2.6.9-alpine (apk)
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  3 known vulnerabilities
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  27 vulnerable dependency paths
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  18 dependencies
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - - - - - -
                                                                                                                                                                                                                  Project docker-image|haproxy
                                                                                                                                                                                                                  Path haproxy:2.6.9-alpine
                                                                                                                                                                                                                  Package Manager apk
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - diff --git a/docs/snyk/v2.6.7/redis_7.0.8-alpine.html b/docs/snyk/v2.6.7/redis_7.0.8-alpine.html deleted file mode 100644 index 4d024459c9a15..0000000000000 --- a/docs/snyk/v2.6.7/redis_7.0.8-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - Snyk - Open Source Security - - - - - - - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  April 16th 2023, 12:20:50 am

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - Scanned the following path: -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • redis:7.0.8-alpine (apk)
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  3 known vulnerabilities
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  27 vulnerable dependency paths
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  18 dependencies
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - - - - - -
                                                                                                                                                                                                                  Project docker-image|redis
                                                                                                                                                                                                                  Path redis:7.0.8-alpine
                                                                                                                                                                                                                  Package Manager apk
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - diff --git a/docs/snyk/v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html deleted file mode 100644 index 44f133fb0e30b..0000000000000 --- a/docs/snyk/v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html +++ /dev/null @@ -1,908 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - Snyk - Open Source Security - - - - - - - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  April 16th 2023, 12:17:40 am

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - Scanned the following paths: -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  3 known vulnerabilities
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  21 vulnerable dependency paths
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  760 dependencies
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - diff --git a/docs/snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html b/docs/snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html deleted file mode 100644 index 00a94ccf10b8d..0000000000000 --- a/docs/snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - Snyk - Open Source Security - - - - - - - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  April 16th 2023, 12:17:45 am

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - Scanned the following path: -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • haproxy:2.6.9-alpine (apk)
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  3 known vulnerabilities
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  27 vulnerable dependency paths
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  18 dependencies
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - - - - - -
                                                                                                                                                                                                                  Project docker-image|haproxy
                                                                                                                                                                                                                  Path haproxy:2.6.9-alpine
                                                                                                                                                                                                                  Package Manager apk
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - diff --git a/docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html b/docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html deleted file mode 100644 index 384625bb54320..0000000000000 --- a/docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - Snyk - Open Source Security - - - - - - - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  April 16th 2023, 12:18:11 am

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - Scanned the following path: -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • redis:7.0.9-alpine (apk)
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  3 known vulnerabilities
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  27 vulnerable dependency paths
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  18 dependencies
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - - - - - -
                                                                                                                                                                                                                  Project docker-image|redis
                                                                                                                                                                                                                  Path redis:7.0.9-alpine
                                                                                                                                                                                                                  Package Manager apk
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - high severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - medium severity -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Package Manager: alpine:3.17 -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Vulnerable module: - - openssl/libcrypto3 -
                                                                                                                                                                                                                    • - -
                                                                                                                                                                                                                  • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - - -

                                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                    -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                                    • -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  - -

                                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  References

                                                                                                                                                                                                                  - - -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  - - - diff --git a/docs/snyk/v2.7.0-rc2/argocd-iac-install.html b/docs/snyk/v2.7.6/argocd-iac-install.html similarity index 88% rename from docs/snyk/v2.7.0-rc2/argocd-iac-install.html rename to docs/snyk/v2.7.6/argocd-iac-install.html index 7157e4c8173d6..14c82299141ec 100644 --- a/docs/snyk/v2.7.0-rc2/argocd-iac-install.html +++ b/docs/snyk/v2.7.6/argocd-iac-install.html @@ -456,7 +456,7 @@

                                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  April 16th 2023, 12:19:33 am

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  June 25th 2023, 12:23:36 am (UTC+00:00)

                                                                                                                                                                                                                  Scanned the following path: @@ -494,7 +494,7 @@

                                                                                                                                                                                                                  Role with dangerous permissions

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  @@ -540,7 +540,7 @@

                                                                                                                                                                                                                  Role with dangerous permissions

                                                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                                  • Introduced through: @@ -570,7 +570,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -586,7 +586,7 @@

                                                                                                                                                                                                                    Role with dangerous permissions

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                                    • Introduced through: @@ -616,7 +616,7 @@

                                                                                                                                                                                                                      Remediation

                                                                                                                                                                                                                      -

                                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                                      @@ -632,7 +632,7 @@

                                                                                                                                                                                                                      Role with dangerous permissions

                                                                                                                                                                                                                      • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                                      • Introduced through: @@ -662,7 +662,7 @@

                                                                                                                                                                                                                        Remediation

                                                                                                                                                                                                                        -

                                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                                        +

                                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                                        @@ -678,7 +678,7 @@

                                                                                                                                                                                                                        Role with dangerous permissions

                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                                        • Introduced through: @@ -708,7 +708,7 @@

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          @@ -724,7 +724,7 @@

                                                                                                                                                                                                                          Role with dangerous permissions

                                                                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                                          • Introduced through: @@ -754,7 +754,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -770,7 +770,7 @@

                                                                                                                                                                                                                            Container could be running with outdated image

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
                                                                                                                                                                                                                            • Introduced through: @@ -789,7 +789,7 @@

                                                                                                                                                                                                                              Container could be running with outdated image

                                                                                                                                                                                                                            • - Line number: 17517 + Line number: 17518
                                                                                                                                                                                                                            @@ -806,7 +806,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -822,7 +822,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -847,7 +847,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 16974 + Line number: 16980
                                                                                                                                                                                                                            @@ -864,7 +864,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -880,7 +880,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -905,7 +905,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17146 + Line number: 17152
                                                                                                                                                                                                                            @@ -922,7 +922,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -938,7 +938,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -963,7 +963,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17112 + Line number: 17118
                                                                                                                                                                                                                            @@ -980,7 +980,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -996,7 +996,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -1021,7 +1021,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17206 + Line number: 17212
                                                                                                                                                                                                                            @@ -1038,7 +1038,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1054,7 +1054,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -1079,7 +1079,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17280 + Line number: 17286
                                                                                                                                                                                                                            @@ -1096,7 +1096,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1112,7 +1112,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -1137,7 +1137,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17517 + Line number: 17518
                                                                                                                                                                                                                            @@ -1154,7 +1154,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1170,7 +1170,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -1195,7 +1195,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17339 + Line number: 17342
                                                                                                                                                                                                                            @@ -1212,7 +1212,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1228,7 +1228,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -1253,7 +1253,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17602 + Line number: 17603
                                                                                                                                                                                                                            @@ -1270,7 +1270,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1286,7 +1286,7 @@

                                                                                                                                                                                                                            Container has no CPU limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                            • Introduced through: @@ -1311,7 +1311,7 @@

                                                                                                                                                                                                                              Container has no CPU limit

                                                                                                                                                                                                                            • - Line number: 17906 + Line number: 17907
                                                                                                                                                                                                                            @@ -1328,7 +1328,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1344,7 +1344,7 @@

                                                                                                                                                                                                                            Container is running with multiple open ports

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
                                                                                                                                                                                                                            • Introduced through: @@ -1363,7 +1363,7 @@

                                                                                                                                                                                                                              Container is running with multiple open ports

                                                                                                                                                                                                                            • - Line number: 17126 + Line number: 17132
                                                                                                                                                                                                                            @@ -1380,12 +1380,12 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Container is running with writable root filesystem

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Container is running without liveness probe

                                                                                                                                                                                                                            @@ -1396,13 +1396,11 @@

                                                                                                                                                                                                                            Container is running with writable root filesystem

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-8 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                            • Introduced through: - [DocId: 45] - - input + [DocId: 42] spec @@ -1410,33 +1408,31 @@

                                                                                                                                                                                                                              Container is running with writable root filesystem

                                                                                                                                                                                                                              spec - containers[redis] - - securityContext + containers[argocd-applicationset-controller] - readOnlyRootFilesystem + livenessProbe
                                                                                                                                                                                                                            • - Line number: 17293 + Line number: 16980

                                                                                                                                                                                                                            Impact

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Add `livenessProbe` attribute

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1452,11 +1448,11 @@

                                                                                                                                                                                                                            Container is running without liveness probe

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                            • Introduced through: - [DocId: 42] + [DocId: 43] spec @@ -1464,14 +1460,14 @@

                                                                                                                                                                                                                              Container is running without liveness probe

                                                                                                                                                                                                                              spec - containers[argocd-applicationset-controller] + containers[dex] livenessProbe
                                                                                                                                                                                                                            • - Line number: 16974 + Line number: 17118
                                                                                                                                                                                                                            @@ -1488,7 +1484,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1504,7 +1500,7 @@

                                                                                                                                                                                                                            Container is running without liveness probe

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                            • Introduced through: @@ -1516,14 +1512,14 @@

                                                                                                                                                                                                                              Container is running without liveness probe

                                                                                                                                                                                                                              spec - containers[dex] + initContainers[copyutil] livenessProbe
                                                                                                                                                                                                                            • - Line number: 17112 + Line number: 17152
                                                                                                                                                                                                                            @@ -1540,7 +1536,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1556,11 +1552,11 @@

                                                                                                                                                                                                                            Container is running without liveness probe

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                            • Introduced through: - [DocId: 43] + [DocId: 45] spec @@ -1568,14 +1564,14 @@

                                                                                                                                                                                                                              Container is running without liveness probe

                                                                                                                                                                                                                              spec - initContainers[copyutil] + containers[redis] livenessProbe
                                                                                                                                                                                                                            • - Line number: 17146 + Line number: 17286
                                                                                                                                                                                                                            @@ -1592,7 +1588,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1608,11 +1604,11 @@

                                                                                                                                                                                                                            Container is running without liveness probe

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                            • Introduced through: - [DocId: 45] + [DocId: 46] spec @@ -1620,14 +1616,14 @@

                                                                                                                                                                                                                              Container is running without liveness probe

                                                                                                                                                                                                                              spec - containers[redis] + initContainers[copyutil] livenessProbe
                                                                                                                                                                                                                            • - Line number: 17280 + Line number: 17518
                                                                                                                                                                                                                            @@ -1644,12 +1640,12 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Container is running without liveness probe

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            @@ -1660,11 +1656,13 @@

                                                                                                                                                                                                                            Container is running without liveness probe

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: - [DocId: 46] + [DocId: 42] + + input spec @@ -1672,31 +1670,35 @@

                                                                                                                                                                                                                              Container is running without liveness probe

                                                                                                                                                                                                                              spec - initContainers[copyutil] + containers[argocd-applicationset-controller] - livenessProbe + resources + + limits + + memory
                                                                                                                                                                                                                            • - Line number: 17517 + Line number: 16980

                                                                                                                                                                                                                            Impact

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Containers without memory limits are more likely to be terminated when the node runs out of memory

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Add `livenessProbe` attribute

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Set `resources.limits.memory` value

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1712,11 +1714,11 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: - [DocId: 42] + [DocId: 43] input @@ -1726,7 +1728,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - containers[argocd-applicationset-controller] + containers[dex] resources @@ -1737,7 +1739,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 16974 + Line number: 17118
                                                                                                                                                                                                                            @@ -1754,7 +1756,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1770,7 +1772,7 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: @@ -1784,7 +1786,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - containers[dex] + initContainers[copyutil] resources @@ -1795,7 +1797,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 17112 + Line number: 17152
                                                                                                                                                                                                                            @@ -1812,7 +1814,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1828,11 +1830,11 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: - [DocId: 43] + [DocId: 44] input @@ -1842,7 +1844,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - initContainers[copyutil] + containers[argocd-notifications-controller] resources @@ -1853,7 +1855,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 17146 + Line number: 17212
                                                                                                                                                                                                                            @@ -1870,7 +1872,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1886,11 +1888,11 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: - [DocId: 44] + [DocId: 45] input @@ -1900,7 +1902,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - containers[argocd-notifications-controller] + containers[redis] resources @@ -1911,7 +1913,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 17206 + Line number: 17286
                                                                                                                                                                                                                            @@ -1928,7 +1930,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -1944,11 +1946,11 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: - [DocId: 45] + [DocId: 46] input @@ -1958,7 +1960,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - containers[redis] + initContainers[copyutil] resources @@ -1969,7 +1971,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 17280 + Line number: 17518
                                                                                                                                                                                                                            @@ -1986,7 +1988,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -2002,7 +2004,7 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: @@ -2016,7 +2018,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - initContainers[copyutil] + containers[argocd-repo-server] resources @@ -2027,7 +2029,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 17517 + Line number: 17342
                                                                                                                                                                                                                            @@ -2044,7 +2046,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -2060,11 +2062,11 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: - [DocId: 46] + [DocId: 47] input @@ -2074,7 +2076,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - containers[argocd-repo-server] + containers[argocd-server] resources @@ -2085,7 +2087,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 17339 + Line number: 17603
                                                                                                                                                                                                                            @@ -2102,7 +2104,7 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            @@ -2118,11 +2120,11 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                            • Introduced through: - [DocId: 47] + [DocId: 48] input @@ -2132,7 +2134,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - containers[argocd-server] + containers[argocd-application-controller] resources @@ -2143,7 +2145,7 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                            • - Line number: 17602 + Line number: 17907
                                                                                                                                                                                                                            @@ -2160,12 +2162,12 @@

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Container or Pod is running with writable root filesystem

                                                                                                                                                                                                                            @@ -2176,11 +2178,11 @@

                                                                                                                                                                                                                            Container is running without memory limit

                                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-8
                                                                                                                                                                                                                            • Introduced through: - [DocId: 48] + [DocId: 45] input @@ -2190,40 +2192,38 @@

                                                                                                                                                                                                                              Container is running without memory limit

                                                                                                                                                                                                                              spec - containers[argocd-application-controller] - - resources + containers[redis] - limits + securityContext - memory + readOnlyRootFilesystem
                                                                                                                                                                                                                            • - Line number: 17906 + Line number: 17296

                                                                                                                                                                                                                            Impact

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Containers without memory limits are more likely to be terminated when the node runs out of memory

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Set `resources.limits.memory` value

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                                            -

                                                                                                                                                                                                                            Container's UID could clash with host's UID

                                                                                                                                                                                                                            +

                                                                                                                                                                                                                            Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                            @@ -2234,7 +2234,7 @@

                                                                                                                                                                                                                            Container's UID could clash with host's UID
                                                                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                          • Introduced through: @@ -2257,7 +2257,7 @@

                                                                                                                                                                                                                            Container's UID could clash with host's UID
                                                                                                                                                                                                                          • - Line number: 17049 + Line number: 17055

                                                                                                                                                                                                                          @@ -2267,19 +2267,19 @@

                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                          @@ -2290,7 +2290,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                        • Introduced through: @@ -2313,7 +2313,7 @@

                                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                                        • - Line number: 17154 + Line number: 17160

                                                                                                                                                                                                                        @@ -2323,19 +2323,19 @@

                                                                                                                                                                                                                        Impact

                                                                                                                                                                                                                        UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                        Remediation

                                                                                                                                                                                                                        -

                                                                                                                                                                                                                        Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                        +

                                                                                                                                                                                                                        Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                        -

                                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                                        +

                                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                                        -

                                                                                                                                                                                                                        Container's UID could clash with host's UID

                                                                                                                                                                                                                        +

                                                                                                                                                                                                                        Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                        @@ -2346,7 +2346,7 @@

                                                                                                                                                                                                                        Container's UID could clash with host's UID
                                                                                                                                                                                                                      • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                      • Introduced through: @@ -2369,7 +2369,7 @@

                                                                                                                                                                                                                        Container's UID could clash with host's UID
                                                                                                                                                                                                                      • - Line number: 17129 + Line number: 17135

                                                                                                                                                                                                                      @@ -2379,19 +2379,19 @@

                                                                                                                                                                                                                      Impact

                                                                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                      Remediation

                                                                                                                                                                                                                      -

                                                                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                      -

                                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                                      -

                                                                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                      @@ -2402,7 +2402,7 @@

                                                                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                    • Introduced through: @@ -2425,7 +2425,7 @@

                                                                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                                                                    • - Line number: 17214 + Line number: 17220

                                                                                                                                                                                                                    @@ -2435,19 +2435,19 @@

                                                                                                                                                                                                                    Impact

                                                                                                                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Container's UID could clash with host's UID

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                    @@ -2458,7 +2458,7 @@

                                                                                                                                                                                                                    Container's UID could clash with host's UID
                                                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                  • Introduced through: @@ -2481,7 +2481,7 @@

                                                                                                                                                                                                                    Container's UID could clash with host's UID
                                                                                                                                                                                                                  • - Line number: 17293 + Line number: 17296

                                                                                                                                                                                                                  @@ -2491,19 +2491,19 @@

                                                                                                                                                                                                                  Impact

                                                                                                                                                                                                                  UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Container's UID could clash with host's UID

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                  @@ -2514,7 +2514,7 @@

                                                                                                                                                                                                                  Container's UID could clash with host's UID
                                                                                                                                                                                                                • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                • Introduced through: @@ -2537,7 +2537,7 @@

                                                                                                                                                                                                                  Container's UID could clash with host's UID
                                                                                                                                                                                                                • - Line number: 17524 + Line number: 17525

                                                                                                                                                                                                                @@ -2547,19 +2547,19 @@

                                                                                                                                                                                                                Impact

                                                                                                                                                                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                Remediation

                                                                                                                                                                                                                -

                                                                                                                                                                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                +

                                                                                                                                                                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                -

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                +

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                -

                                                                                                                                                                                                                Container's UID could clash with host's UID

                                                                                                                                                                                                                +

                                                                                                                                                                                                                Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                @@ -2570,7 +2570,7 @@

                                                                                                                                                                                                                Container's UID could clash with host's UID
                                                                                                                                                                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                              • Introduced through: @@ -2593,7 +2593,7 @@

                                                                                                                                                                                                                Container's UID could clash with host's UID
                                                                                                                                                                                                              • - Line number: 17490 + Line number: 17491

                                                                                                                                                                                                              @@ -2603,19 +2603,19 @@

                                                                                                                                                                                                              Impact

                                                                                                                                                                                                              UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                              Remediation

                                                                                                                                                                                                              -

                                                                                                                                                                                                              Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                              +

                                                                                                                                                                                                              Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                              -

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              +

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              -

                                                                                                                                                                                                              Container's UID could clash with host's UID

                                                                                                                                                                                                              +

                                                                                                                                                                                                              Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                              @@ -2626,7 +2626,7 @@

                                                                                                                                                                                                              Container's UID could clash with host's UID
                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                            • Introduced through: @@ -2649,7 +2649,7 @@

                                                                                                                                                                                                              Container's UID could clash with host's UID
                                                                                                                                                                                                            • - Line number: 17816 + Line number: 17817

                                                                                                                                                                                                            @@ -2659,19 +2659,19 @@

                                                                                                                                                                                                            Impact

                                                                                                                                                                                                            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                            -

                                                                                                                                                                                                            Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                            +

                                                                                                                                                                                                            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                            -

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            +

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            -

                                                                                                                                                                                                            Container's UID could clash with host's UID

                                                                                                                                                                                                            +

                                                                                                                                                                                                            Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                            @@ -2682,7 +2682,7 @@

                                                                                                                                                                                                            Container's UID could clash with host's UID
                                                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                          • Introduced through: @@ -2705,7 +2705,7 @@

                                                                                                                                                                                                            Container's UID could clash with host's UID
                                                                                                                                                                                                          • - Line number: 18048 + Line number: 18049

                                                                                                                                                                                                          @@ -2715,14 +2715,14 @@

                                                                                                                                                                                                          Impact

                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                          -

                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                          +

                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                          -

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          +

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          diff --git a/docs/snyk/v2.7.0-rc2/argocd-iac-namespace-install.html b/docs/snyk/v2.7.6/argocd-iac-namespace-install.html similarity index 88% rename from docs/snyk/v2.7.0-rc2/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.6/argocd-iac-namespace-install.html index 5edff3bd73f64..ff33e66c22ec7 100644 --- a/docs/snyk/v2.7.0-rc2/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.6/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

                                                                                                                                                                                                          Snyk test report

                                                                                                                                                                                                          -

                                                                                                                                                                                                          April 16th 2023, 12:19:46 am

                                                                                                                                                                                                          +

                                                                                                                                                                                                          June 25th 2023, 12:23:49 am (UTC+00:00)

                                                                                                                                                                                                          Scanned the following path: @@ -494,7 +494,7 @@

                                                                                                                                                                                                          Role with dangerous permissions

                                                                                                                                                                                                          -

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          +

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          @@ -540,7 +540,7 @@

                                                                                                                                                                                                          Role with dangerous permissions

                                                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                          • Introduced through: @@ -570,7 +570,7 @@

                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                            -

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            +

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            @@ -586,7 +586,7 @@

                                                                                                                                                                                                            Role with dangerous permissions

                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                            • Introduced through: @@ -616,7 +616,7 @@

                                                                                                                                                                                                              Remediation

                                                                                                                                                                                                              -

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              +

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              @@ -632,7 +632,7 @@

                                                                                                                                                                                                              Role with dangerous permissions

                                                                                                                                                                                                              • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                              • Introduced through: @@ -662,7 +662,7 @@

                                                                                                                                                                                                                Remediation

                                                                                                                                                                                                                -

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                +

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                @@ -678,7 +678,7 @@

                                                                                                                                                                                                                Role with dangerous permissions

                                                                                                                                                                                                                • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                                • Introduced through: @@ -708,7 +708,7 @@

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  @@ -724,7 +724,7 @@

                                                                                                                                                                                                                  Role with dangerous permissions

                                                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-47 + Public ID: SNYK-CC-K8S-47
                                                                                                                                                                                                                  • Introduced through: @@ -754,7 +754,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -770,7 +770,7 @@

                                                                                                                                                                                                                    Container could be running with outdated image

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-42 + Public ID: SNYK-CC-K8S-42
                                                                                                                                                                                                                    • Introduced through: @@ -789,7 +789,7 @@

                                                                                                                                                                                                                      Container could be running with outdated image

                                                                                                                                                                                                                    • - Line number: 1177 + Line number: 1178
                                                                                                                                                                                                                    @@ -806,7 +806,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -822,7 +822,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -847,7 +847,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 634 + Line number: 640
                                                                                                                                                                                                                    @@ -864,7 +864,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -880,7 +880,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -905,7 +905,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 806 + Line number: 812
                                                                                                                                                                                                                    @@ -922,7 +922,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -938,7 +938,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -963,7 +963,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 772 + Line number: 778
                                                                                                                                                                                                                    @@ -980,7 +980,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -996,7 +996,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -1021,7 +1021,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 866 + Line number: 872
                                                                                                                                                                                                                    @@ -1038,7 +1038,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1054,7 +1054,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -1079,7 +1079,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 940 + Line number: 946
                                                                                                                                                                                                                    @@ -1096,7 +1096,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1112,7 +1112,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -1137,7 +1137,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 1177 + Line number: 1178
                                                                                                                                                                                                                    @@ -1154,7 +1154,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1170,7 +1170,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -1195,7 +1195,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 999 + Line number: 1002
                                                                                                                                                                                                                    @@ -1212,7 +1212,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1228,7 +1228,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -1253,7 +1253,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 1262 + Line number: 1263
                                                                                                                                                                                                                    @@ -1270,7 +1270,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1286,7 +1286,7 @@

                                                                                                                                                                                                                    Container has no CPU limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-5
                                                                                                                                                                                                                    • Introduced through: @@ -1311,7 +1311,7 @@

                                                                                                                                                                                                                      Container has no CPU limit

                                                                                                                                                                                                                    • - Line number: 1566 + Line number: 1567
                                                                                                                                                                                                                    @@ -1328,7 +1328,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1344,7 +1344,7 @@

                                                                                                                                                                                                                    Container is running with multiple open ports

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-36
                                                                                                                                                                                                                    • Introduced through: @@ -1363,7 +1363,7 @@

                                                                                                                                                                                                                      Container is running with multiple open ports

                                                                                                                                                                                                                    • - Line number: 786 + Line number: 792
                                                                                                                                                                                                                    @@ -1380,12 +1380,12 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Container is running with writable root filesystem

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                                    @@ -1396,13 +1396,11 @@

                                                                                                                                                                                                                    Container is running with writable root filesystem

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-8 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                    • Introduced through: - [DocId: 38] - - input + [DocId: 35] spec @@ -1410,33 +1408,31 @@

                                                                                                                                                                                                                      Container is running with writable root filesystem

                                                                                                                                                                                                                      spec - containers[redis] - - securityContext + containers[argocd-applicationset-controller] - readOnlyRootFilesystem + livenessProbe
                                                                                                                                                                                                                    • - Line number: 953 + Line number: 640

                                                                                                                                                                                                                    Impact

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Add `livenessProbe` attribute

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1452,11 +1448,11 @@

                                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                    • Introduced through: - [DocId: 35] + [DocId: 36] spec @@ -1464,14 +1460,14 @@

                                                                                                                                                                                                                      Container is running without liveness probe

                                                                                                                                                                                                                      spec - containers[argocd-applicationset-controller] + containers[dex] livenessProbe
                                                                                                                                                                                                                    • - Line number: 634 + Line number: 778
                                                                                                                                                                                                                    @@ -1488,7 +1484,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1504,7 +1500,7 @@

                                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                    • Introduced through: @@ -1516,14 +1512,14 @@

                                                                                                                                                                                                                      Container is running without liveness probe

                                                                                                                                                                                                                      spec - containers[dex] + initContainers[copyutil] livenessProbe
                                                                                                                                                                                                                    • - Line number: 772 + Line number: 812
                                                                                                                                                                                                                    @@ -1540,7 +1536,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1556,11 +1552,11 @@

                                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                    • Introduced through: - [DocId: 36] + [DocId: 38] spec @@ -1568,14 +1564,14 @@

                                                                                                                                                                                                                      Container is running without liveness probe

                                                                                                                                                                                                                      spec - initContainers[copyutil] + containers[redis] livenessProbe
                                                                                                                                                                                                                    • - Line number: 806 + Line number: 946
                                                                                                                                                                                                                    @@ -1592,7 +1588,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1608,11 +1604,11 @@

                                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-41
                                                                                                                                                                                                                    • Introduced through: - [DocId: 38] + [DocId: 39] spec @@ -1620,14 +1616,14 @@

                                                                                                                                                                                                                      Container is running without liveness probe

                                                                                                                                                                                                                      spec - containers[redis] + initContainers[copyutil] livenessProbe
                                                                                                                                                                                                                    • - Line number: 940 + Line number: 1178
                                                                                                                                                                                                                    @@ -1644,12 +1640,12 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    @@ -1660,11 +1656,13 @@

                                                                                                                                                                                                                    Container is running without liveness probe

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-41 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: - [DocId: 39] + [DocId: 35] + + input spec @@ -1672,31 +1670,35 @@

                                                                                                                                                                                                                      Container is running without liveness probe

                                                                                                                                                                                                                      spec - initContainers[copyutil] + containers[argocd-applicationset-controller] - livenessProbe + resources + + limits + + memory
                                                                                                                                                                                                                    • - Line number: 1177 + Line number: 640

                                                                                                                                                                                                                    Impact

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Containers without memory limits are more likely to be terminated when the node runs out of memory

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Add `livenessProbe` attribute

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Set `resources.limits.memory` value

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1712,11 +1714,11 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -1726,7 +1728,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - containers[argocd-applicationset-controller] + containers[dex] resources @@ -1737,7 +1739,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 634 + Line number: 778
                                                                                                                                                                                                                    @@ -1754,7 +1756,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1770,7 +1772,7 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: @@ -1784,7 +1786,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - containers[dex] + initContainers[copyutil] resources @@ -1795,7 +1797,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 772 + Line number: 812
                                                                                                                                                                                                                    @@ -1812,7 +1814,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1828,11 +1830,11 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: - [DocId: 36] + [DocId: 37] input @@ -1842,7 +1844,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - initContainers[copyutil] + containers[argocd-notifications-controller] resources @@ -1853,7 +1855,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 806 + Line number: 872
                                                                                                                                                                                                                    @@ -1870,7 +1872,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1886,11 +1888,11 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: - [DocId: 37] + [DocId: 38] input @@ -1900,7 +1902,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - containers[argocd-notifications-controller] + containers[redis] resources @@ -1911,7 +1913,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 866 + Line number: 946
                                                                                                                                                                                                                    @@ -1928,7 +1930,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -1944,11 +1946,11 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1958,7 +1960,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - containers[redis] + initContainers[copyutil] resources @@ -1969,7 +1971,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 940 + Line number: 1178
                                                                                                                                                                                                                    @@ -1986,7 +1988,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -2002,7 +2004,7 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: @@ -2016,7 +2018,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - initContainers[copyutil] + containers[argocd-repo-server] resources @@ -2027,7 +2029,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 1177 + Line number: 1002
                                                                                                                                                                                                                    @@ -2044,7 +2046,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -2060,11 +2062,11 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: - [DocId: 39] + [DocId: 40] input @@ -2074,7 +2076,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - containers[argocd-repo-server] + containers[argocd-server] resources @@ -2085,7 +2087,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 999 + Line number: 1263
                                                                                                                                                                                                                    @@ -2102,7 +2104,7 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    @@ -2118,11 +2120,11 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-4
                                                                                                                                                                                                                    • Introduced through: - [DocId: 40] + [DocId: 41] input @@ -2132,7 +2134,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - containers[argocd-server] + containers[argocd-application-controller] resources @@ -2143,7 +2145,7 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                    • - Line number: 1262 + Line number: 1567
                                                                                                                                                                                                                    @@ -2160,12 +2162,12 @@

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Container or Pod is running with writable root filesystem

                                                                                                                                                                                                                    @@ -2176,11 +2178,11 @@

                                                                                                                                                                                                                    Container is running without memory limit

                                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-4 + Public ID: SNYK-CC-K8S-8
                                                                                                                                                                                                                    • Introduced through: - [DocId: 41] + [DocId: 38] input @@ -2190,40 +2192,38 @@

                                                                                                                                                                                                                      Container is running without memory limit

                                                                                                                                                                                                                      spec - containers[argocd-application-controller] - - resources + containers[redis] - limits + securityContext - memory + readOnlyRootFilesystem
                                                                                                                                                                                                                    • - Line number: 1566 + Line number: 956

                                                                                                                                                                                                                    Impact

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Containers without memory limits are more likely to be terminated when the node runs out of memory

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Compromised process could abuse writable root filesystem to elevate privileges

                                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Set `resources.limits.memory` value

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Set `securityContext.readOnlyRootFilesystem` to `true`

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Container's UID could clash with host's UID

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                    @@ -2234,7 +2234,7 @@

                                                                                                                                                                                                                    Container's UID could clash with host's UID
                                                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                  • Introduced through: @@ -2257,7 +2257,7 @@

                                                                                                                                                                                                                    Container's UID could clash with host's UID
                                                                                                                                                                                                                  • - Line number: 709 + Line number: 715

                                                                                                                                                                                                                  @@ -2267,19 +2267,19 @@

                                                                                                                                                                                                                  Impact

                                                                                                                                                                                                                  UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Container's UID could clash with host's UID

                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                  @@ -2290,7 +2290,7 @@

                                                                                                                                                                                                                  Container's UID could clash with host's UID
                                                                                                                                                                                                                • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                                • Introduced through: @@ -2313,7 +2313,7 @@

                                                                                                                                                                                                                  Container's UID could clash with host's UID
                                                                                                                                                                                                                • - Line number: 814 + Line number: 820

                                                                                                                                                                                                                @@ -2323,19 +2323,19 @@

                                                                                                                                                                                                                Impact

                                                                                                                                                                                                                UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                                Remediation

                                                                                                                                                                                                                -

                                                                                                                                                                                                                Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                                +

                                                                                                                                                                                                                Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                                -

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                +

                                                                                                                                                                                                                More about this issue

                                                                                                                                                                                                                -

                                                                                                                                                                                                                Container's UID could clash with host's UID

                                                                                                                                                                                                                +

                                                                                                                                                                                                                Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                                @@ -2346,7 +2346,7 @@

                                                                                                                                                                                                                Container's UID could clash with host's UID
                                                                                                                                                                                                              • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                              • Introduced through: @@ -2369,7 +2369,7 @@

                                                                                                                                                                                                                Container's UID could clash with host's UID
                                                                                                                                                                                                              • - Line number: 789 + Line number: 795

                                                                                                                                                                                                              @@ -2379,19 +2379,19 @@

                                                                                                                                                                                                              Impact

                                                                                                                                                                                                              UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                              Remediation

                                                                                                                                                                                                              -

                                                                                                                                                                                                              Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                              +

                                                                                                                                                                                                              Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                              -

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              +

                                                                                                                                                                                                              More about this issue

                                                                                                                                                                                                              -

                                                                                                                                                                                                              Container's UID could clash with host's UID

                                                                                                                                                                                                              +

                                                                                                                                                                                                              Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                              @@ -2402,7 +2402,7 @@

                                                                                                                                                                                                              Container's UID could clash with host's UID
                                                                                                                                                                                                            • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                            • Introduced through: @@ -2425,7 +2425,7 @@

                                                                                                                                                                                                              Container's UID could clash with host's UID
                                                                                                                                                                                                            • - Line number: 874 + Line number: 880

                                                                                                                                                                                                            @@ -2435,19 +2435,19 @@

                                                                                                                                                                                                            Impact

                                                                                                                                                                                                            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                            Remediation

                                                                                                                                                                                                            -

                                                                                                                                                                                                            Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                            +

                                                                                                                                                                                                            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                            -

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            +

                                                                                                                                                                                                            More about this issue

                                                                                                                                                                                                            -

                                                                                                                                                                                                            Container's UID could clash with host's UID

                                                                                                                                                                                                            +

                                                                                                                                                                                                            Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                            @@ -2458,7 +2458,7 @@

                                                                                                                                                                                                            Container's UID could clash with host's UID
                                                                                                                                                                                                          • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                          • Introduced through: @@ -2481,7 +2481,7 @@

                                                                                                                                                                                                            Container's UID could clash with host's UID
                                                                                                                                                                                                          • - Line number: 953 + Line number: 956

                                                                                                                                                                                                          @@ -2491,19 +2491,19 @@

                                                                                                                                                                                                          Impact

                                                                                                                                                                                                          UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                          Remediation

                                                                                                                                                                                                          -

                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                          +

                                                                                                                                                                                                          Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                          -

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          +

                                                                                                                                                                                                          More about this issue

                                                                                                                                                                                                          -

                                                                                                                                                                                                          Container's UID could clash with host's UID

                                                                                                                                                                                                          +

                                                                                                                                                                                                          Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                          @@ -2514,7 +2514,7 @@

                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                        • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                        • Introduced through: @@ -2537,7 +2537,7 @@

                                                                                                                                                                                                          Container's UID could clash with host's UID
                                                                                                                                                                                                        • - Line number: 1184 + Line number: 1185

                                                                                                                                                                                                        @@ -2547,19 +2547,19 @@

                                                                                                                                                                                                        Impact

                                                                                                                                                                                                        UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                        Remediation

                                                                                                                                                                                                        -

                                                                                                                                                                                                        Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                        +

                                                                                                                                                                                                        Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                        -

                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                        +

                                                                                                                                                                                                        More about this issue

                                                                                                                                                                                                        -

                                                                                                                                                                                                        Container's UID could clash with host's UID

                                                                                                                                                                                                        +

                                                                                                                                                                                                        Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                        @@ -2570,7 +2570,7 @@

                                                                                                                                                                                                        Container's UID could clash with host's UID
                                                                                                                                                                                                      • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                      • Introduced through: @@ -2593,7 +2593,7 @@

                                                                                                                                                                                                        Container's UID could clash with host's UID
                                                                                                                                                                                                      • - Line number: 1150 + Line number: 1151

                                                                                                                                                                                                      @@ -2603,19 +2603,19 @@

                                                                                                                                                                                                      Impact

                                                                                                                                                                                                      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                      Remediation

                                                                                                                                                                                                      -

                                                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                      +

                                                                                                                                                                                                      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                      -

                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                      +

                                                                                                                                                                                                      More about this issue

                                                                                                                                                                                                      -

                                                                                                                                                                                                      Container's UID could clash with host's UID

                                                                                                                                                                                                      +

                                                                                                                                                                                                      Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                      @@ -2626,7 +2626,7 @@

                                                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                                                    • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                    • Introduced through: @@ -2649,7 +2649,7 @@

                                                                                                                                                                                                      Container's UID could clash with host's UID
                                                                                                                                                                                                    • - Line number: 1476 + Line number: 1477

                                                                                                                                                                                                    @@ -2659,19 +2659,19 @@

                                                                                                                                                                                                    Impact

                                                                                                                                                                                                    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                    Remediation

                                                                                                                                                                                                    -

                                                                                                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                    +

                                                                                                                                                                                                    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                    -

                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                    +

                                                                                                                                                                                                    More about this issue

                                                                                                                                                                                                    -

                                                                                                                                                                                                    Container's UID could clash with host's UID

                                                                                                                                                                                                    +

                                                                                                                                                                                                    Container's or Pod's UID could clash with host's UID

                                                                                                                                                                                                    @@ -2682,7 +2682,7 @@

                                                                                                                                                                                                    Container's UID could clash with host's UID
                                                                                                                                                                                                  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
                                                                                                                                                                                                  • Introduced through: @@ -2705,7 +2705,7 @@

                                                                                                                                                                                                    Container's UID could clash with host's UID
                                                                                                                                                                                                  • - Line number: 1708 + Line number: 1709

                                                                                                                                                                                                  @@ -2715,14 +2715,14 @@

                                                                                                                                                                                                  Impact

                                                                                                                                                                                                  UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                  -

                                                                                                                                                                                                  Set `securityContext.runAsUser` value to greater or equal than 10000

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

                                                                                                                                                                                                  -

                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                  +

                                                                                                                                                                                                  More about this issue

                                                                                                                                                                                                  diff --git a/docs/snyk/v2.7.6/argocd-test.html b/docs/snyk/v2.7.6/argocd-test.html new file mode 100644 index 0000000000000..bde5d01810904 --- /dev/null +++ b/docs/snyk/v2.7.6/argocd-test.html @@ -0,0 +1,634 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  + + + Snyk - Open Source Security + + + + + + + +
                                                                                                                                                                                                  +

                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                  + +

                                                                                                                                                                                                  June 25th 2023, 12:21:08 am (UTC+00:00)

                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  + Scanned the following paths: +
                                                                                                                                                                                                    +
                                                                                                                                                                                                  • /argo-cd/argoproj/argo-cd/v2 (gomodules)
                                                                                                                                                                                                  • /argo-cd (yarn)
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  1 known vulnerabilities
                                                                                                                                                                                                  +
                                                                                                                                                                                                  1 vulnerable dependency paths
                                                                                                                                                                                                  +
                                                                                                                                                                                                  1749 dependencies
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +

                                                                                                                                                                                                  Regular Expression Denial of Service (ReDoS)

                                                                                                                                                                                                  +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  + medium severity +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                    +
                                                                                                                                                                                                  • + Package Manager: npm +
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  • + Vulnerable module: + + semver +
                                                                                                                                                                                                    • + +
                                                                                                                                                                                                  • Introduced through: + + + argo-cd-ui@1.0.0, superagent@8.0.9 and others +
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  + + +

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                  + +
                                                                                                                                                                                                    +
                                                                                                                                                                                                  • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@8.0.9 + + semver@7.3.8 + + + +
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  + +

                                                                                                                                                                                                  Overview

                                                                                                                                                                                                  +

                                                                                                                                                                                                  semver is a semantic version parser used by npm.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  PoC

                                                                                                                                                                                                  + 
                                                                                                                                                                                                  
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
                                                                                                                                                                                                  +

                                                                                                                                                                                                  Details

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Let’s take the following regular expression as an example:

                                                                                                                                                                                                  + 
                                                                                                                                                                                                  regex = /A(B|C+)+D/
+
                                                                                                                                                                                                  +

                                                                                                                                                                                                  This regular expression accomplishes the following:

                                                                                                                                                                                                  +
                                                                                                                                                                                                    +
                                                                                                                                                                                                  • A The string must start with the letter 'A'
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  • D Finally, we ensure this section of the string ends with a 'D'
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  +

                                                                                                                                                                                                  The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

                                                                                                                                                                                                  +

                                                                                                                                                                                                  It most cases, it doesn't take very long for a regex engine to find a match:

                                                                                                                                                                                                  + 
                                                                                                                                                                                                  $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
                                                                                                                                                                                                  +

                                                                                                                                                                                                  The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

                                                                                                                                                                                                  +
                                                                                                                                                                                                    +
                                                                                                                                                                                                  1. CCC
                                                                                                                                                                                                    2. +
                                                                                                                                                                                                  2. CC+C
                                                                                                                                                                                                    3. +
                                                                                                                                                                                                  3. C+CC
                                                                                                                                                                                                    4. +
                                                                                                                                                                                                  4. C+C+C.
                                                                                                                                                                                                    5. +
                                                                                                                                                                                                  +

                                                                                                                                                                                                  The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  From there, the number of steps the engine must use to validate a string just continues to grow.

                                                                                                                                                                                                  + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                                                                                                                                                                                  StringNumber of C'sNumber of steps
                                                                                                                                                                                                  ACCCX338
                                                                                                                                                                                                  ACCCCX471
                                                                                                                                                                                                  ACCCCCX5136
                                                                                                                                                                                                  ACCCCCCCCCCCCCCX1465,553
                                                                                                                                                                                                  +

                                                                                                                                                                                                  By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Upgrade semver to version 7.5.2 or higher.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  References

                                                                                                                                                                                                  + + +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  +

                                                                                                                                                                                                  More about this vulnerability

                                                                                                                                                                                                  +
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  +
                                                                                                                                                                                                  + + + diff --git a/docs/snyk/master/haproxy_2.6.9-alpine.html b/docs/snyk/v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html similarity index 65% rename from docs/snyk/master/haproxy_2.6.9-alpine.html rename to docs/snyk/v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html index 5b61ebf333c80..86e12e3e99933 100644 --- a/docs/snyk/master/haproxy_2.6.9-alpine.html +++ b/docs/snyk/v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,33 +456,24 @@

                                                                                                                                                                                                  Snyk test report

                                                                                                                                                                                                  -

                                                                                                                                                                                                  April 16th 2023, 12:15:07 am

                                                                                                                                                                                                  +

                                                                                                                                                                                                  June 25th 2023, 12:21:17 am (UTC+00:00)

                                                                                                                                                                                                  - Scanned the following path: + Scanned the following paths:
                                                                                                                                                                                                    -
                                                                                                                                                                                                  • haproxy:2.6.9-alpine (apk)
                                                                                                                                                                                                    • +
                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                                                                                                  • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
                                                                                                                                                                                                  -
                                                                                                                                                                                                  3 known vulnerabilities
                                                                                                                                                                                                  -
                                                                                                                                                                                                  27 vulnerable dependency paths
                                                                                                                                                                                                  -
                                                                                                                                                                                                  18 dependencies
                                                                                                                                                                                                  +
                                                                                                                                                                                                  5 known vulnerabilities
                                                                                                                                                                                                  +
                                                                                                                                                                                                  35 vulnerable dependency paths
                                                                                                                                                                                                  +
                                                                                                                                                                                                  760 dependencies
                                                                                                                                                                                                  -
                                                                                                                                                                                                  - - - - - - - -
                                                                                                                                                                                                  Project docker-image|haproxy
                                                                                                                                                                                                  Path haproxy:2.6.9-alpine
                                                                                                                                                                                                  Package Manager apk
                                                                                                                                                                                                  -
                                                                                                                                                                                                  +
                                                                                                                                                                                                  @@ -507,7 +498,7 @@

                                                                                                                                                                                                  Improper Certificate Validation

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                                @@ -520,7 +511,7 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -529,7 +520,7 @@

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -540,18 +531,7 @@

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                                  • -
                                                                                                                                                                                                • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -562,7 +542,7 @@

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -573,18 +553,7 @@

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                                  • -
                                                                                                                                                                                                • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -593,7 +562,7 @@

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -604,7 +573,7 @@

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -622,7 +591,14 @@

                                                                                                                                                                                                  Detailed paths

                                                                                                                                                                                                  NVD Description

                                                                                                                                                                                                  Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                                  -

                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  A security vulnerability has been identified in all supported versions

                                                                                                                                                                                                  +

                                                                                                                                                                                                  of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                                  Remediation

                                                                                                                                                                                                  Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

                                                                                                                                                                                                  References

                                                                                                                                                                                                  @@ -632,6 +608,8 @@

                                                                                                                                                                                                  References

                                                                                                                                                                                                • openssl-security@openssl.org
                                                                                                                                                                                                • openssl-security@openssl.org
                                                                                                                                                                                                • openssl-security@openssl.org
                                                                                                                                                                                                  • +
                                                                                                                                                                                                • openssl-security@openssl.org
                                                                                                                                                                                                  • +
                                                                                                                                                                                                • openssl-security@openssl.org
                                                                                                                                                                                                @@ -641,12 +619,12 @@

                                                                                                                                                                                                References

                                                                                                                                                                                                -
                                                                                                                                                                                                -

                                                                                                                                                                                                Improper Certificate Validation

                                                                                                                                                                                                +
                                                                                                                                                                                                +

                                                                                                                                                                                                Allocation of Resources Without Limits or Throttling

                                                                                                                                                                                                -
                                                                                                                                                                                                - medium severity +
                                                                                                                                                                                                + high severity
                                                                                                                                                                                                @@ -663,7 +641,7 @@

                                                                                                                                                                                                Improper Certificate Validation

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                              @@ -676,7 +654,7 @@

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -685,7 +663,7 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -696,9 +674,9 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - .haproxy-rundeps@20230214.193603 + apk-tools/apk-tools@2.12.10-r1 openssl/libcrypto3@3.0.8-r0 @@ -707,9 +685,9 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.12.10-r1 + busybox/ssl_client@1.35.0-r29 openssl/libcrypto3@3.0.8-r0 @@ -718,10 +696,143 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                • +
                                                                                                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                • +
                                                                                                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                                • +
                                                                                                                                                                                              + + + +
                                                                                                                                                                                              + +

                                                                                                                                                                                              NVD Description

                                                                                                                                                                                              +

                                                                                                                                                                                              Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                              +

                                                                                                                                                                                              Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

                                                                                                                                                                                              +

                                                                                                                                                                                              Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

                                                                                                                                                                                              +

                                                                                                                                                                                              An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

                                                                                                                                                                                              +

                                                                                                                                                                                              When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

                                                                                                                                                                                              +

                                                                                                                                                                                              With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

                                                                                                                                                                                              +

                                                                                                                                                                                              Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

                                                                                                                                                                                              +

                                                                                                                                                                                              Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

                                                                                                                                                                                              +

                                                                                                                                                                                              In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

                                                                                                                                                                                              +

                                                                                                                                                                                              The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

                                                                                                                                                                                              +

                                                                                                                                                                                              In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

                                                                                                                                                                                              +

                                                                                                                                                                                              Remediation

                                                                                                                                                                                              +

                                                                                                                                                                                              Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

                                                                                                                                                                                              +

                                                                                                                                                                                              References

                                                                                                                                                                                              + + +
                                                                                                                                                                                              + +
                                                                                                                                                                                              +

                                                                                                                                                                                              More about this vulnerability

                                                                                                                                                                                              +
                                                                                                                                                                                              + + +
                                                                                                                                                                                              +

                                                                                                                                                                                              Improper Certificate Validation

                                                                                                                                                                                              +
                                                                                                                                                                                              + +
                                                                                                                                                                                              + medium severity +
                                                                                                                                                                                              + +
                                                                                                                                                                                              + +
                                                                                                                                                                                                +
                                                                                                                                                                                              • + Package Manager: alpine:3.17 +
                                                                                                                                                                                                • +
                                                                                                                                                                                              • + Vulnerable module: + + openssl/libcrypto3 +
                                                                                                                                                                                                • + +
                                                                                                                                                                                              • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
                                                                                                                                                                                                • +
                                                                                                                                                                                              + +
                                                                                                                                                                                              + + +

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                              + +
                                                                                                                                                                                                +
                                                                                                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + openssl/libcrypto3@3.0.8-r0 @@ -729,18 +840,40 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 - .haproxy-rundeps@20230214.193603 + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                • +
                                                                                                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                                • +
                                                                                                                                                                                              • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -749,7 +882,7 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -760,7 +893,7 @@

                                                                                                                                                                                                Detailed paths

                                                                                                                                                                                              • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -796,6 +929,8 @@

                                                                                                                                                                                                References

                                                                                                                                                                                              • openssl-security@openssl.org
                                                                                                                                                                                              • openssl-security@openssl.org
                                                                                                                                                                                              • openssl-security@openssl.org
                                                                                                                                                                                                • +
                                                                                                                                                                                              • openssl-security@openssl.org
                                                                                                                                                                                                • +
                                                                                                                                                                                              • openssl-security@openssl.org
                                                                                                                                                                                              @@ -827,7 +962,7 @@

                                                                                                                                                                                              Improper Certificate Validation

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
                                                                                                                                                                                            @@ -840,7 +975,7 @@

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -849,7 +984,7 @@

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -860,18 +995,7 @@

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
                                                                                                                                                                                              • -
                                                                                                                                                                                            • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -882,7 +1006,7 @@

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -893,7 +1017,7 @@

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -902,18 +1026,7 @@

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
                                                                                                                                                                                              • -
                                                                                                                                                                                            • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -924,7 +1037,7 @@

                                                                                                                                                                                              Detailed paths

                                                                                                                                                                                            • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -966,6 +1079,8 @@

                                                                                                                                                                                              References

                                                                                                                                                                                            • openssl-security@openssl.org
                                                                                                                                                                                            • openssl-security@openssl.org
                                                                                                                                                                                            • openssl-security@openssl.org
                                                                                                                                                                                              • +
                                                                                                                                                                                            • openssl-security@openssl.org
                                                                                                                                                                                              • +
                                                                                                                                                                                            • openssl-security@openssl.org
                                                                                                                                                                                            @@ -975,6 +1090,153 @@

                                                                                                                                                                                            References

                                                                                                                                                                                            +
                                                                                                                                                                                            +

                                                                                                                                                                                            Out-of-bounds Read

                                                                                                                                                                                            +
                                                                                                                                                                                            + +
                                                                                                                                                                                            + medium severity +
                                                                                                                                                                                            + +
                                                                                                                                                                                            + +
                                                                                                                                                                                              +
                                                                                                                                                                                            • + Package Manager: alpine:3.17 +
                                                                                                                                                                                              • +
                                                                                                                                                                                            • + Vulnerable module: + + openssl/libcrypto3 +
                                                                                                                                                                                              • + +
                                                                                                                                                                                            • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            + +
                                                                                                                                                                                            + + +

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            + +
                                                                                                                                                                                              +
                                                                                                                                                                                            • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
                                                                                                                                                                                              • +
                                                                                                                                                                                            + +
                                                                                                                                                                                            + +
                                                                                                                                                                                            + +

                                                                                                                                                                                            NVD Description

                                                                                                                                                                                            +

                                                                                                                                                                                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

                                                                                                                                                                                            +

                                                                                                                                                                                            Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

                                                                                                                                                                                            +

                                                                                                                                                                                            Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

                                                                                                                                                                                            +

                                                                                                                                                                                            The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

                                                                                                                                                                                            +

                                                                                                                                                                                            If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

                                                                                                                                                                                            +

                                                                                                                                                                                            Remediation

                                                                                                                                                                                            +

                                                                                                                                                                                            Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

                                                                                                                                                                                            +

                                                                                                                                                                                            References

                                                                                                                                                                                            + + +
                                                                                                                                                                                            + +
                                                                                                                                                                                            +

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                            +
                                                                                                                                                                                            + +
                                                                                                                                                                                            diff --git a/docs/snyk/v2.7.6/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.6/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..ec8f5e0639727 --- /dev/null +++ b/docs/snyk/v2.7.6/haproxy_2.6.14-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            + + + Snyk - Open Source Security + + + + + + + +
                                                                                                                                                                                            +

                                                                                                                                                                                            Snyk test report

                                                                                                                                                                                            + +

                                                                                                                                                                                            June 25th 2023, 12:21:23 am (UTC+00:00)

                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            + Scanned the following path: +
                                                                                                                                                                                              +
                                                                                                                                                                                            • haproxy:2.6.14-alpine (apk)
                                                                                                                                                                                              • +
                                                                                                                                                                                            +
                                                                                                                                                                                            + +
                                                                                                                                                                                            +
                                                                                                                                                                                            0 known vulnerabilities
                                                                                                                                                                                            +
                                                                                                                                                                                            0 vulnerable dependency paths
                                                                                                                                                                                            +
                                                                                                                                                                                            18 dependencies
                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            + + + + + + + +
                                                                                                                                                                                            Project docker-image|haproxy
                                                                                                                                                                                            Path haproxy:2.6.14-alpine
                                                                                                                                                                                            Package Manager apk
                                                                                                                                                                                            +
                                                                                                                                                                                            +
                                                                                                                                                                                            + No known vulnerabilities detected. +
                                                                                                                                                                                            +
                                                                                                                                                                                            + + + diff --git a/docs/snyk/v2.5.16/quay.io_argoproj_argocd_v2.5.16.html b/docs/snyk/v2.7.6/quay.io_argoproj_argocd_v2.7.6.html similarity index 56% rename from docs/snyk/v2.5.16/quay.io_argoproj_argocd_v2.5.16.html rename to docs/snyk/v2.7.6/quay.io_argoproj_argocd_v2.7.6.html index f9a5cd5f57bf7..3f5722dbbe540 100644 --- a/docs/snyk/v2.5.16/quay.io_argoproj_argocd_v2.5.16.html +++ b/docs/snyk/v2.7.6/quay.io_argoproj_argocd_v2.7.6.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

                                                                                                                                                                                            Snyk test report

                                                                                                                                                                                            -

                                                                                                                                                                                            April 16th 2023, 12:23:14 am

                                                                                                                                                                                            +

                                                                                                                                                                                            June 25th 2023, 12:21:49 am (UTC+00:00)

                                                                                                                                                                                            Scanned the following paths:
                                                                                                                                                                                              -
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.5.16/argoproj/argocd (deb)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.5.16/argoproj/argo-cd/v2 (gomodules)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.5.16/kustomize/kustomize/v4 (gomodules)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.5.16/helm/v3 (gomodules)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.5.16/git-lfs/git-lfs (gomodules)
                                                                                                                                                                                              • +
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.7.6/argoproj/argocd (deb)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.7.6/argoproj/argo-cd/v2 (gomodules)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.7.6/kustomize/kustomize/v5 (gomodules)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.7.6/helm/v3 (gomodules)
                                                                                                                                                                                            • quay.io/argoproj/argocd:v2.7.6/git-lfs/git-lfs (gomodules)
                                                                                                                                                                                            -
                                                                                                                                                                                            29 known vulnerabilities
                                                                                                                                                                                            -
                                                                                                                                                                                            122 vulnerable dependency paths
                                                                                                                                                                                            -
                                                                                                                                                                                            2047 dependencies
                                                                                                                                                                                            +
                                                                                                                                                                                            19 known vulnerabilities
                                                                                                                                                                                            +
                                                                                                                                                                                            66 vulnerable dependency paths
                                                                                                                                                                                            +
                                                                                                                                                                                            2066 dependencies
                                                                                                                                                                                            @@ -493,12 +493,12 @@

                                                                                                                                                                                            Denial of Service (DoS)

                                                                                                                                                                                          • Vulnerable module: - gopkg.in/yaml.v3 + golang.org/x/net/http2/hpack
                                                                                                                                                                                          • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b + helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0
                                                                                                                                                                                          @@ -511,9 +511,9 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* + helm.sh/helm/v3@* - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b + golang.org/x/net/http2/hpack@v0.5.0 @@ -525,20 +525,7 @@

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            Overview

                                                                                                                                                                                            -

                                                                                                                                                                                            gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

                                                                                                                                                                                            -

                                                                                                                                                                                            PoC

                                                                                                                                                                                            - 
                                                                                                                                                                                            package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("0: [:!00 \xef"), &t)
-        }
-
                                                                                                                                                                                            +

                                                                                                                                                                                            Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                            Details

                                                                                                                                                                                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                            @@ -552,95 +539,19 @@

                                                                                                                                                                                            Details

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          Upgrade gopkg.in/yaml.v3 to version 3.0.0 or higher.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - - -
                                                                                                                                                                                          -

                                                                                                                                                                                          NULL Pointer Dereference

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - high severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: golang -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - gopkg.in/yaml.v3 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          Overview

                                                                                                                                                                                          -

                                                                                                                                                                                          gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

                                                                                                                                                                                          -

                                                                                                                                                                                          PoC

                                                                                                                                                                                          - 
                                                                                                                                                                                          package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("#\n-\n-\n0"), &t)
-        }
-
                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          Upgrade gopkg.in/yaml.v3 to version 3.0.1 or higher.

                                                                                                                                                                                          +

                                                                                                                                                                                          Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

                                                                                                                                                                                          References

                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          +

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          @@ -661,12 +572,12 @@

                                                                                                                                                                                          Denial of Service (DoS)

                                                                                                                                                                                        • Vulnerable module: - golang.org/x/net/http2/hpack + golang.org/x/net/http2
                                                                                                                                                                                        • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
                                                                                                                                                                                        @@ -677,20 +588,11 @@

                                                                                                                                                                                        Denial of Service (DoS)

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                          -
                                                                                                                                                                                        • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd - - - -
                                                                                                                                                                                        • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2/hpack@v0.0.0-20220722155237-a158d28d115b + golang.org/x/net/http2@v0.5.0 @@ -702,6 +604,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          Overview

                                                                                                                                                                                          +

                                                                                                                                                                                          golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

                                                                                                                                                                                          Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                          Details

                                                                                                                                                                                          Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                          @@ -716,7 +619,7 @@

                                                                                                                                                                                          Details

                                                                                                                                                                                        Remediation

                                                                                                                                                                                        -

                                                                                                                                                                                        Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

                                                                                                                                                                                        +

                                                                                                                                                                                        Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

                                                                                                                                                                                        References

                                                                                                                                                                                        • GitHub Commit
                                                                                                                                                                                          • @@ -728,34 +631,34 @@

                                                                                                                                                                                          References

                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          +

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Denial of Service

                                                                                                                                                                                          +
                                                                                                                                                                                          +

                                                                                                                                                                                          CVE-2022-46908

                                                                                                                                                                                          -
                                                                                                                                                                                          - high severity +
                                                                                                                                                                                          + low severity
                                                                                                                                                                                          • - Package Manager: golang + Package Manager: ubuntu:22.04
                                                                                                                                                                                          • Vulnerable module: - golang.org/x/net/http2 + sqlite3/libsqlite3-0
                                                                                                                                                                                          • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + docker-image|quay.io/argoproj/argocd@v2.7.6, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
                                                                                                                                                                                          @@ -767,9 +670,11 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.7.6 + + gnupg2/gpg@2.2.27-3ubuntu2.1 - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 @@ -780,47 +685,51 @@

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            -

                                                                                                                                                                                            Overview

                                                                                                                                                                                            -

                                                                                                                                                                                            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

                                                                                                                                                                                            +

                                                                                                                                                                                            NVD Description

                                                                                                                                                                                            +

                                                                                                                                                                                            Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                            +

                                                                                                                                                                                            SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

                                                                                                                                                                                            Remediation

                                                                                                                                                                                            -

                                                                                                                                                                                            Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

                                                                                                                                                                                            +

                                                                                                                                                                                            There is no fixed version for Ubuntu:22.04 sqlite3.

                                                                                                                                                                                            References

                                                                                                                                                                                            -

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                            +

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Denial of Service (DoS)

                                                                                                                                                                                          +
                                                                                                                                                                                          +

                                                                                                                                                                                          Arbitrary Code Injection

                                                                                                                                                                                          -
                                                                                                                                                                                          - high severity +
                                                                                                                                                                                          + low severity
                                                                                                                                                                                          • - Package Manager: golang + Package Manager: ubuntu:22.04
                                                                                                                                                                                          • Vulnerable module: - golang.org/x/net/http2 + shadow/passwd
                                                                                                                                                                                          • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + docker-image|quay.io/argoproj/argocd@v2.7.6 and shadow/passwd@1:4.8.1-2ubuntu2.1
                                                                                                                                                                                          @@ -833,9 +742,40 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.7.6 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
                                                                                                                                                                                            • +
                                                                                                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
                                                                                                                                                                                            • +
                                                                                                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
                                                                                                                                                                                            • +
                                                                                                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + shadow/login@1:4.8.1-2ubuntu2.1 @@ -846,61 +786,51 @@

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            -

                                                                                                                                                                                            Overview

                                                                                                                                                                                            -

                                                                                                                                                                                            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

                                                                                                                                                                                            -

                                                                                                                                                                                            Details

                                                                                                                                                                                            -

                                                                                                                                                                                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                            -

                                                                                                                                                                                            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                            -

                                                                                                                                                                                            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                            -

                                                                                                                                                                                            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                            -

                                                                                                                                                                                            Two common types of DoS vulnerabilities:

                                                                                                                                                                                            -
                                                                                                                                                                                              -

                                                                                                                                                                                            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                              -
                                                                                                                                                                                              • -

                                                                                                                                                                                            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                              -
                                                                                                                                                                                              • -
                                                                                                                                                                                            +

                                                                                                                                                                                            NVD Description

                                                                                                                                                                                            +

                                                                                                                                                                                            Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                            +

                                                                                                                                                                                            In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

                                                                                                                                                                                            Remediation

                                                                                                                                                                                            -

                                                                                                                                                                                            Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

                                                                                                                                                                                            +

                                                                                                                                                                                            There is no fixed version for Ubuntu:22.04 shadow.

                                                                                                                                                                                            References

                                                                                                                                                                                            -

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                            +

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Denial of Service (DoS)

                                                                                                                                                                                          +
                                                                                                                                                                                          +

                                                                                                                                                                                          Uncontrolled Recursion

                                                                                                                                                                                          -
                                                                                                                                                                                          - medium severity +
                                                                                                                                                                                          + low severity
                                                                                                                                                                                          • - Package Manager: golang + Package Manager: ubuntu:22.04
                                                                                                                                                                                          • Vulnerable module: - gopkg.in/yaml.v2 + pcre3/libpcre3
                                                                                                                                                                                          • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4 + docker-image|quay.io/argoproj/argocd@v2.7.6 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
                                                                                                                                                                                          @@ -913,9 +843,20 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.6 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
                                                                                                                                                                                            • +
                                                                                                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 + + grep@3.7-1build1 - gopkg.in/yaml.v2@v2.2.4 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -926,60 +867,54 @@

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            -

                                                                                                                                                                                            Overview

                                                                                                                                                                                            -

                                                                                                                                                                                            gopkg.in/yaml.v2 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

                                                                                                                                                                                            -

                                                                                                                                                                                            Details

                                                                                                                                                                                            -

                                                                                                                                                                                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                            -

                                                                                                                                                                                            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                            -

                                                                                                                                                                                            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                            -

                                                                                                                                                                                            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                            -

                                                                                                                                                                                            Two common types of DoS vulnerabilities:

                                                                                                                                                                                            -
                                                                                                                                                                                              -

                                                                                                                                                                                            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                              -
                                                                                                                                                                                              • -

                                                                                                                                                                                            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                              -
                                                                                                                                                                                              • -
                                                                                                                                                                                            +

                                                                                                                                                                                            NVD Description

                                                                                                                                                                                            +

                                                                                                                                                                                            Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                            +

                                                                                                                                                                                            In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

                                                                                                                                                                                            Remediation

                                                                                                                                                                                            -

                                                                                                                                                                                            Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

                                                                                                                                                                                            +

                                                                                                                                                                                            There is no fixed version for Ubuntu:22.04 pcre3.

                                                                                                                                                                                            References

                                                                                                                                                                                            -

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                            +

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Improper Input Validation

                                                                                                                                                                                          +
                                                                                                                                                                                          +

                                                                                                                                                                                          Release of Invalid Pointer or Reference

                                                                                                                                                                                          -
                                                                                                                                                                                          - medium severity +
                                                                                                                                                                                          + low severity
                                                                                                                                                                                          • - Package Manager: golang + Package Manager: ubuntu:22.04
                                                                                                                                                                                          • Vulnerable module: - golang.org/x/text/language + patch
                                                                                                                                                                                          • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7 + docker-image|quay.io/argoproj/argocd@v2.7.6 and patch@2.7.6-7build2
                                                                                                                                                                                          @@ -992,18 +927,9 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/text/language@v0.3.7 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.7.6 - golang.org/x/text/language@v0.3.7 + patch@2.7.6-7build2 @@ -1014,49 +940,48 @@

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            -

                                                                                                                                                                                            Overview

                                                                                                                                                                                            -

                                                                                                                                                                                            Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

                                                                                                                                                                                            +

                                                                                                                                                                                            NVD Description

                                                                                                                                                                                            +

                                                                                                                                                                                            Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                            +

                                                                                                                                                                                            An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

                                                                                                                                                                                            Remediation

                                                                                                                                                                                            -

                                                                                                                                                                                            Upgrade golang.org/x/text/language to version 0.3.8 or higher.

                                                                                                                                                                                            +

                                                                                                                                                                                            There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                            References

                                                                                                                                                                                            -

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                            +

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Incorrect Privilege Assignment

                                                                                                                                                                                          +
                                                                                                                                                                                          +

                                                                                                                                                                                          Double Free

                                                                                                                                                                                          -
                                                                                                                                                                                          - medium severity +
                                                                                                                                                                                          + low severity
                                                                                                                                                                                          • - Package Manager: golang + Package Manager: ubuntu:22.04
                                                                                                                                                                                          • Vulnerable module: - golang.org/x/sys/unix + patch
                                                                                                                                                                                          • Introduced through: - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + docker-image|quay.io/argoproj/argocd@v2.7.6 and patch@2.7.6-7build2
                                                                                                                                                                                          @@ -1069,9 +994,9 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.7.6 - golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + patch@2.7.6-7build2 @@ -1082,1259 +1007,27 @@

                                                                                                                                                                                            Detailed paths

                                                                                                                                                                                            -

                                                                                                                                                                                            Overview

                                                                                                                                                                                            -

                                                                                                                                                                                            Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

                                                                                                                                                                                            +

                                                                                                                                                                                            NVD Description

                                                                                                                                                                                            +

                                                                                                                                                                                            Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                            +

                                                                                                                                                                                            A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

                                                                                                                                                                                            Remediation

                                                                                                                                                                                            -

                                                                                                                                                                                            Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

                                                                                                                                                                                            -

                                                                                                                                                                                            References

                                                                                                                                                                                            - - -
                                                                                                                                                                                            - -
                                                                                                                                                                                            -

                                                                                                                                                                                            More about this vulnerability

                                                                                                                                                                                            -
                                                                                                                                                                                            - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Denial of Service (DoS)

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - medium severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: golang -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - golang.org/x/net/http2 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          Overview

                                                                                                                                                                                          -

                                                                                                                                                                                          golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

                                                                                                                                                                                          -

                                                                                                                                                                                          Details

                                                                                                                                                                                          -

                                                                                                                                                                                          Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                                                                                                                                                          -

                                                                                                                                                                                          Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                                                                                                                                                          -

                                                                                                                                                                                          One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                                                                                                                                                          -

                                                                                                                                                                                          When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                                                                                                                                                          -

                                                                                                                                                                                          Two common types of DoS vulnerabilities:

                                                                                                                                                                                          -
                                                                                                                                                                                            -

                                                                                                                                                                                          • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                                                                                                                                                            -
                                                                                                                                                                                            • -

                                                                                                                                                                                          • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                                                                                                                                                            -
                                                                                                                                                                                            • -
                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Improper Input Validation

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - medium severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: golang -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          Overview

                                                                                                                                                                                          -

                                                                                                                                                                                          go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. - Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          CVE-2022-46908

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - sqlite3/libsqlite3-0 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.16, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 sqlite3.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Uncontrolled Recursion

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - pcre3/libpcre3 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 pcre3.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Release of Invalid Pointer or Reference

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - patch -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and patch@2.7.6-7build2 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - patch@2.7.6-7build2 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Double Free

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - patch -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and patch@2.7.6-7build2 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - patch@2.7.6-7build2 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Improper Locking

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - openssl/libssl3 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Improper Certificate Validation

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - openssl/libssl3 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Improper Certificate Validation

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - openssl/libssl3 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

                                                                                                                                                                                          -

                                                                                                                                                                                          As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

                                                                                                                                                                                          -

                                                                                                                                                                                          Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

                                                                                                                                                                                          -

                                                                                                                                                                                          Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Improper Certificate Validation

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - openssl/libssl3 -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

                                                                                                                                                                                          -

                                                                                                                                                                                          Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

                                                                                                                                                                                          -

                                                                                                                                                                                          Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 openssl.

                                                                                                                                                                                          -

                                                                                                                                                                                          References

                                                                                                                                                                                          - - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          -
                                                                                                                                                                                          -

                                                                                                                                                                                          Improper Privilege Management

                                                                                                                                                                                          -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - low severity -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Package Manager: ubuntu:22.04 -
                                                                                                                                                                                            • -
                                                                                                                                                                                          • - Vulnerable module: - - openssh/openssh-client -
                                                                                                                                                                                            • - -
                                                                                                                                                                                          • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - - -

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          - -
                                                                                                                                                                                            -
                                                                                                                                                                                          • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
                                                                                                                                                                                            • -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -
                                                                                                                                                                                          - -

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

                                                                                                                                                                                          -

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 openssh.

                                                                                                                                                                                          +

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 patch.

                                                                                                                                                                                          References

                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          +

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          @@ -2360,7 +1053,7 @@

                                                                                                                                                                                          Information Exposure

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                                                                                                                                                                        @@ -2373,7 +1066,7 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2434,7 +1127,7 @@

                                                                                                                                                                                          CVE-2023-28531

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
                                                                                                                                                                                        @@ -2447,7 +1140,7 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2481,7 +1174,7 @@

                                                                                                                                                                                          References

                                                                                                                                                                                          -

                                                                                                                                                                                          Out-of-bounds Read

                                                                                                                                                                                          +

                                                                                                                                                                                          NULL Pointer Dereference

                                                                                                                                                                                          @@ -2497,13 +1190,13 @@

                                                                                                                                                                                          Out-of-bounds Read

                                                                                                                                                                                        • Vulnerable module: - ncurses/libtinfo6 + openldap/libldap-2.5-0
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.7.6, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
                                                                                                                                                                                        @@ -2515,200 +1208,33 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - ncurses/libncurses6@6.3-2 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - procps@2:3.3.17-6ubuntu2 + git@1:2.34.1-1ubuntu1.9 - ncurses/libncurses6@6.3-2 - - - -
                                                                                                                                                                                          • -
                                                                                                                                                                                        • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - ncurses/ncurses-base@6.3-2 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - ncurses/ncurses-bin@6.3-2 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2720,25 +1246,22 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          -

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          -

                                                                                                                                                                                          ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

                                                                                                                                                                                          +

                                                                                                                                                                                          A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          -

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 ncurses.

                                                                                                                                                                                          +

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 openldap.

                                                                                                                                                                                          References

                                                                                                                                                                                          -

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          +

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          @@ -2765,7 +1288,7 @@

                                                                                                                                                                                          Resource Exhaustion

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.7.6, meta-common-packages@meta and others
                                                                                                                                                                                        @@ -2777,7 +1300,7 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 meta-common-packages@meta @@ -2833,7 +1356,7 @@

                                                                                                                                                                                          Integer Overflow or Wraparound

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                        @@ -2846,16 +1369,16 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -2867,16 +1390,16 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -2888,27 +1411,27 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -2920,64 +1443,64 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -2989,18 +1512,18 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -3055,7 +1578,7 @@

                                                                                                                                                                                          Out-of-bounds Write

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                                                                                                                                                                                        @@ -3068,7 +1591,7 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3077,9 +1600,9 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3088,7 +1611,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3099,7 +1622,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3110,7 +1633,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3121,7 +1644,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3134,7 +1657,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3147,7 +1670,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3156,7 +1679,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3167,7 +1690,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3180,7 +1703,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3189,7 +1712,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3200,7 +1723,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3209,7 +1732,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3220,7 +1743,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3229,7 +1752,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3240,7 +1763,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3253,7 +1776,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3266,7 +1789,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3275,7 +1798,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3286,7 +1809,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3299,7 +1822,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3312,7 +1835,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3321,7 +1844,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3332,7 +1855,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3341,7 +1864,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3352,7 +1875,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3361,7 +1884,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3372,7 +1895,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3431,7 +1954,7 @@

                                                                                                                                                                                          Allocation of Resources Without Limits or Throttling

                                                                                                                                                                                          Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and glibc/libc-bin@2.35-0ubuntu3.1
                                                                                                                                                                                        @@ -3444,7 +1967,7 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3453,7 +1976,7 @@

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 meta-common-packages@meta @@ -3512,7 +2035,7 @@

                                                                                                                                                                                          Improper Input Validation

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.7.6, git@1:2.34.1-1ubuntu1.9 and others
                                                                                                                                                                                        @@ -3524,31 +2047,31 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9
                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -3578,6 +2101,150 @@

                                                                                                                                                                                          References

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          + +
                                                                                                                                                                                          +

                                                                                                                                                                                          CVE-2023-28322

                                                                                                                                                                                          +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + low severity +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + +
                                                                                                                                                                                            +
                                                                                                                                                                                          • + Package Manager: ubuntu:22.04 +
                                                                                                                                                                                            • +
                                                                                                                                                                                          • + Vulnerable module: + + curl/libcurl3-gnutls +
                                                                                                                                                                                            • + +
                                                                                                                                                                                          • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.6, git@1:2.34.1-1ubuntu1.9 and others +
                                                                                                                                                                                            • +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + + +

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          + +
                                                                                                                                                                                            +
                                                                                                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
                                                                                                                                                                                            • +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + +

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          +

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          +

                                                                                                                                                                                          An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

                                                                                                                                                                                          +

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          +

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 curl.

                                                                                                                                                                                          +

                                                                                                                                                                                          References

                                                                                                                                                                                          + + +
                                                                                                                                                                                          + +
                                                                                                                                                                                          +

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          +
                                                                                                                                                                                          + +
                                                                                                                                                                                          +
                                                                                                                                                                                          +

                                                                                                                                                                                          Improper Certificate Validation

                                                                                                                                                                                          +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + low severity +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + +
                                                                                                                                                                                            +
                                                                                                                                                                                          • + Package Manager: ubuntu:22.04 +
                                                                                                                                                                                            • +
                                                                                                                                                                                          • + Vulnerable module: + + curl/libcurl3-gnutls +
                                                                                                                                                                                            • + +
                                                                                                                                                                                          • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.6, git@1:2.34.1-1ubuntu1.9 and others +
                                                                                                                                                                                            • +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + + +

                                                                                                                                                                                          Detailed paths

                                                                                                                                                                                          + +
                                                                                                                                                                                            +
                                                                                                                                                                                          • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
                                                                                                                                                                                            • +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + +
                                                                                                                                                                                          + +

                                                                                                                                                                                          NVD Description

                                                                                                                                                                                          +

                                                                                                                                                                                          Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

                                                                                                                                                                                          +

                                                                                                                                                                                          An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

                                                                                                                                                                                          +

                                                                                                                                                                                          Remediation

                                                                                                                                                                                          +

                                                                                                                                                                                          There is no fixed version for Ubuntu:22.04 curl.

                                                                                                                                                                                          +

                                                                                                                                                                                          References

                                                                                                                                                                                          + + +
                                                                                                                                                                                          + +
                                                                                                                                                                                          +

                                                                                                                                                                                          More about this vulnerability

                                                                                                                                                                                          +
                                                                                                                                                                                          +

                                                                                                                                                                                          Improper Input Validation

                                                                                                                                                                                          @@ -3601,7 +2268,7 @@

                                                                                                                                                                                          Improper Input Validation

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and coreutils@8.32-4.1ubuntu1
                                                                                                                                                                                        @@ -3614,7 +2281,7 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 coreutils@8.32-4.1ubuntu1 @@ -3671,7 +2338,7 @@

                                                                                                                                                                                          Out-of-bounds Write

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and bash@5.1-6ubuntu1
                                                                                                                                                                                        @@ -3684,7 +2351,7 @@

                                                                                                                                                                                        Detailed paths

                                                                                                                                                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.7.6 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.7.6/redis_7.0.11-alpine.html b/docs/snyk/v2.7.6/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..442e65a79af43 --- /dev/null +++ b/docs/snyk/v2.7.6/redis_7.0.11-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          + + + Snyk - Open Source Security + + + + + + + +
                                                                                                                                                                                          +

                                                                                                                                                                                          Snyk test report

                                                                                                                                                                                          + +

                                                                                                                                                                                          June 25th 2023, 12:21:53 am (UTC+00:00)

                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          + Scanned the following path: +
                                                                                                                                                                                            +
                                                                                                                                                                                          • redis:7.0.11-alpine (apk)
                                                                                                                                                                                            • +
                                                                                                                                                                                          +
                                                                                                                                                                                          + +
                                                                                                                                                                                          +
                                                                                                                                                                                          0 known vulnerabilities
                                                                                                                                                                                          +
                                                                                                                                                                                          0 vulnerable dependency paths
                                                                                                                                                                                          +
                                                                                                                                                                                          18 dependencies
                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          + + + + + + + +
                                                                                                                                                                                          Project docker-image|redis
                                                                                                                                                                                          Path redis:7.0.11-alpine
                                                                                                                                                                                          Package Manager apk
                                                                                                                                                                                          +
                                                                                                                                                                                          +
                                                                                                                                                                                          + No known vulnerabilities detected. +
                                                                                                                                                                                          +
                                                                                                                                                                                          + + + diff --git a/docs/user-guide/app_deletion.md b/docs/user-guide/app_deletion.md index 9cdcf4b1c43eb..65a17e7eb53ff 100644 --- a/docs/user-guide/app_deletion.md +++ b/docs/user-guide/app_deletion.md @@ -22,7 +22,7 @@ or argocd app delete APPNAME ``` -# Deletion Using `kubectl` +## Deletion Using `kubectl` To perform a non-cascade delete, make sure the finalizer is unset and then delete the app: @@ -38,16 +38,23 @@ kubectl patch app APPNAME -p '{"metadata": {"finalizers": ["resources-finalizer kubectl delete app APPNAME ``` -# About The Deletion Finalizer +## About The Deletion Finalizer ```yaml metadata: finalizers: + # The default behaviour is foreground cascading deletion - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background ``` When deleting an Application with this finalizer, the Argo CD application controller will perform a cascading delete of the Application's resources. Adding the finalizer enables cascading deletes when implementing [the App of Apps pattern](../operator-manual/cluster-bootstrapping.md#cascading-deletion). +The default propagation policy for cascading deletion is [foreground cascading deletion](https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion). +ArgoCD performs [background cascading deletion](https://kubernetes.io/docs/concepts/architecture/garbage-collection/#background-deletion) when `resources-finalizer.argocd.argoproj.io/background` is set. + When you invoke `argocd app delete` with `--cascade`, the finalizer is added automatically. +You can set the propagation policy with `--propagation-policy `. diff --git a/docs/user-guide/application-specification.md b/docs/user-guide/application-specification.md new file mode 100644 index 0000000000000..4f581b19a47fa --- /dev/null +++ b/docs/user-guide/application-specification.md @@ -0,0 +1,7 @@ +# Application Specification + +The following describes all the available fields of an Application: + +```yaml +{!docs/operator-manual/application.yaml!} +``` diff --git a/docs/user-guide/commands/argocd_account_update-password.md b/docs/user-guide/commands/argocd_account_update-password.md index e386e7b69f20a..9e0f4e8f95928 100644 --- a/docs/user-guide/commands/argocd_account_update-password.md +++ b/docs/user-guide/commands/argocd_account_update-password.md @@ -29,10 +29,10 @@ argocd account update-password [flags] ### Options ``` - --account string an account name that should be updated. Defaults to current user account - --current-password string password of the currently logged on user + --account string An account name that should be updated. Defaults to current user account + --current-password string Password of the currently logged on user -h, --help help for update-password - --new-password string new password you want to update to + --new-password string New password you want to update to ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md index 95c67e54dd9c9..bd082f5e3a4d4 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md @@ -61,6 +61,7 @@ argocd admin settings resource-overrides [flags] * [argocd admin settings](argocd_admin_settings.md) - Provides set of commands for settings validation and troubleshooting * [argocd admin settings resource-overrides health](argocd_admin_settings_resource-overrides_health.md) - Assess resource health * [argocd admin settings resource-overrides ignore-differences](argocd_admin_settings_resource-overrides_ignore-differences.md) - Renders fields excluded from diffing +* [argocd admin settings resource-overrides ignore-resource-updates](argocd_admin_settings_resource-overrides_ignore-resource-updates.md) - Renders fields excluded from resource updates * [argocd admin settings resource-overrides list-actions](argocd_admin_settings_resource-overrides_list-actions.md) - List available resource actions * [argocd admin settings resource-overrides run-action](argocd_admin_settings_resource-overrides_run-action.md) - Executes resource action diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md new file mode 100644 index 0000000000000..275d50d08e1a4 --- /dev/null +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md @@ -0,0 +1,73 @@ +## argocd admin settings resource-overrides ignore-resource-updates + +Renders fields excluded from resource updates + +### Synopsis + +Renders ignored fields using the 'ignoreResourceUpdates' setting specified in the 'resource.customizations' field of 'argocd-cm' ConfigMap + +``` +argocd admin settings resource-overrides ignore-resource-updates RESOURCE_YAML_PATH [flags] +``` + +### Examples + +``` + +argocd admin settings resource-overrides ignore-resource-updates ./deploy.yaml --argocd-cm-path ./argocd-cm.yaml +``` + +### Options + +``` + -h, --help help for ignore-resource-updates +``` + +### Options inherited from parent commands + +``` + --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-secret-path string Path to local argocd-secret.yaml file + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --auth-token string Authentication token + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --context string The name of the kubeconfig context to use + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kube-context string Directs the command to the given kube-context + --kubeconfig string Path to a kube config. Only required if out-of-cluster + --load-cluster-settings Indicates that config map and secret should be loaded from cluster unless local file path is provided + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + -n, --namespace string If present, the namespace scope for this CLI request + --password string Password for basic authentication to the API server + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --proxy-url string If provided, this URL will be used to connect via proxy + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --server string The address and port of the Kubernetes API server + --server-crt string Server certificate file + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server +``` + +### SEE ALSO + +* [argocd admin settings resource-overrides](argocd_admin_settings_resource-overrides.md) - Troubleshoot resource overrides + diff --git a/docs/user-guide/commands/argocd_admin_settings_validate.md b/docs/user-guide/commands/argocd_admin_settings_validate.md index bc839546a1d0b..61aee8a4e1f98 100644 --- a/docs/user-guide/commands/argocd_admin_settings_validate.md +++ b/docs/user-guide/commands/argocd_admin_settings_validate.md @@ -24,7 +24,7 @@ argocd admin settings validate --group accounts --group plugins --load-cluster-s ### Options ``` - --group stringArray Optional list of setting groups that have to be validated ( one of: accounts, general, kustomize, plugins, repositories, resource-overrides) + --group stringArray Optional list of setting groups that have to be validated ( one of: accounts, general, kustomize, repositories, resource-overrides) -h, --help help for validate ``` diff --git a/docs/user-guide/commands/argocd_appset_list.md b/docs/user-guide/commands/argocd_appset_list.md index 1320ccc1b7883..2fb0e3f593633 100644 --- a/docs/user-guide/commands/argocd_appset_list.md +++ b/docs/user-guide/commands/argocd_appset_list.md @@ -16,10 +16,11 @@ argocd appset list [flags] ### Options ``` - -h, --help help for list - -o, --output string Output format. One of: wide|name|json|yaml (default "wide") - -p, --project stringArray Filter by project name - -l, --selector string List applicationsets by label + -N, --appset-namespace string Only list applicationsets in namespace + -h, --help help for list + -o, --output string Output format. One of: wide|name|json|yaml (default "wide") + -p, --project stringArray Filter by project name + -l, --selector string List applicationsets by label ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_cert_add-tls.md b/docs/user-guide/commands/argocd_cert_add-tls.md index 0500e19c071dd..f81838538d598 100644 --- a/docs/user-guide/commands/argocd_cert_add-tls.md +++ b/docs/user-guide/commands/argocd_cert_add-tls.md @@ -9,7 +9,7 @@ argocd cert add-tls SERVERNAME [flags] ### Options ``` - --from string read TLS certificate data from file (default is to read from stdin) + --from string Read TLS certificate data from file (default is to read from stdin) -h, --help help for add-tls --upsert Replace existing TLS certificate if certificate is different in input ``` diff --git a/docs/user-guide/commands/argocd_cert_list.md b/docs/user-guide/commands/argocd_cert_list.md index 8aed9cc7ab61f..b2dc1c04491df 100644 --- a/docs/user-guide/commands/argocd_cert_list.md +++ b/docs/user-guide/commands/argocd_cert_list.md @@ -9,11 +9,11 @@ argocd cert list [flags] ### Options ``` - --cert-type string only list certificates of given type, valid: 'ssh','https' + --cert-type string Only list certificates of given type, valid: 'ssh','https' -h, --help help for list - --hostname-pattern string only list certificates for hosts matching given glob-pattern + --hostname-pattern string Only list certificates for hosts matching given glob-pattern -o, --output string Output format. One of: json|yaml|wide (default "wide") - --sort string set display sort order for output format wide. One of: hostname|type + --sort string Set display sort order for output format wide. One of: hostname|type ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_login.md b/docs/user-guide/commands/argocd_login.md index d99a6b433313a..ae1ca61b9aa36 100644 --- a/docs/user-guide/commands/argocd_login.md +++ b/docs/user-guide/commands/argocd_login.md @@ -27,12 +27,12 @@ argocd login cd.argoproj.io --core ``` -h, --help help for login - --name string name to use for the context - --password string the password of an account to authenticate + --name string Name to use for the context + --password string The password of an account to authenticate --skip-test-tls Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason) - --sso perform SSO login - --sso-port int port to run local OAuth2 login application (default 8085) - --username string the username of an account to authenticate + --sso Perform SSO login + --sso-port int Port to run local OAuth2 login application (default 8085) + --username string The username of an account to authenticate ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_relogin.md b/docs/user-guide/commands/argocd_relogin.md index 93d848d46b45c..4400b46e47a31 100644 --- a/docs/user-guide/commands/argocd_relogin.md +++ b/docs/user-guide/commands/argocd_relogin.md @@ -14,8 +14,8 @@ argocd relogin [flags] ``` -h, --help help for relogin - --password string the password of an account to authenticate - --sso-port int port to run local OAuth2 login application (default 8085) + --password string The password of an account to authenticate + --sso-port int Port to run local OAuth2 login application (default 8085) ``` ### Options inherited from parent commands diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md new file mode 100644 index 0000000000000..652f545d7c4c1 --- /dev/null +++ b/docs/user-guide/config-management-plugins.md @@ -0,0 +1,3 @@ +# Config Management Plugins + +This page has been moved to the [operator manual](../operator-manual/config-management-plugins.md). diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index d65316b71d0bd..bf5fbfdb186e6 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -50,6 +50,50 @@ source: - values-production.yaml ``` +## Values + +Argo CD supports the equivalent of a values file directly in the Application manifest using the `source.helm.valuesObject` key. + +``` +source: + helm: + valuesObject: + ingress: + enabled: true + path: / + hosts: + - mydomain.example.com + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + labels: {} + tls: + - secretName: mydomain-tls + hosts: + - mydomain.example.com +``` + +Alternatively, values can be passed in as a string using the `source.helm.values` key. + +``` +source: + helm: + values: | + ingress: + enabled: true + path: / + hosts: + - mydomain.example.com + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + labels: {} + tls: + - secretName: mydomain-tls + hosts: + - mydomain.example.com +``` + ## Helm Parameters Helm has the ability to set parameter values, which override any values in @@ -123,6 +167,9 @@ Argo CD supports many (most?) Helm hooks by mapping the Helm annotations onto Ar Unsupported hooks are ignored. In Argo CD, hooks are created by using `kubectl apply`, rather than `kubectl create`. This means that if the hook is named and already exists, it will not change unless you have annotated it with `before-hook-creation`. +!!! warning "Helm hooks + ArgoCD hooks" + If you define some Argo CD hooks in addition to the Helm ones, the Helm hooks will be ignored. + !!! warning "'install' vs 'upgrade' vs 'sync'" Argo CD cannot know if it is running a first-time "install" or an "upgrade" - every operation is a "sync'. This means that, by default, apps that have `pre-install` and `pre-upgrade` will have those hooks run at the same time. diff --git a/docs/user-guide/multiple_sources.md b/docs/user-guide/multiple_sources.md index 5aef3825389f7..2547a4af7bf4a 100644 --- a/docs/user-guide/multiple_sources.md +++ b/docs/user-guide/multiple_sources.md @@ -56,7 +56,7 @@ spec: helm: valueFiles: - $values/charts/prometheus/values.yaml - - repoURL: 'https://git.example.gom/org/value-files.git' + - repoURL: 'https://git.example.com/org/value-files.git' targetRevision: dev ref: values ``` diff --git a/docs/user-guide/resource_tracking.md b/docs/user-guide/resource_tracking.md index cb69ef143d7a2..cdc23552c3b37 100644 --- a/docs/user-guide/resource_tracking.md +++ b/docs/user-guide/resource_tracking.md @@ -55,12 +55,17 @@ To actually select your preferred tracking method edit the `resourceTrackingMeth ```yaml apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd data: application.resourceTrackingMethod: annotation -kind: ConfigMap ``` Possible values are `label`, `annotation+label` and `annotation` as described in the previous section. Note that once you change the value you need to sync your applications again (or wait for the sync mechanism to kick-in) in order to apply your changes. -You can revert to a previous choice, by changing again the configmap. \ No newline at end of file +You can revert to a previous choice, by changing again the configmap. diff --git a/docs/user-guide/sync_windows.md b/docs/user-guide/sync_windows.md index 8129e78c27062..031d8e6d67b30 100644 --- a/docs/user-guide/sync_windows.md +++ b/docs/user-guide/sync_windows.md @@ -7,7 +7,7 @@ of both manual and automated syncs but allow an override for manual syncs which in preventing automated syncs or if you need to temporarily override a window to perform a sync. The windows work in the following way. If there are no windows matching an application then all syncs are allowed. If there -are any `allow` windows matching an application then syncs will only be allowed when there is an active `allow` windows. If there +are any `allow` windows matching an application then syncs will only be allowed when there is an active `allow` window. If there are any `deny` windows matching an application then all syncs will be denied when the `deny` windows are active. If there is an active matching `allow` and an active matching `deny` then syncs will be denied as `deny` windows override `allow` windows. The UI and the CLI will both display the state of the sync windows. The UI has a panel which will display different colours depending diff --git a/docs/user-guide/tracking_strategies.md b/docs/user-guide/tracking_strategies.md index e1abe85717724..57dfc5f907b65 100644 --- a/docs/user-guide/tracking_strategies.md +++ b/docs/user-guide/tracking_strategies.md @@ -11,7 +11,7 @@ is detected. ## Helm -For Helm, all versions are [Semantic Versions](https://semver.org/). As a result, you can either version ranges: +Helm chart versions are [Semantic Versions](https://semver.org/). As a result, you can use any of the following version ranges: | Use Case | How | Examples | |-|-|-| @@ -19,6 +19,7 @@ For Helm, all versions are [Semantic Versions](https://semver.org/). As a result | Track patches (e.g. in pre-production) | Use a range | `1.2.*` or `>=1.2.0 <1.3.0` | | Track minor releases (e.g. in QA) | Use a range | `1.*` or `>=1.0.0 <2.0.0` | | Use the latest (e.g. in local development) | Use star range | `*` or `>=0.0.0` | +| Use the latest including pre-releases | Use star range with `-0` suffix | `*-0` or `>=0.0.0-0` | [Read about version ranges](https://www.telerik.com/blogs/the-mystical-magical-semver-ranges-used-by-npm-bower) diff --git a/go.mod b/go.mod index 3dfee30d14edb..f4349ef886915 100644 --- a/go.mod +++ b/go.mod @@ -5,82 +5,85 @@ go 1.19 require ( code.gitea.io/sdk/gitea v0.15.1 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible - github.com/Masterminds/semver/v3 v3.2.0 + github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d - github.com/alicebob/miniredis/v2 v2.23.1 - github.com/antonmedv/expr v1.9.0 - github.com/argoproj/gitops-engine v0.7.1-0.20230512020822-b4dd8b8c3976 - github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da - github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.164 + github.com/alicebob/miniredis/v2 v2.30.4 + github.com/antonmedv/expr v1.12.5 + github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 + github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 + github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 + github.com/aws/aws-sdk-go v1.44.293 + github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 - github.com/casbin/casbin/v2 v2.60.0 - github.com/coreos/go-oidc/v3 v3.4.0 - github.com/dustin/go-humanize v1.0.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 + github.com/casbin/casbin/v2 v2.71.1 + github.com/coreos/go-oidc/v3 v3.6.0 + github.com/cyphar/filepath-securejoin v0.2.3 + github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e - github.com/go-git/go-git/v5 v5.6.1 - github.com/go-logr/logr v1.2.3 + github.com/go-git/go-git/v5 v5.7.0 + github.com/go-logr/logr v1.2.4 github.com/go-openapi/loads v0.21.2 - github.com/go-openapi/runtime v0.25.0 + github.com/go-openapi/runtime v0.26.0 github.com/go-redis/cache/v9 v9.0.0 github.com/gobwas/glob v0.2.3 github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2 github.com/gogo/protobuf v1.3.2 - github.com/golang-jwt/jwt/v4 v4.4.3 - github.com/golang/protobuf v1.5.2 + github.com/golang-jwt/jwt/v4 v4.5.0 + github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/google/go-github/v35 v35.3.0 - github.com/google/go-jsonnet v0.19.1 + github.com/google/go-jsonnet v0.20.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.3.0 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 - github.com/gorilla/websocket v1.4.2 + github.com/gorilla/websocket v1.5.0 github.com/gosimple/slug v1.13.1 - github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 + github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 - github.com/hashicorp/go-retryablehttp v0.7.0 - github.com/imdario/mergo v0.3.13 - github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a - github.com/itchyny/gojq v0.12.10 + github.com/hashicorp/go-retryablehttp v0.7.4 + github.com/imdario/mergo v0.3.16 + github.com/improbable-eng/grpc-web v0.15.0 + github.com/itchyny/gojq v0.12.13 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 - github.com/ktrysmt/go-bitbucket v0.9.55 - github.com/mattn/go-isatty v0.0.16 + github.com/ktrysmt/go-bitbucket v0.9.60 + github.com/mattn/go-isatty v0.0.19 github.com/mattn/go-zglob v0.0.4 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 github.com/olekukonko/tablewriter v0.0.5 github.com/patrickmn/go-cache v2.1.0+incompatible - github.com/prometheus/client_golang v1.14.0 + github.com/prometheus/client_golang v1.16.0 github.com/r3labs/diff v1.1.0 - github.com/redis/go-redis/v9 v9.0.2 + github.com/redis/go-redis/v9 v9.0.5 github.com/robfig/cron/v3 v3.0.1 - github.com/sirupsen/logrus v1.9.0 + github.com/sirupsen/logrus v1.9.3 github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c github.com/soheilhy/cmux v0.1.5 - github.com/spf13/cobra v1.6.1 + github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.1 + github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 - github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0 - github.com/xanzy/go-gitlab v0.60.0 - github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0 - go.opentelemetry.io/otel v1.11.1 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1 - go.opentelemetry.io/otel/sdk v1.11.1 - golang.org/x/crypto v0.6.0 - golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 - golang.org/x/sync v0.1.0 - golang.org/x/term v0.5.0 - google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 - google.golang.org/grpc v1.51.0 - google.golang.org/protobuf v1.28.1 + github.com/whilp/git-urls v1.0.0 + github.com/xanzy/go-gitlab v0.86.0 + github.com/yuin/gopher-lua v1.1.0 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 + go.opentelemetry.io/otel v1.16.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 + go.opentelemetry.io/otel/sdk v1.16.0 + golang.org/x/crypto v0.10.0 + golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 + golang.org/x/oauth2 v0.9.0 + golang.org/x/sync v0.3.0 + golang.org/x/term v0.9.0 + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 + google.golang.org/grpc v1.56.1 + google.golang.org/protobuf v1.31.0 gopkg.in/go-playground/webhooks.v5 v5.17.0 gopkg.in/square/go-jose.v2 v2.6.0 gopkg.in/yaml.v2 v2.4.0 @@ -95,14 +98,15 @@ require ( k8s.io/kubectl v0.24.2 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 - oras.land/oras-go/v2 v2.1.0 + oras.land/oras-go/v2 v2.2.0 sigs.k8s.io/controller-runtime v0.11.0 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 sigs.k8s.io/yaml v1.3.0 ) require ( - cloud.google.com/go/compute v1.7.0 // indirect + cloud.google.com/go/compute v1.19.1 // indirect + cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.18 // indirect @@ -114,18 +118,19 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect github.com/PagerDuty/go-pagerduty v1.6.0 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect - github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cenkalti/backoff/v4 v4.1.3 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/cespare/xxhash/v2 v2.2.0 github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect - github.com/cloudflare/circl v1.1.0 // indirect + github.com/cloudflare/circl v1.3.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect @@ -137,24 +142,25 @@ require ( github.com/fvbommel/sortorder v1.0.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-git/gcfg v1.5.0 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect + github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.21.4 // indirect - github.com/go-openapi/errors v0.20.2 // indirect + github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect - github.com/go-openapi/spec v0.20.6 // indirect - github.com/go-openapi/strfmt v0.21.3 // indirect - github.com/go-openapi/swag v0.21.1 // indirect - github.com/go-openapi/validate v0.21.0 // indirect + github.com/go-openapi/spec v0.20.8 // indirect + github.com/go-openapi/strfmt v0.21.7 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/validate v0.22.1 // indirect github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect - github.com/golang/glog v1.0.0 // indirect + github.com/golang/glog v1.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-github/v45 v45.2.0 // indirect + github.com/google/go-github/v53 v53.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect @@ -164,7 +170,7 @@ require ( github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-version v1.2.1 // indirect github.com/huandu/xstrings v1.3.3 // indirect - github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -172,15 +178,15 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.15.9 // indirect + github.com/klauspost/compress v1.16.5 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect - github.com/mitchellh/mapstructure v1.4.3 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.0 // indirect github.com/moby/spdystream v0.2.0 // indirect github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect @@ -197,17 +203,17 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect - github.com/prometheus/common v0.37.0 // indirect - github.com/prometheus/procfs v0.8.0 // indirect - github.com/rivo/uniseg v0.2.0 // indirect + github.com/prometheus/common v0.42.0 // indirect + github.com/prometheus/procfs v0.10.1 // indirect + github.com/rivo/uniseg v0.4.4 // indirect github.com/rs/cors v1.8.0 // indirect github.com/russross/blackfriday v1.6.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect - github.com/skeema/knownhosts v1.1.0 // indirect + github.com/skeema/knownhosts v1.1.1 // indirect github.com/slack-go/slack v0.12.1 // indirect - github.com/spf13/cast v1.4.1 // indirect + github.com/spf13/cast v1.5.0 // indirect github.com/stretchr/objx v0.5.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/vmihailenco/go-tinylfu v0.2.2 // indirect @@ -215,18 +221,19 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect - go.mongodb.org/mongo-driver v1.10.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.1 // indirect - go.opentelemetry.io/otel/trace v1.11.1 // indirect + go.mongodb.org/mongo-driver v1.11.3 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect + go.opentelemetry.io/otel/metric v1.16.0 // indirect + go.opentelemetry.io/otel/trace v1.16.0 // indirect go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.7.0 // indirect - golang.org/x/net v0.7.0 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.4.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/net v0.11.0 // indirect + golang.org/x/sys v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.6.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect gomodules.xyz/notify v0.1.1 // indirect @@ -242,6 +249,7 @@ require ( k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect k8s.io/kube-aggregator v0.24.2 // indirect k8s.io/kubernetes v1.24.2 // indirect + nhooyr.io/websocket v1.8.6 // indirect sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect sigs.k8s.io/kustomize/api v0.11.4 // indirect sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect @@ -253,7 +261,6 @@ replace ( github.com/golang/protobuf => github.com/golang/protobuf v1.4.2 github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 - github.com/improbable-eng/grpc-web => github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a // Avoid CVE-2022-3064 gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index e012846fc3213..96a65904ebaa8 100644 --- a/go.sum +++ b/go.sum @@ -20,33 +20,20 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= -cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= -cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= -cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= -cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= -cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= -cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= -cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= -cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= +cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= +cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -56,7 +43,6 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= @@ -83,7 +69,6 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/GoogleCloudPlatform/k8s-cloud-provider v1.16.1-0.20210702024009-ea6160c1d0e3/go.mod h1:8XasY4ymP2V/tn2OOV9ZadmiTE1FIB/h3W+yNlPttKw= github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= @@ -94,8 +79,9 @@ github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.15/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -108,16 +94,21 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PagerDuty/go-pagerduty v1.6.0 h1:am81SzvG5Pw+s3JZ5yEy6kGvsXXklTNRrGr3d8WKpsU= github.com/PagerDuty/go-pagerduty v1.6.0/go.mod h1:7eaBLzsDpK7VUvU0SJ5mohczQkoWrrr5CjDaw5gh1as= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60/go.mod h1:rjP7sIipbZcagro/6TCk6X0ZeFT2eyudH5+fve/cbBA= +github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d h1:WtAMR0fPCOfK7TPGZ8ZpLLY18HRvL7XJ3xcs0wnREgo= github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d/go.mod h1:WML6KOYjeU8N6YyusMjj2qRvaPNUEvrQvaxuFcMRFJY= +github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -126,36 +117,42 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.23.1 h1:jR6wZggBxwWygeXcdNyguCOCIjPsZyNUNlAkTx2fu0U= -github.com/alicebob/miniredis/v2 v2.23.1/go.mod h1:84TWKZlxYkfgMucPBf5SOQBYJceZeQRFIaQgNMiCX6Q= +github.com/alicebob/miniredis/v2 v2.30.4 h1:8S4/o1/KoUArAGbGwPxcwf0krlzceva2XVOSchFS7Eo= +github.com/alicebob/miniredis/v2 v2.30.4/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/antonmedv/expr v1.9.0 h1:j4HI3NHEdgDnN9p6oI6Ndr0G5QryMY0FNxT4ONrFDGU= -github.com/antonmedv/expr v1.9.0/go.mod h1:5qsM3oLGDND7sDmQGDXHkYfkjYMUX14qsgqmHhwGEk8= +github.com/antonmedv/expr v1.12.5 h1:Fq4okale9swwL3OeLLs9WD9H6GbgBLJyN/NUHRv+n0E= +github.com/antonmedv/expr v1.12.5/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= +github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20230512020822-b4dd8b8c3976 h1:8i12dOcimhwrJxUznzZR/NW4JpIL5DXZjkI3Bl3yh38= -github.com/argoproj/gitops-engine v0.7.1-0.20230512020822-b4dd8b8c3976/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= -github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da h1:Vf9xvHcXn4TP/nLIfWn+TaC521V9fpz/DwRP6uEeVR8= -github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da/go.mod h1:05koR0gE/O0i5YDbidg1dpr76XitK4DJveh+dIAq6e8= -github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d h1:7fXEKF3OQ9i1PrgieA6FLrXOL3UAKyiotomn0RHevds= -github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d/go.mod h1:RKjj5FJ6KxtktOY49GJSG49qO6Z4lH7RnrVCaS3tf18= +github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 h1:w8OPbqHyhWxLyC4LZgs5JBUe7AOkJpNZqFa92yy7Kmc= +github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= +github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 h1:ZCpg1Zk78E8QxMI52w6ZIddxkBHv27YWmfWQdxxWUkw= +github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520/go.mod h1:sbhf4EjAUGAqRdHIzifDIiWsjlsTfmytVJJCCiUdyVA= +github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo= +github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1/go.mod h1:CZHlkyAD1/+FbEn6cB2DQTj48IoLGvEYsWEvtzP3238= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9vXW72U//IgN0BIM= +github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= +github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.44.164 h1:qDj0RutF2Ut0HZYyUJxFdReLxpYrjupsu2JmDIgCvX8= -github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.293 h1:oBPrQqsyMYe61Sl/xKVvQFflXjPwYH11aKi8QR3Nhts= +github.com/aws/aws-sdk-go v1.44.293/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -168,20 +165,26 @@ github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJm github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc= +github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 h1:5+NghM1Zred9Z078QEZtm28G/kfDfZN/92gkDlLwGVA= -github.com/bradleyfalzon/ghinstallation/v2 v2.1.0/go.mod h1:Xg3xPRN5Mcq6GDqeUVhFbjEWMb4JHCyWEeeBGEYQoTU= -github.com/bsm/ginkgo/v2 v2.5.0 h1:aOAnND1T40wEdAtkGSkvSICWeQ8L3UASX7YVCqQx+eQ= -github.com/bsm/gomega v1.20.0 h1:JhAwLmtRzXFTx2AkALSLa8ijZafntmhSoU63Ok18Uq8= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 h1:yaYcGQ7yEIGbsJfW/9z7v1sLiZg/5rSNNXwmMct5XaE= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0/go.mod h1:amcvPQMrRkWNdueWOjPytGL25xQGzox7425qMgzo+Vo= +github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= +github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= -github.com/casbin/casbin/v2 v2.60.0 h1:ZmC0/t4wolfEsDpDxTEsu2z6dfbMNpc11F52ceLs2Eo= -github.com/casbin/casbin/v2 v2.60.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= +github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= +github.com/casbin/casbin/v2 v2.71.1 h1:LRHyqM0S1LzM/K59PmfUIN0ZJfLgcOjL4OhOQI/FNXU= +github.com/casbin/casbin/v2 v2.71.1/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= -github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= +github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= +github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= +github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= @@ -199,9 +202,11 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= +github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313/go.mod h1:P1wt9Z3DP8O6W3rvwCt0REIlshg1InHImaLW0t3ObY0= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -210,11 +215,13 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= +github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= github.com/codeskyblue/go-sh v0.0.0-20190412065543-76bd3d59ff27/go.mod h1:VQx0hjo2oUeQkQUET7wRwradO6f+fN5jzXgB/zROxxE= github.com/container-storage-interface/spec v1.5.0/go.mod h1:8K96oQNkJ7pFcC2R9Z1ynGGBB1I93kcS6PGg3SsOk8s= @@ -235,29 +242,34 @@ github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkE github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-oidc/v3 v3.4.0 h1:xz7elHb/LDwm/ERpwHd+5nb7wFHL32rsr6bBOgaeu6g= -github.com/coreos/go-oidc/v3 v3.4.0/go.mod h1:eHUXhZtXPQLgEaDrOVTgwbgmz1xGOkJNye6h3zkD2Pw= +github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o= +github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= +github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I= +github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= @@ -271,16 +283,23 @@ github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= +github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= +github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -289,8 +308,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8= github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -305,7 +324,6 @@ github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+ne github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= @@ -314,55 +332,58 @@ github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/ github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= +github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fvbommel/sortorder v1.0.1 h1:dSnXLt4mJYH25uDDGa3biZNQsozaUWDSWeKJ0qqFfzE= github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= -github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg= -github.com/gdamore/tcell v1.3.0/go.mod h1:Hjvr+Ofd+gLglo7RYKxxnzCBmev3BzsS67MebKS4zMM= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e h1:C3DkNr9pxqXqCrmRHO7s3XgZS3zpi9GEA01GuWZODfo= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e/go.mod h1:LB3osS9X2JMYmTzcCArHHLrndBAfcVLQAvUddfs+ONs= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= +github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14= +github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= -github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk= -github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= +github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= +github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= +github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.0.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= @@ -372,8 +393,9 @@ github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GX github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.2 h1:dxy7PGTqEh94zj2E3h1cUmQQWiM1+aeCROfAr02EmK8= github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= +github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -385,27 +407,38 @@ github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXym github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= -github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc= -github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs= +github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= +github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= -github.com/go-openapi/spec v0.20.6 h1:ich1RQ3WDbfoeTqTAb+5EIxNmpKVJZWBNah9RAT0jIQ= github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU= +github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o= github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.21.1 h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrKU= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/validate v0.21.0 h1:+Wqk39yKOhfpLqNLEC0/eViCkzM5FVXVqrvt526+wcI= -github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= +github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-ozzo/ozzo-validation v3.5.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= +github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= +github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= +github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= +github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= +github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= +github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY= +github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= github.com/go-redis/cache/v9 v9.0.0 h1:0thdtFo0xJi0/WXbRVu8B066z8OvVymXTJGaXrVWnN0= github.com/go-redis/cache/v9 v9.0.0/go.mod h1:cMwi1N8ASBOufbIvk7cdXe2PbPjK/WMRL95FFHWsSgI= +github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 h1:wG8n/XJQ07TmjbITcGiUaOtXxdrINDz1b0J1w0SzqDc= @@ -438,24 +471,33 @@ github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/V github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0= +github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= +github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8= +github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= +github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo= +github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2 h1:BbwX8wsMRDZRdNYxAna+4ls3wvMKJyn4PT6Zk1CPxP4= github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2/go.mod h1:cY2AIrMgHm6oOHmR7jY+9TtjzSjQ3iG7tURJG3Y6XH0= +github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= -github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= +github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -474,8 +516,8 @@ github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -506,10 +548,10 @@ github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTL github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v45 v45.2.0 h1:5oRLszbrkvxDDqBCNj2hjDZMKmvexaZ1xw/FCD+K3FI= -github.com/google/go-github/v45 v45.2.0/go.mod h1:FObaZJEDSTa/WGCzZ2Z3eoCDXWJKMenWWTrd8jrta28= -github.com/google/go-jsonnet v0.19.1 h1:MORxkrG0elylUqh36R4AcSPX0oZQa9hvI3lroN+kDhs= -github.com/google/go-jsonnet v0.19.1/go.mod h1:5JVT33JVCoehdTj5Z2KJq1eIdt3Nb8PCmZ+W5D8U350= +github.com/google/go-github/v53 v53.0.0 h1:T1RyHbSnpHYnoF0ZYKiIPSgPtuJ8G6vgc0MKodXsQDQ= +github.com/google/go-github/v53 v53.0.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= +github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= +github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -519,7 +561,6 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -532,39 +573,36 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= -github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= -github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= -github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4 h1:4EZlYQIiyecYJlUbVkFXCXHz1QPhVXcHnQKAzBTPfQo= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4/go.mod h1:lEO7XoHJ/xNRBCxrn4h/CEB67h0kW1B0t4ooP2yrjUA= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= +github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosimple/slug v1.13.1 h1:bQ+kpX9Qa6tHRaK+fZR0A0M2Kd7Pa5eHPPsb1JpHD+Q= github.com/gosimple/slug v1.13.1/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o= @@ -575,8 +613,11 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= +github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= +github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= @@ -584,7 +625,9 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFb github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= +github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= @@ -596,13 +639,14 @@ github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjh github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.5.1/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4= -github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= +github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= @@ -619,20 +663,22 @@ github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a h1:RweVA0vnEyStwtAelyGmnU8ENDnwd1Q7pQr7U3J/rXo= -github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a/go.mod h1:6hRR09jOEG81ADP5wCQju1z71g6OL4eEvELdran/3cs= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/improbable-eng/grpc-web v0.15.0 h1:BN+7z6uNXZ1tQGcNAuaU1YjsLTApzkjt2tzCixLaUPQ= +github.com/improbable-eng/grpc-web v0.15.0/go.mod h1:1sy9HKV4Jt9aEs9JSnkWlRJPuPtwNr0l57L4f878wP8= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= -github.com/itchyny/gojq v0.12.10 h1:6TcS0VYWS6wgntpF/4tnrzwdCMjiTxRAxIqZWfDsDQU= -github.com/itchyny/gojq v0.12.10/go.mod h1:o3FT8Gkbg/geT4pLI0tF3hvip5F3Y/uskjRz9OYa38g= +github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= +github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk= @@ -641,7 +687,7 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i github.com/jeremywohl/flatten v1.0.1 h1:LrsxmB3hfwJuE+ptGOijix1PIfOoKLJ3Uee/mzbgtrs= github.com/jeremywohl/flatten v1.0.1/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -655,6 +701,8 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -678,12 +726,14 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= -github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -692,24 +742,27 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktrysmt/go-bitbucket v0.9.55 h1:eOrF7wWmG4wz5iPr7ymgyWLoti2OfmrhU2tmT6yhAu8= -github.com/ktrysmt/go-bitbucket v0.9.55/go.mod h1:y5wrrDHCGUFAtuC43GyLBeFigq7rwrh4HqeDOOyZT+A= +github.com/ktrysmt/go-bitbucket v0.9.60 h1:dw9e4COfaKjQfOxmhaEzvS+PM6ET5KKFodr/OU1DyzE= +github.com/ktrysmt/go-bitbucket v0.9.60/go.mod h1:kwdc/BFWtw1YuiJFLpY8gf7ZIRWXY3oZ+3X4i/H5SX4= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= +github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= +github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wnOzEhNx2YQedreMcUyc= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= +github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= +github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA= -github.com/lucasb-eyer/go-colorful v1.0.2/go.mod h1:0MS4r+7BZKSJ5mw4/S5MPN+qHFF1fYclkSPilDOKW0s= -github.com/lucasb-eyer/go-colorful v1.0.3/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/lusis/go-slackbot v0.0.0-20180109053408-401027ccfef5/go.mod h1:c2mYKRyMb1BPkO5St0c/ps62L4S0W2NAkaTXj9qEI+0= github.com/lusis/slack-test v0.0.0-20190426140909-c40012f20018/go.mod h1:sFlOUpQL1YcjhFVXhg1CG8ZASEs/Mf1oVb6H75JL/zg= +github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -728,31 +781,32 @@ github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.45/go.mod h1:nCrRzjoSUQh8hgKKtu3Y708OLvRLtuASMg2/nvmbarw= -github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= +github.com/minio/minio-go/v7 v7.0.58/go.mod h1:NUDy4A4oXPq1l2yK6LTSvCEzAMeIcoz9lcj5dbzSrRE= +github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= @@ -765,15 +819,13 @@ github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUb github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= -github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= github.com/moby/ipvs v1.0.1/go.mod h1:2pngiyseZbIKXNv7hsKj3O9UEz30c53MT9005gt2hxQ= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= @@ -802,14 +854,25 @@ github.com/mvdan/xurls v1.1.0/go.mod h1:tQlNn3BED8bE/15hnSL2HLkDeLWpNPAwtw7wkEq4 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/grpc-proxy v0.0.0-20181017164139-0f1106ef9c76/go.mod h1:x5OoJHDHqxHS801UIuhqGl6QdSAEJvtausosHSdazIo= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= +github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= +github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= +github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= +github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nlopes/slack v0.5.0/go.mod h1:jVI4BBK3lSktibKahxBF74txcK2vyvkza1z/+rRnVAM= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= @@ -817,6 +880,7 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6 github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852/go.mod h1:eqOVx5Vwu4gd2mmMZvVZsgIqNSaW3xxRThUJ0k/TPk4= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= @@ -833,6 +897,7 @@ github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJo github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow= github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= @@ -846,6 +911,7 @@ github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2 github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y= github.com/onsi/gomega v1.25.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= +github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= @@ -857,72 +923,94 @@ github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/ github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= +github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= +github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= +github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5 h1:AnS8ZCC5dle8P4X4FZ+IOlX9v0jAkCMiZDIzRnYwBbs= github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5/go.mod h1:f0ezb0R/mrB9Hpm5RrIS6EX3ydjsR2nAB88nYYXZcNY= +github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= +github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= -github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= +github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= +github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= +github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= +github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= -github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= +github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= +github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quobyte/api v0.1.8/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI= github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M= github.com/r3labs/diff v1.1.0/go.mod h1:7WjXasNzi0vJetRcB/RqNl5dlIsmXcTTLmF5IoH6Xig= +github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wOA69Cd2Meli5mmA= -github.com/redis/go-redis/v9 v9.0.2 h1:BA426Zqe/7r56kCcvxYLWe1mkaz71LKF77GwgFzSxfE= -github.com/redis/go-redis/v9 v9.0.2/go.mod h1:/xDTe9EF1LM61hek62Poq2nzQSGj0xSrEtEHbBQevps= +github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o= +github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= -github.com/rivo/tview v0.0.0-20200219210816-cd38d7432498/go.mod h1:6lkG1x+13OShEf0EaOCaTQYyB7d5nSbb181KtjlS+84= -github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= +github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -931,9 +1019,10 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= +github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0 h1:P2KMzcFwrPoSjkF1WLRPsp3UMLyql8L4v9hQpVeK5so= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= -github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= @@ -942,7 +1031,7 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sanity-io/litter v1.2.0/go.mod h1:JF6pZUFgu2Q0sBZ+HSV35P8TVPI1TTzEwyu9FXAw2W4= +github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= @@ -957,10 +1046,11 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= -github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= +github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= +github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c h1:fyKiXKO1/I/B6Y2U8T7WdQGWzwehOuGIrljPtt7YTTI= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/slack-go/slack v0.12.1 h1:X97b9g2hnITDtNsNe5GkGx6O2/Sz/uC20ejRZN6QxOw= @@ -972,6 +1062,7 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= +github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM= github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5PseKfZGF4= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -980,18 +1071,19 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= -github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= +github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -1001,13 +1093,15 @@ github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/storageos/go-api v2.2.0+incompatible/go.mod h1:ZrLn+e0ZuF3Y65PNF6dIwbJPZqfmtCXxFm9ckv0agOY= +github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v0.0.0-20161117074351-18a02ba4a312/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1016,17 +1110,22 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= +github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= +github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= +github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= +github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= @@ -1044,10 +1143,10 @@ github.com/vmihailenco/msgpack/v5 v5.3.4/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= -github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0 h1:qqllXPzXh+So+mmANlX/gCJrgo+1kQyshMoQ+NASzm0= -github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0/go.mod h1:2rx5KE5FLD0HRfkkpyn8JwbVLBdhgeiOb2D2D9LLKM4= -github.com/xanzy/go-gitlab v0.60.0 h1:HaIlc14k4t9eJjAhY0Gmq2fBHgKd1MthBn3+vzDtsbA= -github.com/xanzy/go-gitlab v0.60.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= +github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= +github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= +github.com/xanzy/go-gitlab v0.86.0 h1:jR8V9cK9jXRQDb46KOB20NCF3ksY09luaG0IfXE6p7w= +github.com/xanzy/go-gitlab v0.86.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= @@ -1067,10 +1166,12 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 h1:5mLPGnFdSsevFRFc9q3yYbBkB6tsm4aCwwQV/j1JQAQ= -github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= +github.com/yuin/gopher-lua v1.1.0 h1:BojcDhfyDWgU2f2TOzYK/g5p2gxMrku8oupLDqlnSqE= +github.com/yuin/gopher-lua v1.1.0/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= +go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= @@ -1083,8 +1184,11 @@ go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD0 go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= -go.mongodb.org/mongo-driver v1.10.0 h1:UtV6N5k14upNp4LTduX0QCufG124fSu25Wz9tu94GLg= go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= +go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= +go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= +go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1094,49 +1198,54 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0 h1:li8u9OSMvLau7rMs8bmiL82OazG6MAkwPz2i6eS8TBQ= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0/go.mod h1:SY9qHHUES6W3oZnO1H2W8NvsSovIoXRg/A1AH9px8+I= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel v1.6.1/go.mod h1:blzUabWHkX6LJewxvadmzafgh/wnvBSDBdOuwkAtrWQ= -go.opentelemetry.io/otel v1.11.1 h1:4WLLAmcfkmDk2ukNXJyq3/kiz/3UzCaYq6PskJsaou4= -go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE= +go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s= +go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1 h1:X2GndnMCsUPh6CiY2a+frAbNsXaPLbB0soHRYhAZ5Ig= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1/go.mod h1:i8vjiSzbiUC7wOQplijSXMYUpNM93DtlS5CbUT+C6oQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.1 h1:MEQNafcNCB0uQIti/oHgU7CZpUMYQ7qigBwMVKycHvc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.1/go.mod h1:19O5I2U5iys38SsmT2uDJja/300woyzE1KPIQxEUBUc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1 h1:LYyG/f1W/jzAix16jbksJfMQFpOH/Ma6T639pVPMgfI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1/go.mod h1:QrRRQiY3kzAoYPNLP0W/Ikg0gR6V3LMc+ODSxr7yyvg= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 h1:t4ZwRPU+emrcvM2e9DHd0Fsf0JTPVcbfa/BhTDF03d0= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0/go.mod h1:vLarbg68dH2Wa77g71zmKQqlQ8+8Rq3GRG31uc0WcWI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 h1:cbsD4cUcviQGXdw8+bo5x2wazq10SKz8hEbtCRPcU78= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0/go.mod h1:JgXSGah17croqhJfhByOLVY719k1emAXC8MVhCIJlRs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 h1:TVQp/bboR4mhZSav+MdgXB8FaRho1RC8UwVn3T0vjVc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0/go.mod h1:I33vtIe0sR96wfrUcilIzLoA3mLHhRmz9S9Te0S3gDo= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= +go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo= +go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk v1.11.1 h1:F7KmQgoHljhUuJyA+9BiU+EkJfyX5nVVF4wyzWZpKxs= -go.opentelemetry.io/otel/sdk v1.11.1/go.mod h1:/l3FE4SupHJ12TduVjUkZtlfFqDCQJlOlithYrdktys= +go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE= +go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/otel/trace v1.6.1/go.mod h1:RkFRM1m0puWIq10oxImnGEduNBzxiN7TXluRBtE+5j0= -go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ= -go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk= +go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs= +go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= +go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= -golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -1146,7 +1255,9 @@ golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaE golang.org/x/crypto v0.0.0-20190422183909-d864b10871cd/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1154,14 +1265,14 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1177,7 +1288,10 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/exp v0.0.0-20210220032938-85be41e4509f/go.mod h1:I6l2HNBLBZEcrOoCpyKLdY2lHoRZ8lI4x60KMCQDft4= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1210,9 +1324,9 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1220,6 +1334,7 @@ golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -1232,6 +1347,7 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1240,6 +1356,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -1263,26 +1380,23 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1297,16 +1411,10 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8= -golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= +golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1319,11 +1427,10 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180224232135-f6cff0780e54/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1331,6 +1438,7 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1347,9 +1455,9 @@ golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1360,6 +1468,7 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1373,6 +1482,7 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1402,60 +1512,48 @@ golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210608053332-aa57babbf139/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220406155245-289d7a0edf71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1468,16 +1566,22 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1501,6 +1605,8 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1510,6 +1616,7 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -1542,22 +1649,18 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= @@ -1571,6 +1674,7 @@ gonum.org/v1/gonum v0.6.2/go.mod h1:9mxDZsDKxgMAuccQkewq682L+0eCu4dCN2yonUJTCLU= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= +google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -1594,26 +1698,8 @@ google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBz google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= -google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= -google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= -google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= -google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= -google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= -google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= -google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= -google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= -google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= -google.golang.org/appengine v1.0.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= @@ -1626,6 +1712,7 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= @@ -1660,57 +1747,28 @@ google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= -google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= -google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -1720,6 +1778,7 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= @@ -1727,21 +1786,11 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ= +google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= @@ -1751,8 +1800,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= @@ -1762,9 +1811,11 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/go-playground/webhooks.v5 v5.17.0 h1:truBced5ZmkiNKK47cM8bMe86wUSjNks7SFMuNKwzlc= @@ -1775,7 +1826,7 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= @@ -1792,6 +1843,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1864,8 +1916,10 @@ modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -oras.land/oras-go/v2 v2.1.0 h1:1nS8BIeEP6CBVQifwxrsth2bkuD+cYfjp7Hf7smUcS8= -oras.land/oras-go/v2 v2.1.0/go.mod h1:v5ZSAPIMEJYnZjZ6rTGPAyaonH+rCFmbE95IAzCTeGU= +nhooyr.io/websocket v1.8.6 h1:s+C3xAMLwGmlI31Nyn/eAehUlZPwfYZu2JXM621Q5/k= +nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= +oras.land/oras-go/v2 v2.2.0 h1:E1fqITD56Eg5neZbxBtAdZVgDHD6wBabJo6xESTcQyo= +oras.land/oras-go/v2 v2.2.0/go.mod h1:pXjn0+KfarspMHHNR3A56j3tgvr+mxArHuI8qVn59v8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= @@ -1889,3 +1943,4 @@ sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/hack/installers/checksums/helm-v3.12.1-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.12.1-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..9a9fdc145bb6a --- /dev/null +++ b/hack/installers/checksums/helm-v3.12.1-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +1a7074f58ef7190f74ce6db5db0b70e355a655e2013c4d5db2317e63fa9e3dea helm-v3.12.1-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.12.1-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.12.1-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..a0c153758e688 --- /dev/null +++ b/hack/installers/checksums/helm-v3.12.1-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +50548d4fedef9d8d01d1ed5a2dd5c849271d1017127417dc4c7ef6777ae68f7e helm-v3.12.1-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.12.1-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.12.1-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..2d51832d19aff --- /dev/null +++ b/hack/installers/checksums/helm-v3.12.1-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +32b25dba14549a4097bf3dd62221cf6df06279ded391f7479144e3a215982aaf helm-v3.12.1-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.12.1-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.12.1-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..053b446be9913 --- /dev/null +++ b/hack/installers/checksums/helm-v3.12.1-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +f243b564cf7e4081fffdfe5a39487f6442fc439586a1f50cc59dd801c3e636a5 helm-v3.12.1-linux-s390x.tar.gz diff --git a/hack/installers/checksums/kustomize_5.1.0_darwin_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.1.0_darwin_amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..946ee03acae12 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.1.0_darwin_amd64.tar.gz.sha256 @@ -0,0 +1 @@ +08664a17820138a68b7cbe302b1b63f4ec19c6e0838385f789ee0470f026ba25 kustomize_5.1.0_darwin_amd64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.1.0_linux_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.1.0_linux_amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..2eb13d31cfd88 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.1.0_linux_amd64.tar.gz.sha256 @@ -0,0 +1 @@ +52f4cf1ba34d38fd55a9bef819e329c9a4561f5f57f8f539346038ab5026dda8 kustomize_5.1.0_linux_amd64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.1.0_linux_arm64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.1.0_linux_arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..a5040fa6fd9a1 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.1.0_linux_arm64.tar.gz.sha256 @@ -0,0 +1 @@ +4e333ccf092bb72ef5d6bfd3e1f8abb161b5540ce47a53474d70c58eeb99f0a9 kustomize_5.1.0_linux_arm64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.1.0_linux_ppc64le.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.1.0_linux_ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..3f7eda534c9c9 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.1.0_linux_ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +83abeb44857db6a06f9dd35c5c40282b3b9ae4ca73e6306c52be604668964f0e kustomize_5.1.0_linux_ppc64le.tar.gz diff --git a/hack/installers/checksums/kustomize_5.1.0_linux_s390x.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.1.0_linux_s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..ded7a81927051 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.1.0_linux_s390x.tar.gz.sha256 @@ -0,0 +1 @@ +acff69cfb8e11b7df73c71610379ad76c003d638294f9bc98ceb0b68655e953e kustomize_5.1.0_linux_s390x.tar.gz diff --git a/hack/known_types/main.go b/hack/known_types/main.go index 491bf1e491c93..be8bcfdc7b50c 100644 --- a/hack/known_types/main.go +++ b/hack/known_types/main.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "go/importer" + "go/token" "go/types" "os" "strings" @@ -36,15 +37,16 @@ func newCommand() *cobra.Command { packagePath := args[1] outputPath := args[2] - // nolint:staticcheck - imprt := importer.For("source", nil) + if !strings.HasPrefix(packagePath, packagePrefix) { + return fmt.Errorf("package must be under %s", packagePrefix) + } + + imprt := importer.ForCompiler(token.NewFileSet(), "source", nil) pkg, err := imprt.Import(packagePath) if err != nil { return err } - if !strings.HasPrefix(packagePath, packagePrefix) { - return fmt.Errorf("package must be under %s", packagePrefix) - } + shortPackagePath := strings.TrimPrefix(packagePath, packagePrefix) var mapItems []string diff --git a/hack/ssh_known_hosts b/hack/ssh_known_hosts index a6209cdc3a008..f474fe6cc571b 100644 --- a/hack/ssh_known_hosts +++ b/hack/ssh_known_hosts @@ -1,5 +1,12 @@ -# This file was automatically generated. DO NOT EDIT +# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT +[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= +[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl +[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= +bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= +bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== +github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= +github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index 81a7944f4907f..0a78a89c9f0f4 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,8 +11,8 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.12.0 +helm3_version=3.12.1 kubectl_version=1.17.8 kubectx_version=0.6.3 -kustomize5_version=5.0.1 +kustomize5_version=5.1.0 protoc_version=3.17.3 diff --git a/hack/update-ssh-known-hosts.sh b/hack/update-ssh-known-hosts.sh index ede8802e62106..4f8532969c639 100755 --- a/hack/update-ssh-known-hosts.sh +++ b/hack/update-ssh-known-hosts.sh @@ -3,19 +3,30 @@ set -e KNOWN_HOSTS_FILE=$(dirname "$0")/ssh_known_hosts -HEADER="# This file was automatically generated. DO NOT EDIT" +HEADER="# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT" echo "$HEADER" > $KNOWN_HOSTS_FILE -ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com | sort -u >> $KNOWN_HOSTS_FILE +{ \ + ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com && \ + ssh-keyscan -p 443 ssh.github.com ; \ +} | sort -u >> $KNOWN_HOSTS_FILE chmod 0644 $KNOWN_HOSTS_FILE # Public SSH keys can be verified at the following URLs: # - github.com: https://help.github.com/articles/github-s-ssh-key-fingerprints/ +# - ssh.github.com: https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port#updating-known-hosts # - gitlab.com: https://docs.gitlab.com/ee/user/gitlab_com/#ssh-host-keys-fingerprints # - bitbucket.org: https://confluence.atlassian.com/bitbucket/ssh-keys-935365775.html # - ssh.dev.azure.com, vs-ssh.visualstudio.com: https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops diff - <(ssh-keygen -l -f $KNOWN_HOSTS_FILE | sort -k 3) < /dev/null || exit 1 + line=$(yq '.jobs["test-e2e"].strategy.matrix["k3s-version"][]' .github/workflows/ci-build.yaml | \ + jq --arg minor_version "$minor_version" --raw-input --slurp --raw-output \ + 'split("\n")[:-1] | map(sub("\\.[0-9]+$"; "")) | join(", ") | "| \($minor_version) | \(.) |"') + out+="$line\n" +done + +git checkout "release-$argocd_minor_version" + + +printf "$out" > docs/operator-manual/tested-kubernetes-versions.md diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index d1a7991bd036b..270fa05bcc62e 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -143,6 +143,12 @@ spec: name: argocd-cmd-params-cm key: application.namespaces optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index 7cf04df9790fd..429d6d8c1e923 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -37,12 +37,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -55,6 +49,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -91,6 +91,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -115,6 +121,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.concurrent.reconciliations.max optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts @@ -162,4 +174,4 @@ spec: - key: tls.key path: tls.key - key: ca.crt - path: ca.crt \ No newline at end of file + path: ca.crt diff --git a/manifests/base/config/argocd-ssh-known-hosts-cm.yaml b/manifests/base/config/argocd-ssh-known-hosts-cm.yaml index 8011572939ab6..7bd88fda144ee 100644 --- a/manifests/base/config/argocd-ssh-known-hosts-cm.yaml +++ b/manifests/base/config/argocd-ssh-known-hosts-cm.yaml @@ -7,12 +7,18 @@ metadata: name: argocd-ssh-known-hosts-cm data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl diff --git a/manifests/base/notification/argocd-notifications-controller-deployment.yaml b/manifests/base/notification/argocd-notifications-controller-deployment.yaml index d49e565e2acd1..8eab1f95570c5 100644 --- a/manifests/base/notification/argocd-notifications-controller-deployment.yaml +++ b/manifests/base/notification/argocd-notifications-controller-deployment.yaml @@ -35,6 +35,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true workingDir: /app livenessProbe: tcpSocket: diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml index f8d3fb206eb8e..8d649e3995ebc 100644 --- a/manifests/base/redis/argocd-redis-deployment.yaml +++ b/manifests/base/redis/argocd-redis-deployment.yaml @@ -33,6 +33,7 @@ spec: ports: - containerPort: 6379 securityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/manifests/base/redis/argocd-redis-rolebinding.yaml b/manifests/base/redis/argocd-redis-rolebinding.yaml deleted file mode 100644 index 87caaa2cd6f57..0000000000000 --- a/manifests/base/redis/argocd-redis-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis diff --git a/manifests/base/redis/kustomization.yaml b/manifests/base/redis/kustomization.yaml index 95553fe464753..4a0b64c4da6a8 100644 --- a/manifests/base/redis/kustomization.yaml +++ b/manifests/base/redis/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization resources: - argocd-redis-deployment.yaml -- argocd-redis-rolebinding.yaml - argocd-redis-sa.yaml - argocd-redis-service.yaml - argocd-redis-network-policy.yaml diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 9ced79662dd25..735f6436f6699 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -48,6 +48,18 @@ spec: name: argocd-cmd-params-cm key: reposerver.parallelism.limit optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.metrics.listen.address + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 6cfd2c1aa5522..66c6ed384b1d2 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -197,6 +197,18 @@ spec: name: argocd-cmd-params-cm key: server.http.cookie.maxnumber optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 1683ba403b386..5d6c680cd8ae1 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -287,8 +287,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -576,8 +583,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -982,8 +996,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1262,8 +1283,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1511,6 +1539,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status @@ -1690,8 +1722,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1983,8 +2022,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2421,8 +2468,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over + Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2730,8 +2784,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined - as a block + as a block. ValuesObject takes precedence + over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3156,8 +3217,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3460,8 +3529,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3869,8 +3945,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4173,8 +4257,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4389,6 +4480,8 @@ spec: type: object spec: properties: + applyNestedSelectors: + type: boolean generators: items: properties: @@ -4584,6 +4677,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4761,6 +4857,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5097,6 +5196,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5274,6 +5376,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5614,6 +5719,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5791,6 +5899,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5935,6 +6046,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -6107,6 +6222,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6284,6 +6402,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6628,6 +6749,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6805,6 +6929,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7141,6 +7268,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7318,6 +7448,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7658,6 +7791,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7835,6 +7971,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7979,6 +8118,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -8151,6 +8294,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8328,6 +8474,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8479,123 +8628,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -8760,6 +8807,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8937,6 +8987,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9081,12 +9134,30 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - azureDevOps: + azuredevops: properties: - accessTokenRef: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: properties: key: type: string @@ -9096,46 +9167,58 @@ spec: - key - secretName type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string required: - - accessTokenRef - organization - - teamProject + - project + - repo type: object bitbucket: properties: - allBranches: - type: boolean - appPasswordRef: + api: + type: string + basicAuth: properties: - key: - type: string - secretName: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: type: string required: - - key - - secretName + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef type: object owner: type: string - user: + repo: type: string required: - - appPasswordRef - owner - - user + - repo type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -9158,41 +9241,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -9206,16 +9280,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -9228,18 +9307,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -9251,7 +9333,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -9416,6 +9498,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9593,6 +9678,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9738,525 +9826,1741 @@ spec: - spec type: object type: object - selector: + scmProvider: properties: - matchExpressions: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: items: properties: - key: + branchMatch: type: string - operator: + labelMatch: type: string - values: + pathsDoNotExist: items: type: string type: array - required: - - key - - operator + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string type: object type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + gitea: properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: + allBranches: + type: boolean + api: type: string - namespace: + insecure: + type: boolean + owner: type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object required: - - kind + - api + - owner type: object - type: array - info: - items: + github: properties: - name: + allBranches: + type: boolean + api: type: string - value: + appSecretName: type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object required: - - name - - value + - organization type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: + secretName: type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + namespace: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: + type: object + spec: + properties: + destination: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true name: type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: + namespace: type: string - value: + server: type: string - required: - - name - - value type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: + ignoreDifferences: + items: + properties: + group: type: string - type: array - map: - additionalProperties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: type: string - type: object - name: - type: string - string: + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL type: object sources: items: properties: - chart: - type: string - directory: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: properties: - exclude: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - include: + namespace: type: string - jsonnet: + type: object + spec: + properties: + destination: properties: - extVars: - items: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: properties: - code: - type: boolean - name: + exclude: type: string - value: + include: type: string - required: - - name - - value + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: + helm: properties: - code: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: type: boolean - name: + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: type: string - value: + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: type: string - required: - - name - - value type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - value: + repoURL: + type: string + targetRevision: type: string required: - - name - - value + - repoURL type: object type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: type: string - type: object - type: array + type: array + type: object + required: + - destination + - project type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string required: - - repoURL + - metadata + - spec type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: properties: - configMapRef: - type: string - labelSelector: + selector: properties: matchExpressions: items: @@ -10279,11 +11583,6 @@ spec: type: string type: object type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer template: properties: metadata: @@ -10444,6 +11743,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10621,6 +11923,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10758,45 +12063,49 @@ spec: type: array type: object required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - type: object - required: - - configMapRef - type: object - clusters: - properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + - destination + - project type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string template: properties: metadata: @@ -10957,6 +12266,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11134,6 +12446,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11282,37 +12597,17 @@ spec: additionalProperties: type: string type: object + required: + - repoURL + - revision type: object - git: + list: properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: + elements: items: - properties: - path: - type: string - required: - - path - type: object + x-kubernetes-preserve-unknown-fields: true type: array - pathParamPrefix: - type: string - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: + elementsYaml: type: string template: properties: @@ -11474,6 +12769,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11651,6 +12949,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11796,17 +13097,31 @@ spec: - spec type: object required: - - repoURL - - revision + - elements type: object - list: + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -11967,6 +13282,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12144,6 +13462,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12288,15 +13609,89 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - elements + - configMapRef type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -12333,6 +13728,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -12576,6 +13973,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12753,6 +14153,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12900,6 +14303,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -13193,396 +14616,916 @@ spec: type: object type: array type: object - recurse: + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string type: object - helm: + path: + type: string + plugin: properties: - fileParameters: + env: items: properties: name: type: string - path: + value: type: string + required: + - name + - value type: object type: array - ignoreMissingValueFiles: - type: boolean + name: + type: string parameters: items: properties: - forceString: - type: boolean + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object name: type: string - value: + string: type: string type: object type: array - passCredentials: + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: type: boolean - releaseName: - type: string - skipCrds: + prune: + type: boolean + selfHeal: type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string type: object - kustomize: + managedNamespaceMetadata: properties: - commonAnnotations: + annotations: additionalProperties: type: string type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: + labels: additionalProperties: type: string type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object - path: + type: array + libs: + items: type: string - plugin: + type: array + tlas: + items: properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value type: object - ref: + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: type: string - repoURL: + path: type: string - targetRevision: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object - sources: - items: - properties: - chart: + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object - path: + type: array + libs: + items: type: string - plugin: + type: array + tlas: + items: properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + code: + type: boolean name: type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array + value: + type: string + required: + - name + - value type: object - ref: + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: type: string - repoURL: + path: type: string - targetRevision: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - type: array - type: object - required: - - destination - - project + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object - required: - - metadata - - spec - type: object - type: object - selector: - properties: - matchExpressions: - items: + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -13743,6 +15686,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -13920,6 +15866,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14064,12 +16013,89 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -14106,6 +16132,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -14349,6 +16377,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14526,6 +16557,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14673,6 +16707,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -15005,6 +17059,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15182,6 +17239,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15326,6 +17386,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -15354,6 +17418,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: @@ -15394,6 +17462,13 @@ spec: type: object syncPolicy: properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string preserveResourcesOnDeletion: type: boolean type: object @@ -15557,6 +17632,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15734,6 +17812,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -16453,22 +18534,6 @@ subjects: name: argocd-applicationset-controller --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -16520,15 +18585,21 @@ metadata: apiVersion: v1 data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl kind: ConfigMap metadata: labels: @@ -16659,12 +18730,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -16677,6 +18742,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -16713,6 +18784,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -16737,6 +18814,12 @@ spec: key: applicationsetcontroller.concurrent.reconciliations.max name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -16842,6 +18925,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true securityContext: runAsNonRoot: true runAsUser: 999 @@ -16910,6 +18994,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -17271,6 +19367,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 6f5f5d07937bb..eb8d8dca36b0f 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -286,8 +286,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -575,8 +582,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -981,8 +995,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1261,8 +1282,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1510,6 +1538,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status @@ -1689,8 +1721,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1982,8 +2021,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2420,8 +2467,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over + Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2729,8 +2783,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined - as a block + as a block. ValuesObject takes precedence + over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3155,8 +3216,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3459,8 +3528,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3868,8 +3944,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4172,8 +4256,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index dc3ce3a0602be..5a08f884d5734 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -29,6 +29,8 @@ spec: type: object spec: properties: + applyNestedSelectors: + type: boolean generators: items: properties: @@ -224,6 +226,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -401,6 +406,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -737,6 +745,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -914,6 +925,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1254,6 +1268,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1431,6 +1448,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1575,6 +1595,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -1747,6 +1771,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1924,6 +1951,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2268,6 +2298,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2445,6 +2478,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2781,6 +2817,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2958,6 +2997,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3298,6 +3340,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3475,6 +3520,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3619,6 +3667,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -3791,6 +3843,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3968,6 +4023,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4119,123 +4177,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -4400,6 +4356,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4577,6 +4536,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4721,12 +4683,30 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - azureDevOps: + azuredevops: properties: - accessTokenRef: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: properties: key: type: string @@ -4736,46 +4716,58 @@ spec: - key - secretName type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string required: - - accessTokenRef - organization - - teamProject + - project + - repo type: object bitbucket: properties: - allBranches: - type: boolean - appPasswordRef: + api: + type: string + basicAuth: properties: - key: - type: string - secretName: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: type: string required: - - key - - secretName + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef type: object owner: type: string - user: + repo: type: string required: - - appPasswordRef - owner - - user + - repo type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -4798,41 +4790,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -4846,16 +4829,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -4868,18 +4856,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -4891,7 +4882,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -5056,6 +5047,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5233,6 +5227,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5378,565 +5375,213 @@ spec: - spec type: object type: object - selector: + scmProvider: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + awsCodeCommit: properties: - group: + allBranches: + type: boolean + region: type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + role: type: string - managedFieldsManagers: + tagFilters: items: - type: string + properties: + key: + type: string + value: + type: string + required: + - key + type: object type: array - name: + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: type: string - namespace: + organization: + type: string + teamProject: type: string required: - - kind + - accessTokenRef + - organization + - teamProject type: object - type: array - info: - items: + bitbucket: properties: - name: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: type: string - value: + user: type: string required: - - name - - value + - appPasswordRef + - owner + - user type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: properties: - name: + key: type: string - path: + secretName: type: string + required: + - key + - secretName type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string type: array - ignoreMissingValueFiles: - type: boolean - parameters: + pathsExist: items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object + type: string type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: + repositoryMatch: type: string type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + secretName: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - sources: - items: + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: properties: - chart: + allBranches: + type: boolean + api: type: string - directory: + appSecretName: + type: string + organization: + type: string + tokenRef: properties: - exclude: + key: type: string - include: + secretName: type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean + required: + - key + - secretName type: object - helm: + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: + key: type: string - version: + secretName: type: string + required: + - key + - secretName type: object - kustomize: + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: properties: - commonAnnotations: + annotations: additionalProperties: type: string type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: - properties: - configMapRef: - type: string - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: + finalizers: + items: + type: string + type: array + labels: additionalProperties: type: string type: object @@ -6084,6 +5729,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6261,6 +5909,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6409,551 +6060,559 @@ spec: additionalProperties: type: string type: object - required: - - configMapRef type: object - clusters: + selector: properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + matchExpressions: + items: + properties: + key: type: string - type: object - type: object - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: + operator: + type: string + values: + items: type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - exclude: + code: + type: boolean + name: type: string - include: + value: type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean + required: + - name + - value type: object - helm: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: type: string - targetRevision: + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object - sources: - items: - properties: - chart: + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - exclude: + code: + type: boolean + name: type: string - include: + value: type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean + required: + - name + - value type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: type: string - targetRevision: + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project + version: + type: string type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL type: object - type: object - git: - properties: - directories: - items: + type: array + syncPolicy: + properties: + automated: properties: - exclude: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: type: boolean - path: - type: string - required: - - path type: object - type: array - files: - items: + managedNamespaceMetadata: properties: - path: - type: string - required: - - path + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - pathParamPrefix: + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: type: string - repoURL: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: type: string requeueAfterSeconds: format: int64 type: integer - revision: - type: string template: properties: metadata: @@ -7114,6 +6773,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7291,6 +6953,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7435,18 +7100,38 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - repoURL - - revision + - configMapRef type: object - list: + clusters: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object template: properties: metadata: @@ -7607,6 +7292,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7784,6 +7472,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7928,134 +7619,42 @@ spec: - metadata - spec type: object - required: - - elements + values: + additionalProperties: + type: string + type: object type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true - pullRequest: + git: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: + directories: items: properties: - branchMatch: + exclude: + type: boolean + path: type: string + required: + - path type: object type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: - properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - owner - - repo - type: object - gitlab: - properties: - api: - type: string - labels: - items: + files: + items: + properties: + path: type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - project - type: object + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string requeueAfterSeconds: format: int64 type: integer + revision: + type: string template: properties: metadata: @@ -8216,6 +7815,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8393,6 +7995,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8537,253 +8142,94 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision type: object - scmProvider: + list: properties: - azureDevOps: - properties: - accessTokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string - required: - - accessTokenRef - - organization - - teamProject - type: object - bitbucket: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: properties: - allBranches: - type: boolean - appPasswordRef: + metadata: properties: - key: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - secretName: + namespace: type: string - required: - - key - - secretName type: object - owner: - type: string - user: - type: string - required: - - appPasswordRef - - owner - - user - type: object - bitbucketServer: - properties: - allBranches: - type: boolean - api: - type: string - basicAuth: + spec: properties: - passwordRef: + destination: properties: - key: + name: type: string - secretName: + namespace: + type: string + server: type: string - required: - - key - - secretName type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - required: - - api - - project - type: object - cloneProtocol: - type: string - filters: - items: - properties: - branchMatch: - type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: - type: string - type: object - type: array - gitea: - properties: - allBranches: - type: boolean - api: - type: string - insecure: - type: boolean - owner: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - type: object - github: - properties: - allBranches: - type: boolean - api: - type: string - appSecretName: - type: string - organization: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - organization - type: object - gitlab: - properties: - allBranches: - type: boolean - api: - type: string - group: - type: string - includeSubgroups: - type: boolean - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - group - type: object - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: type: string revisionHistoryLimit: format: int64 @@ -8825,404 +8271,2810 @@ spec: type: boolean name: type: string - value: + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - elements + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: + allowEmpty: type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: + prune: type: boolean - releaseName: - type: string - skipCrds: + selfHeal: type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string type: object - kustomize: + managedNamespaceMetadata: properties: - commonAnnotations: + annotations: additionalProperties: type: string type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: + labels: additionalProperties: type: string type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object - path: + type: array + libs: + items: type: string - plugin: + type: array + tlas: + items: properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + code: + type: boolean name: type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array + value: + type: string + required: + - name + - value type: object - ref: + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: type: string - repoURL: + path: type: string - targetRevision: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object - sources: - items: - properties: - chart: + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: type: string - targetRevision: + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - type: array - type: object - required: - - destination - - project + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string required: - - metadata - - spec + - repoURL type: object - type: object - selector: - properties: - matchExpressions: - items: + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -9383,6 +11235,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9560,6 +11415,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9704,12 +11562,89 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -9746,6 +11681,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -9989,6 +11926,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10166,6 +12106,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10313,6 +12256,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -10645,6 +12608,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10822,6 +12788,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10966,6 +12935,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -10994,6 +12967,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: @@ -11034,6 +13011,13 @@ spec: type: object syncPolicy: properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string preserveResourcesOnDeletion: type: boolean type: object @@ -11197,6 +13181,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11374,6 +13361,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object diff --git a/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml b/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml index e077dbd97ef58..c288595170914 100644 --- a/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml +++ b/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml @@ -9,9 +9,3 @@ spec: - name: argocd-application-controller args: - /usr/local/bin/argocd-application-controller - env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server diff --git a/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml b/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml index e26bae4c8bc09..b237cf6c13b24 100644 --- a/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml +++ b/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml @@ -24,9 +24,3 @@ spec: - name: argocd-repo-server args: - /usr/local/bin/argocd-repo-server - env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server diff --git a/manifests/ha/base/overlays/argocd-server-deployment.yaml b/manifests/ha/base/overlays/argocd-server-deployment.yaml index 351e6cbce76b8..49eb31b1b0f29 100644 --- a/manifests/ha/base/overlays/argocd-server-deployment.yaml +++ b/manifests/ha/base/overlays/argocd-server-deployment.yaml @@ -25,10 +25,5 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: '2' - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server args: - /usr/local/bin/argocd-server diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index 92e37f805b1fa..7ee7bd76dc517 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -1071,7 +1071,7 @@ spec: topologyKey: kubernetes.io/hostname initContainers: - name: config-init - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1089,7 +1089,7 @@ spec: mountPath: /data containers: - name: haproxy - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent securityContext: null diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index a1e1be949b65e..d30c4bc31bb80 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -11,7 +11,7 @@ redis-ha: IPv6: enabled: false image: - tag: 2.6.12-alpine + tag: 2.6.14-alpine containerSecurityContext: null timeout: server: 6m diff --git a/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml b/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml index 812e97d8049cf..8ce2b23f876a2 100644 --- a/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml +++ b/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml @@ -1,6 +1,7 @@ - op: add path: /spec/template/spec/initContainers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -10,6 +11,7 @@ - op: add path: /spec/template/spec/containers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml b/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml index 386b219575eb7..53b395e14da12 100644 --- a/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml +++ b/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml @@ -1,6 +1,7 @@ - op: add path: /spec/template/spec/initContainers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -10,6 +11,7 @@ - op: add path: /spec/template/spec/containers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -19,6 +21,7 @@ - op: add path: /spec/template/spec/containers/1/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -28,6 +31,7 @@ - op: add path: /spec/template/spec/containers/2/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 1af0e5d623b60..f8b895f1ca745 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -287,8 +287,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -576,8 +583,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -982,8 +996,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1262,8 +1283,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1511,6 +1539,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status @@ -1690,8 +1722,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1983,8 +2022,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2421,8 +2468,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over + Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2730,8 +2784,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined - as a block + as a block. ValuesObject takes precedence + over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3156,8 +3217,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3460,8 +3529,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3869,8 +3945,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4173,8 +4257,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4389,6 +4480,8 @@ spec: type: object spec: properties: + applyNestedSelectors: + type: boolean generators: items: properties: @@ -4584,6 +4677,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4761,6 +4857,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5097,6 +5196,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5274,6 +5376,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5614,6 +5719,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5791,6 +5899,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5935,6 +6046,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -6107,6 +6222,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6284,6 +6402,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6628,6 +6749,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6805,6 +6929,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7141,6 +7268,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7318,6 +7448,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7658,6 +7791,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7835,6 +7971,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7979,6 +8118,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -8151,6 +8294,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8328,6 +8474,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8479,123 +8628,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -8760,6 +8807,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8937,6 +8987,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9081,12 +9134,30 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - azureDevOps: + azuredevops: properties: - accessTokenRef: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: properties: key: type: string @@ -9096,46 +9167,58 @@ spec: - key - secretName type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string required: - - accessTokenRef - organization - - teamProject + - project + - repo type: object bitbucket: properties: - allBranches: - type: boolean - appPasswordRef: + api: + type: string + basicAuth: properties: - key: - type: string - secretName: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: type: string required: - - key - - secretName + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef type: object owner: type: string - user: + repo: type: string required: - - appPasswordRef - owner - - user + - repo type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -9158,41 +9241,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -9206,16 +9280,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -9228,18 +9307,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -9251,7 +9333,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -9416,6 +9498,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9593,6 +9678,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9738,525 +9826,1741 @@ spec: - spec type: object type: object - selector: + scmProvider: properties: - matchExpressions: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: items: properties: - key: + branchMatch: type: string - operator: + labelMatch: type: string - values: + pathsDoNotExist: items: type: string type: array - required: - - key - - operator + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string type: object type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + gitea: properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: + allBranches: + type: boolean + api: type: string - namespace: + insecure: + type: boolean + owner: type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object required: - - kind + - api + - owner type: object - type: array - info: - items: + github: properties: - name: + allBranches: + type: boolean + api: type: string - value: + appSecretName: type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object required: - - name - - value + - organization type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: + secretName: type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + namespace: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: + type: object + spec: + properties: + destination: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true name: type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: + namespace: type: string - value: + server: type: string - required: - - name - - value type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: + ignoreDifferences: + items: + properties: + group: type: string - type: array - map: - additionalProperties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: type: string - type: object - name: - type: string - string: + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - sources: - items: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: type: string - value: + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: type: string - value: + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: type: string - required: - - name - - value - type: object - type: array + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: + sources: items: properties: - forceString: - type: boolean - name: - type: string - value: + chart: type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: + finalizers: + items: + type: string + type: array + labels: additionalProperties: type: string type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: items: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - value: + repoURL: + type: string + targetRevision: type: string required: - - name - - value + - repoURL type: object type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: type: string - type: object - type: array + type: array + type: object + required: + - destination + - project type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string required: - - repoURL + - metadata + - spec type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: properties: - configMapRef: - type: string - labelSelector: + selector: properties: matchExpressions: items: @@ -10279,11 +11583,6 @@ spec: type: string type: object type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer template: properties: metadata: @@ -10444,6 +11743,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10621,6 +11923,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10769,34 +12074,38 @@ spec: additionalProperties: type: string type: object - required: - - configMapRef type: object - clusters: + git: properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + directories: + items: + properties: + exclude: + type: boolean + path: type: string - type: object - type: object + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string template: properties: metadata: @@ -10957,6 +12266,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11134,6 +12446,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11282,37 +12597,17 @@ spec: additionalProperties: type: string type: object + required: + - repoURL + - revision type: object - git: + list: properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: + elements: items: - properties: - path: - type: string - required: - - path - type: object + x-kubernetes-preserve-unknown-fields: true type: array - pathParamPrefix: - type: string - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: + elementsYaml: type: string template: properties: @@ -11474,6 +12769,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11651,6 +12949,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11796,17 +13097,31 @@ spec: - spec type: object required: - - repoURL - - revision + - elements type: object - list: + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -11967,6 +13282,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12144,6 +13462,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12288,15 +13609,89 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - elements + - configMapRef type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -12333,6 +13728,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -12576,6 +13973,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12753,6 +14153,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12900,6 +14303,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -13196,393 +14619,913 @@ spec: recurse: type: boolean type: object - helm: + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: properties: - fileParameters: + env: items: properties: name: type: string - path: + value: type: string + required: + - name + - value type: object type: array - ignoreMissingValueFiles: - type: boolean + name: + type: string parameters: items: properties: - forceString: - type: boolean + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object name: type: string - value: + string: type: string type: object type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: type: string - type: array - values: - type: string - version: - type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean type: object - kustomize: + managedNamespaceMetadata: properties: - commonAnnotations: + annotations: additionalProperties: type: string type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: + labels: additionalProperties: type: string type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object - path: + type: array + libs: + items: type: string - plugin: + type: array + tlas: + items: properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + code: + type: boolean name: type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array + value: + type: string + required: + - name + - value type: object - ref: + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: type: string - repoURL: + path: type: string - targetRevision: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object - sources: - items: - properties: - chart: + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: type: string + value: + type: string + required: + - name + - value type: object - path: + type: array + libs: + items: type: string - plugin: + type: array + tlas: + items: properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + code: + type: boolean name: type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array + value: + type: string + required: + - name + - value type: object - ref: + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: type: string - repoURL: + path: type: string - targetRevision: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - type: array - type: object - required: - - destination - - project + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string required: - - metadata - - spec + - repoURL type: object - type: object - selector: - properties: - matchExpressions: - items: + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -13743,6 +15686,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -13920,6 +15866,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14064,12 +16013,89 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -14106,6 +16132,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -14349,6 +16377,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14526,6 +16557,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14673,6 +16707,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -15005,6 +17059,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15182,6 +17239,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15326,6 +17386,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -15354,6 +17418,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: @@ -15394,6 +17462,13 @@ spec: type: object syncPolicy: properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string preserveResourcesOnDeletion: type: boolean type: object @@ -15557,6 +17632,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15734,6 +17812,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -17548,15 +19629,21 @@ metadata: apiVersion: v1 data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl kind: ConfigMap metadata: labels: @@ -17880,12 +19967,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -17898,6 +19979,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -17934,6 +20021,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -17958,6 +20051,12 @@ spec: key: applicationsetcontroller.concurrent.reconciliations.max name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -18138,6 +20237,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -18209,7 +20321,7 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.12-alpine + - image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -18233,6 +20345,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -18245,7 +20358,7 @@ spec: - /readonly/haproxy_init.sh command: - sh - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -18253,6 +20366,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -18312,11 +20426,6 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -18341,6 +20450,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -18580,11 +20701,6 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -18759,6 +20875,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: @@ -18889,11 +21017,6 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -19016,6 +21139,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -19138,6 +21267,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -19186,6 +21316,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -19213,6 +21344,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -19241,6 +21373,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index fb65a3e8c9921..144c25ae3a7d6 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1195,15 +1195,21 @@ metadata: apiVersion: v1 data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl kind: ConfigMap metadata: labels: @@ -1527,12 +1533,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -1545,6 +1545,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -1581,6 +1587,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -1605,6 +1617,12 @@ spec: key: applicationsetcontroller.concurrent.reconciliations.max name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -1785,6 +1803,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -1856,7 +1887,7 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.12-alpine + - image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -1880,6 +1911,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -1892,7 +1924,7 @@ spec: - /readonly/haproxy_init.sh command: - sh - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -1900,6 +1932,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -1959,11 +1992,6 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -1988,6 +2016,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -2227,11 +2267,6 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -2406,6 +2441,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: @@ -2536,11 +2583,6 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -2663,6 +2705,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -2785,6 +2833,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -2833,6 +2882,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -2860,6 +2910,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -2888,6 +2939,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: diff --git a/manifests/install.yaml b/manifests/install.yaml index 0e4911f9673e3..fec96e7a9ea76 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -287,8 +287,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -576,8 +583,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -982,8 +996,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1262,8 +1283,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1511,6 +1539,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status @@ -1690,8 +1722,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1983,8 +2022,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2421,8 +2468,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over + Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2730,8 +2784,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined - as a block + as a block. ValuesObject takes precedence + over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3156,8 +3217,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3460,8 +3529,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3869,8 +3945,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4173,8 +4257,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4389,6 +4480,8 @@ spec: type: object spec: properties: + applyNestedSelectors: + type: boolean generators: items: properties: @@ -4584,6 +4677,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4761,6 +4857,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5097,6 +5196,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5274,6 +5376,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5614,6 +5719,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5791,6 +5899,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5935,6 +6046,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -6107,6 +6222,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6284,6 +6402,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6628,6 +6749,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6805,6 +6929,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7141,6 +7268,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7318,6 +7448,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7658,6 +7791,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7835,6 +7971,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7979,6 +8118,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -8151,6 +8294,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8328,6 +8474,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8479,123 +8628,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -8760,6 +8807,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8937,6 +8987,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9081,12 +9134,30 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - azureDevOps: + azuredevops: properties: - accessTokenRef: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: properties: key: type: string @@ -9096,46 +9167,58 @@ spec: - key - secretName type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string required: - - accessTokenRef - organization - - teamProject + - project + - repo type: object bitbucket: properties: - allBranches: - type: boolean - appPasswordRef: + api: + type: string + basicAuth: properties: - key: - type: string - secretName: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: type: string required: - - key - - secretName + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef type: object owner: type: string - user: + repo: type: string required: - - appPasswordRef - owner - - user + - repo type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -9158,41 +9241,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -9206,16 +9280,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -9228,18 +9307,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -9251,7 +9333,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -9416,6 +9498,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9593,6 +9678,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9738,525 +9826,1741 @@ spec: - spec type: object type: object - selector: + scmProvider: properties: - matchExpressions: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: items: properties: - key: + branchMatch: type: string - operator: + labelMatch: type: string - values: + pathsDoNotExist: items: type: string type: array - required: - - key - - operator + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string type: object type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + gitea: properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: + allBranches: + type: boolean + api: type: string - namespace: + insecure: + type: boolean + owner: type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object required: - - kind + - api + - owner type: object - type: array - info: - items: + github: properties: - name: + allBranches: + type: boolean + api: type: string - value: + appSecretName: type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object required: - - name - - value + - organization type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: + secretName: type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + namespace: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: + type: object + spec: + properties: + destination: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true name: type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: + namespace: type: string - value: + server: type: string - required: - - name - - value type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: + ignoreDifferences: + items: + properties: + group: type: string - type: array - map: - additionalProperties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: type: string - type: object - name: - type: string - string: + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - sources: - items: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: type: string - value: + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: type: string - value: + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: type: string - required: - - name - - value - type: object - type: array + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: + sources: items: properties: - forceString: - type: boolean - name: - type: string - value: + chart: type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: + finalizers: + items: + type: string + type: array + labels: additionalProperties: type: string type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: items: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - value: + repoURL: + type: string + targetRevision: type: string required: - - name - - value + - repoURL type: object type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: type: string - type: object - type: array + type: array + type: object + required: + - destination + - project type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string required: - - repoURL + - metadata + - spec type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: properties: - configMapRef: - type: string - labelSelector: + selector: properties: matchExpressions: items: @@ -10279,11 +11583,6 @@ spec: type: string type: object type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer template: properties: metadata: @@ -10444,6 +11743,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10621,6 +11923,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10769,34 +12074,38 @@ spec: additionalProperties: type: string type: object - required: - - configMapRef type: object - clusters: + git: properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + directories: + items: + properties: + exclude: + type: boolean + path: type: string - type: object - type: object + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string template: properties: metadata: @@ -10957,6 +12266,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11134,6 +12446,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11282,37 +12597,17 @@ spec: additionalProperties: type: string type: object + required: + - repoURL + - revision type: object - git: + list: properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: + elements: items: - properties: - path: - type: string - required: - - path - type: object + x-kubernetes-preserve-unknown-fields: true type: array - pathParamPrefix: - type: string - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: + elementsYaml: type: string template: properties: @@ -11474,6 +12769,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11651,6 +12949,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11796,17 +13097,31 @@ spec: - spec type: object required: - - repoURL - - revision + - elements type: object - list: + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -11967,6 +13282,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12144,6 +13462,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12288,15 +13609,89 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - elements + - configMapRef type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -12333,6 +13728,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -12576,6 +13973,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12753,6 +14153,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -12900,6 +14303,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -13196,393 +14619,913 @@ spec: recurse: type: boolean type: object - helm: + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: properties: - fileParameters: + env: items: properties: name: type: string - path: + value: type: string + required: + - name + - value type: object type: array - ignoreMissingValueFiles: - type: boolean + name: + type: string parameters: items: properties: - forceString: - type: boolean + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object name: type: string - value: + string: type: string type: object type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: type: string - type: array - values: - type: string - version: - type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean type: object - kustomize: + managedNamespaceMetadata: properties: - commonAnnotations: + annotations: additionalProperties: type: string type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: + labels: additionalProperties: type: string type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object - path: + type: array + libs: + items: type: string - plugin: + type: array + tlas: + items: properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + code: + type: boolean name: type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array + value: + type: string + required: + - name + - value type: object - ref: + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: type: string - repoURL: + path: type: string - targetRevision: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object - sources: - items: - properties: - chart: + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: type: string + required: + - name + - value type: object - path: + type: array + libs: + items: type: string - plugin: + type: array + tlas: + items: properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + code: + type: boolean name: type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array + value: + type: string + required: + - name + - value type: object - ref: + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: type: string - repoURL: + path: type: string - targetRevision: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - type: array - type: object - required: - - destination - - project + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string required: - - metadata - - spec + - repoURL type: object - type: object - selector: - properties: - matchExpressions: - items: + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -13743,6 +15686,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -13920,6 +15866,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14064,12 +16013,89 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -14106,6 +16132,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -14349,6 +16377,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14526,6 +16557,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -14673,6 +16707,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -15005,6 +17059,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15182,6 +17239,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15326,6 +17386,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -15354,6 +17418,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: @@ -15394,6 +17462,13 @@ spec: type: object syncPolicy: properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string preserveResourcesOnDeletion: type: boolean type: object @@ -15557,6 +17632,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -15734,6 +17812,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -16660,22 +18741,6 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -16768,15 +18833,21 @@ metadata: apiVersion: v1 data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl kind: ConfigMap metadata: labels: @@ -16997,12 +19068,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -17015,6 +19080,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -17051,6 +19122,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -17075,6 +19152,12 @@ spec: key: applicationsetcontroller.concurrent.reconciliations.max name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -17255,6 +19338,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -17342,6 +19438,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true securityContext: runAsNonRoot: true runAsUser: 999 @@ -17410,6 +19507,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -17821,6 +19930,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: @@ -18073,6 +20194,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 9b0d1a70169e7..76a2971d68f5f 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -341,22 +341,6 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -415,15 +399,21 @@ metadata: apiVersion: v1 data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl kind: ConfigMap metadata: labels: @@ -644,12 +634,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -662,6 +646,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -698,6 +688,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -722,6 +718,12 @@ spec: key: applicationsetcontroller.concurrent.reconciliations.max name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -902,6 +904,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -989,6 +1004,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true securityContext: runAsNonRoot: true runAsUser: 999 @@ -1057,6 +1073,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -1468,6 +1496,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: @@ -1720,6 +1760,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/mkdocs.yml b/mkdocs.yml index 7d0da86dd10da..e0ced6bbb343b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -8,7 +8,8 @@ extra_javascript: - assets/versions.js markdown_extensions: - markdown_include.include -- codehilite +- codehilite: + css_class: highlight - admonition - toc: permalink: true @@ -42,8 +43,9 @@ nav: - operator-manual/tls.md - operator-manual/cluster-bootstrapping.md - operator-manual/secret-management.md - - operator-manual/high_availability.md - operator-manual/disaster_recovery.md + - operator-manual/high_availability.md + - operator-manual/reconcile.md - operator-manual/webhook.md - operator-manual/health.md - operator-manual/resource_actions.md @@ -76,6 +78,7 @@ nav: - operator-manual/notifications/services/opsgenie.md - operator-manual/notifications/services/overview.md - operator-manual/notifications/services/pagerduty.md + - operator-manual/notifications/services/pagerduty_v2.md - operator-manual/notifications/services/pushover.md - operator-manual/notifications/services/rocketchat.md - operator-manual/notifications/services/slack.md @@ -101,12 +104,16 @@ nav: - operator-manual/applicationset/Generators-Cluster-Decision-Resource.md - operator-manual/applicationset/Generators-Pull-Request.md - operator-manual/applicationset/Generators-Post-Selector.md + - operator-manual/applicationset/Generators-Plugin.md - Template fields: - operator-manual/applicationset/Template.md - operator-manual/applicationset/GoTemplate.md - Controlling Resource Modification: operator-manual/applicationset/Controlling-Resource-Modification.md - Application Pruning & Resource Deletion: operator-manual/applicationset/Application-Deletion.md - Progressive Syncs: operator-manual/applicationset/Progressive-Syncs.md + - Git File Generator Globbing: operator-manual/applicationset/Generators-Git-File-Globbing.md + - ApplicationSet Specification Reference: operator-manual/applicationset/applicationset-specification.md + - ApplicationSet in any namespace: operator-manual/applicationset/Appset-Any-Namespace.md - Server Configuration Parameters: - operator-manual/server-commands/argocd-server.md - operator-manual/server-commands/argocd-application-controller.md @@ -115,6 +122,7 @@ nav: - operator-manual/server-commands/additional-configuration-method.md - Upgrading: - operator-manual/upgrading/overview.md + - operator-manual/upgrading/2.7-2.8.md - operator-manual/upgrading/2.6-2.7.md - operator-manual/upgrading/2.5-2.6.md - operator-manual/upgrading/2.4-2.5.md @@ -131,6 +139,7 @@ nav: - operator-manual/upgrading/1.2-1.3.md - operator-manual/upgrading/1.1-1.2.md - operator-manual/upgrading/1.0-1.1.md + - Project Specification Reference: operator-manual/project-specification.md - User Guide: - user-guide/index.md - user-guide/application_sources.md @@ -168,6 +177,7 @@ nav: - user-guide/extra_info.md - Notification subscriptions: user-guide/subscriptions.md - Command Reference: user-guide/commands/argocd.md + - Application Specification Reference: user-guide/application-specification.md - Developer Guide: - developer-guide/index.md - Architecture: diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 5f122433ee285..de48d10923261 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -203,9 +203,7 @@ func NewClient(opts *ClientOptions) (Client, error) { c.UserAgent = fmt.Sprintf("%s/%s", common.ArgoCDUserAgentName, common.GetVersion().Version) } // Override server address if specified in env or CLI flag - if serverFromEnv := os.Getenv(EnvArgoCDServer); serverFromEnv != "" { - c.ServerAddr = serverFromEnv - } + c.ServerAddr = env.StringFromEnv(EnvArgoCDServer, c.ServerAddr) if opts.PortForward || opts.PortForwardNamespace != "" { if opts.KubeOverrides == nil { opts.KubeOverrides = &clientcmd.ConfigOverrides{} @@ -229,9 +227,7 @@ func NewClient(opts *ClientOptions) (Client, error) { c.ServerAddr += ":443" } // Override auth-token if specified in env variable or CLI flag - if authFromEnv := os.Getenv(EnvArgoCDAuthToken); authFromEnv != "" { - c.AuthToken = authFromEnv - } + c.AuthToken = env.StringFromEnv(EnvArgoCDAuthToken, c.AuthToken) if opts.AuthToken != "" { c.AuthToken = strings.TrimSpace(opts.AuthToken) } @@ -285,8 +281,8 @@ func NewClient(opts *ClientOptions) (Client, error) { } } if !c.GRPCWeb { - //test if we need to set it to true - //if a call to grpc failed, then try again with GRPCWeb + // test if we need to set it to true + // if a call to grpc failed, then try again with GRPCWeb conn, versionIf, err := c.NewVersionClient() if err == nil { defer argoio.Close(conn) @@ -809,7 +805,7 @@ func (c *client) NewAccountClientOrDie() (io.Closer, accountpkg.AccountServiceCl func (c *client) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *argoappv1.ApplicationWatchEvent { appEventsCh := make(chan *argoappv1.ApplicationWatchEvent) cancelled := false - appName, appNs := argo.ParseAppQualifiedName(appName, "") + appName, appNs := argo.ParseFromQualifiedName(appName, "") go func() { defer close(appEventsCh) for !cancelled { diff --git a/pkg/apiclient/applicationset/applicationset.pb.go b/pkg/apiclient/applicationset/applicationset.pb.go index f24e802789c2d..8f717d1f6920f 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.go +++ b/pkg/apiclient/applicationset/applicationset.pb.go @@ -35,7 +35,9 @@ const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package // ApplicationSetGetQuery is a query for applicationset resources type ApplicationSetGetQuery struct { // the applicationsets's name - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // The application set namespace. Default empty is argocd control plane namespace + AppsetNamespace string `protobuf:"bytes,2,opt,name=appsetNamespace,proto3" json:"appsetNamespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -81,11 +83,20 @@ func (m *ApplicationSetGetQuery) GetName() string { return "" } +func (m *ApplicationSetGetQuery) GetAppsetNamespace() string { + if m != nil { + return m.AppsetNamespace + } + return "" +} + type ApplicationSetListQuery struct { // the project names to restrict returned list applicationsets Projects []string `protobuf:"bytes,1,rep,name=projects,proto3" json:"projects,omitempty"` // the selector to restrict returned list to applications only with matched labels - Selector string `protobuf:"bytes,2,opt,name=selector,proto3" json:"selector,omitempty"` + Selector string `protobuf:"bytes,2,opt,name=selector,proto3" json:"selector,omitempty"` + // The application set namespace. Default empty is argocd control plane namespace + AppsetNamespace string `protobuf:"bytes,3,opt,name=appsetNamespace,proto3" json:"appsetNamespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -138,6 +149,13 @@ func (m *ApplicationSetListQuery) GetSelector() string { return "" } +func (m *ApplicationSetListQuery) GetAppsetNamespace() string { + if m != nil { + return m.AppsetNamespace + } + return "" +} + type ApplicationSetResponse struct { Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"` Applicationset *v1alpha1.ApplicationSet `protobuf:"bytes,2,opt,name=applicationset,proto3" json:"applicationset,omitempty"` @@ -249,7 +267,9 @@ func (m *ApplicationSetCreateRequest) GetUpsert() bool { } type ApplicationSetDeleteRequest struct { - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // The application set namespace. Default empty is argocd control plane namespace + AppsetNamespace string `protobuf:"bytes,2,opt,name=appsetNamespace,proto3" json:"appsetNamespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -295,6 +315,13 @@ func (m *ApplicationSetDeleteRequest) GetName() string { return "" } +func (m *ApplicationSetDeleteRequest) GetAppsetNamespace() string { + if m != nil { + return m.AppsetNamespace + } + return "" +} + func init() { proto.RegisterType((*ApplicationSetGetQuery)(nil), "applicationset.ApplicationSetGetQuery") proto.RegisterType((*ApplicationSetListQuery)(nil), "applicationset.ApplicationSetListQuery") @@ -308,39 +335,40 @@ func init() { } var fileDescriptor_eacb9df0ce5738fa = []byte{ - // 501 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x94, 0xcf, 0x6e, 0x13, 0x31, - 0x10, 0xc6, 0xe5, 0xb6, 0x84, 0xd6, 0x48, 0x1c, 0x2c, 0xd1, 0x86, 0x05, 0x85, 0x68, 0x0f, 0xa5, - 0x14, 0xb0, 0x95, 0x70, 0x83, 0x13, 0x7f, 0xa4, 0x0a, 0x29, 0x07, 0xba, 0xbd, 0x71, 0x41, 0xae, - 0x33, 0xda, 0x2e, 0xdd, 0xae, 0x8d, 0xed, 0xac, 0x84, 0x10, 0x17, 0x24, 0x9e, 0x80, 0x27, 0x00, - 0x2e, 0x48, 0x5c, 0x79, 0x08, 0x8e, 0x48, 0xbc, 0x00, 0x8a, 0x78, 0x10, 0x64, 0x6f, 0x36, 0xe9, - 0x5a, 0x69, 0xc3, 0x21, 0xbd, 0x79, 0xd6, 0xe3, 0xf1, 0x6f, 0x3f, 0x7f, 0x33, 0x78, 0xd7, 0x80, - 0x2e, 0x41, 0x33, 0xae, 0x54, 0x9e, 0x09, 0x6e, 0x33, 0x59, 0x18, 0xb0, 0x41, 0x48, 0x95, 0x96, - 0x56, 0x92, 0xab, 0xcd, 0xaf, 0xd1, 0xcd, 0x54, 0xca, 0x34, 0x07, 0xc6, 0x55, 0xc6, 0x78, 0x51, - 0x48, 0x5b, 0xed, 0x54, 0xd9, 0xd1, 0x20, 0xcd, 0xec, 0xd1, 0xe8, 0x90, 0x0a, 0x79, 0xc2, 0xb8, - 0x4e, 0xa5, 0xd2, 0xf2, 0xb5, 0x5f, 0xdc, 0x17, 0x43, 0x56, 0xf6, 0x99, 0x3a, 0x4e, 0xdd, 0x49, - 0x73, 0xfa, 0x2e, 0x56, 0xf6, 0x78, 0xae, 0x8e, 0x78, 0x8f, 0xa5, 0x50, 0x80, 0xe6, 0x16, 0x86, - 0x55, 0xb5, 0xf8, 0x1e, 0xde, 0x7c, 0x3c, 0xcb, 0x3b, 0x00, 0xbb, 0x07, 0x76, 0x7f, 0x04, 0xfa, - 0x2d, 0x21, 0x78, 0xad, 0xe0, 0x27, 0xd0, 0x46, 0x5d, 0xb4, 0xb3, 0x91, 0xf8, 0x75, 0xbc, 0x8f, - 0xb7, 0x9a, 0xd9, 0x83, 0xcc, 0x4c, 0xd2, 0x23, 0xbc, 0xee, 0x48, 0x40, 0x58, 0xd3, 0x46, 0xdd, - 0xd5, 0x9d, 0x8d, 0x64, 0x1a, 0xbb, 0x3d, 0x03, 0x39, 0x08, 0x2b, 0x75, 0x7b, 0xc5, 0x97, 0x9b, - 0xc6, 0xf1, 0x37, 0x14, 0x12, 0x24, 0x60, 0x94, 0x13, 0x82, 0xb4, 0xf1, 0xe5, 0x49, 0x89, 0x09, - 0x44, 0x1d, 0x12, 0x8b, 0x03, 0xcd, 0x7c, 0xd9, 0x2b, 0xfd, 0x01, 0x9d, 0x89, 0x43, 0x6b, 0x71, - 0xfc, 0xe2, 0x95, 0x18, 0xd2, 0xb2, 0x4f, 0xd5, 0x71, 0x4a, 0x9d, 0x38, 0xf4, 0xd4, 0x71, 0x5a, - 0x8b, 0x43, 0x03, 0x8e, 0xe0, 0x8e, 0xf8, 0x3b, 0xc2, 0x37, 0x9a, 0x29, 0x4f, 0x35, 0x70, 0x0b, - 0x09, 0xbc, 0x19, 0x81, 0x99, 0x47, 0x85, 0x2e, 0x9e, 0x8a, 0x6c, 0xe2, 0xd6, 0x48, 0x19, 0xd0, - 0x95, 0x06, 0xeb, 0xc9, 0x24, 0x8a, 0x7b, 0x21, 0xec, 0x33, 0xc8, 0x61, 0x06, 0x3b, 0xe7, 0x79, - 0xfb, 0x9f, 0x2f, 0xe1, 0x6b, 0xcd, 0x33, 0x07, 0xa0, 0xcb, 0x4c, 0x00, 0xf9, 0x8a, 0xf0, 0xea, - 0x1e, 0x58, 0xb2, 0x4d, 0x03, 0x07, 0xcf, 0x37, 0x4f, 0xb4, 0xd4, 0x5f, 0x8e, 0xb7, 0x3f, 0xfc, - 0xfe, 0xfb, 0x69, 0xa5, 0x4b, 0x3a, 0xbe, 0x25, 0xca, 0x5e, 0xd0, 0x46, 0x86, 0xbd, 0x73, 0xf8, - 0xef, 0xc9, 0x17, 0x84, 0xd7, 0x9c, 0x23, 0xc9, 0xed, 0xf3, 0x31, 0xa7, 0xae, 0x8d, 0x5e, 0x2c, - 0x93, 0xd3, 0x95, 0x8d, 0x6f, 0x79, 0xd6, 0xeb, 0x64, 0xeb, 0x0c, 0x56, 0xf2, 0x03, 0xe1, 0x56, - 0xe5, 0x1b, 0x72, 0xf7, 0x7c, 0xcc, 0x86, 0xbb, 0x96, 0x2c, 0x29, 0xf3, 0x98, 0x77, 0xe2, 0xb3, - 0x30, 0x1f, 0x86, 0x36, 0xfb, 0x88, 0x70, 0xab, 0x72, 0xd0, 0x22, 0xec, 0x86, 0xcf, 0xa2, 0x05, - 0x8e, 0xa9, 0x9b, 0xbd, 0x7e, 0xe3, 0xdd, 0x05, 0x6f, 0xfc, 0xe4, 0xf9, 0xcf, 0x71, 0x07, 0xfd, - 0x1a, 0x77, 0xd0, 0x9f, 0x71, 0x07, 0xbd, 0x7c, 0xf4, 0x7f, 0xc3, 0x50, 0xe4, 0x19, 0x14, 0xe1, - 0xf4, 0x3d, 0x6c, 0xf9, 0x11, 0xf8, 0xe0, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb1, 0x22, 0xb1, - 0x96, 0xac, 0x05, 0x00, 0x00, + // 526 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x94, 0xdf, 0x8a, 0x13, 0x31, + 0x14, 0xc6, 0xc9, 0x76, 0xad, 0xbb, 0x11, 0x14, 0x02, 0xee, 0xd6, 0x51, 0x6a, 0x99, 0x8b, 0xb5, + 0xae, 0x98, 0xd0, 0x7a, 0xa7, 0x57, 0xfe, 0x81, 0x45, 0x28, 0xa2, 0xb3, 0xe0, 0x85, 0x5e, 0x48, + 0x76, 0x7a, 0x98, 0x1d, 0x77, 0x3a, 0x89, 0x49, 0x3a, 0x20, 0x8b, 0x37, 0x82, 0x4f, 0xe0, 0x13, + 0xa8, 0x37, 0x82, 0xb7, 0x3e, 0x84, 0x97, 0x82, 0x2f, 0x20, 0xc5, 0x07, 0x91, 0xc9, 0xcc, 0xb4, + 0x3b, 0xa1, 0xdb, 0x0a, 0x76, 0xef, 0x72, 0x26, 0x99, 0x73, 0x7e, 0xf9, 0xf2, 0x9d, 0x83, 0x77, + 0x35, 0xa8, 0x0c, 0x14, 0xe3, 0x52, 0x26, 0x71, 0xc8, 0x4d, 0x2c, 0x52, 0x0d, 0xc6, 0x09, 0xa9, + 0x54, 0xc2, 0x08, 0x72, 0xb1, 0xfe, 0xd5, 0xbb, 0x16, 0x09, 0x11, 0x25, 0xc0, 0xb8, 0x8c, 0x19, + 0x4f, 0x53, 0x61, 0x8a, 0x9d, 0xe2, 0xb4, 0x37, 0x88, 0x62, 0x73, 0x38, 0x3e, 0xa0, 0xa1, 0x18, + 0x31, 0xae, 0x22, 0x21, 0x95, 0x78, 0x6d, 0x17, 0xb7, 0xc3, 0x21, 0xcb, 0xfa, 0x4c, 0x1e, 0x45, + 0xf9, 0x9f, 0xfa, 0x64, 0x2d, 0x96, 0xf5, 0x78, 0x22, 0x0f, 0x79, 0x8f, 0x45, 0x90, 0x82, 0xe2, + 0x06, 0x86, 0x45, 0x36, 0xff, 0x39, 0xde, 0xba, 0x3f, 0x3b, 0xb7, 0x0f, 0x66, 0x0f, 0xcc, 0xb3, + 0x31, 0xa8, 0xb7, 0x84, 0xe0, 0xf5, 0x94, 0x8f, 0xa0, 0x85, 0x3a, 0xa8, 0xbb, 0x19, 0xd8, 0x35, + 0xe9, 0xe2, 0x4b, 0x5c, 0x4a, 0x0d, 0xe6, 0x09, 0x1f, 0x81, 0x96, 0x3c, 0x84, 0xd6, 0x9a, 0xdd, + 0x76, 0x3f, 0xfb, 0xc7, 0x78, 0xbb, 0x9e, 0x77, 0x10, 0xeb, 0x32, 0xb1, 0x87, 0x37, 0x72, 0x66, + 0x08, 0x8d, 0x6e, 0xa1, 0x4e, 0xa3, 0xbb, 0x19, 0x4c, 0xe3, 0x7c, 0x4f, 0x43, 0x02, 0xa1, 0x11, + 0xaa, 0xcc, 0x3c, 0x8d, 0xe7, 0x15, 0x6f, 0xcc, 0x2f, 0xfe, 0x15, 0xb9, 0xb7, 0x0a, 0x40, 0xcb, + 0x5c, 0x5c, 0xd2, 0xc2, 0xe7, 0xcb, 0x62, 0xe5, 0xc5, 0xaa, 0x90, 0x18, 0xec, 0xbc, 0x83, 0x05, + 0xb8, 0xd0, 0x1f, 0xd0, 0x99, 0xe0, 0xb4, 0x12, 0xdc, 0x2e, 0x5e, 0x85, 0x43, 0x9a, 0xf5, 0xa9, + 0x3c, 0x8a, 0x68, 0x2e, 0x38, 0x3d, 0xf1, 0x3b, 0xad, 0x04, 0xa7, 0x0e, 0x87, 0x53, 0xc3, 0xff, + 0x86, 0xf0, 0xd5, 0xfa, 0x91, 0x87, 0x0a, 0xb8, 0x81, 0x00, 0xde, 0x8c, 0x41, 0xcf, 0xa3, 0x42, + 0x67, 0x4f, 0x45, 0xb6, 0x70, 0x73, 0x2c, 0x35, 0xa8, 0x42, 0x83, 0x8d, 0xa0, 0x8c, 0xfc, 0x97, + 0x2e, 0xec, 0x23, 0x48, 0x60, 0x06, 0xfb, 0x5f, 0x96, 0xe9, 0x7f, 0x3a, 0x87, 0x2f, 0xd7, 0xb3, + 0xef, 0x83, 0xca, 0xe2, 0x10, 0xc8, 0x17, 0x84, 0x1b, 0x7b, 0x60, 0xc8, 0x0e, 0x75, 0xfa, 0x67, + 0xbe, 0x75, 0xbd, 0x95, 0x8a, 0xe3, 0xef, 0xbc, 0xff, 0xf5, 0xe7, 0xe3, 0x5a, 0x87, 0xb4, 0x6d, + 0x43, 0x66, 0x3d, 0xa7, 0x89, 0x35, 0x3b, 0xce, 0x2f, 0xfa, 0x8e, 0x7c, 0x46, 0x78, 0x3d, 0x77, + 0x39, 0xb9, 0xb1, 0x18, 0x73, 0xda, 0x09, 0xde, 0xd3, 0x55, 0x72, 0xe6, 0x69, 0xfd, 0xeb, 0x96, + 0xf5, 0x0a, 0xd9, 0x3e, 0x85, 0x95, 0x7c, 0x47, 0xb8, 0x59, 0x38, 0x8c, 0xdc, 0x5a, 0x8c, 0x59, + 0xf3, 0xe1, 0x8a, 0x25, 0x65, 0x16, 0xf3, 0xa6, 0x7f, 0x1a, 0xe6, 0x5d, 0xd7, 0x90, 0x1f, 0x10, + 0x6e, 0x16, 0x5e, 0x5b, 0x86, 0x5d, 0x73, 0xa4, 0xb7, 0xc4, 0x31, 0xd5, 0x58, 0xa8, 0xde, 0x78, + 0x77, 0xc9, 0x1b, 0x3f, 0x78, 0xfc, 0x63, 0xd2, 0x46, 0x3f, 0x27, 0x6d, 0xf4, 0x7b, 0xd2, 0x46, + 0x2f, 0xee, 0xfd, 0xdb, 0x28, 0x0e, 0x93, 0x18, 0x52, 0x77, 0xf6, 0x1f, 0x34, 0xed, 0x00, 0xbe, + 0xf3, 0x37, 0x00, 0x00, 0xff, 0xff, 0x96, 0x3f, 0x16, 0xa7, 0x2a, 0x06, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -563,6 +591,13 @@ func (m *ApplicationSetGetQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.AppsetNamespace) > 0 { + i -= len(m.AppsetNamespace) + copy(dAtA[i:], m.AppsetNamespace) + i = encodeVarintApplicationset(dAtA, i, uint64(len(m.AppsetNamespace))) + i-- + dAtA[i] = 0x12 + } if len(m.Name) > 0 { i -= len(m.Name) copy(dAtA[i:], m.Name) @@ -597,6 +632,13 @@ func (m *ApplicationSetListQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.AppsetNamespace) > 0 { + i -= len(m.AppsetNamespace) + copy(dAtA[i:], m.AppsetNamespace) + i = encodeVarintApplicationset(dAtA, i, uint64(len(m.AppsetNamespace))) + i-- + dAtA[i] = 0x1a + } if len(m.Selector) > 0 { i -= len(m.Selector) copy(dAtA[i:], m.Selector) @@ -735,6 +777,13 @@ func (m *ApplicationSetDeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.AppsetNamespace) > 0 { + i -= len(m.AppsetNamespace) + copy(dAtA[i:], m.AppsetNamespace) + i = encodeVarintApplicationset(dAtA, i, uint64(len(m.AppsetNamespace))) + i-- + dAtA[i] = 0x12 + } if len(m.Name) > 0 { i -= len(m.Name) copy(dAtA[i:], m.Name) @@ -766,6 +815,10 @@ func (m *ApplicationSetGetQuery) Size() (n int) { if l > 0 { n += 1 + l + sovApplicationset(uint64(l)) } + l = len(m.AppsetNamespace) + if l > 0 { + n += 1 + l + sovApplicationset(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -788,6 +841,10 @@ func (m *ApplicationSetListQuery) Size() (n int) { if l > 0 { n += 1 + l + sovApplicationset(uint64(l)) } + l = len(m.AppsetNamespace) + if l > 0 { + n += 1 + l + sovApplicationset(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -843,6 +900,10 @@ func (m *ApplicationSetDeleteRequest) Size() (n int) { if l > 0 { n += 1 + l + sovApplicationset(uint64(l)) } + l = len(m.AppsetNamespace) + if l > 0 { + n += 1 + l + sovApplicationset(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -916,6 +977,38 @@ func (m *ApplicationSetGetQuery) Unmarshal(dAtA []byte) error { } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppsetNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplicationset + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplicationset + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AppsetNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplicationset(dAtA[iNdEx:]) @@ -1031,6 +1124,38 @@ func (m *ApplicationSetListQuery) Unmarshal(dAtA []byte) error { } m.Selector = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppsetNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplicationset + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplicationset + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AppsetNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplicationset(dAtA[iNdEx:]) @@ -1340,6 +1465,38 @@ func (m *ApplicationSetDeleteRequest) Unmarshal(dAtA []byte) error { } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppsetNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplicationset + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplicationset + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AppsetNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplicationset(dAtA[iNdEx:]) diff --git a/pkg/apiclient/applicationset/applicationset.pb.gw.go b/pkg/apiclient/applicationset/applicationset.pb.gw.go index db537f548cb30..5e4c73f7add3b 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.gw.go +++ b/pkg/apiclient/applicationset/applicationset.pb.gw.go @@ -33,6 +33,10 @@ var _ = utilities.NewDoubleArray var _ = descriptor.ForMessage var _ = metadata.Join +var ( + filter_ApplicationSetService_Get_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + func request_ApplicationSetService_Get_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationSetServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq ApplicationSetGetQuery var metadata runtime.ServerMetadata @@ -55,6 +59,13 @@ func request_ApplicationSetService_Get_0(ctx context.Context, marshaler runtime. return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) } + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_Get_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := client.Get(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) return msg, metadata, err @@ -82,6 +93,13 @@ func local_request_ApplicationSetService_Get_0(ctx context.Context, marshaler ru return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) } + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_Get_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := server.Get(ctx, &protoReq) return msg, metadata, err @@ -175,6 +193,10 @@ func local_request_ApplicationSetService_Create_0(ctx context.Context, marshaler } +var ( + filter_ApplicationSetService_Delete_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + func request_ApplicationSetService_Delete_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationSetServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq ApplicationSetDeleteRequest var metadata runtime.ServerMetadata @@ -197,6 +219,13 @@ func request_ApplicationSetService_Delete_0(ctx context.Context, marshaler runti return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) } + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_Delete_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := client.Delete(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) return msg, metadata, err @@ -224,6 +253,13 @@ func local_request_ApplicationSetService_Delete_0(ctx context.Context, marshaler return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) } + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_Delete_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := server.Delete(ctx, &protoReq) return msg, metadata, err diff --git a/pkg/apiclient/settings/settings.pb.go b/pkg/apiclient/settings/settings.pb.go index 5fdb92a10f9f9..be5d129f6834f 100644 --- a/pkg/apiclient/settings/settings.pb.go +++ b/pkg/apiclient/settings/settings.pb.go @@ -84,9 +84,10 @@ type Settings struct { GoogleAnalytics *GoogleAnalyticsConfig `protobuf:"bytes,7,opt,name=googleAnalytics,proto3" json:"googleAnalytics,omitempty"` KustomizeOptions *v1alpha1.KustomizeOptions `protobuf:"bytes,8,opt,name=kustomizeOptions,proto3" json:"kustomizeOptions,omitempty"` // Help settings - Help *Help `protobuf:"bytes,9,opt,name=help,proto3" json:"help,omitempty"` - Plugins []*Plugin `protobuf:"bytes,10,rep,name=plugins,proto3" json:"plugins,omitempty"` - UserLoginsDisabled bool `protobuf:"varint,11,opt,name=userLoginsDisabled,proto3" json:"userLoginsDisabled,omitempty"` + Help *Help `protobuf:"bytes,9,opt,name=help,proto3" json:"help,omitempty"` + Plugins []*Plugin `protobuf:"bytes,10,rep,name=plugins,proto3" json:"plugins,omitempty"` + UserLoginsDisabled bool `protobuf:"varint,11,opt,name=userLoginsDisabled,proto3" json:"userLoginsDisabled,omitempty"` + // Deprecated: use sidecar plugins instead. ConfigManagementPlugins []*v1alpha1.ConfigManagementPlugin `protobuf:"bytes,12,rep,name=configManagementPlugins,proto3" json:"configManagementPlugins,omitempty"` KustomizeVersions []string `protobuf:"bytes,13,rep,name=kustomizeVersions,proto3" json:"kustomizeVersions,omitempty"` UiCssURL string `protobuf:"bytes,14,opt,name=uiCssURL,proto3" json:"uiCssURL,omitempty"` diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index af464fe16848f..30c4efcfbf289 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -12,6 +12,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStep,MatchExpressions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStrategy,Steps API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,Generators +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,GoTemplateOptions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,ApplicationStatus API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Conditions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTemplateMeta,Finalizers @@ -57,6 +58,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ProjectRole,JWTTokens API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ProjectRole,Policies API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGenerator,Filters +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGeneratorAzureDevOps,Labels API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGeneratorGitLab,Labels API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGeneratorGithub,Labels API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RepositoryCertificate,CertData @@ -75,6 +77,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RevisionHistory,Revisions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RevisionMetadata,Tags API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGenerator,Filters +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorAWSCodeCommit,TagFilters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorFilter,PathsDoNotExist API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorFilter,PathsExist API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncOperation,Manifests @@ -98,6 +101,7 @@ API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/applicat API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,JWTToken,IssuedAt API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,KustomizeOptions,BinaryPath API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,KustomizeOptions,BuildOptions +API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGenerator,AzureDevOps API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGenerator,GitLab API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RefTarget,Chart API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RefTarget,Repo @@ -114,6 +118,7 @@ API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/applicat API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,Actions API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,HealthLua API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,IgnoreDifferences +API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,IgnoreResourceUpdates API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,KnownTypeFields API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,UseOpenLibs API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,objectMeta,Name diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index ea4e99f2af27a..3c8b3a34a018b 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -22,6 +22,7 @@ import ( "sort" "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/util/security" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -48,18 +49,21 @@ type ApplicationSet struct { } // RBACName formats fully qualified application name for RBAC check. -func (a *ApplicationSet) RBACName() string { - return fmt.Sprintf("%s/%s", a.Spec.Template.Spec.GetProject(), a.ObjectMeta.Name) +func (a *ApplicationSet) RBACName(defaultNS string) string { + return security.RBACName(defaultNS, a.Spec.Template.Spec.GetProject(), a.Namespace, a.Name) } // ApplicationSetSpec represents a class of application set state. type ApplicationSetSpec struct { - GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"` - Generators []ApplicationSetGenerator `json:"generators" protobuf:"bytes,2,name=generators"` - Template ApplicationSetTemplate `json:"template" protobuf:"bytes,3,name=template"` - SyncPolicy *ApplicationSetSyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"` - Strategy *ApplicationSetStrategy `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"` - PreservedFields *ApplicationPreservedFields `json:"preservedFields,omitempty" protobuf:"bytes,6,opt,name=preservedFields"` + GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"` + Generators []ApplicationSetGenerator `json:"generators" protobuf:"bytes,2,name=generators"` + Template ApplicationSetTemplate `json:"template" protobuf:"bytes,3,name=template"` + SyncPolicy *ApplicationSetSyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"` + Strategy *ApplicationSetStrategy `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"` + PreservedFields *ApplicationPreservedFields `json:"preservedFields,omitempty" protobuf:"bytes,6,opt,name=preservedFields"` + GoTemplateOptions []string `json:"goTemplateOptions,omitempty" protobuf:"bytes,7,opt,name=goTemplateOptions"` + // ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators + ApplyNestedSelectors bool `json:"applyNestedSelectors,omitempty" protobuf:"bytes,8,name=applyNestedSelectors"` } type ApplicationPreservedFields struct { @@ -87,11 +91,39 @@ type ApplicationMatchExpression struct { Values []string `json:"values,omitempty" protobuf:"bytes,3,opt,name=values"` } +// ApplicationsSyncPolicy representation +// "create-only" means applications are only created. If the generator's result contains update, applications won't be updated +// "create-update" means applications are only created/Updated. If the generator's result contains update, applications will be updated, but not deleted +// "create-delete" means applications are only created/deleted. If the generator's result contains update, applications won't be updated, if it results in deleted applications, the applications will be deleted +// "sync" means create/update/deleted. If the generator's result contains update, applications will be updated, if it results in deleted applications, the applications will be deleted +// If no ApplicationsSyncPolicy is defined, it defaults it to sync +type ApplicationsSyncPolicy string + +// sync / create-only / create-update / create-delete +const ( + ApplicationsSyncPolicyCreateOnly ApplicationsSyncPolicy = "create-only" + ApplicationsSyncPolicyCreateUpdate ApplicationsSyncPolicy = "create-update" + ApplicationsSyncPolicyCreateDelete ApplicationsSyncPolicy = "create-delete" + ApplicationsSyncPolicySync ApplicationsSyncPolicy = "sync" +) + +func (s ApplicationsSyncPolicy) AllowUpdate() bool { + return s == ApplicationsSyncPolicyCreateUpdate || s == ApplicationsSyncPolicySync +} + +func (s ApplicationsSyncPolicy) AllowDelete() bool { + return s == ApplicationsSyncPolicySync || s == ApplicationsSyncPolicyCreateDelete +} + // ApplicationSetSyncPolicy configures how generated Applications will relate to their // ApplicationSet. type ApplicationSetSyncPolicy struct { // PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted. PreserveResourcesOnDeletion bool `json:"preserveResourcesOnDeletion,omitempty" protobuf:"bytes,1,name=syncPolicy"` + // ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Enum=create-only;create-update;create-delete;sync + ApplicationsSync *ApplicationsSyncPolicy `json:"applicationsSync,omitempty" protobuf:"bytes,2,opt,name=applicationsSync,casttype=ApplicationsSyncPolicy"` } // ApplicationSetTemplate represents argocd ApplicationSpec @@ -123,6 +155,8 @@ type ApplicationSetGenerator struct { // Selector allows to post-filter all generator. Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,9,name=selector"` + + Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,10,name=plugin"` } // ApplicationSetNestedGenerator represents a generator nested within a combination-type generator (MatrixGenerator or @@ -143,6 +177,8 @@ type ApplicationSetNestedGenerator struct { // Selector allows to post-filter all generator. Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,9,name=selector"` + + Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,10,name=plugin"` } type ApplicationSetNestedGenerators []ApplicationSetNestedGenerator @@ -158,6 +194,10 @@ type ApplicationSetTerminalGenerator struct { SCMProvider *SCMProviderGenerator `json:"scmProvider,omitempty" protobuf:"bytes,4,name=scmProvider"` ClusterDecisionResource *DuckTypeGenerator `json:"clusterDecisionResource,omitempty" protobuf:"bytes,5,name=clusterDecisionResource"` PullRequest *PullRequestGenerator `json:"pullRequest,omitempty" protobuf:"bytes,6,name=pullRequest"` + Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,7,name=pullRequest"` + + // Selector allows to post-filter all generator. + Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,8,name=selector"` } type ApplicationSetTerminalGenerators []ApplicationSetTerminalGenerator @@ -175,6 +215,8 @@ func (g ApplicationSetTerminalGenerators) toApplicationSetNestedGenerators() []A SCMProvider: terminalGenerator.SCMProvider, ClusterDecisionResource: terminalGenerator.ClusterDecisionResource, PullRequest: terminalGenerator.PullRequest, + Plugin: terminalGenerator.Plugin, + Selector: terminalGenerator.Selector, } } return nestedGenerators @@ -320,6 +362,9 @@ type GitGenerator struct { RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"bytes,5,name=requeueAfterSeconds"` Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,6,name=template"` PathParamPrefix string `json:"pathParamPrefix,omitempty" protobuf:"bytes,7,name=pathParamPrefix"` + + // Values contains key/value pairs which are passed directly as parameters to the template + Values map[string]string `json:"values,omitempty" protobuf:"bytes,8,name=values"` } type GitDirectoryGeneratorItem struct { @@ -348,6 +393,10 @@ type SCMProviderGenerator struct { // Standard parameters. RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"varint,9,opt,name=requeueAfterSeconds"` Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,10,opt,name=template"` + + // Values contains key/value pairs which are passed directly as parameters to the template + Values map[string]string `json:"values,omitempty" protobuf:"bytes,11,name=values"` + AWSCodeCommit *SCMProviderGeneratorAWSCodeCommit `json:"awsCodeCommit,omitempty" protobuf:"bytes,12,opt,name=awsCodeCommit"` } // SCMProviderGeneratorGitea defines a connection info specific to Gitea. @@ -430,6 +479,25 @@ type SCMProviderGeneratorAzureDevOps struct { AllBranches bool `json:"allBranches,omitempty" protobuf:"varint,9,opt,name=allBranches"` } +type TagFilter struct { + Key string `json:"key" protobuf:"bytes,1,opt,name=key"` + Value string `json:"value,omitempty" protobuf:"bytes,2,opt,name=value"` +} + +// SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit. +type SCMProviderGeneratorAWSCodeCommit struct { + // TagFilters provides the tag filter(s) for repo discovery + TagFilters []*TagFilter `json:"tagFilters,omitempty" protobuf:"bytes,1,opt,name=tagFilters"` + // Role provides the AWS IAM role to assume, for cross-account repo discovery + // if not provided, AppSet controller will use its pod/node identity to discover. + Role string `json:"role,omitempty" protobuf:"bytes,2,opt,name=role"` + // Region provides the AWS region to discover repos. + // if not provided, AppSet controller will infer the current region from environment. + Region string `json:"region,omitempty" protobuf:"bytes,3,opt,name=region"` + // Scan all branches instead of just the default branch. + AllBranches bool `json:"allBranches,omitempty" protobuf:"varint,4,opt,name=allBranches"` +} + // SCMProviderGeneratorFilter is a single repository filter. // If multiple filter types are set on a single struct, they will be AND'd together. All filters must // pass for a repo to be included. @@ -456,11 +524,14 @@ type PullRequestGenerator struct { // Filters for which pull requests should be considered. Filters []PullRequestGeneratorFilter `json:"filters,omitempty" protobuf:"bytes,5,rep,name=filters"` // Standard parameters. - RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"varint,6,opt,name=requeueAfterSeconds"` - Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,7,opt,name=template"` + RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"varint,6,opt,name=requeueAfterSeconds"` + Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,7,opt,name=template"` + Bitbucket *PullRequestGeneratorBitbucket `json:"bitbucket,omitempty" protobuf:"bytes,8,opt,name=bitbucket"` + // Additional provider to use and config for it. + AzureDevOps *PullRequestGeneratorAzureDevOps `json:"azuredevops,omitempty" protobuf:"bytes,9,opt,name=azuredevops"` } -// PullRequestGenerator defines connection info specific to Gitea. +// PullRequestGeneratorGitea defines connection info specific to Gitea. type PullRequestGeneratorGitea struct { // Gitea org or user to scan. Required. Owner string `json:"owner" protobuf:"bytes,1,opt,name=owner"` @@ -474,6 +545,22 @@ type PullRequestGeneratorGitea struct { Insecure bool `json:"insecure,omitempty" protobuf:"varint,5,opt,name=insecure"` } +// PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps. +type PullRequestGeneratorAzureDevOps struct { + // Azure DevOps org to scan. Required. + Organization string `json:"organization" protobuf:"bytes,1,opt,name=organization"` + // Azure DevOps project name to scan. Required. + Project string `json:"project" protobuf:"bytes,2,opt,name=project"` + // Azure DevOps repo name to scan. Required. + Repo string `json:"repo" protobuf:"bytes,3,opt,name=repo"` + // The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/. + API string `json:"api,omitempty" protobuf:"bytes,4,opt,name=api"` + // Authentication token reference. + TokenRef *SecretRef `json:"tokenRef,omitempty" protobuf:"bytes,5,opt,name=tokenRef"` + // Labels is used to filter the PRs that you want to target + Labels []string `json:"labels,omitempty" protobuf:"bytes,6,rep,name=labels"` +} + // PullRequestGenerator defines connection info specific to GitHub. type PullRequestGeneratorGithub struct { // GitHub org or user to scan. Required. @@ -504,7 +591,7 @@ type PullRequestGeneratorGitLab struct { PullRequestState string `json:"pullRequestState,omitempty" protobuf:"bytes,5,rep,name=pullRequestState"` } -// PullRequestGenerator defines connection info specific to BitbucketServer. +// PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer. type PullRequestGeneratorBitbucketServer struct { // Project to scan. Required. Project string `json:"project" protobuf:"bytes,1,opt,name=project"` @@ -516,6 +603,26 @@ type PullRequestGeneratorBitbucketServer struct { BasicAuth *BasicAuthBitbucketServer `json:"basicAuth,omitempty" protobuf:"bytes,4,opt,name=basicAuth"` } +// PullRequestGeneratorBitbucket defines connection info specific to Bitbucket. +type PullRequestGeneratorBitbucket struct { + // Workspace to scan. Required. + Owner string `json:"owner" protobuf:"bytes,1,opt,name=owner"` + // Repo name to scan. Required. + Repo string `json:"repo" protobuf:"bytes,2,opt,name=repo"` + // The Bitbucket REST API URL to talk to. If blank, uses https://api.bitbucket.org/2.0. + API string `json:"api,omitempty" protobuf:"bytes,3,opt,name=api"` + // Credentials for Basic auth + BasicAuth *BasicAuthBitbucketServer `json:"basicAuth,omitempty" protobuf:"bytes,4,opt,name=basicAuth"` + // Credentials for AppToken (Bearer auth) + BearerToken *BearerTokenBitbucketCloud `json:"bearerToken,omitempty" protobuf:"bytes,5,opt,name=bearerToken"` +} + +// BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth. +type BearerTokenBitbucketCloud struct { + // Password (or personal access token) reference. + TokenRef *SecretRef `json:"tokenRef" protobuf:"bytes,1,opt,name=tokenRef"` +} + // BasicAuthBitbucketServer defines the username/(password or personal access token) for Basic auth. type BasicAuthBitbucketServer struct { // Username for Basic auth @@ -528,7 +635,34 @@ type BasicAuthBitbucketServer struct { // If multiple filter types are set on a single struct, they will be AND'd together. All filters must // pass for a pull request to be included. type PullRequestGeneratorFilter struct { - BranchMatch *string `json:"branchMatch,omitempty" protobuf:"bytes,1,opt,name=branchMatch"` + BranchMatch *string `json:"branchMatch,omitempty" protobuf:"bytes,1,opt,name=branchMatch"` + TargetBranchMatch *string `json:"targetBranchMatch,omitempty" protobuf:"bytes,2,opt,name=targetBranchMatch"` +} + +type PluginConfigMapRef struct { + // Name of the ConfigMap + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` +} + +type PluginParameters map[string]apiextensionsv1.JSON + +type PluginInput struct { + // Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the + // values can be any type. + Parameters PluginParameters `json:"parameters,omitempty" protobuf:"bytes,1,name=parameters"` +} + +// PluginGenerator defines connection info specific to Plugin. +type PluginGenerator struct { + ConfigMapRef PluginConfigMapRef `json:"configMapRef" protobuf:"bytes,1,name=configMapRef"` + Input PluginInput `json:"input,omitempty" protobuf:"bytes,2,name=input"` + // RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again. + RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"varint,3,opt,name=requeueAfterSeconds"` + Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,4,name=template"` + + // Values contains key/value pairs which are passed directly as parameters to the template. These values will not be + // sent as parameters to the plugin. + Values map[string]string `json:"values,omitempty" protobuf:"bytes,5,name=values"` } // ApplicationSetStatus defines the observed state of ApplicationSet @@ -681,3 +815,14 @@ func (status *ApplicationSetStatus) SetApplicationStatus(newStatus ApplicationSe } status.ApplicationStatus = append(status.ApplicationStatus, newStatus) } + +// QualifiedName returns the full qualified name of the applicationset, including +// the name of the namespace it is created in delimited by a forward slash, +// i.e. / +func (a *ApplicationSet) QualifiedName() string { + if a.Namespace == "" { + return a.Name + } else { + return a.Namespace + "/" + a.Name + } +} diff --git a/pkg/apis/application/v1alpha1/applicationset_types_test.go b/pkg/apis/application/v1alpha1/applicationset_types_test.go index 67fc502470a06..62ff3aac4e95d 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types_test.go +++ b/pkg/apis/application/v1alpha1/applicationset_types_test.go @@ -38,6 +38,42 @@ func newTestAppSet(name, namespace, repo string) *ApplicationSet { return a } +func TestApplicationsSyncPolicy(t *testing.T) { + assert.False(t, ApplicationsSyncPolicyCreateOnly.AllowDelete()) + assert.False(t, ApplicationsSyncPolicyCreateOnly.AllowUpdate()) + + assert.False(t, ApplicationsSyncPolicyCreateUpdate.AllowDelete()) + assert.True(t, ApplicationsSyncPolicyCreateUpdate.AllowUpdate()) + + assert.True(t, ApplicationsSyncPolicySync.AllowDelete()) + assert.True(t, ApplicationsSyncPolicySync.AllowUpdate()) +} + +func TestApplicationSetRBACName(t *testing.T) { + testRepo := "https://github.com/org/repo" + + t.Run("Test RBAC name with namespace", func(t *testing.T) { + namespace := "guestbook" + a := newTestAppSet("test-appset", namespace, testRepo) + a.Spec.Template.Spec.Project = "test" + assert.Equal(t, "test/guestbook/test-appset", a.RBACName("argocd")) + }) + + t.Run("Test RBAC name default ns", func(t *testing.T) { + namespace := "argocd" + a := newTestAppSet("test-appset", namespace, testRepo) + a.Spec.Template.Spec.Project = "test" + assert.Equal(t, "test/test-appset", a.RBACName("argocd")) + }) + + t.Run("Test RBAC no ns", func(t *testing.T) { + a := newTestAppSet("test-appset", "", testRepo) + a.Spec.Template.Spec.Project = "test" + assert.Equal(t, "test/test-appset", a.RBACName("argocd")) + }) + +} + func TestApplicationSetSetConditions(t *testing.T) { fiveMinsAgo := &metav1.Time{Time: time.Now().Add(-5 * time.Minute)} tenMinsAgo := &metav1.Time{Time: time.Now().Add(-10 * time.Minute)} diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index f728362e45089..28900c68a4533 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -17,6 +17,7 @@ import ( v12 "k8s.io/api/core/v1" v11 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" math "math" math_bits "math/bits" @@ -1158,10 +1159,38 @@ func (m *BasicAuthBitbucketServer) XXX_DiscardUnknown() { var xxx_messageInfo_BasicAuthBitbucketServer proto.InternalMessageInfo +func (m *BearerTokenBitbucketCloud) Reset() { *m = BearerTokenBitbucketCloud{} } +func (*BearerTokenBitbucketCloud) ProtoMessage() {} +func (*BearerTokenBitbucketCloud) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{40} +} +func (m *BearerTokenBitbucketCloud) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BearerTokenBitbucketCloud) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BearerTokenBitbucketCloud) XXX_Merge(src proto.Message) { + xxx_messageInfo_BearerTokenBitbucketCloud.Merge(m, src) +} +func (m *BearerTokenBitbucketCloud) XXX_Size() int { + return m.Size() +} +func (m *BearerTokenBitbucketCloud) XXX_DiscardUnknown() { + xxx_messageInfo_BearerTokenBitbucketCloud.DiscardUnknown(m) +} + +var xxx_messageInfo_BearerTokenBitbucketCloud proto.InternalMessageInfo + func (m *ChartDetails) Reset() { *m = ChartDetails{} } func (*ChartDetails) ProtoMessage() {} func (*ChartDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{40} + return fileDescriptor_030104ce3b95bcac, []int{41} } func (m *ChartDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1189,7 +1218,7 @@ var xxx_messageInfo_ChartDetails proto.InternalMessageInfo func (m *Cluster) Reset() { *m = Cluster{} } func (*Cluster) ProtoMessage() {} func (*Cluster) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{41} + return fileDescriptor_030104ce3b95bcac, []int{42} } func (m *Cluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1217,7 +1246,7 @@ var xxx_messageInfo_Cluster proto.InternalMessageInfo func (m *ClusterCacheInfo) Reset() { *m = ClusterCacheInfo{} } func (*ClusterCacheInfo) ProtoMessage() {} func (*ClusterCacheInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{42} + return fileDescriptor_030104ce3b95bcac, []int{43} } func (m *ClusterCacheInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1245,7 +1274,7 @@ var xxx_messageInfo_ClusterCacheInfo proto.InternalMessageInfo func (m *ClusterConfig) Reset() { *m = ClusterConfig{} } func (*ClusterConfig) ProtoMessage() {} func (*ClusterConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{43} + return fileDescriptor_030104ce3b95bcac, []int{44} } func (m *ClusterConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1273,7 +1302,7 @@ var xxx_messageInfo_ClusterConfig proto.InternalMessageInfo func (m *ClusterGenerator) Reset() { *m = ClusterGenerator{} } func (*ClusterGenerator) ProtoMessage() {} func (*ClusterGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{44} + return fileDescriptor_030104ce3b95bcac, []int{45} } func (m *ClusterGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1301,7 +1330,7 @@ var xxx_messageInfo_ClusterGenerator proto.InternalMessageInfo func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } func (*ClusterInfo) ProtoMessage() {} func (*ClusterInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{45} + return fileDescriptor_030104ce3b95bcac, []int{46} } func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1329,7 +1358,7 @@ var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo func (m *ClusterList) Reset() { *m = ClusterList{} } func (*ClusterList) ProtoMessage() {} func (*ClusterList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{46} + return fileDescriptor_030104ce3b95bcac, []int{47} } func (m *ClusterList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1357,7 +1386,7 @@ var xxx_messageInfo_ClusterList proto.InternalMessageInfo func (m *Command) Reset() { *m = Command{} } func (*Command) ProtoMessage() {} func (*Command) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{47} + return fileDescriptor_030104ce3b95bcac, []int{48} } func (m *Command) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1385,7 +1414,7 @@ var xxx_messageInfo_Command proto.InternalMessageInfo func (m *ComparedTo) Reset() { *m = ComparedTo{} } func (*ComparedTo) ProtoMessage() {} func (*ComparedTo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{48} + return fileDescriptor_030104ce3b95bcac, []int{49} } func (m *ComparedTo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1413,7 +1442,7 @@ var xxx_messageInfo_ComparedTo proto.InternalMessageInfo func (m *ComponentParameter) Reset() { *m = ComponentParameter{} } func (*ComponentParameter) ProtoMessage() {} func (*ComponentParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{49} + return fileDescriptor_030104ce3b95bcac, []int{50} } func (m *ComponentParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1441,7 +1470,7 @@ var xxx_messageInfo_ComponentParameter proto.InternalMessageInfo func (m *ConfigManagementPlugin) Reset() { *m = ConfigManagementPlugin{} } func (*ConfigManagementPlugin) ProtoMessage() {} func (*ConfigManagementPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{50} + return fileDescriptor_030104ce3b95bcac, []int{51} } func (m *ConfigManagementPlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1469,7 +1498,7 @@ var xxx_messageInfo_ConfigManagementPlugin proto.InternalMessageInfo func (m *ConnectionState) Reset() { *m = ConnectionState{} } func (*ConnectionState) ProtoMessage() {} func (*ConnectionState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{51} + return fileDescriptor_030104ce3b95bcac, []int{52} } func (m *ConnectionState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1497,7 +1526,7 @@ var xxx_messageInfo_ConnectionState proto.InternalMessageInfo func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{52} + return fileDescriptor_030104ce3b95bcac, []int{53} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1525,7 +1554,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{53} + return fileDescriptor_030104ce3b95bcac, []int{54} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1553,7 +1582,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{54} + return fileDescriptor_030104ce3b95bcac, []int{55} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1581,7 +1610,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{55} + return fileDescriptor_030104ce3b95bcac, []int{56} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1609,7 +1638,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{56} + return fileDescriptor_030104ce3b95bcac, []int{57} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1637,7 +1666,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{57} + return fileDescriptor_030104ce3b95bcac, []int{58} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1665,7 +1694,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1693,7 +1722,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1721,7 +1750,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1749,7 +1778,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1777,7 +1806,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1805,7 +1834,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1833,7 +1862,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1861,7 +1890,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1889,7 +1918,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1917,7 +1946,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1945,7 +1974,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1973,7 +2002,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2001,7 +2030,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2029,7 +2058,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2057,7 +2086,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2085,7 +2114,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *KustomizeReplica) Reset() { *m = KustomizeReplica{} } func (*KustomizeReplica) ProtoMessage() {} func (*KustomizeReplica) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2113,7 +2142,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2141,7 +2170,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2169,7 +2198,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2197,7 +2226,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2225,7 +2254,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2253,7 +2282,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2281,7 +2310,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2309,7 +2338,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2337,7 +2366,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2365,7 +2394,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OptionalArray) Reset() { *m = OptionalArray{} } func (*OptionalArray) ProtoMessage() {} func (*OptionalArray) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *OptionalArray) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2393,7 +2422,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo func (m *OptionalMap) Reset() { *m = OptionalMap{} } func (*OptionalMap) ProtoMessage() {} func (*OptionalMap) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *OptionalMap) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2421,7 +2450,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2449,7 +2478,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2477,7 +2506,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2502,10 +2531,94 @@ func (m *OverrideIgnoreDiff) XXX_DiscardUnknown() { var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo +func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } +func (*PluginConfigMapRef) ProtoMessage() {} +func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{89} +} +func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginConfigMapRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PluginConfigMapRef) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginConfigMapRef.Merge(m, src) +} +func (m *PluginConfigMapRef) XXX_Size() int { + return m.Size() +} +func (m *PluginConfigMapRef) XXX_DiscardUnknown() { + xxx_messageInfo_PluginConfigMapRef.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo + +func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } +func (*PluginGenerator) ProtoMessage() {} +func (*PluginGenerator) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{90} +} +func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginGenerator) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PluginGenerator) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginGenerator.Merge(m, src) +} +func (m *PluginGenerator) XXX_Size() int { + return m.Size() +} +func (m *PluginGenerator) XXX_DiscardUnknown() { + xxx_messageInfo_PluginGenerator.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo + +func (m *PluginInput) Reset() { *m = PluginInput{} } +func (*PluginInput) ProtoMessage() {} +func (*PluginInput) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{91} +} +func (m *PluginInput) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginInput) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PluginInput) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginInput.Merge(m, src) +} +func (m *PluginInput) XXX_Size() int { + return m.Size() +} +func (m *PluginInput) XXX_DiscardUnknown() { + xxx_messageInfo_PluginInput.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginInput proto.InternalMessageInfo + func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2533,7 +2646,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2558,10 +2671,66 @@ func (m *PullRequestGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo +func (m *PullRequestGeneratorAzureDevOps) Reset() { *m = PullRequestGeneratorAzureDevOps{} } +func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {} +func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{94} +} +func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PullRequestGeneratorAzureDevOps) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PullRequestGeneratorAzureDevOps) XXX_Merge(src proto.Message) { + xxx_messageInfo_PullRequestGeneratorAzureDevOps.Merge(m, src) +} +func (m *PullRequestGeneratorAzureDevOps) XXX_Size() int { + return m.Size() +} +func (m *PullRequestGeneratorAzureDevOps) XXX_DiscardUnknown() { + xxx_messageInfo_PullRequestGeneratorAzureDevOps.DiscardUnknown(m) +} + +var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo + +func (m *PullRequestGeneratorBitbucket) Reset() { *m = PullRequestGeneratorBitbucket{} } +func (*PullRequestGeneratorBitbucket) ProtoMessage() {} +func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{95} +} +func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PullRequestGeneratorBitbucket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PullRequestGeneratorBitbucket) XXX_Merge(src proto.Message) { + xxx_messageInfo_PullRequestGeneratorBitbucket.Merge(m, src) +} +func (m *PullRequestGeneratorBitbucket) XXX_Size() int { + return m.Size() +} +func (m *PullRequestGeneratorBitbucket) XXX_DiscardUnknown() { + xxx_messageInfo_PullRequestGeneratorBitbucket.DiscardUnknown(m) +} + +var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo + func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2589,7 +2758,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2617,7 +2786,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2645,7 +2814,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2673,7 +2842,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2701,7 +2870,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2729,7 +2898,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2757,7 +2926,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2785,7 +2954,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2813,7 +2982,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2841,7 +3010,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2869,7 +3038,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2897,7 +3066,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2925,7 +3094,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2953,7 +3122,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2981,7 +3150,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3009,7 +3178,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3037,7 +3206,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3065,7 +3234,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3093,7 +3262,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3121,7 +3290,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3149,7 +3318,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3177,7 +3346,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3205,7 +3374,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3233,7 +3402,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3261,7 +3430,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3289,7 +3458,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3317,7 +3486,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3342,10 +3511,38 @@ func (m *SCMProviderGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo +func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } +func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} +func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{124} +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Merge(src proto.Message) { + xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit.Merge(m, src) +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Size() int { + return m.Size() +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_DiscardUnknown() { + xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit.DiscardUnknown(m) +} + +var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo + func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3373,7 +3570,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3401,7 +3598,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3429,7 +3626,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3457,7 +3654,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3485,7 +3682,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3513,7 +3710,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3541,7 +3738,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3569,7 +3766,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3597,7 +3794,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3625,7 +3822,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3653,7 +3850,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3681,7 +3878,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3709,7 +3906,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3737,7 +3934,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3765,7 +3962,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3793,7 +3990,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3821,7 +4018,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3849,7 +4046,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{143} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3877,7 +4074,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{144} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3902,6 +4099,34 @@ func (m *TLSClientConfig) XXX_DiscardUnknown() { var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo +func (m *TagFilter) Reset() { *m = TagFilter{} } +func (*TagFilter) ProtoMessage() {} +func (*TagFilter) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{145} +} +func (m *TagFilter) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TagFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TagFilter) XXX_Merge(src proto.Message) { + xxx_messageInfo_TagFilter.Merge(m, src) +} +func (m *TagFilter) XXX_Size() int { + return m.Size() +} +func (m *TagFilter) XXX_DiscardUnknown() { + xxx_messageInfo_TagFilter.DiscardUnknown(m) +} + +var xxx_messageInfo_TagFilter proto.InternalMessageInfo + func init() { proto.RegisterType((*AWSAuthConfig)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.AWSAuthConfig") proto.RegisterType((*AppProject)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.AppProject") @@ -3948,6 +4173,7 @@ func init() { proto.RegisterType((*ApplicationWatchEvent)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationWatchEvent") proto.RegisterType((*Backoff)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Backoff") proto.RegisterType((*BasicAuthBitbucketServer)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.BasicAuthBitbucketServer") + proto.RegisterType((*BearerTokenBitbucketCloud)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.BearerTokenBitbucketCloud") proto.RegisterType((*ChartDetails)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ChartDetails") proto.RegisterType((*Cluster)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Cluster") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Cluster.AnnotationsEntry") @@ -3971,6 +4197,7 @@ func init() { proto.RegisterType((*GitDirectoryGeneratorItem)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitDirectoryGeneratorItem") proto.RegisterType((*GitFileGeneratorItem)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitFileGeneratorItem") proto.RegisterType((*GitGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitGenerator") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitGenerator.ValuesEntry") proto.RegisterType((*GnuPGPublicKey)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GnuPGPublicKey") proto.RegisterType((*GnuPGPublicKeyList)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GnuPGPublicKeyList") proto.RegisterType((*HealthStatus)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HealthStatus") @@ -4004,8 +4231,15 @@ func init() { proto.RegisterType((*OrphanedResourceKey)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.OrphanedResourceKey") proto.RegisterType((*OrphanedResourcesMonitorSettings)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.OrphanedResourcesMonitorSettings") proto.RegisterType((*OverrideIgnoreDiff)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.OverrideIgnoreDiff") + proto.RegisterType((*PluginConfigMapRef)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginConfigMapRef") + proto.RegisterType((*PluginGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginGenerator") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginGenerator.ValuesEntry") + proto.RegisterType((*PluginInput)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginInput") + proto.RegisterMapType((PluginParameters)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginInput.ParametersEntry") proto.RegisterType((*ProjectRole)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ProjectRole") proto.RegisterType((*PullRequestGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGenerator") + proto.RegisterType((*PullRequestGeneratorAzureDevOps)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGeneratorAzureDevOps") + proto.RegisterType((*PullRequestGeneratorBitbucket)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGeneratorBitbucket") proto.RegisterType((*PullRequestGeneratorBitbucketServer)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGeneratorBitbucketServer") proto.RegisterType((*PullRequestGeneratorFilter)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGeneratorFilter") proto.RegisterType((*PullRequestGeneratorGitLab)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGeneratorGitLab") @@ -4036,6 +4270,8 @@ func init() { proto.RegisterType((*RevisionHistory)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RevisionHistory") proto.RegisterType((*RevisionMetadata)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RevisionMetadata") proto.RegisterType((*SCMProviderGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGenerator") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGenerator.ValuesEntry") + proto.RegisterType((*SCMProviderGeneratorAWSCodeCommit)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorAWSCodeCommit") proto.RegisterType((*SCMProviderGeneratorAzureDevOps)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorAzureDevOps") proto.RegisterType((*SCMProviderGeneratorBitbucket)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorBitbucket") proto.RegisterType((*SCMProviderGeneratorBitbucketServer)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorBitbucketServer") @@ -4056,6 +4292,7 @@ func init() { proto.RegisterType((*SyncStrategyHook)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncStrategyHook") proto.RegisterType((*SyncWindow)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncWindow") proto.RegisterType((*TLSClientConfig)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.TLSClientConfig") + proto.RegisterType((*TagFilter)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.TagFilter") } func init() { @@ -4063,627 +4300,667 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 9916 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0xd7, - 0x75, 0x18, 0xac, 0x9e, 0xc1, 0x00, 0x33, 0x07, 0x8f, 0x5d, 0xdc, 0xdd, 0x25, 0xc1, 0x25, 0xb9, - 0xd8, 0xaf, 0x59, 0xa6, 0xa8, 0x4f, 0x24, 0x60, 0xae, 0x28, 0x65, 0x63, 0xda, 0x94, 0x31, 0xc0, - 0x2e, 0x16, 0xbb, 0xc0, 0x02, 0xbc, 0xc0, 0xee, 0x4a, 0xa4, 0x29, 0xaa, 0xd1, 0x73, 0x67, 0xd0, - 0x8b, 0x9e, 0xee, 0xd9, 0xee, 0x1e, 0x2c, 0x40, 0xcb, 0xb2, 0x64, 0x4b, 0xb1, 0x12, 0x3d, 0xa8, - 0x50, 0x3f, 0x2c, 0xe7, 0xe1, 0x28, 0xb6, 0xcb, 0x15, 0x57, 0xc2, 0x8a, 0x53, 0xf9, 0x11, 0xe7, - 0x55, 0x15, 0xdb, 0xf9, 0xc1, 0x94, 0x92, 0x8a, 0xaa, 0xe2, 0xb2, 0x9c, 0xd8, 0x81, 0x29, 0xa4, - 0x52, 0x49, 0xa5, 0x2a, 0xae, 0xca, 0xe3, 0x4f, 0xb6, 0x5c, 0x95, 0xd4, 0x7d, 0xdf, 0xee, 0x99, - 0x59, 0x0c, 0x80, 0xc6, 0xee, 0x4a, 0xc5, 0x7f, 0x33, 0xf7, 0x9c, 0x3e, 0xe7, 0xf6, 0xed, 0x7b, - 0xcf, 0x3d, 0xe7, 0x9e, 0xc7, 0x85, 0xc5, 0x86, 0x97, 0x6c, 0xb4, 0xd7, 0xa7, 0xdc, 0xb0, 0x39, - 0xed, 0x44, 0x8d, 0xb0, 0x15, 0x85, 0xb7, 0xd9, 0x8f, 0x17, 0xdc, 0xda, 0xf4, 0xd6, 0x85, 0xe9, - 0xd6, 0x66, 0x63, 0xda, 0x69, 0x79, 0xf1, 0xb4, 0xd3, 0x6a, 0xf9, 0x9e, 0xeb, 0x24, 0x5e, 0x18, - 0x4c, 0x6f, 0xbd, 0xe8, 0xf8, 0xad, 0x0d, 0xe7, 0xc5, 0xe9, 0x06, 0x09, 0x48, 0xe4, 0x24, 0xa4, - 0x36, 0xd5, 0x8a, 0xc2, 0x24, 0x44, 0x3f, 0xa9, 0xa9, 0x4d, 0x49, 0x6a, 0xec, 0xc7, 0x9b, 0x6e, - 0x6d, 0x6a, 0xeb, 0xc2, 0x54, 0x6b, 0xb3, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, 0xb5, - 0xb3, 0x2f, 0x18, 0x7d, 0x69, 0x84, 0x8d, 0x70, 0x9a, 0x11, 0x5d, 0x6f, 0xd7, 0xd9, 0x3f, 0xf6, - 0x87, 0xfd, 0xe2, 0xcc, 0xce, 0xda, 0x9b, 0x17, 0xe3, 0x29, 0x2f, 0xa4, 0xdd, 0x9b, 0x76, 0xc3, - 0x88, 0x4c, 0x6f, 0x75, 0x74, 0xe8, 0xec, 0x15, 0x8d, 0x43, 0xb6, 0x13, 0x12, 0xc4, 0x5e, 0x18, - 0xc4, 0x2f, 0xd0, 0x2e, 0x90, 0x68, 0x8b, 0x44, 0xe6, 0xeb, 0x19, 0x08, 0xdd, 0x28, 0xbd, 0xa4, - 0x29, 0x35, 0x1d, 0x77, 0xc3, 0x0b, 0x48, 0xb4, 0xa3, 0x1f, 0x6f, 0x92, 0xc4, 0xe9, 0xf6, 0xd4, - 0x74, 0xaf, 0xa7, 0xa2, 0x76, 0x90, 0x78, 0x4d, 0xd2, 0xf1, 0xc0, 0x27, 0xf6, 0x7b, 0x20, 0x76, - 0x37, 0x48, 0xd3, 0xe9, 0x78, 0xee, 0x63, 0xbd, 0x9e, 0x6b, 0x27, 0x9e, 0x3f, 0xed, 0x05, 0x49, - 0x9c, 0x44, 0xd9, 0x87, 0xec, 0x3b, 0x30, 0x3a, 0x73, 0x6b, 0x75, 0xa6, 0x9d, 0x6c, 0xcc, 0x86, - 0x41, 0xdd, 0x6b, 0xa0, 0x8f, 0xc3, 0xb0, 0xeb, 0xb7, 0xe3, 0x84, 0x44, 0xd7, 0x9d, 0x26, 0x99, - 0xb0, 0xce, 0x5b, 0xcf, 0x55, 0xaa, 0xa7, 0xde, 0xdb, 0x9d, 0xfc, 0xd0, 0xde, 0xee, 0xe4, 0xf0, - 0xac, 0x06, 0x61, 0x13, 0x0f, 0x7d, 0x04, 0x86, 0xa2, 0xd0, 0x27, 0x33, 0xf8, 0xfa, 0x44, 0x81, - 0x3d, 0x72, 0x42, 0x3c, 0x32, 0x84, 0x79, 0x33, 0x96, 0x70, 0xfb, 0x0f, 0x0b, 0x00, 0x33, 0xad, - 0xd6, 0x4a, 0x14, 0xde, 0x26, 0x6e, 0x82, 0x3e, 0x0b, 0x65, 0x3a, 0x74, 0x35, 0x27, 0x71, 0x18, - 0xb7, 0xe1, 0x0b, 0x3f, 0x3e, 0xc5, 0xdf, 0x64, 0xca, 0x7c, 0x13, 0x3d, 0x71, 0x28, 0xf6, 0xd4, - 0xd6, 0x8b, 0x53, 0xcb, 0xeb, 0xf4, 0xf9, 0x25, 0x92, 0x38, 0x55, 0x24, 0x98, 0x81, 0x6e, 0xc3, - 0x8a, 0x2a, 0x0a, 0x60, 0x20, 0x6e, 0x11, 0x97, 0x75, 0x6c, 0xf8, 0xc2, 0xe2, 0xd4, 0x51, 0x66, - 0xe8, 0x94, 0xee, 0xf9, 0x6a, 0x8b, 0xb8, 0xd5, 0x11, 0xc1, 0x79, 0x80, 0xfe, 0xc3, 0x8c, 0x0f, - 0xda, 0x82, 0xc1, 0x38, 0x71, 0x92, 0x76, 0x3c, 0x51, 0x64, 0x1c, 0xaf, 0xe7, 0xc6, 0x91, 0x51, - 0xad, 0x8e, 0x09, 0x9e, 0x83, 0xfc, 0x3f, 0x16, 0xdc, 0xec, 0xff, 0x68, 0xc1, 0x98, 0x46, 0x5e, - 0xf4, 0xe2, 0x04, 0xfd, 0x4c, 0xc7, 0xe0, 0x4e, 0xf5, 0x37, 0xb8, 0xf4, 0x69, 0x36, 0xb4, 0x27, - 0x05, 0xb3, 0xb2, 0x6c, 0x31, 0x06, 0xb6, 0x09, 0x25, 0x2f, 0x21, 0xcd, 0x78, 0xa2, 0x70, 0xbe, - 0xf8, 0xdc, 0xf0, 0x85, 0x2b, 0x79, 0xbd, 0x67, 0x75, 0x54, 0x30, 0x2d, 0x2d, 0x50, 0xf2, 0x98, - 0x73, 0xb1, 0x7f, 0x6b, 0xc4, 0x7c, 0x3f, 0x3a, 0xe0, 0xe8, 0x45, 0x18, 0x8e, 0xc3, 0x76, 0xe4, - 0x12, 0x4c, 0x5a, 0x61, 0x3c, 0x61, 0x9d, 0x2f, 0xd2, 0xa9, 0x47, 0x67, 0xea, 0xaa, 0x6e, 0xc6, - 0x26, 0x0e, 0xfa, 0x86, 0x05, 0x23, 0x35, 0x12, 0x27, 0x5e, 0xc0, 0xf8, 0xcb, 0xce, 0xaf, 0x1d, - 0xb9, 0xf3, 0xb2, 0x71, 0x4e, 0x13, 0xaf, 0x9e, 0x16, 0x2f, 0x32, 0x62, 0x34, 0xc6, 0x38, 0xc5, - 0x9f, 0xae, 0xb8, 0x1a, 0x89, 0xdd, 0xc8, 0x6b, 0xd1, 0xff, 0x6c, 0xce, 0x18, 0x2b, 0x6e, 0x4e, - 0x83, 0xb0, 0x89, 0x87, 0x02, 0x28, 0xd1, 0x15, 0x15, 0x4f, 0x0c, 0xb0, 0xfe, 0x2f, 0x1c, 0xad, - 0xff, 0x62, 0x50, 0xe9, 0x62, 0xd5, 0xa3, 0x4f, 0xff, 0xc5, 0x98, 0xb3, 0x41, 0x5f, 0xb7, 0x60, - 0x42, 0xac, 0x78, 0x4c, 0xf8, 0x80, 0xde, 0xda, 0xf0, 0x12, 0xe2, 0x7b, 0x71, 0x32, 0x51, 0x62, - 0x7d, 0x98, 0xee, 0x6f, 0x6e, 0xcd, 0x47, 0x61, 0xbb, 0x75, 0xcd, 0x0b, 0x6a, 0xd5, 0xf3, 0x82, - 0xd3, 0xc4, 0x6c, 0x0f, 0xc2, 0xb8, 0x27, 0x4b, 0xf4, 0x2d, 0x0b, 0xce, 0x06, 0x4e, 0x93, 0xc4, - 0x2d, 0x87, 0x7e, 0x5a, 0x0e, 0xae, 0xfa, 0x8e, 0xbb, 0xc9, 0x7a, 0x34, 0x78, 0xb8, 0x1e, 0xd9, - 0xa2, 0x47, 0x67, 0xaf, 0xf7, 0x24, 0x8d, 0xef, 0xc3, 0x16, 0xfd, 0xba, 0x05, 0xe3, 0x61, 0xd4, - 0xda, 0x70, 0x02, 0x52, 0x93, 0xd0, 0x78, 0x62, 0x88, 0x2d, 0xbd, 0xcf, 0x1c, 0xed, 0x13, 0x2d, - 0x67, 0xc9, 0x2e, 0x85, 0x81, 0x97, 0x84, 0xd1, 0x2a, 0x49, 0x12, 0x2f, 0x68, 0xc4, 0xd5, 0x33, - 0x7b, 0xbb, 0x93, 0xe3, 0x1d, 0x58, 0xb8, 0xb3, 0x3f, 0xe8, 0x67, 0x61, 0x38, 0xde, 0x09, 0xdc, - 0x5b, 0x5e, 0x50, 0x0b, 0xef, 0xc6, 0x13, 0xe5, 0x3c, 0x96, 0xef, 0xaa, 0x22, 0x28, 0x16, 0xa0, - 0x66, 0x80, 0x4d, 0x6e, 0xdd, 0x3f, 0x9c, 0x9e, 0x4a, 0x95, 0xbc, 0x3f, 0x9c, 0x9e, 0x4c, 0xf7, - 0x61, 0x8b, 0x7e, 0xc9, 0x82, 0xd1, 0xd8, 0x6b, 0x04, 0x4e, 0xd2, 0x8e, 0xc8, 0x35, 0xb2, 0x13, - 0x4f, 0x00, 0xeb, 0xc8, 0xd5, 0x23, 0x8e, 0x8a, 0x41, 0xb2, 0x7a, 0x46, 0xf4, 0x71, 0xd4, 0x6c, - 0x8d, 0x71, 0x9a, 0x6f, 0xb7, 0x85, 0xa6, 0xa7, 0xf5, 0x70, 0xbe, 0x0b, 0x4d, 0x4f, 0xea, 0x9e, - 0x2c, 0xd1, 0x4f, 0xc3, 0x49, 0xde, 0xa4, 0x46, 0x36, 0x9e, 0x18, 0x61, 0x82, 0xf6, 0xf4, 0xde, - 0xee, 0xe4, 0xc9, 0xd5, 0x0c, 0x0c, 0x77, 0x60, 0xa3, 0x3b, 0x30, 0xd9, 0x22, 0x51, 0xd3, 0x4b, - 0x96, 0x03, 0x7f, 0x47, 0x8a, 0x6f, 0x37, 0x6c, 0x91, 0x9a, 0xe8, 0x4e, 0x3c, 0x31, 0x7a, 0xde, - 0x7a, 0xae, 0x5c, 0xfd, 0xb0, 0xe8, 0xe6, 0xe4, 0xca, 0xfd, 0xd1, 0xf1, 0x7e, 0xf4, 0xec, 0x7f, - 0x55, 0x80, 0x93, 0xd9, 0x8d, 0x13, 0xfd, 0xa6, 0x05, 0x27, 0x6e, 0xdf, 0x4d, 0xd6, 0xc2, 0x4d, - 0x12, 0xc4, 0xd5, 0x1d, 0x2a, 0xde, 0xd8, 0x96, 0x31, 0x7c, 0xc1, 0xcd, 0x77, 0x8b, 0x9e, 0xba, - 0x9a, 0xe6, 0x72, 0x29, 0x48, 0xa2, 0x9d, 0xea, 0xe3, 0xe2, 0xed, 0x4e, 0x5c, 0xbd, 0xb5, 0x66, - 0x42, 0x71, 0xb6, 0x53, 0x67, 0xbf, 0x6a, 0xc1, 0xe9, 0x6e, 0x24, 0xd0, 0x49, 0x28, 0x6e, 0x92, - 0x1d, 0xae, 0x95, 0x61, 0xfa, 0x13, 0xbd, 0x01, 0xa5, 0x2d, 0xc7, 0x6f, 0x13, 0xa1, 0xdd, 0xcc, - 0x1f, 0xed, 0x45, 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x13, 0x85, 0x8b, 0x96, 0xfd, 0x6f, 0x8b, 0x30, - 0x6c, 0xec, 0x6f, 0x0f, 0x40, 0x63, 0x0b, 0x53, 0x1a, 0xdb, 0x52, 0x6e, 0x5b, 0x73, 0x4f, 0x95, - 0xed, 0x6e, 0x46, 0x65, 0x5b, 0xce, 0x8f, 0xe5, 0x7d, 0x75, 0x36, 0x94, 0x40, 0x25, 0x6c, 0x51, - 0x8d, 0x9c, 0x6e, 0xfd, 0x03, 0x79, 0x7c, 0xc2, 0x65, 0x49, 0xae, 0x3a, 0xba, 0xb7, 0x3b, 0x59, - 0x51, 0x7f, 0xb1, 0x66, 0x64, 0x7f, 0xdf, 0x82, 0xd3, 0x46, 0x1f, 0x67, 0xc3, 0xa0, 0xe6, 0xb1, - 0x4f, 0x7b, 0x1e, 0x06, 0x92, 0x9d, 0x96, 0x54, 0xfb, 0xd5, 0x48, 0xad, 0xed, 0xb4, 0x08, 0x66, - 0x10, 0xaa, 0xe8, 0x37, 0x49, 0x1c, 0x3b, 0x0d, 0x92, 0x55, 0xf4, 0x97, 0x78, 0x33, 0x96, 0x70, - 0x14, 0x01, 0xf2, 0x9d, 0x38, 0x59, 0x8b, 0x9c, 0x20, 0x66, 0xe4, 0xd7, 0xbc, 0x26, 0x11, 0x03, - 0xfc, 0xff, 0xf7, 0x37, 0x63, 0xe8, 0x13, 0xd5, 0xc7, 0xf6, 0x76, 0x27, 0xd1, 0x62, 0x07, 0x25, - 0xdc, 0x85, 0xba, 0xfd, 0x2d, 0x0b, 0x1e, 0xeb, 0xae, 0x8b, 0xa1, 0x67, 0x61, 0x90, 0x9b, 0x7c, - 0xe2, 0xed, 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x34, 0x54, 0xd4, 0x3e, 0x21, 0xde, 0x71, - 0x5c, 0xa0, 0x56, 0xf4, 0xe6, 0xa2, 0x71, 0xe8, 0xa0, 0xd1, 0x3f, 0x42, 0x73, 0x53, 0x83, 0xc6, - 0x8c, 0x24, 0x06, 0xb1, 0xff, 0xd4, 0x82, 0x13, 0x46, 0xaf, 0x1e, 0x80, 0x6a, 0x1e, 0xa4, 0x55, - 0xf3, 0x85, 0xdc, 0xe6, 0x73, 0x0f, 0xdd, 0xfc, 0xeb, 0x16, 0x9c, 0x35, 0xb0, 0x96, 0x9c, 0xc4, - 0xdd, 0xb8, 0xb4, 0xdd, 0x8a, 0x48, 0x4c, 0xcd, 0x69, 0xf4, 0xb4, 0x21, 0xb7, 0xaa, 0xc3, 0x82, - 0x42, 0xf1, 0x1a, 0xd9, 0xe1, 0x42, 0xec, 0x79, 0x28, 0xf3, 0xc9, 0x19, 0x46, 0x62, 0xc4, 0xd5, - 0xbb, 0x2d, 0x8b, 0x76, 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0x38, 0xd1, 0xc5, 0x4a, 0xb7, 0x21, - 0xa0, 0x1f, 0xf1, 0x26, 0x6b, 0xc1, 0x02, 0x62, 0x2f, 0xa7, 0xba, 0xb3, 0x12, 0x11, 0xf6, 0x71, - 0x6b, 0x97, 0x3d, 0xe2, 0xd7, 0x62, 0x6a, 0x36, 0x38, 0x41, 0x10, 0x26, 0xc2, 0x02, 0x30, 0xcc, - 0x86, 0x19, 0xdd, 0x8c, 0x4d, 0x1c, 0x7b, 0xaf, 0xc0, 0x8c, 0x0f, 0xb5, 0xac, 0xc9, 0x83, 0xb0, - 0x5c, 0xa3, 0x94, 0x1c, 0x5c, 0xc9, 0x4f, 0x28, 0x91, 0xde, 0xd6, 0xeb, 0x5b, 0x19, 0x51, 0x88, - 0x73, 0xe5, 0x7a, 0x7f, 0x0b, 0xf6, 0x77, 0x0b, 0x30, 0x99, 0x7e, 0xa0, 0x43, 0x92, 0x52, 0x73, - 0xc9, 0x60, 0x94, 0x3d, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x18, 0x15, 0x8e, 0x53, 0x18, - 0x99, 0xb2, 0xb2, 0xb8, 0x8f, 0xac, 0x7c, 0x56, 0x8d, 0xfa, 0x40, 0x46, 0x38, 0xa5, 0xf7, 0x8b, - 0xf3, 0x30, 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xcb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, - 0xff, 0xad, 0x00, 0x8f, 0xa7, 0xc7, 0x50, 0x8b, 0xf7, 0x4f, 0xa6, 0xc4, 0xfb, 0x47, 0x4d, 0xf1, - 0x7e, 0x6f, 0x77, 0xf2, 0xc9, 0x1e, 0x8f, 0xfd, 0xd0, 0x48, 0x7f, 0x34, 0x9f, 0x19, 0xc5, 0xe9, - 0xf4, 0x28, 0xde, 0xdb, 0x9d, 0x7c, 0xba, 0xc7, 0x3b, 0x66, 0x86, 0xf9, 0x59, 0x18, 0x8c, 0x88, - 0x13, 0x87, 0x81, 0x18, 0x68, 0xf5, 0x39, 0x30, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x69, 0x39, 0x3b, - 0xd8, 0xf3, 0xfc, 0x80, 0x2d, 0x8c, 0x90, 0x07, 0x03, 0x4c, 0x65, 0xe7, 0xa2, 0xe1, 0xda, 0xd1, - 0x96, 0x11, 0x15, 0xf1, 0x8a, 0x74, 0xb5, 0x4c, 0xbf, 0x1a, 0x6d, 0xc2, 0x8c, 0x05, 0xda, 0x86, - 0xb2, 0x2b, 0x35, 0xe9, 0x42, 0x1e, 0x67, 0x4e, 0x42, 0x8f, 0xd6, 0x1c, 0x47, 0xa8, 0x2c, 0x56, - 0xea, 0xb7, 0xe2, 0x86, 0x08, 0x14, 0x1b, 0x5e, 0x22, 0x3e, 0xeb, 0x11, 0x6d, 0xa5, 0x79, 0xcf, - 0x78, 0xc5, 0x21, 0xba, 0x41, 0xcc, 0x7b, 0x09, 0xa6, 0xf4, 0xd1, 0x97, 0x2d, 0x18, 0x8e, 0xdd, - 0xe6, 0x4a, 0x14, 0x6e, 0x79, 0x35, 0x12, 0x09, 0x4d, 0xe9, 0x88, 0xa2, 0x69, 0x75, 0x76, 0x49, - 0x12, 0xd4, 0x7c, 0xb9, 0xed, 0xaa, 0x21, 0xd8, 0xe4, 0x4b, 0x2d, 0x88, 0xc7, 0xc5, 0xbb, 0xcf, - 0x11, 0xd7, 0xa3, 0x7b, 0x9b, 0x34, 0x98, 0xd8, 0x4c, 0x39, 0xb2, 0xe6, 0x38, 0xd7, 0x76, 0x37, - 0xe9, 0x7a, 0xd3, 0x1d, 0x7a, 0x72, 0x6f, 0x77, 0xf2, 0xf1, 0xd9, 0xee, 0x3c, 0x71, 0xaf, 0xce, - 0xb0, 0x01, 0x6b, 0xb5, 0x7d, 0x1f, 0x93, 0x3b, 0x6d, 0xc2, 0x8e, 0x43, 0x72, 0x18, 0xb0, 0x15, - 0x4d, 0x30, 0x33, 0x60, 0x06, 0x04, 0x9b, 0x7c, 0xd1, 0x1d, 0x18, 0x6c, 0x3a, 0x49, 0xe4, 0x6d, - 0x8b, 0x33, 0x90, 0x23, 0xea, 0xf2, 0x4b, 0x8c, 0x96, 0x66, 0xce, 0xb6, 0x7e, 0xde, 0x88, 0x05, - 0x23, 0xd4, 0x84, 0x52, 0x93, 0x44, 0x0d, 0x32, 0x51, 0xce, 0xe3, 0xbc, 0x77, 0x89, 0x92, 0xd2, - 0x0c, 0x2b, 0x54, 0xf3, 0x61, 0x6d, 0x98, 0x73, 0x41, 0x6f, 0x40, 0x39, 0x26, 0x3e, 0x71, 0xa9, - 0xee, 0x52, 0x61, 0x1c, 0x3f, 0xd6, 0xa7, 0x1e, 0xe7, 0xac, 0x13, 0x7f, 0x55, 0x3c, 0xca, 0x17, - 0x98, 0xfc, 0x87, 0x15, 0x49, 0xfb, 0x3f, 0x5b, 0x80, 0xd2, 0x12, 0xe6, 0x01, 0x68, 0x8f, 0x77, - 0xd2, 0xda, 0xe3, 0x62, 0x9e, 0x2a, 0x40, 0x0f, 0x05, 0xf2, 0xbd, 0x32, 0x64, 0x64, 0xf3, 0x75, - 0x12, 0x27, 0xa4, 0xf6, 0x81, 0x3c, 0xfd, 0x40, 0x9e, 0x7e, 0x20, 0x4f, 0x95, 0x3c, 0x5d, 0xcf, - 0xc8, 0xd3, 0x57, 0x8c, 0x55, 0xaf, 0xbd, 0x97, 0x6f, 0x2a, 0xf7, 0xa6, 0xd9, 0x03, 0x03, 0x81, - 0x4a, 0x82, 0xab, 0xab, 0xcb, 0xd7, 0xbb, 0x0a, 0xd0, 0x37, 0xd3, 0x02, 0xf4, 0xa8, 0x2c, 0x1e, - 0xb8, 0xc8, 0xfc, 0xeb, 0x05, 0x78, 0x22, 0x2d, 0x4a, 0x70, 0xe8, 0xfb, 0x61, 0x3b, 0xa1, 0x5a, - 0x32, 0xfa, 0x55, 0x0b, 0x4e, 0x36, 0xd3, 0xe6, 0x69, 0x2c, 0x4e, 0x01, 0x3f, 0x95, 0x9b, 0x9c, - 0xcb, 0xd8, 0xbf, 0xd5, 0x09, 0x21, 0xf3, 0x4e, 0x66, 0x00, 0x31, 0xee, 0xe8, 0x0b, 0x7a, 0x03, - 0x2a, 0x4d, 0x67, 0xfb, 0x46, 0xab, 0xe6, 0x24, 0xd2, 0x40, 0xe9, 0x6d, 0x57, 0xb6, 0x13, 0xcf, - 0x9f, 0xe2, 0xbe, 0xdd, 0xa9, 0x85, 0x20, 0x59, 0x8e, 0x56, 0x93, 0xc8, 0x0b, 0x1a, 0xfc, 0xec, - 0x67, 0x49, 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x37, 0xad, 0xac, 0xa0, 0x55, 0xa3, 0x13, 0x39, 0x09, - 0x69, 0xec, 0xa0, 0xcf, 0x41, 0x89, 0x5a, 0x12, 0x72, 0x54, 0x6e, 0xe5, 0x29, 0xfd, 0x8d, 0x2f, - 0xa1, 0x37, 0x02, 0xfa, 0x2f, 0xc6, 0x9c, 0xa9, 0xfd, 0xe7, 0xa5, 0xec, 0x86, 0xc7, 0x3c, 0x7d, - 0x17, 0x00, 0x1a, 0xe1, 0x1a, 0x69, 0xb6, 0x7c, 0x3a, 0x2c, 0x16, 0x3b, 0x2e, 0x56, 0xc6, 0xf3, - 0xbc, 0x82, 0x60, 0x03, 0x0b, 0xfd, 0x65, 0x0b, 0xa0, 0x21, 0x17, 0x96, 0xdc, 0xcc, 0x6e, 0xe4, - 0xf9, 0x3a, 0x7a, 0xd9, 0xea, 0xbe, 0x28, 0x86, 0xd8, 0x60, 0x8e, 0x7e, 0xc1, 0x82, 0x72, 0x22, - 0xbb, 0xcf, 0xc5, 0xfb, 0x5a, 0x9e, 0x3d, 0x91, 0x2f, 0xad, 0xf7, 0x75, 0x35, 0x24, 0x8a, 0x2f, - 0xfa, 0x4b, 0x16, 0x40, 0xbc, 0x13, 0xb8, 0x2b, 0xa1, 0xef, 0xb9, 0x3b, 0x42, 0xea, 0xdf, 0xcc, - 0xd5, 0xc0, 0x57, 0xd4, 0xab, 0x63, 0x74, 0x34, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x9f, 0x87, 0x72, - 0x2c, 0xa6, 0x9b, 0x90, 0xf3, 0x6b, 0xf9, 0x1e, 0x33, 0x70, 0xda, 0x42, 0x44, 0x88, 0x7f, 0x58, - 0xf1, 0x44, 0xbf, 0x6c, 0xc1, 0x89, 0x56, 0xfa, 0x50, 0x48, 0x88, 0xf4, 0xfc, 0x64, 0x40, 0xe6, - 0xd0, 0xa9, 0x7a, 0x6a, 0x6f, 0x77, 0xf2, 0x44, 0xa6, 0x11, 0x67, 0x7b, 0x61, 0x7f, 0xb7, 0x90, - 0x3a, 0x9a, 0x55, 0x67, 0x26, 0x6c, 0x32, 0xbb, 0xd2, 0x5c, 0x95, 0x6b, 0x33, 0xd7, 0xc9, 0xac, - 0x8c, 0x61, 0x3d, 0x99, 0x55, 0x53, 0x8c, 0x0d, 0xe6, 0x74, 0xdb, 0x1e, 0x77, 0xb2, 0x27, 0x33, - 0x62, 0x7d, 0xbd, 0x91, 0x67, 0x97, 0x3a, 0x0f, 0xd2, 0x9f, 0x10, 0x5d, 0x1b, 0xef, 0x00, 0xe1, - 0xce, 0x2e, 0xd9, 0xdf, 0x4d, 0x1f, 0x07, 0x1b, 0x53, 0xa3, 0x8f, 0xa3, 0xee, 0x6f, 0x58, 0x30, - 0x1c, 0x85, 0xbe, 0xef, 0x05, 0x0d, 0x3a, 0x8d, 0x85, 0x2c, 0x7e, 0xfd, 0x58, 0xc4, 0xa1, 0x98, - 0xaf, 0x6c, 0xf3, 0xc7, 0x9a, 0x27, 0x36, 0x3b, 0x60, 0x7f, 0xd1, 0x82, 0x89, 0x5e, 0xcb, 0x0d, - 0x11, 0x78, 0x52, 0xce, 0x25, 0xe5, 0xe8, 0x5d, 0x0e, 0xe6, 0x88, 0x4f, 0xd4, 0x39, 0x59, 0xb9, - 0xfa, 0x8c, 0x78, 0xcd, 0x27, 0x57, 0x7a, 0xa3, 0xe2, 0xfb, 0xd1, 0xb1, 0x7f, 0xa3, 0x90, 0x1d, - 0x51, 0x25, 0x6e, 0xbf, 0x6d, 0x75, 0x18, 0x25, 0x9f, 0x3a, 0x0e, 0x11, 0xc7, 0xcc, 0x17, 0xe5, - 0xef, 0xed, 0x8d, 0xf3, 0x10, 0x1d, 0x4a, 0xf6, 0xbf, 0x1e, 0x80, 0xfb, 0xf4, 0x4c, 0xb9, 0x0c, - 0xac, 0x5e, 0x2e, 0x83, 0x83, 0x7b, 0x21, 0xbe, 0x66, 0xc1, 0xa0, 0x4f, 0xf5, 0x23, 0x7e, 0x2c, - 0x3e, 0x7c, 0xa1, 0x76, 0x5c, 0x63, 0xcf, 0xd5, 0xb0, 0x98, 0x3b, 0x35, 0xd5, 0xc9, 0x18, 0x6f, - 0xc4, 0xa2, 0x0f, 0xe8, 0x3b, 0x56, 0xfa, 0x8c, 0x9d, 0x47, 0xa9, 0x78, 0xc7, 0xd6, 0x27, 0xe3, - 0xe0, 0x9e, 0x77, 0x4c, 0x1f, 0x09, 0xf7, 0x38, 0xd2, 0x47, 0x53, 0x00, 0x75, 0x2f, 0x70, 0x7c, - 0xef, 0x2d, 0x6a, 0xe7, 0x95, 0x98, 0x13, 0x80, 0x6d, 0x5a, 0x97, 0x55, 0x2b, 0x36, 0x30, 0xce, - 0xfe, 0x45, 0x18, 0x36, 0xde, 0xbc, 0x8b, 0x2f, 0xf6, 0xb4, 0xe9, 0x8b, 0xad, 0x18, 0x2e, 0xd4, - 0xb3, 0xaf, 0xc0, 0xc9, 0x6c, 0x07, 0x0f, 0xf2, 0xbc, 0xfd, 0x9b, 0x83, 0xd9, 0x83, 0xf1, 0x35, - 0x12, 0x35, 0x69, 0xd7, 0x3e, 0xb0, 0x8f, 0x3f, 0xb0, 0x8f, 0x3f, 0xb0, 0x8f, 0xe5, 0x1f, 0x7b, - 0xaf, 0x04, 0x29, 0xcd, 0x80, 0xf7, 0xee, 0x23, 0x30, 0x14, 0x91, 0x56, 0x78, 0x03, 0x2f, 0x0a, - 0x89, 0xab, 0xa3, 0x53, 0x79, 0x33, 0x96, 0x70, 0x2a, 0x99, 0x5b, 0x4e, 0xb2, 0x21, 0x44, 0xae, - 0x92, 0xcc, 0x2b, 0x4e, 0xb2, 0x81, 0x19, 0x04, 0xbd, 0x02, 0x63, 0x89, 0x13, 0x35, 0x48, 0x82, - 0xc9, 0x16, 0x1b, 0x04, 0xe1, 0x6c, 0x78, 0x4c, 0xe0, 0x8e, 0xad, 0xa5, 0xa0, 0x38, 0x83, 0x8d, - 0xee, 0xc0, 0xc0, 0x06, 0xf1, 0x9b, 0xc2, 0x80, 0x5f, 0xcd, 0x4f, 0x22, 0xb2, 0x77, 0xbd, 0x42, - 0xfc, 0x26, 0x5f, 0xaf, 0xf4, 0x17, 0x66, 0xac, 0xe8, 0xd7, 0xa9, 0x6c, 0xb6, 0xe3, 0x24, 0x6c, - 0x7a, 0x6f, 0x49, 0xb3, 0xfe, 0x53, 0x39, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0xdb, 0x53, 0xfd, 0xc5, - 0x9a, 0x33, 0xeb, 0x47, 0xcd, 0x8b, 0x98, 0x99, 0xbe, 0x33, 0x01, 0xc7, 0xd2, 0x8f, 0x39, 0x49, - 0x9f, 0xf7, 0x43, 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x81, 0xc1, 0x96, 0xdf, 0x6e, 0x78, 0xc1, 0xc4, - 0x30, 0xeb, 0xc3, 0x8d, 0x9c, 0xfb, 0xb0, 0xc2, 0x88, 0xf3, 0xc3, 0x15, 0xfe, 0x1b, 0x0b, 0x86, - 0xe8, 0x19, 0x28, 0xb9, 0x1b, 0x4e, 0x94, 0x4c, 0x8c, 0xb0, 0x49, 0xa3, 0x6c, 0xe0, 0x59, 0xda, - 0x88, 0x39, 0x0c, 0x3d, 0x0d, 0xc5, 0x88, 0xd4, 0x59, 0x50, 0x94, 0xe1, 0x2e, 0xc7, 0xa4, 0x8e, - 0x69, 0xbb, 0xfd, 0xb7, 0x0b, 0x69, 0xe5, 0x22, 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x28, 0x96, - 0x76, 0xb2, 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x45, 0x0b, 0x86, 0x6e, 0xc7, 0x61, 0x10, - 0x90, 0x44, 0x08, 0xf2, 0x9b, 0x39, 0x0f, 0xc5, 0x55, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, - 0x97, 0x76, 0x97, 0x6c, 0xbb, 0x7e, 0xbb, 0xd6, 0xe1, 0x25, 0xbd, 0xc4, 0x9b, 0xb1, 0x84, 0x53, - 0x54, 0x2f, 0xe0, 0xa8, 0x03, 0x69, 0xd4, 0x85, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xdb, 0x25, 0x38, - 0xd3, 0x75, 0x71, 0xd0, 0x6d, 0x9f, 0x6d, 0xac, 0x97, 0x3d, 0x9f, 0x48, 0xdf, 0x3f, 0xdb, 0xf6, - 0x6f, 0xaa, 0x56, 0x6c, 0x60, 0xa0, 0x9f, 0x07, 0x68, 0x39, 0x91, 0xd3, 0x24, 0x62, 0xbb, 0x2b, - 0x1e, 0x7d, 0x77, 0xa5, 0xfd, 0x58, 0x91, 0x34, 0xb5, 0xb5, 0xa5, 0x9a, 0x62, 0x6c, 0xb0, 0x44, - 0x1f, 0x87, 0xe1, 0x88, 0xf8, 0xc4, 0x89, 0x59, 0x4c, 0x5d, 0x36, 0x40, 0x18, 0x6b, 0x10, 0x36, - 0xf1, 0xd0, 0xb3, 0x2a, 0x4c, 0x22, 0xe3, 0x52, 0x4e, 0x87, 0x4a, 0xa0, 0xb7, 0x2d, 0x18, 0xab, - 0x7b, 0x3e, 0xd1, 0xdc, 0x45, 0x38, 0xef, 0xf2, 0xd1, 0x5f, 0xf2, 0xb2, 0x49, 0x57, 0x4b, 0xc8, - 0x54, 0x73, 0x8c, 0x33, 0xec, 0xe9, 0x67, 0xde, 0x22, 0x11, 0x13, 0xad, 0x83, 0xe9, 0xcf, 0x7c, - 0x93, 0x37, 0x63, 0x09, 0x47, 0x33, 0x70, 0xa2, 0xe5, 0xc4, 0xf1, 0x6c, 0x44, 0x6a, 0x24, 0x48, - 0x3c, 0xc7, 0xe7, 0xc1, 0xb6, 0x65, 0x1d, 0x6c, 0xb7, 0x92, 0x06, 0xe3, 0x2c, 0x3e, 0xfa, 0x34, - 0x3c, 0xee, 0x35, 0x82, 0x30, 0x22, 0x4b, 0x5e, 0x1c, 0x7b, 0x41, 0x43, 0x4f, 0x03, 0x26, 0x29, - 0xcb, 0xd5, 0x49, 0x41, 0xea, 0xf1, 0x85, 0xee, 0x68, 0xb8, 0xd7, 0xf3, 0xe8, 0x79, 0x28, 0xc7, - 0x9b, 0x5e, 0x6b, 0x36, 0xaa, 0xc5, 0xec, 0xa0, 0xb3, 0xac, 0x4f, 0x67, 0x56, 0x45, 0x3b, 0x56, - 0x18, 0xf6, 0xaf, 0x14, 0xd2, 0xe6, 0x9d, 0xb9, 0x7e, 0x50, 0x4c, 0x57, 0x49, 0x72, 0xd3, 0x89, - 0xa4, 0xe9, 0x7f, 0xc4, 0x70, 0x5d, 0x41, 0xf7, 0xa6, 0x13, 0x99, 0xeb, 0x8d, 0x31, 0xc0, 0x92, - 0x13, 0xba, 0x0d, 0x03, 0x89, 0xef, 0xe4, 0x14, 0xdf, 0x6f, 0x70, 0xd4, 0xd6, 0xf6, 0xe2, 0x4c, - 0x8c, 0x19, 0x0f, 0xf4, 0x14, 0x55, 0x5f, 0xd7, 0x65, 0x4c, 0x8f, 0xd0, 0x38, 0xd7, 0x63, 0xcc, - 0x5a, 0xed, 0xff, 0x5b, 0xee, 0x22, 0xf2, 0xd4, 0x1e, 0x83, 0x2e, 0x00, 0x50, 0x4b, 0x68, 0x25, - 0x22, 0x75, 0x6f, 0x5b, 0xec, 0xf1, 0x6a, 0x59, 0x5d, 0x57, 0x10, 0x6c, 0x60, 0xc9, 0x67, 0x56, - 0xdb, 0x75, 0xfa, 0x4c, 0xa1, 0xf3, 0x19, 0x0e, 0xc1, 0x06, 0x16, 0x7a, 0x09, 0x06, 0xbd, 0xa6, - 0xd3, 0x50, 0xa1, 0x47, 0x4f, 0xd1, 0xf5, 0xb4, 0xc0, 0x5a, 0xee, 0xed, 0x4e, 0x8e, 0xa9, 0x0e, - 0xb1, 0x26, 0x2c, 0x70, 0xd1, 0x6f, 0x58, 0x30, 0xe2, 0x86, 0xcd, 0x66, 0x18, 0x70, 0xfb, 0x41, - 0x18, 0x43, 0xb7, 0x8f, 0x6b, 0x07, 0x9e, 0x9a, 0x35, 0x98, 0x71, 0x6b, 0x48, 0x25, 0x22, 0x98, - 0x20, 0x9c, 0xea, 0x95, 0xb9, 0xec, 0x4a, 0xfb, 0x2c, 0xbb, 0xdf, 0xb1, 0x60, 0x9c, 0x3f, 0x6b, - 0x98, 0x35, 0x22, 0xe6, 0x3e, 0x3c, 0xe6, 0xd7, 0xea, 0xb0, 0xf4, 0xd4, 0x91, 0x50, 0x07, 0x1c, - 0x77, 0x76, 0x12, 0xcd, 0xc3, 0x78, 0x3d, 0x8c, 0x5c, 0x62, 0x0e, 0x84, 0x90, 0x19, 0x8a, 0xd0, - 0xe5, 0x2c, 0x02, 0xee, 0x7c, 0x06, 0xdd, 0x84, 0xc7, 0x8c, 0x46, 0x73, 0x1c, 0xb8, 0xd8, 0x38, - 0x27, 0xa8, 0x3d, 0x76, 0xb9, 0x2b, 0x16, 0xee, 0xf1, 0x74, 0xda, 0xf2, 0xaf, 0xf4, 0x61, 0xf9, - 0xbf, 0x09, 0x4f, 0xb8, 0x9d, 0x23, 0xb3, 0x15, 0xb7, 0xd7, 0xe3, 0x84, 0x29, 0x59, 0xe5, 0xea, - 0xff, 0x27, 0x08, 0x3c, 0x31, 0xdb, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0x3e, 0x07, 0xe5, 0x88, 0xb0, - 0xaf, 0x12, 0x8b, 0x00, 0xf4, 0x23, 0x9a, 0x7b, 0x5a, 0x39, 0xe4, 0x64, 0xb5, 0x58, 0x14, 0x0d, - 0x31, 0x56, 0x1c, 0xcf, 0x7e, 0x12, 0xc6, 0x3b, 0xe6, 0xf3, 0x81, 0x8c, 0xef, 0x39, 0x78, 0xac, - 0xfb, 0xcc, 0x39, 0x90, 0x09, 0xfe, 0x0f, 0x33, 0x71, 0x55, 0x86, 0xa2, 0xd7, 0xc7, 0x71, 0x8e, - 0x03, 0x45, 0x12, 0x6c, 0x09, 0x41, 0x7a, 0xf9, 0x68, 0xa3, 0x77, 0x29, 0xd8, 0xe2, 0x13, 0x9f, - 0xd9, 0xac, 0x97, 0x82, 0x2d, 0x4c, 0x69, 0xa3, 0x77, 0xac, 0x94, 0xa2, 0xc2, 0x0f, 0x81, 0x3e, - 0x73, 0x2c, 0x9a, 0x6d, 0xdf, 0xba, 0x8b, 0xfd, 0x6f, 0x0a, 0x70, 0x7e, 0x3f, 0x22, 0x7d, 0x0c, - 0xdf, 0x33, 0x30, 0x18, 0x33, 0xc7, 0x96, 0x90, 0x4c, 0xc3, 0x54, 0x2a, 0x71, 0x57, 0xd7, 0x9b, - 0x58, 0x80, 0x90, 0x0f, 0xc5, 0xa6, 0xd3, 0x12, 0x67, 0x03, 0x0b, 0x47, 0x8d, 0xa2, 0xa6, 0xff, - 0x1d, 0x7f, 0xc9, 0x69, 0x71, 0x8b, 0xd3, 0x68, 0xc0, 0x94, 0x0d, 0x4a, 0xa0, 0xe4, 0x44, 0x91, - 0x23, 0xbd, 0x28, 0xd7, 0xf2, 0xe1, 0x37, 0x43, 0x49, 0x56, 0xc7, 0xf7, 0x76, 0x27, 0x47, 0x53, - 0x4d, 0x98, 0x33, 0xb3, 0xbf, 0x36, 0x94, 0x8a, 0x24, 0x66, 0xae, 0xb1, 0x18, 0x06, 0xc5, 0x91, - 0x80, 0x95, 0x77, 0xf0, 0x3a, 0x4f, 0x05, 0x61, 0x76, 0x8c, 0x48, 0xa8, 0x13, 0xac, 0xd0, 0x57, - 0x2d, 0x96, 0xb6, 0x26, 0xa3, 0xab, 0x85, 0xf5, 0x70, 0x3c, 0x59, 0x74, 0x66, 0x32, 0x9c, 0x6c, - 0xc4, 0x26, 0x77, 0xba, 0x75, 0xb5, 0x78, 0x02, 0x46, 0xd6, 0x86, 0x90, 0x89, 0x6d, 0x12, 0x8e, - 0xb6, 0xbb, 0xb8, 0xc0, 0x72, 0x48, 0x7d, 0xea, 0xc3, 0xe9, 0xf5, 0x1d, 0x0b, 0xc6, 0xb9, 0xa6, - 0x38, 0xe7, 0xd5, 0xeb, 0x24, 0x22, 0x81, 0x4b, 0xa4, 0xae, 0x7d, 0x44, 0x27, 0xab, 0x3c, 0x87, - 0x59, 0xc8, 0x92, 0xd7, 0x7b, 0x5a, 0x07, 0x08, 0x77, 0x76, 0x06, 0xd5, 0x60, 0xc0, 0x0b, 0xea, - 0xa1, 0xd8, 0xc9, 0xab, 0x47, 0xeb, 0xd4, 0x42, 0x50, 0x0f, 0xf5, 0x6a, 0xa6, 0xff, 0x30, 0xa3, - 0x8e, 0x16, 0xe1, 0x74, 0x24, 0x4e, 0x43, 0xae, 0x78, 0x31, 0xb5, 0x59, 0x17, 0xbd, 0xa6, 0x97, - 0xb0, 0x5d, 0xb8, 0x58, 0x9d, 0xd8, 0xdb, 0x9d, 0x3c, 0x8d, 0xbb, 0xc0, 0x71, 0xd7, 0xa7, 0xd0, - 0x5b, 0x30, 0x24, 0xf3, 0xec, 0xca, 0x79, 0xd8, 0x2d, 0x9d, 0xf3, 0x5f, 0x4d, 0xa6, 0x55, 0x91, - 0x52, 0x27, 0x19, 0xda, 0xff, 0x02, 0xa0, 0xd3, 0x11, 0x85, 0x7e, 0x0e, 0x2a, 0x91, 0xca, 0xfd, - 0xb3, 0xf2, 0x08, 0xa1, 0x92, 0xdf, 0x57, 0x38, 0xc1, 0x94, 0x3e, 0xa0, 0xb3, 0xfc, 0x34, 0x47, - 0xaa, 0xb5, 0xc7, 0xda, 0x5f, 0x95, 0xc3, 0xdc, 0x16, 0x5c, 0xb5, 0x9f, 0x63, 0x27, 0x70, 0x31, - 0xe3, 0x81, 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x9f, 0x6c, 0xe4, 0x73, 0x24, 0x7b, 0x85, 0xd1, 0xca, - 0x46, 0x89, 0xf3, 0x56, 0x2c, 0x38, 0xa1, 0x6d, 0x18, 0xda, 0xe0, 0x13, 0x40, 0x28, 0xd2, 0x4b, - 0x47, 0x1d, 0xdc, 0xd4, 0xac, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, 0x8e, 0xf9, 0xcf, 0x0d, 0x1f, - 0x2c, 0x5f, 0xba, 0xf9, 0x05, 0xc8, 0xf7, 0xef, 0x80, 0xfd, 0x2c, 0x8c, 0x44, 0xc4, 0x0d, 0x03, - 0xd7, 0xf3, 0x49, 0x6d, 0x46, 0x1e, 0xb7, 0x1e, 0x24, 0xac, 0xfa, 0x24, 0x35, 0x06, 0xb0, 0x41, - 0x03, 0xa7, 0x28, 0xa2, 0xaf, 0x58, 0x30, 0xa6, 0x12, 0x86, 0xe8, 0x07, 0x21, 0xe2, 0xc0, 0x72, - 0x31, 0xa7, 0xf4, 0x24, 0x46, 0xb3, 0x8a, 0xf6, 0x76, 0x27, 0xc7, 0xd2, 0x6d, 0x38, 0xc3, 0x17, - 0xbd, 0x06, 0x10, 0xae, 0x73, 0x27, 0xf9, 0x4c, 0x22, 0x4e, 0x2f, 0x0f, 0xf2, 0xaa, 0x63, 0x3c, - 0xbf, 0x42, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x0d, 0x80, 0x2f, 0x9b, 0xb5, 0x9d, 0x96, 0xd4, 0xb6, - 0x65, 0x5c, 0x3c, 0xac, 0x2a, 0xc8, 0xbd, 0xdd, 0xc9, 0xce, 0xd3, 0x24, 0xe6, 0x2a, 0x36, 0x1e, - 0x47, 0x3f, 0x0b, 0x43, 0x71, 0xbb, 0xd9, 0x74, 0xd4, 0xd9, 0x66, 0x8e, 0x19, 0x1b, 0x9c, 0xae, - 0x21, 0x8a, 0x78, 0x03, 0x96, 0x1c, 0xd1, 0x6d, 0x2a, 0x54, 0x63, 0x71, 0xcc, 0xc5, 0x56, 0x11, - 0xd7, 0x09, 0x86, 0xd9, 0x3b, 0x7d, 0x42, 0x3c, 0x77, 0x1a, 0x77, 0xc1, 0xb9, 0xb7, 0x3b, 0xf9, - 0x58, 0xba, 0x7d, 0x31, 0x14, 0x39, 0x14, 0x5d, 0x69, 0xa2, 0xab, 0x32, 0xed, 0x9e, 0xbe, 0xb6, - 0xcc, 0x06, 0x7d, 0x4e, 0xa7, 0xdd, 0xb3, 0xe6, 0xde, 0x63, 0x66, 0x3e, 0x6c, 0x07, 0xe9, 0x70, - 0x1f, 0xf1, 0x36, 0x2f, 0xc1, 0x08, 0xd9, 0x4e, 0x48, 0x14, 0x38, 0xfe, 0x0d, 0xbc, 0x28, 0x8f, - 0xe9, 0xd8, 0xa4, 0xbd, 0x64, 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, 0x79, 0x5e, 0xd0, 0x99, 0x41, - 0xdc, 0x3c, 0x97, 0xc6, 0xb8, 0xfd, 0x7f, 0x0a, 0x29, 0x0d, 0x6a, 0x2d, 0x22, 0x04, 0x85, 0x50, - 0x0a, 0xc2, 0x9a, 0x12, 0xd6, 0x57, 0xf3, 0x11, 0xd6, 0xd7, 0xc3, 0x9a, 0x91, 0x4c, 0x4f, 0xff, - 0xc5, 0x98, 0xf3, 0x61, 0xd9, 0xc6, 0x32, 0x2d, 0x9b, 0x01, 0x84, 0x65, 0x90, 0x27, 0x67, 0x95, - 0x6d, 0xbc, 0x6c, 0x32, 0xc2, 0x69, 0xbe, 0x68, 0x13, 0x4a, 0x1b, 0x61, 0x9c, 0x48, 0x7b, 0xe1, - 0x88, 0xa6, 0xc9, 0x95, 0x30, 0x4e, 0xd8, 0xb6, 0xaf, 0x5e, 0x9b, 0xb6, 0xc4, 0x98, 0xf3, 0xb0, - 0xff, 0x8b, 0x95, 0x3a, 0x94, 0xbd, 0xc5, 0x42, 0xdf, 0xb6, 0x48, 0x40, 0xd7, 0xa1, 0x19, 0x8d, - 0xf1, 0x17, 0x32, 0x99, 0x29, 0x1f, 0xee, 0x55, 0xda, 0xe4, 0x2e, 0xa5, 0x30, 0xc5, 0x48, 0x18, - 0x81, 0x1b, 0x5f, 0xb0, 0xd2, 0x39, 0x42, 0x85, 0x3c, 0x2c, 0x02, 0x33, 0x07, 0x6e, 0xdf, 0x74, - 0x23, 0xfb, 0x1d, 0x0b, 0x86, 0xaa, 0x8e, 0xbb, 0x19, 0xd6, 0xeb, 0xe8, 0x79, 0x28, 0xd7, 0xda, - 0x91, 0x99, 0xae, 0xa4, 0xcc, 0xdd, 0x39, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0xc3, 0x75, 0xc7, 0x95, - 0x99, 0x70, 0x45, 0x3e, 0x87, 0x2f, 0xb3, 0x16, 0x2c, 0x20, 0xe8, 0xe3, 0x30, 0xdc, 0x74, 0xb6, - 0xe5, 0xc3, 0xd9, 0x13, 0xe1, 0x25, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0x2f, 0x2d, 0x98, 0xa8, 0x3a, - 0xb1, 0xe7, 0xce, 0xb4, 0x93, 0x8d, 0xaa, 0x97, 0xac, 0xb7, 0xdd, 0x4d, 0x92, 0xf0, 0xf4, 0x47, - 0xda, 0xcb, 0x76, 0x4c, 0x97, 0x92, 0x32, 0xc4, 0x54, 0x2f, 0x6f, 0x88, 0x76, 0xac, 0x30, 0xd0, - 0x5b, 0x30, 0xdc, 0x72, 0xe2, 0xf8, 0x6e, 0x18, 0xd5, 0x30, 0xa9, 0xe7, 0x93, 0x7c, 0xbc, 0x4a, - 0xdc, 0x88, 0x24, 0x98, 0xd4, 0x85, 0x8f, 0x4f, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0xaf, 0x59, 0x30, - 0xc2, 0xdc, 0x25, 0x73, 0x24, 0x71, 0x3c, 0xbf, 0xa3, 0x82, 0x86, 0xd5, 0x67, 0x05, 0x8d, 0xf3, - 0x30, 0xb0, 0x11, 0x36, 0x49, 0xd6, 0xd5, 0x77, 0x25, 0xa4, 0x66, 0x27, 0x85, 0xa0, 0x17, 0xe9, - 0x38, 0x7b, 0x41, 0xe2, 0xd0, 0x19, 0x27, 0xcf, 0xfc, 0x4e, 0xf0, 0x31, 0x56, 0xcd, 0xd8, 0xc4, - 0xb1, 0x7f, 0xb7, 0x02, 0x43, 0xc2, 0x7b, 0xda, 0x77, 0xc6, 0xa9, 0xb4, 0x7f, 0x0b, 0x3d, 0xed, - 0xdf, 0x18, 0x06, 0x5d, 0x56, 0x9f, 0x47, 0xa8, 0x59, 0xd7, 0x72, 0x71, 0xb7, 0xf3, 0x92, 0x3f, - 0xba, 0x5b, 0xfc, 0x3f, 0x16, 0xac, 0xd0, 0x37, 0x2d, 0x38, 0xe1, 0x86, 0x41, 0x40, 0x5c, 0xad, - 0x03, 0x0c, 0xe4, 0x11, 0x40, 0x33, 0x9b, 0x26, 0xaa, 0xcf, 0xea, 0x33, 0x00, 0x9c, 0x65, 0x8f, - 0x5e, 0x86, 0x51, 0x3e, 0x66, 0x37, 0x53, 0x07, 0x95, 0xba, 0xb0, 0x82, 0x09, 0xc4, 0x69, 0x5c, - 0x34, 0xc5, 0x0f, 0x7c, 0x45, 0x09, 0x83, 0x41, 0xed, 0xf8, 0x31, 0x8a, 0x17, 0x18, 0x18, 0x28, - 0x02, 0x14, 0x91, 0x7a, 0x44, 0xe2, 0x0d, 0xe1, 0x5d, 0x66, 0xfa, 0xc7, 0xd0, 0xe1, 0x32, 0xd8, - 0x70, 0x07, 0x25, 0xdc, 0x85, 0x3a, 0xda, 0x14, 0x06, 0x58, 0x39, 0x0f, 0x91, 0x25, 0x3e, 0x73, - 0x4f, 0x3b, 0x6c, 0x12, 0x4a, 0xf1, 0x86, 0x13, 0xd5, 0x98, 0xde, 0x53, 0xe4, 0x81, 0xda, 0xab, - 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x07, 0x27, 0x33, 0x65, 0x21, 0x62, 0x71, 0xa0, 0xa8, 0x02, 0x9a, - 0x33, 0x05, 0x25, 0x62, 0xdc, 0xf1, 0x84, 0x69, 0x9c, 0x0f, 0xef, 0x63, 0x9c, 0xef, 0xa8, 0x18, - 0xa6, 0x11, 0xb6, 0x1d, 0xbd, 0x9a, 0xcb, 0x00, 0xf4, 0x15, 0xb0, 0xf4, 0xf5, 0x4c, 0xc0, 0xd2, - 0x28, 0xeb, 0xc0, 0xcd, 0x7c, 0x3a, 0x70, 0xf0, 0xe8, 0xa4, 0x87, 0x19, 0x6d, 0xf4, 0xbf, 0x2d, - 0x90, 0xdf, 0x75, 0xd6, 0x71, 0x37, 0x08, 0x9d, 0x32, 0xe8, 0x15, 0x18, 0x53, 0x26, 0xe6, 0x6c, - 0xd8, 0x0e, 0x78, 0xa0, 0x51, 0x51, 0x3b, 0xf5, 0x70, 0x0a, 0x8a, 0x33, 0xd8, 0x68, 0x1a, 0x2a, - 0x74, 0x9c, 0xf8, 0xa3, 0x7c, 0x6b, 0x53, 0x66, 0xec, 0xcc, 0xca, 0x82, 0x78, 0x4a, 0xe3, 0xa0, - 0x10, 0xc6, 0x7d, 0x27, 0x4e, 0x58, 0x0f, 0xa8, 0xc5, 0x79, 0xc8, 0xfc, 0x51, 0x56, 0x15, 0x67, - 0x31, 0x4b, 0x08, 0x77, 0xd2, 0xb6, 0xbf, 0x3f, 0x00, 0xa3, 0x29, 0xc9, 0x78, 0xc0, 0x3d, 0xf1, - 0x79, 0x28, 0xcb, 0x6d, 0x2a, 0x9b, 0xc5, 0xae, 0xf6, 0x32, 0x85, 0x41, 0x37, 0xad, 0x75, 0xe2, - 0x44, 0x24, 0x62, 0x05, 0x37, 0xb2, 0x7b, 0x78, 0x55, 0x83, 0xb0, 0x89, 0xc7, 0x84, 0x72, 0xe2, - 0xc7, 0xb3, 0xbe, 0x47, 0x82, 0x84, 0x77, 0x33, 0x1f, 0xa1, 0xbc, 0xb6, 0xb8, 0x6a, 0x12, 0xd5, - 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0x4b, 0x16, 0x8c, 0x3a, 0x77, 0x63, 0x5d, 0x44, 0x4e, - 0x84, 0x26, 0x1d, 0x71, 0x93, 0x4a, 0xd5, 0xa5, 0xe3, 0x47, 0xa2, 0xa9, 0x26, 0x9c, 0x66, 0x8a, - 0xbe, 0x6d, 0x01, 0x22, 0xdb, 0xc4, 0x95, 0xc1, 0x53, 0xa2, 0x2f, 0x83, 0x79, 0x58, 0x62, 0x97, - 0x3a, 0xe8, 0x72, 0xa9, 0xde, 0xd9, 0x8e, 0xbb, 0xf4, 0xc1, 0xfe, 0x27, 0x45, 0xb5, 0xa0, 0x74, - 0xbc, 0x9e, 0x63, 0x64, 0xc1, 0x58, 0x87, 0xcf, 0x82, 0xd1, 0x1e, 0xe5, 0x8e, 0x4c, 0x98, 0x74, - 0xd2, 0x41, 0xe1, 0x21, 0x25, 0x1d, 0xfc, 0x82, 0x95, 0xaa, 0xd7, 0x30, 0x7c, 0xe1, 0xb5, 0x7c, - 0x63, 0x05, 0xa7, 0x78, 0x3c, 0x43, 0x46, 0xba, 0xa7, 0x83, 0x1c, 0xa8, 0x34, 0x35, 0xd0, 0x0e, - 0x24, 0x0d, 0xff, 0x43, 0x11, 0x86, 0x8d, 0x9d, 0xb4, 0xab, 0x5a, 0x64, 0x3d, 0x62, 0x6a, 0x51, - 0xe1, 0x00, 0x6a, 0xd1, 0xcf, 0x43, 0xc5, 0x95, 0x52, 0x3e, 0x9f, 0x8a, 0x85, 0xd9, 0xbd, 0x43, - 0x0b, 0x7a, 0xd5, 0x84, 0x35, 0x4f, 0x34, 0x9f, 0x4a, 0x26, 0x10, 0x3b, 0xc4, 0x00, 0xdb, 0x21, - 0xba, 0x45, 0xfb, 0x8b, 0x9d, 0xa2, 0xf3, 0x19, 0x56, 0xd6, 0xa3, 0xe5, 0x89, 0xf7, 0x92, 0x11, - 0xbd, 0xbc, 0xac, 0xc7, 0xca, 0x82, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x7d, 0x4b, 0x7d, 0xdc, 0x07, - 0x90, 0x57, 0x7b, 0x3b, 0x9d, 0x57, 0x7b, 0x29, 0x97, 0x61, 0xee, 0x91, 0x50, 0x7b, 0x1d, 0x86, - 0x66, 0xc3, 0x66, 0xd3, 0x09, 0x6a, 0xe8, 0xc7, 0x60, 0xc8, 0xe5, 0x3f, 0xc5, 0x39, 0x0a, 0x73, - 0x9f, 0x09, 0x28, 0x96, 0x30, 0xf4, 0x14, 0x0c, 0x38, 0x51, 0x43, 0x9e, 0x9d, 0xb0, 0x08, 0x8c, - 0x99, 0xa8, 0x11, 0x63, 0xd6, 0x6a, 0xbf, 0x5d, 0x04, 0x98, 0x0d, 0x9b, 0x2d, 0x27, 0x22, 0xb5, - 0xb5, 0x90, 0x55, 0x4c, 0x3a, 0x56, 0xa7, 0x93, 0x36, 0x96, 0x1e, 0x65, 0xc7, 0x93, 0xe1, 0x7c, - 0x28, 0x3e, 0x68, 0xe7, 0xc3, 0xd7, 0x2c, 0x40, 0xf4, 0x8b, 0x84, 0x01, 0x09, 0x12, 0xed, 0x4d, - 0x9d, 0x86, 0x8a, 0x2b, 0x5b, 0x85, 0xd6, 0xa2, 0xd7, 0x9f, 0x04, 0x60, 0x8d, 0xd3, 0x87, 0xf9, - 0xf9, 0x8c, 0x14, 0x8e, 0xc5, 0x74, 0xd0, 0x22, 0x13, 0xa9, 0x42, 0x56, 0xda, 0xbf, 0x57, 0x80, - 0xc7, 0xf8, 0x7e, 0xb7, 0xe4, 0x04, 0x4e, 0x83, 0x34, 0x69, 0xaf, 0xfa, 0xf5, 0x8f, 0xbb, 0xd4, - 0xee, 0xf1, 0x64, 0x10, 0xe2, 0x51, 0x17, 0x06, 0x9f, 0xd0, 0x7c, 0x0a, 0x2f, 0x04, 0x5e, 0x82, - 0x19, 0x71, 0x14, 0x43, 0x59, 0xd6, 0xbf, 0x15, 0x82, 0x2e, 0x27, 0x46, 0x6a, 0xcd, 0x8b, 0x4d, - 0x89, 0x60, 0xc5, 0x88, 0x6a, 0x85, 0x7e, 0xe8, 0x6e, 0x62, 0xd2, 0x0a, 0x99, 0x50, 0x33, 0x62, - 0xc0, 0x16, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0xef, 0x59, 0x90, 0x15, 0xf7, 0x46, 0x6d, 0x18, 0xeb, - 0xbe, 0xb5, 0x61, 0x0e, 0x50, 0x9c, 0xe5, 0x67, 0x60, 0xd8, 0x49, 0xe8, 0x0e, 0xcd, 0x6d, 0xda, - 0xe2, 0xe1, 0xce, 0xd4, 0x97, 0xc2, 0x9a, 0x57, 0xf7, 0x98, 0x2d, 0x6b, 0x92, 0xb3, 0xff, 0xe7, - 0x00, 0x8c, 0x77, 0x04, 0x96, 0xa3, 0x8b, 0x30, 0xe2, 0x8a, 0xe9, 0xd1, 0xc2, 0xa4, 0x2e, 0x5e, - 0xc6, 0x08, 0x4c, 0xd2, 0x30, 0x9c, 0xc2, 0xec, 0x63, 0x82, 0x2e, 0xc0, 0xa9, 0x88, 0x5a, 0xd1, - 0x6d, 0x32, 0x53, 0x4f, 0x48, 0xb4, 0x4a, 0xdc, 0x30, 0xa8, 0xf1, 0x0a, 0x46, 0xc5, 0xea, 0xe3, - 0x7b, 0xbb, 0x93, 0xa7, 0x70, 0x27, 0x18, 0x77, 0x7b, 0x06, 0xb5, 0x60, 0xd4, 0x37, 0x15, 0x2c, - 0xa1, 0x5d, 0x1f, 0x4a, 0x37, 0x53, 0x1b, 0x70, 0xaa, 0x19, 0xa7, 0x19, 0xa4, 0xb5, 0xb4, 0xd2, - 0x43, 0xd2, 0xd2, 0x7e, 0x51, 0x6b, 0x69, 0xdc, 0xf9, 0xfb, 0x7a, 0xce, 0x89, 0x05, 0xc7, 0xad, - 0xa6, 0xbd, 0x0a, 0x65, 0x19, 0x18, 0xd3, 0x57, 0x40, 0x89, 0x49, 0xa7, 0x87, 0x44, 0xbb, 0x57, - 0x80, 0x2e, 0x1a, 0x3e, 0x5d, 0x67, 0x7a, 0x3b, 0x4d, 0xad, 0xb3, 0x83, 0x6d, 0xa9, 0x68, 0x9b, - 0x07, 0x05, 0xf1, 0x8d, 0xe3, 0xd3, 0x79, 0x5b, 0x28, 0x3a, 0x4e, 0x48, 0x45, 0x90, 0xab, 0x58, - 0xa1, 0x0b, 0x00, 0x5a, 0x0b, 0x12, 0xf1, 0xc1, 0xca, 0xe7, 0xa8, 0x95, 0x25, 0x6c, 0x60, 0x51, - 0x83, 0xd5, 0x0b, 0xe2, 0xc4, 0xf1, 0xfd, 0x2b, 0x5e, 0x90, 0x88, 0x93, 0x37, 0xb5, 0x43, 0x2e, - 0x68, 0x10, 0x36, 0xf1, 0xce, 0x7e, 0xc2, 0xf8, 0x2e, 0x07, 0xf9, 0x9e, 0x1b, 0xf0, 0xc4, 0xbc, - 0x97, 0xa8, 0xa8, 0x76, 0x35, 0x8f, 0xa8, 0x92, 0xa3, 0xb2, 0x34, 0xac, 0x9e, 0x59, 0x1a, 0x46, - 0x54, 0x79, 0x21, 0x1d, 0x04, 0x9f, 0x8d, 0x2a, 0xb7, 0x2f, 0xc2, 0xe9, 0x79, 0x2f, 0xb9, 0xec, - 0xf9, 0xe4, 0x80, 0x4c, 0xec, 0x2f, 0x95, 0x60, 0xc4, 0xcc, 0x22, 0x3a, 0x48, 0xa2, 0xc9, 0x37, - 0xa8, 0x1e, 0x23, 0xde, 0xce, 0x53, 0x0e, 0xa0, 0x5b, 0x47, 0x4e, 0x69, 0xea, 0x3e, 0x62, 0x86, - 0x2a, 0xa3, 0x79, 0x62, 0xb3, 0x03, 0xe8, 0x2e, 0x94, 0xea, 0x2c, 0xea, 0xb9, 0x98, 0x87, 0x5b, - 0xbb, 0xdb, 0x88, 0xea, 0x65, 0xc6, 0xe3, 0xa6, 0x39, 0x3f, 0xba, 0x43, 0x46, 0xe9, 0x54, 0x1a, - 0x23, 0x1c, 0x50, 0x24, 0xd1, 0x28, 0x8c, 0x5e, 0xa2, 0xbe, 0x74, 0x08, 0x51, 0x9f, 0x12, 0xbc, - 0x83, 0x0f, 0x49, 0xf0, 0xb2, 0x08, 0xf6, 0x64, 0x83, 0xe9, 0x6f, 0x22, 0x7e, 0x79, 0x88, 0x0d, - 0x82, 0x11, 0xc1, 0x9e, 0x02, 0xe3, 0x2c, 0xbe, 0xfd, 0xb5, 0x02, 0x8c, 0xcd, 0x07, 0xed, 0x95, - 0xf9, 0x95, 0xf6, 0xba, 0xef, 0xb9, 0xd7, 0xc8, 0x0e, 0x95, 0x6f, 0x9b, 0x64, 0x67, 0x61, 0x4e, - 0x4c, 0x43, 0x35, 0xf0, 0xd7, 0x68, 0x23, 0xe6, 0x30, 0xba, 0xa2, 0xeb, 0x5e, 0xd0, 0x20, 0x51, - 0x2b, 0xf2, 0xc4, 0xa1, 0x9c, 0xb1, 0xa2, 0x2f, 0x6b, 0x10, 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, - 0x40, 0xa2, 0xac, 0x36, 0xb8, 0x4c, 0x1b, 0x31, 0x87, 0x51, 0xa4, 0x24, 0x6a, 0xc7, 0x89, 0xf8, - 0xa2, 0x0a, 0x69, 0x8d, 0x36, 0x62, 0x0e, 0xa3, 0xcb, 0x25, 0x6e, 0xaf, 0x33, 0xd7, 0x7b, 0x26, - 0xe2, 0x78, 0x95, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x9b, 0x64, 0x67, 0x8e, 0xda, 0x65, 0x99, 0x9c, - 0x80, 0x6b, 0xbc, 0x19, 0x4b, 0x38, 0x2b, 0x99, 0x94, 0x1e, 0x8e, 0x1f, 0xba, 0x92, 0x49, 0xe9, - 0xee, 0xf7, 0xb0, 0xf0, 0x7e, 0xcd, 0x82, 0x11, 0x33, 0x60, 0x06, 0x35, 0x32, 0x8a, 0xe2, 0x72, - 0x47, 0xf9, 0xbb, 0x9f, 0xea, 0x76, 0xd7, 0x47, 0xc3, 0x4b, 0xc2, 0x56, 0xfc, 0x02, 0x09, 0x1a, - 0x5e, 0x40, 0x98, 0x5b, 0x95, 0x07, 0xda, 0xa4, 0xa2, 0x71, 0x66, 0xc3, 0x1a, 0x39, 0x84, 0xa6, - 0x69, 0xdf, 0x82, 0xf1, 0x8e, 0x44, 0x90, 0x3e, 0xf6, 0xe7, 0x7d, 0xd3, 0xf0, 0x6c, 0x0c, 0xc3, - 0x94, 0x30, 0x8f, 0x92, 0x8c, 0xd1, 0x2c, 0x8c, 0x73, 0x1d, 0x82, 0x72, 0x5a, 0x75, 0x37, 0x48, - 0x53, 0x25, 0xf7, 0xb0, 0x13, 0xe0, 0x9b, 0x59, 0x20, 0xee, 0xc4, 0xb7, 0xbf, 0x6e, 0xc1, 0x68, - 0x2a, 0x37, 0x27, 0x27, 0x4d, 0x82, 0xad, 0xb4, 0x90, 0xc5, 0x6f, 0xb1, 0x20, 0xd6, 0x22, 0xdb, - 0x91, 0xf4, 0x4a, 0xd3, 0x20, 0x6c, 0xe2, 0xd9, 0xef, 0x14, 0xa0, 0x2c, 0x5d, 0xea, 0x7d, 0x74, - 0xe5, 0xab, 0x16, 0x8c, 0xaa, 0x53, 0x77, 0x76, 0x9c, 0x53, 0xc8, 0x23, 0x5a, 0x9b, 0xf6, 0x40, - 0x05, 0x18, 0x06, 0xf5, 0x50, 0xab, 0xb5, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x4d, 0x80, 0x78, - 0x27, 0x4e, 0x48, 0xd3, 0x38, 0x58, 0xb2, 0x8d, 0x15, 0x37, 0xe5, 0x86, 0x11, 0xa1, 0xeb, 0xeb, - 0x7a, 0x58, 0x23, 0xab, 0x0a, 0x53, 0xeb, 0x21, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0xbf, 0x5f, 0x80, - 0x93, 0xd9, 0x2e, 0xa1, 0xd7, 0x61, 0x44, 0x72, 0x37, 0xee, 0x2d, 0x91, 0x71, 0x04, 0x23, 0xd8, - 0x80, 0xdd, 0xdb, 0x9d, 0x9c, 0xec, 0xbc, 0x37, 0x66, 0xca, 0x44, 0xc1, 0x29, 0x62, 0xdc, 0xf5, - 0x21, 0x7c, 0x74, 0xd5, 0x9d, 0x99, 0x56, 0x4b, 0xf8, 0x2f, 0x0c, 0xd7, 0x87, 0x09, 0xc5, 0x19, - 0x6c, 0xb4, 0x02, 0xa7, 0x8d, 0x96, 0xeb, 0xc4, 0x6b, 0x6c, 0xac, 0x87, 0x91, 0x34, 0x4f, 0x9e, - 0xd2, 0xa1, 0x39, 0x9d, 0x38, 0xb8, 0xeb, 0x93, 0x74, 0xcb, 0x74, 0x9d, 0x96, 0xe3, 0x7a, 0xc9, - 0x8e, 0x38, 0x29, 0x53, 0xb2, 0x69, 0x56, 0xb4, 0x63, 0x85, 0x61, 0x2f, 0xc1, 0x40, 0x9f, 0x33, - 0xa8, 0x2f, 0xb5, 0xf8, 0x55, 0x28, 0x53, 0x72, 0x52, 0x47, 0xca, 0x83, 0x64, 0x08, 0x65, 0x59, - 0x7a, 0x1c, 0xd9, 0x50, 0xf4, 0x1c, 0xe9, 0x5d, 0x52, 0xaf, 0xb5, 0x10, 0xc7, 0x6d, 0x66, 0x69, - 0x52, 0x20, 0x7a, 0x06, 0x8a, 0x64, 0xbb, 0x95, 0x75, 0x23, 0x5d, 0xda, 0x6e, 0x79, 0x11, 0x89, - 0x29, 0x12, 0xd9, 0x6e, 0xa1, 0xb3, 0x50, 0xf0, 0x6a, 0x62, 0x93, 0x02, 0x81, 0x53, 0x58, 0x98, - 0xc3, 0x05, 0xaf, 0x66, 0x6f, 0x43, 0x45, 0xd5, 0x3a, 0x47, 0x9b, 0x52, 0x76, 0x5b, 0x79, 0xc4, - 0xc0, 0x48, 0xba, 0x3d, 0xa4, 0x76, 0x1b, 0x40, 0x67, 0x42, 0xe5, 0x25, 0x5f, 0xce, 0xc3, 0x80, - 0x1b, 0x8a, 0x04, 0xca, 0xb2, 0x26, 0xc3, 0x84, 0x36, 0x83, 0xd8, 0xb7, 0x60, 0xec, 0x5a, 0x10, - 0xde, 0x65, 0xc5, 0x5c, 0x59, 0xa9, 0x19, 0x4a, 0xb8, 0x4e, 0x7f, 0x64, 0x55, 0x04, 0x06, 0xc5, - 0x1c, 0xa6, 0xaa, 0xa4, 0x14, 0x7a, 0x55, 0x49, 0xb1, 0xbf, 0x60, 0xc1, 0x49, 0x95, 0xcf, 0x21, - 0xa5, 0xf1, 0x45, 0x18, 0x59, 0x6f, 0x7b, 0x7e, 0x4d, 0xfc, 0xcf, 0xda, 0xfa, 0x55, 0x03, 0x86, - 0x53, 0x98, 0xd4, 0x32, 0x59, 0xf7, 0x02, 0x27, 0xda, 0x59, 0xd1, 0xe2, 0x5f, 0x49, 0x84, 0xaa, - 0x82, 0x60, 0x03, 0xcb, 0xfe, 0xaa, 0xd9, 0x05, 0x91, 0x41, 0xd2, 0xc7, 0xc8, 0xde, 0x80, 0x92, - 0xab, 0xbc, 0x91, 0x87, 0x2a, 0xb2, 0xa5, 0x92, 0x77, 0xd9, 0x89, 0x34, 0xa7, 0x66, 0xff, 0xb3, - 0x02, 0x8c, 0xa6, 0xca, 0x27, 0x20, 0x1f, 0xca, 0xc4, 0x67, 0xe7, 0x61, 0x72, 0x8a, 0x1d, 0xb5, - 0xa6, 0x9a, 0x5a, 0x16, 0x97, 0x04, 0x5d, 0xac, 0x38, 0x3c, 0x1a, 0x4e, 0x9f, 0x8b, 0x30, 0x22, - 0x3b, 0xf4, 0x69, 0xa7, 0xe9, 0x8b, 0x55, 0xa8, 0x26, 0xc0, 0x25, 0x03, 0x86, 0x53, 0x98, 0xf6, - 0xef, 0x17, 0x61, 0x82, 0x1f, 0x20, 0xd6, 0x54, 0x5c, 0xc6, 0x92, 0xd4, 0xb2, 0xfe, 0x8a, 0x2e, - 0x72, 0xc2, 0x07, 0x72, 0xfd, 0xa8, 0xf5, 0x44, 0xbb, 0x33, 0xea, 0x2b, 0x62, 0xe0, 0x57, 0x33, - 0x11, 0x03, 0x7c, 0xb3, 0x6d, 0x1c, 0x53, 0x8f, 0x7e, 0xb8, 0x42, 0x08, 0xfe, 0x4e, 0x01, 0x4e, - 0x64, 0x8a, 0xb5, 0xa2, 0xb7, 0xd3, 0xe5, 0xd8, 0xac, 0x3c, 0x8e, 0x99, 0xee, 0x5b, 0x32, 0xf4, - 0x60, 0x45, 0xd9, 0x1e, 0xd2, 0x52, 0xb1, 0xff, 0xa0, 0x00, 0x63, 0xe9, 0x2a, 0xb3, 0x8f, 0xe0, - 0x48, 0x7d, 0x14, 0x2a, 0xac, 0x76, 0x23, 0xbb, 0x19, 0x87, 0x9f, 0x66, 0xf1, 0x12, 0x83, 0xb2, - 0x11, 0x6b, 0xf8, 0x23, 0x51, 0xeb, 0xce, 0xfe, 0xbb, 0x16, 0x9c, 0xe1, 0x6f, 0x99, 0x9d, 0x87, - 0x7f, 0xb5, 0xdb, 0xe8, 0xbe, 0x91, 0x6f, 0x07, 0x33, 0xc5, 0x79, 0xf6, 0x1b, 0x5f, 0x76, 0x23, - 0x87, 0xe8, 0x6d, 0x7a, 0x2a, 0x3c, 0x82, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0xa0, 0x08, 0xfa, - 0x12, 0x12, 0xe4, 0x89, 0xdc, 0x94, 0x5c, 0x8a, 0x14, 0xad, 0xee, 0x04, 0xae, 0xbe, 0xee, 0xa4, - 0x9c, 0x49, 0x4d, 0xf9, 0x25, 0x0b, 0x86, 0xbd, 0xc0, 0x4b, 0x3c, 0x87, 0x29, 0xcf, 0xf9, 0x5c, - 0xa2, 0xa0, 0xd8, 0x2d, 0x70, 0xca, 0x61, 0x64, 0x1e, 0x81, 0x2a, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, - 0x2b, 0x82, 0xfa, 0x8a, 0xb9, 0x65, 0x55, 0x95, 0x33, 0x91, 0x7c, 0x2d, 0x28, 0x45, 0x24, 0x89, - 0x72, 0x4a, 0x46, 0xc4, 0x94, 0x94, 0xaa, 0x49, 0xa7, 0xaf, 0x83, 0xa3, 0xcd, 0x98, 0x33, 0xb2, - 0x63, 0x40, 0x9d, 0x63, 0x71, 0xc0, 0x80, 0xa9, 0x69, 0xa8, 0x38, 0xed, 0x24, 0x6c, 0xd2, 0x61, - 0x12, 0xa7, 0xb4, 0x3a, 0x24, 0x4c, 0x02, 0xb0, 0xc6, 0xb1, 0xdf, 0x2e, 0x41, 0x26, 0x59, 0x04, - 0x6d, 0x9b, 0x17, 0xe8, 0x58, 0xf9, 0x5e, 0xa0, 0xa3, 0x3a, 0xd3, 0xed, 0x12, 0x1d, 0xd4, 0x80, - 0x52, 0x6b, 0xc3, 0x89, 0xa5, 0x6e, 0xfc, 0xaa, 0x1c, 0xa6, 0x15, 0xda, 0x78, 0x6f, 0x77, 0xf2, - 0xa7, 0xfb, 0x3b, 0x6b, 0xa1, 0x73, 0x75, 0x9a, 0xe7, 0x5e, 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, - 0x0f, 0x72, 0x8d, 0xc4, 0x17, 0x45, 0x81, 0x4f, 0x4c, 0xe2, 0xb6, 0x9f, 0x88, 0xd9, 0xf0, 0x6a, - 0x8e, 0xab, 0x8c, 0x13, 0xd6, 0x69, 0x8e, 0xfc, 0x3f, 0x36, 0x98, 0xa2, 0xd7, 0xa1, 0x12, 0x27, - 0x4e, 0x94, 0x1c, 0x32, 0x31, 0x49, 0x0d, 0xfa, 0xaa, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x1a, 0xab, - 0xd9, 0xe6, 0xc5, 0x1b, 0x87, 0x8c, 0xc5, 0x95, 0xf5, 0xdd, 0x04, 0x05, 0x6c, 0x50, 0xa3, 0xa6, - 0x07, 0x9b, 0xdb, 0x3c, 0x00, 0xa5, 0xcc, 0x6c, 0x4b, 0x25, 0x0a, 0xb1, 0x82, 0x60, 0x03, 0xcb, - 0xfe, 0x71, 0x48, 0xe7, 0xe9, 0xa2, 0x49, 0x99, 0x16, 0xcc, 0xcf, 0x9e, 0x58, 0x4c, 0x6d, 0x2a, - 0x83, 0xf7, 0x77, 0x2c, 0x30, 0x93, 0x89, 0xd1, 0x1d, 0x9e, 0xb5, 0x6c, 0xe5, 0x71, 0xe8, 0x6e, - 0xd0, 0x9d, 0x5a, 0x72, 0x5a, 0x19, 0xef, 0x8f, 0x4c, 0x5d, 0x3e, 0xfb, 0x09, 0x28, 0x4b, 0xe8, - 0x81, 0x94, 0xba, 0xcf, 0xc3, 0xa9, 0xec, 0xf5, 0x82, 0xe2, 0xac, 0xb9, 0x11, 0x85, 0xed, 0x56, - 0xd6, 0x90, 0x64, 0xd7, 0xcf, 0x61, 0x0e, 0xa3, 0xe6, 0xd8, 0xa6, 0x17, 0xd4, 0xb2, 0x86, 0xe4, - 0x35, 0x2f, 0xa8, 0x61, 0x06, 0xe9, 0xe3, 0x1a, 0xa5, 0x7f, 0x6a, 0xc1, 0xf9, 0xfd, 0x6e, 0x41, - 0x44, 0x4f, 0xc1, 0xc0, 0x5d, 0x27, 0x92, 0x05, 0x2f, 0x99, 0xa0, 0xbc, 0xe5, 0x44, 0x01, 0x66, - 0xad, 0x68, 0x07, 0x06, 0x79, 0xd6, 0xab, 0xd0, 0xd6, 0x5f, 0xcd, 0xf7, 0x4e, 0xc6, 0x6b, 0xc4, - 0x30, 0x17, 0x78, 0xc6, 0x2d, 0x16, 0x0c, 0xed, 0xf7, 0x2d, 0x40, 0xcb, 0x5b, 0x24, 0x8a, 0xbc, - 0x9a, 0x91, 0xa7, 0x8b, 0x5e, 0x82, 0x91, 0xdb, 0xab, 0xcb, 0xd7, 0x57, 0x42, 0x2f, 0x60, 0x79, - 0xfb, 0x46, 0xa6, 0xd3, 0x55, 0xa3, 0x1d, 0xa7, 0xb0, 0xd0, 0x2c, 0x8c, 0xdf, 0xbe, 0x43, 0x8d, - 0x5f, 0xb3, 0x8a, 0x75, 0x41, 0x1f, 0x77, 0x5e, 0x7d, 0x35, 0x03, 0xc4, 0x9d, 0xf8, 0x68, 0x19, - 0xce, 0x34, 0xb9, 0xb9, 0xc1, 0x8b, 0xcf, 0x72, 0xdb, 0x43, 0x25, 0x3a, 0x3c, 0xb1, 0xb7, 0x3b, - 0x79, 0x66, 0xa9, 0x1b, 0x02, 0xee, 0xfe, 0x9c, 0xfd, 0x6e, 0x01, 0x86, 0x8d, 0x9b, 0x44, 0xfb, - 0xb0, 0xc1, 0x33, 0xa9, 0x1b, 0x85, 0x3e, 0x53, 0x37, 0x9e, 0x83, 0x72, 0x2b, 0xf4, 0x3d, 0xd7, - 0x53, 0x95, 0x58, 0x58, 0xc1, 0xc0, 0x15, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x85, 0x8a, 0xba, 0x5d, - 0x4f, 0xa4, 0x8b, 0xe6, 0x75, 0xbe, 0xa3, 0x24, 0x95, 0xbe, 0x35, 0x4f, 0xf3, 0x42, 0x36, 0x0c, - 0xb2, 0x99, 0x2f, 0xe3, 0xd0, 0x58, 0x1e, 0x0f, 0x5b, 0x12, 0x31, 0x16, 0x10, 0xfb, 0xcb, 0x43, - 0x70, 0xba, 0x5b, 0x91, 0x3b, 0xf4, 0x39, 0x18, 0xe4, 0x7d, 0xcc, 0xa7, 0x8e, 0x6a, 0x37, 0x1e, - 0xf3, 0x8c, 0xa0, 0xe8, 0x16, 0xfb, 0x8d, 0x05, 0x4f, 0xc1, 0xdd, 0x77, 0xd6, 0x85, 0xce, 0x74, - 0x3c, 0xdc, 0x17, 0x1d, 0xcd, 0x7d, 0xd1, 0xe1, 0xdc, 0x7d, 0x67, 0x1d, 0x6d, 0x43, 0xa9, 0xe1, - 0x25, 0xc4, 0x11, 0x96, 0xc3, 0xad, 0x63, 0x61, 0x4e, 0x1c, 0x2e, 0x9a, 0xd9, 0x4f, 0xcc, 0x19, - 0xa2, 0xef, 0x58, 0x70, 0x62, 0x3d, 0x9d, 0x16, 0x25, 0xb6, 0x50, 0xe7, 0x18, 0x0a, 0x19, 0xa6, - 0x19, 0xf1, 0xf2, 0xd0, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, 0x45, 0x0b, 0x86, 0xea, 0x9e, 0x6f, - 0x54, 0xe9, 0x3a, 0x86, 0x8f, 0x73, 0x99, 0x31, 0xd0, 0x6a, 0x06, 0xff, 0x1f, 0x63, 0xc9, 0xb9, - 0x97, 0x0f, 0x76, 0xf0, 0xa8, 0x3e, 0xd8, 0xa1, 0x87, 0x64, 0x2b, 0xfe, 0x72, 0x01, 0x9e, 0xe9, - 0xe3, 0x1b, 0x99, 0x99, 0x2c, 0xd6, 0x3e, 0x99, 0x2c, 0xe7, 0x61, 0x20, 0x22, 0xad, 0x30, 0xbb, - 0xdf, 0xb1, 0x70, 0x2f, 0x06, 0x41, 0x4f, 0x43, 0xd1, 0x69, 0x79, 0x62, 0xbb, 0x53, 0x9b, 0xf4, - 0xcc, 0xca, 0x02, 0xa6, 0xed, 0xf4, 0x4b, 0x57, 0xd6, 0x65, 0xb2, 0x5e, 0x3e, 0xa5, 0xda, 0x7b, - 0xe5, 0xfe, 0x71, 0xeb, 0x4d, 0x41, 0xb1, 0xe6, 0x6b, 0x2f, 0xc3, 0xd9, 0xde, 0x33, 0x04, 0xbd, - 0x08, 0xc3, 0xeb, 0x91, 0x13, 0xb8, 0x1b, 0xec, 0x5a, 0x03, 0x39, 0x26, 0x2c, 0x7f, 0x41, 0x37, - 0x63, 0x13, 0xc7, 0xfe, 0xfd, 0x42, 0x77, 0x8a, 0x5c, 0x08, 0x1c, 0x64, 0x84, 0xc5, 0xf8, 0x15, - 0x7a, 0x8c, 0xdf, 0x1d, 0x28, 0x27, 0x2c, 0x7d, 0x82, 0xd4, 0x85, 0x24, 0xc9, 0x2d, 0x3d, 0x91, - 0xed, 0x35, 0x6b, 0x82, 0x38, 0x56, 0x6c, 0xa8, 0xc8, 0xf7, 0x75, 0x81, 0x2f, 0x21, 0xf2, 0x33, - 0x87, 0x86, 0x73, 0x70, 0xd2, 0xa8, 0x57, 0xca, 0xa3, 0xc7, 0xb9, 0xef, 0x5b, 0xa5, 0x54, 0xad, - 0x64, 0xe0, 0xb8, 0xe3, 0x09, 0xfb, 0xd7, 0x0a, 0xf0, 0x44, 0x4f, 0xc9, 0xa6, 0x1d, 0xf4, 0xd6, - 0x7d, 0x1c, 0xf4, 0x47, 0x9e, 0xa0, 0xe6, 0x00, 0x0f, 0x3c, 0x98, 0x01, 0x7e, 0x1e, 0xca, 0x5e, - 0x10, 0x13, 0xb7, 0x1d, 0xf1, 0x41, 0x33, 0x62, 0x29, 0x17, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x1f, - 0xf6, 0x9e, 0x6a, 0x74, 0x97, 0xfb, 0x91, 0x1d, 0xa5, 0x97, 0x61, 0xd4, 0x69, 0xb5, 0x38, 0x1e, - 0x73, 0x86, 0x66, 0x92, 0x24, 0x67, 0x4c, 0x20, 0x4e, 0xe3, 0x1a, 0x73, 0x78, 0xb0, 0xd7, 0x1c, - 0xb6, 0xff, 0xc4, 0x82, 0x0a, 0x26, 0x75, 0x5e, 0xe7, 0x16, 0xdd, 0x16, 0x43, 0x64, 0xe5, 0x51, - 0x6e, 0x84, 0xdd, 0xd1, 0xef, 0xb1, 0x32, 0x1c, 0xdd, 0x06, 0xbb, 0xb3, 0xf6, 0x6e, 0xe1, 0x40, - 0xb5, 0x77, 0x55, 0xf5, 0xd5, 0x62, 0xef, 0xea, 0xab, 0xf6, 0xbb, 0x43, 0xf4, 0xf5, 0x5a, 0xe1, - 0x6c, 0x44, 0x6a, 0x31, 0xfd, 0xbe, 0xed, 0xc8, 0xcf, 0x5e, 0x5d, 0x7a, 0x03, 0x2f, 0x62, 0xda, - 0x9e, 0x3a, 0xf1, 0x28, 0x1c, 0x28, 0x45, 0xac, 0xb8, 0x6f, 0x8a, 0xd8, 0xcb, 0x30, 0x1a, 0xc7, - 0x1b, 0x2b, 0x91, 0xb7, 0xe5, 0x24, 0xd4, 0xb4, 0x10, 0xb1, 0x34, 0x3a, 0xad, 0x63, 0xf5, 0x8a, - 0x06, 0xe2, 0x34, 0x2e, 0x9a, 0x87, 0x71, 0x9d, 0xa8, 0x45, 0xa2, 0x84, 0x85, 0xce, 0xf0, 0x99, - 0xa0, 0xb2, 0x2a, 0x74, 0x6a, 0x97, 0x40, 0xc0, 0x9d, 0xcf, 0x50, 0x89, 0x95, 0x6a, 0xa4, 0x1d, - 0x19, 0x4c, 0x4b, 0xac, 0x14, 0x1d, 0xda, 0x97, 0x8e, 0x27, 0xd0, 0x12, 0x9c, 0xe2, 0x13, 0x83, - 0xdd, 0x95, 0xad, 0xde, 0x88, 0x87, 0x3a, 0x3d, 0x29, 0x08, 0x9d, 0x9a, 0xef, 0x44, 0xc1, 0xdd, - 0x9e, 0xa3, 0x76, 0x83, 0x6a, 0x5e, 0x98, 0x13, 0xc6, 0xba, 0xb2, 0x1b, 0x14, 0x99, 0x85, 0x1a, - 0x36, 0xf1, 0xd0, 0xa7, 0xe1, 0x71, 0xfd, 0x97, 0x07, 0x29, 0xf2, 0x13, 0xac, 0x39, 0x91, 0x03, - 0xab, 0x6a, 0x7d, 0xce, 0x77, 0x45, 0xab, 0xe1, 0x5e, 0xcf, 0xa3, 0x75, 0x38, 0xab, 0x40, 0x97, - 0xa8, 0x91, 0xd6, 0x8a, 0xbc, 0x98, 0x54, 0x9d, 0x98, 0xdc, 0x88, 0x7c, 0x96, 0x35, 0x5b, 0xd1, - 0x97, 0x16, 0xcc, 0x7b, 0xc9, 0x95, 0x6e, 0x98, 0x78, 0x11, 0xdf, 0x87, 0x0a, 0x9a, 0x86, 0x0a, - 0x09, 0x9c, 0x75, 0x9f, 0x2c, 0xcf, 0x2e, 0xb0, 0x5c, 0x5a, 0xe3, 0xc0, 0xec, 0x92, 0x04, 0x60, - 0x8d, 0xa3, 0xdc, 0xb7, 0x23, 0x3d, 0x2f, 0xb9, 0x58, 0x81, 0xd3, 0x0d, 0xb7, 0x45, 0xf5, 0x00, - 0xcf, 0x25, 0x33, 0x2e, 0x73, 0x61, 0xd2, 0x0f, 0xc3, 0x6b, 0x0f, 0xab, 0xd8, 0x84, 0xf9, 0xd9, - 0x95, 0x0e, 0x1c, 0xdc, 0xf5, 0x49, 0xba, 0xc6, 0x5a, 0x51, 0xb8, 0xbd, 0x33, 0x71, 0x2a, 0xbd, - 0xc6, 0x56, 0x68, 0x23, 0xe6, 0x30, 0x74, 0x15, 0x10, 0x0b, 0x74, 0xb9, 0x92, 0x24, 0x2d, 0xa5, - 0x78, 0x4c, 0x9c, 0x66, 0xaf, 0x74, 0x56, 0x3c, 0x81, 0x2e, 0x77, 0x60, 0xe0, 0x2e, 0x4f, 0xd9, - 0x7f, 0x6c, 0xc1, 0xa8, 0x5a, 0xaf, 0x0f, 0x20, 0xd4, 0xcb, 0x4f, 0x87, 0x7a, 0xcd, 0x1f, 0x5d, - 0xe2, 0xb1, 0x9e, 0xf7, 0x88, 0x17, 0xf8, 0xf2, 0x30, 0x80, 0x96, 0x8a, 0x6a, 0x43, 0xb2, 0x7a, - 0x6e, 0x48, 0x8f, 0xac, 0x44, 0xea, 0x96, 0x38, 0x57, 0x7a, 0xb8, 0x89, 0x73, 0xab, 0x70, 0x46, - 0xaa, 0x0b, 0xfc, 0x48, 0xe6, 0x4a, 0x18, 0x2b, 0x01, 0x57, 0xae, 0x3e, 0x2d, 0x08, 0x9d, 0x59, - 0xe8, 0x86, 0x84, 0xbb, 0x3f, 0x9b, 0xd2, 0x52, 0x86, 0xf6, 0xd3, 0x52, 0xf4, 0x9a, 0x5e, 0xac, - 0xcb, 0xca, 0xa1, 0x99, 0x35, 0xbd, 0x78, 0x79, 0x15, 0x6b, 0x9c, 0xee, 0x82, 0xbd, 0x92, 0x93, - 0x60, 0x87, 0x03, 0x0b, 0x76, 0x29, 0x62, 0x86, 0x7b, 0x8a, 0x18, 0x79, 0x0a, 0x34, 0xd2, 0xf3, - 0x14, 0xe8, 0x15, 0x18, 0xf3, 0x82, 0x0d, 0x12, 0x79, 0x09, 0xa9, 0xb1, 0xb5, 0xc0, 0xc4, 0x4f, - 0x59, 0x6f, 0xeb, 0x0b, 0x29, 0x28, 0xce, 0x60, 0xa7, 0xe5, 0xe2, 0x58, 0x1f, 0x72, 0xb1, 0xc7, - 0x6e, 0x74, 0x22, 0x9f, 0xdd, 0xe8, 0xe4, 0xd1, 0x77, 0xa3, 0xf1, 0x63, 0xdd, 0x8d, 0x50, 0x2e, - 0xbb, 0x51, 0x5f, 0x82, 0xde, 0x30, 0xe8, 0x4e, 0xef, 0x63, 0xd0, 0xf5, 0xda, 0x8a, 0xce, 0x1c, - 0x7a, 0x2b, 0xea, 0xbe, 0xcb, 0x3c, 0x76, 0xa8, 0x5d, 0xe6, 0x2b, 0x05, 0x38, 0xa3, 0xe5, 0x30, - 0x9d, 0xfd, 0x5e, 0x9d, 0x4a, 0x22, 0x56, 0x7c, 0x9a, 0x47, 0xed, 0x18, 0x91, 0x87, 0x3a, 0x88, - 0x51, 0x41, 0xb0, 0x81, 0xc5, 0x02, 0xf8, 0x48, 0xc4, 0x8a, 0x16, 0x65, 0x85, 0xf4, 0xac, 0x68, - 0xc7, 0x0a, 0x83, 0xce, 0x2f, 0xfa, 0x5b, 0x04, 0x45, 0x67, 0x6b, 0x05, 0xcc, 0x6a, 0x10, 0x36, - 0xf1, 0xd0, 0x73, 0x9c, 0x09, 0x13, 0x10, 0x54, 0x50, 0x8f, 0x88, 0x6b, 0x55, 0xa4, 0x4c, 0x50, - 0x50, 0xd9, 0x1d, 0x16, 0xa9, 0x59, 0xea, 0xec, 0x0e, 0xf3, 0x34, 0x2a, 0x0c, 0xfb, 0x7f, 0x59, - 0xf0, 0x44, 0xd7, 0xa1, 0x78, 0x00, 0x9b, 0xef, 0x76, 0x7a, 0xf3, 0x5d, 0xcd, 0xcb, 0xdc, 0x30, - 0xde, 0xa2, 0xc7, 0x46, 0xfc, 0xef, 0x2d, 0x18, 0xd3, 0xf8, 0x0f, 0xe0, 0x55, 0xbd, 0xf4, 0xab, - 0xe6, 0x67, 0x59, 0x55, 0x3a, 0xde, 0xed, 0x8f, 0xd9, 0xbb, 0x71, 0x1f, 0xc6, 0x8c, 0x2b, 0xab, - 0x23, 0xed, 0x73, 0x76, 0xbf, 0x03, 0x83, 0xac, 0xd2, 0x6f, 0x9c, 0x8f, 0x2f, 0x25, 0xcd, 0x9f, - 0x85, 0x60, 0x6b, 0x5f, 0x0a, 0xfb, 0x1b, 0x63, 0xc1, 0x90, 0x95, 0xd4, 0xf2, 0x62, 0x2a, 0xcd, - 0x6b, 0x22, 0xe6, 0x51, 0x97, 0xd4, 0x12, 0xed, 0x58, 0x61, 0xd8, 0x4d, 0x98, 0x48, 0x13, 0x9f, - 0x23, 0x75, 0xe6, 0x9f, 0xef, 0xeb, 0x35, 0xa7, 0xa1, 0xe2, 0xb0, 0xa7, 0x16, 0xdb, 0x4e, 0xf6, - 0x26, 0xae, 0x19, 0x09, 0xc0, 0x1a, 0xc7, 0xfe, 0x2d, 0x0b, 0x4e, 0x75, 0x79, 0x99, 0x1c, 0x63, - 0x3d, 0x13, 0x2d, 0x05, 0xba, 0x6d, 0xb8, 0x1f, 0x81, 0xa1, 0x1a, 0xa9, 0x3b, 0xd2, 0x03, 0x6c, - 0xc8, 0xdc, 0x39, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xef, 0x16, 0x9c, 0x48, 0xf7, 0x35, 0xa6, 0x52, - 0x93, 0xbf, 0xcc, 0x9c, 0x17, 0xbb, 0xe1, 0x16, 0x89, 0x76, 0xe8, 0x9b, 0xf3, 0x5e, 0x2b, 0xa9, - 0x39, 0xd3, 0x81, 0x81, 0xbb, 0x3c, 0xc5, 0xaa, 0xea, 0xd4, 0xd4, 0x68, 0xcb, 0x99, 0x72, 0x33, - 0xcf, 0x99, 0xa2, 0x3f, 0xa6, 0xe9, 0x38, 0x52, 0x2c, 0xb1, 0xc9, 0xdf, 0x7e, 0x7f, 0x00, 0x54, - 0x30, 0x38, 0x73, 0xbf, 0xe5, 0xe4, 0xbc, 0x4c, 0x15, 0x6d, 0x2f, 0xf6, 0x51, 0xb4, 0x5d, 0x4e, - 0x86, 0x81, 0xfb, 0xb9, 0xc6, 0xf8, 0xe9, 0x85, 0x79, 0x48, 0xa8, 0xde, 0x70, 0x4d, 0x83, 0xb0, - 0x89, 0x47, 0x7b, 0xe2, 0x7b, 0x5b, 0x84, 0x3f, 0x34, 0x98, 0xee, 0xc9, 0xa2, 0x04, 0x60, 0x8d, - 0x43, 0x7b, 0x52, 0xf3, 0xea, 0x75, 0x61, 0x8a, 0xab, 0x9e, 0xd0, 0xd1, 0xc1, 0x0c, 0xc2, 0x0b, - 0xa5, 0x85, 0x9b, 0x42, 0x3b, 0x35, 0x0a, 0xa5, 0x85, 0x9b, 0x98, 0x41, 0xa8, 0x3e, 0x15, 0x84, - 0x51, 0x93, 0xdd, 0x94, 0x56, 0x53, 0x5c, 0x84, 0x56, 0xaa, 0xf4, 0xa9, 0xeb, 0x9d, 0x28, 0xb8, - 0xdb, 0x73, 0x74, 0x06, 0xb6, 0x22, 0x52, 0xf3, 0xdc, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xd2, - 0x81, 0x81, 0xbb, 0x3c, 0x85, 0x66, 0xe0, 0x84, 0x0c, 0xe6, 0x97, 0xf9, 0x8e, 0xc3, 0xe9, 0xfc, - 0x2a, 0x9c, 0x06, 0xe3, 0x2c, 0x3e, 0x95, 0x36, 0x4d, 0x91, 0xea, 0xcc, 0x94, 0x58, 0x43, 0xda, - 0xc8, 0x14, 0x68, 0xac, 0x30, 0xec, 0x2f, 0x16, 0xe9, 0xee, 0xd8, 0xa3, 0x1e, 0xf3, 0x03, 0x73, - 0x96, 0xa7, 0x67, 0xe4, 0x40, 0x1f, 0x33, 0xf2, 0x25, 0x18, 0xb9, 0x1d, 0x87, 0x81, 0x72, 0x44, - 0x97, 0x7a, 0x3a, 0xa2, 0x0d, 0xac, 0xee, 0x8e, 0xe8, 0xc1, 0xbc, 0x1c, 0xd1, 0x43, 0x87, 0x74, - 0x44, 0x7f, 0xb7, 0x04, 0xaa, 0xa2, 0xe9, 0x75, 0x92, 0xdc, 0x0d, 0xa3, 0x4d, 0x2f, 0x68, 0xb0, - 0x24, 0x88, 0xef, 0x58, 0x30, 0xc2, 0xd7, 0xcb, 0xa2, 0x19, 0x48, 0x5c, 0xcf, 0xa9, 0xf2, 0x66, - 0x8a, 0xd9, 0xd4, 0x9a, 0xc1, 0x28, 0x73, 0x11, 0x87, 0x09, 0xc2, 0xa9, 0x1e, 0xa1, 0x9f, 0x03, - 0x90, 0xe7, 0x96, 0x75, 0x29, 0x32, 0x17, 0xf2, 0xe9, 0x1f, 0x26, 0x75, 0xad, 0x9b, 0xae, 0x29, - 0x26, 0xd8, 0x60, 0x88, 0xbe, 0x92, 0xbd, 0x49, 0xf2, 0xb3, 0xc7, 0x32, 0x36, 0xfd, 0x84, 0x58, - 0x63, 0x18, 0xf2, 0x82, 0x06, 0x9d, 0x27, 0xc2, 0x77, 0xff, 0xe1, 0x6e, 0x09, 0x44, 0x8b, 0xa1, - 0x53, 0xab, 0x3a, 0xbe, 0x13, 0xb8, 0x24, 0x5a, 0xe0, 0xe8, 0xe6, 0xcd, 0x50, 0xac, 0x01, 0x4b, - 0x42, 0x1d, 0xa5, 0x65, 0x4b, 0xfd, 0x94, 0x96, 0x3d, 0xfb, 0x49, 0x18, 0xef, 0xf8, 0x98, 0x07, - 0x8a, 0xa8, 0x3e, 0x7c, 0x30, 0xb6, 0xfd, 0xcf, 0x07, 0xf5, 0xa6, 0x75, 0x3d, 0xac, 0xf1, 0x02, - 0xa7, 0x91, 0xfe, 0xa2, 0x42, 0xf7, 0xcc, 0x71, 0x8a, 0x18, 0xb7, 0x4b, 0xa9, 0x46, 0x6c, 0xb2, - 0xa4, 0x73, 0xb4, 0xe5, 0x44, 0x24, 0x38, 0xee, 0x39, 0xba, 0xa2, 0x98, 0x60, 0x83, 0x21, 0xda, - 0x48, 0x85, 0x54, 0x5e, 0x3e, 0x7a, 0x48, 0x25, 0xcb, 0x4f, 0xee, 0x56, 0x24, 0xf1, 0x9b, 0x16, - 0x8c, 0x05, 0xa9, 0x99, 0x2b, 0xfc, 0x38, 0x6b, 0xc7, 0xb1, 0x2a, 0x78, 0x41, 0xec, 0x74, 0x1b, - 0xce, 0xf0, 0xef, 0xb6, 0xa5, 0x95, 0x0e, 0xb8, 0xa5, 0xe9, 0x4a, 0xc9, 0x83, 0xbd, 0x2a, 0x25, - 0xa3, 0x40, 0xd5, 0x76, 0x1f, 0xca, 0xbd, 0xb6, 0x3b, 0x74, 0xa9, 0xeb, 0x7e, 0x0b, 0x2a, 0x6e, - 0x44, 0x9c, 0xe4, 0x90, 0x65, 0xbe, 0x99, 0x13, 0x7b, 0x56, 0x12, 0xc0, 0x9a, 0x96, 0xfd, 0xef, - 0x8a, 0x70, 0x52, 0x8e, 0x88, 0x8c, 0xc0, 0xa2, 0xfb, 0x23, 0xe7, 0xab, 0x95, 0x5b, 0xb5, 0x3f, - 0x5e, 0x91, 0x00, 0xac, 0x71, 0xa8, 0x3e, 0xd6, 0x8e, 0xc9, 0x72, 0x8b, 0x04, 0x8b, 0xde, 0x7a, - 0x2c, 0xfc, 0x8f, 0x6a, 0xa1, 0xdc, 0xd0, 0x20, 0x6c, 0xe2, 0x51, 0x65, 0x9c, 0xeb, 0xc5, 0x71, - 0x36, 0x7a, 0x53, 0xe8, 0xdb, 0x58, 0xc2, 0xd1, 0xaf, 0x74, 0xbd, 0x20, 0x22, 0x9f, 0xb8, 0xe5, - 0x8e, 0xc0, 0xb3, 0x03, 0xde, 0x0c, 0xf1, 0xb6, 0x05, 0x27, 0x36, 0x53, 0x09, 0x64, 0x52, 0x24, - 0x1f, 0x31, 0xd5, 0x39, 0x9d, 0x95, 0xa6, 0xa7, 0x70, 0xba, 0x3d, 0xc6, 0x59, 0xee, 0xf6, 0xff, - 0xb0, 0xc0, 0x14, 0x4f, 0xfd, 0x69, 0x56, 0xc6, 0x1d, 0x57, 0x85, 0x7d, 0xee, 0xb8, 0x92, 0x4a, - 0x58, 0xb1, 0x3f, 0xa5, 0x7f, 0xe0, 0x00, 0x4a, 0x7f, 0xa9, 0xa7, 0xd6, 0xf6, 0x34, 0x14, 0xdb, - 0x5e, 0x4d, 0xe8, 0xed, 0xda, 0xdb, 0xb8, 0x30, 0x87, 0x69, 0xbb, 0xfd, 0x8f, 0x4b, 0xda, 0x4e, - 0x17, 0xe1, 0xb6, 0x3f, 0x12, 0xaf, 0x5d, 0x57, 0x99, 0xeb, 0xfc, 0xcd, 0xaf, 0x77, 0x64, 0xae, - 0xff, 0xe4, 0xc1, 0xa3, 0xa9, 0xf9, 0x00, 0xf5, 0x4a, 0x5c, 0x1f, 0xda, 0x27, 0x94, 0xfa, 0x36, - 0x94, 0xa9, 0x69, 0xc3, 0x0e, 0xdc, 0xca, 0xa9, 0x4e, 0x95, 0xaf, 0x88, 0xf6, 0x7b, 0xbb, 0x93, - 0x3f, 0x71, 0xf0, 0x6e, 0xc9, 0xa7, 0xb1, 0xa2, 0x8f, 0x62, 0xa8, 0xd0, 0xdf, 0x2c, 0xea, 0x5b, - 0x18, 0x4d, 0x37, 0x94, 0x2c, 0x92, 0x80, 0x5c, 0x42, 0xca, 0x35, 0x1f, 0x14, 0x40, 0x85, 0x5d, - 0x4e, 0xc3, 0x98, 0x72, 0xdb, 0x6a, 0x45, 0xc5, 0x5e, 0x4b, 0xc0, 0xbd, 0xdd, 0xc9, 0x97, 0x0f, - 0xce, 0x54, 0x3d, 0x8e, 0x35, 0x0b, 0xfb, 0x9d, 0x01, 0x3d, 0x77, 0x45, 0xc1, 0x82, 0x1f, 0x89, - 0xb9, 0x7b, 0x31, 0x33, 0x77, 0xcf, 0x77, 0xcc, 0xdd, 0x31, 0x7d, 0x89, 0x4a, 0x6a, 0x36, 0x3e, - 0xe8, 0x0d, 0x76, 0x7f, 0x3b, 0x9e, 0x69, 0x16, 0x77, 0xda, 0x5e, 0x44, 0xe2, 0x95, 0xa8, 0x1d, - 0x78, 0x41, 0x43, 0xdc, 0x5b, 0x69, 0x68, 0x16, 0x29, 0x30, 0xce, 0xe2, 0xb3, 0x3b, 0x2f, 0x77, - 0x02, 0xf7, 0x96, 0xb3, 0xc5, 0x67, 0x95, 0x91, 0xc3, 0xbd, 0x2a, 0xda, 0xb1, 0xc2, 0xb0, 0xdf, - 0x65, 0xbe, 0x5b, 0x23, 0xdd, 0x84, 0xce, 0x09, 0x9f, 0xdd, 0x06, 0xc4, 0x13, 0xc0, 0xd5, 0x9c, - 0xe0, 0x57, 0x00, 0x71, 0x18, 0xba, 0x0b, 0x43, 0xeb, 0xbc, 0xba, 0x7e, 0x3e, 0x15, 0xe3, 0x44, - 0xa9, 0x7e, 0x56, 0xd4, 0x55, 0xd6, 0xed, 0xbf, 0xa7, 0x7f, 0x62, 0xc9, 0xcd, 0x7e, 0x6f, 0x00, - 0x4e, 0x64, 0xee, 0x8b, 0x49, 0xd5, 0xaf, 0x29, 0xec, 0x5b, 0xbf, 0xe6, 0x33, 0x00, 0x35, 0xd2, - 0xf2, 0xc3, 0x1d, 0xa6, 0xe6, 0x0c, 0x1c, 0x58, 0xcd, 0x51, 0x9a, 0xf1, 0x9c, 0xa2, 0x82, 0x0d, - 0x8a, 0x22, 0xeb, 0x9d, 0x97, 0xc3, 0xc9, 0x64, 0xbd, 0x1b, 0x45, 0x1b, 0x07, 0x1f, 0x6c, 0xd1, - 0x46, 0x0f, 0x4e, 0xf0, 0x2e, 0xaa, 0xa4, 0x8e, 0x43, 0xe4, 0x6e, 0xb0, 0x08, 0xd9, 0xb9, 0x34, - 0x19, 0x9c, 0xa5, 0xfb, 0x30, 0xaf, 0x83, 0x42, 0x1f, 0x85, 0x8a, 0xfc, 0xce, 0xf1, 0x44, 0x45, - 0x27, 0xc6, 0xc9, 0x69, 0xc0, 0xae, 0x69, 0x12, 0x3f, 0xed, 0x6f, 0x14, 0xa8, 0x56, 0xca, 0xff, - 0xa9, 0x04, 0xe7, 0x67, 0x61, 0xd0, 0x69, 0x27, 0x1b, 0x61, 0xc7, 0x95, 0x01, 0x33, 0xac, 0x15, - 0x0b, 0x28, 0x5a, 0x84, 0x81, 0x9a, 0x4e, 0x5a, 0x3d, 0xc8, 0x28, 0xea, 0x03, 0x3e, 0x27, 0x21, - 0x98, 0x51, 0x41, 0x4f, 0xc1, 0x40, 0xe2, 0x34, 0x52, 0x77, 0xaf, 0xae, 0x39, 0x8d, 0x18, 0xb3, - 0x56, 0x73, 0xd3, 0x1c, 0xd8, 0x67, 0xd3, 0x7c, 0x19, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, - 0x22, 0x86, 0x33, 0x49, 0xc7, 0x07, 0x98, 0x40, 0x9c, 0xc6, 0xb5, 0xdf, 0xaf, 0xc0, 0xe9, 0x6e, - 0x77, 0xe4, 0xe7, 0x1d, 0x0d, 0xdf, 0x8d, 0xc7, 0x83, 0x8b, 0x86, 0xef, 0xc1, 0xdd, 0x37, 0xa2, - 0xe1, 0x7d, 0x23, 0x1a, 0xfe, 0x2b, 0x16, 0x54, 0x54, 0x10, 0xb8, 0x08, 0x64, 0x7d, 0x3d, 0xff, - 0x1e, 0xa8, 0x88, 0x60, 0x11, 0x0b, 0x2c, 0xff, 0x62, 0xcd, 0xfc, 0xf8, 0xc2, 0xe3, 0xef, 0xdb, - 0xa1, 0x03, 0x85, 0xc7, 0xab, 0xdc, 0x81, 0x52, 0x1e, 0xb9, 0x03, 0x3d, 0x3e, 0x55, 0xd7, 0xdc, - 0x81, 0x6f, 0x5a, 0x30, 0xec, 0xbc, 0xd5, 0x8e, 0xc8, 0x1c, 0xd9, 0x5a, 0x6e, 0xc5, 0x42, 0xc0, - 0xbe, 0x91, 0x7f, 0x07, 0x66, 0x34, 0x13, 0x51, 0xdb, 0x58, 0x37, 0x60, 0xb3, 0x0b, 0xa9, 0x5c, - 0x81, 0xa1, 0x3c, 0x72, 0x05, 0xba, 0x75, 0x67, 0xdf, 0x5c, 0x81, 0x97, 0x61, 0xd4, 0xf5, 0xc3, - 0x80, 0xac, 0x44, 0x61, 0x12, 0xba, 0xa1, 0x2f, 0x94, 0x69, 0x25, 0x12, 0x66, 0x4d, 0x20, 0x4e, - 0xe3, 0xf6, 0x4a, 0x34, 0xa8, 0x1c, 0x35, 0xd1, 0x00, 0x1e, 0x52, 0xa2, 0xc1, 0x9f, 0x15, 0x60, - 0x72, 0x9f, 0x8f, 0x8a, 0x2e, 0xc2, 0x48, 0x18, 0x35, 0x9c, 0xc0, 0x7b, 0x8b, 0x27, 0xb5, 0x96, - 0xd2, 0xa5, 0x33, 0x96, 0x0d, 0x18, 0x4e, 0x61, 0xca, 0x50, 0xe4, 0xc1, 0x1e, 0xa1, 0xc8, 0x1f, - 0x87, 0xe1, 0x84, 0x38, 0x4d, 0x11, 0x77, 0x21, 0x0c, 0x20, 0xed, 0x50, 0xd2, 0x20, 0x6c, 0xe2, - 0xd1, 0x69, 0x34, 0xe6, 0xb8, 0x2e, 0x89, 0x63, 0x19, 0x6b, 0x2c, 0x0e, 0x67, 0x72, 0x0b, 0x64, - 0x66, 0x67, 0x5e, 0x33, 0x29, 0x16, 0x38, 0xc3, 0x92, 0x76, 0xde, 0xf1, 0x7d, 0x9e, 0x56, 0x40, - 0xe4, 0x6d, 0xea, 0xba, 0x04, 0x86, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0xf5, 0x02, 0x3c, 0x7d, 0x5f, - 0xf1, 0xd2, 0x77, 0x18, 0x78, 0x3b, 0x26, 0x51, 0xd6, 0x21, 0x73, 0x23, 0x26, 0x11, 0x66, 0x10, - 0x3e, 0x4a, 0xad, 0x96, 0x71, 0x69, 0x51, 0xde, 0x59, 0x07, 0x7c, 0x94, 0x52, 0x2c, 0x70, 0x86, - 0x65, 0x76, 0x94, 0x06, 0xfa, 0x1c, 0xa5, 0xbf, 0x57, 0x80, 0x67, 0xfa, 0x10, 0xc2, 0x39, 0x66, - 0x67, 0xa4, 0xb3, 0x5b, 0x8a, 0x0f, 0x27, 0xbb, 0xe5, 0xb0, 0xc3, 0xf5, 0x6e, 0x01, 0xce, 0xf6, - 0x96, 0x85, 0xe8, 0xa7, 0xa8, 0x11, 0x25, 0x83, 0x2d, 0xcc, 0xcc, 0x98, 0x53, 0xdc, 0x80, 0x4a, - 0x81, 0x70, 0x16, 0x17, 0x4d, 0x01, 0xb4, 0x9c, 0x64, 0x23, 0xbe, 0xb4, 0xed, 0xc5, 0x89, 0xc8, - 0xe9, 0x1c, 0xe3, 0x47, 0xe1, 0xb2, 0x15, 0x1b, 0x18, 0x94, 0x1d, 0xfb, 0x37, 0x17, 0x5e, 0x0f, - 0x13, 0xfe, 0x10, 0xd7, 0xe3, 0x4e, 0xc9, 0xe2, 0x91, 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0xe6, - 0x6c, 0xe1, 0x1d, 0xe5, 0x0a, 0x1e, 0x63, 0xb7, 0xa8, 0x5a, 0xb1, 0x81, 0x91, 0xcd, 0xf9, 0x29, - 0xf5, 0x91, 0xf3, 0xf3, 0x8f, 0x0a, 0xf0, 0x44, 0xcf, 0xbd, 0xb4, 0xbf, 0x05, 0xf8, 0xe8, 0x25, - 0xfb, 0x1c, 0x6e, 0xee, 0x1c, 0x30, 0x85, 0xe5, 0x4f, 0x7a, 0xcc, 0x34, 0x91, 0xc2, 0x92, 0xdd, - 0x2a, 0xac, 0x83, 0x6e, 0x15, 0x8f, 0xd0, 0x78, 0x76, 0x64, 0xad, 0x0c, 0x1c, 0x20, 0x6b, 0x25, - 0xf3, 0x31, 0x4a, 0x7d, 0x2e, 0xe4, 0xef, 0xf5, 0x1e, 0x5e, 0xaa, 0x7b, 0xf7, 0x75, 0x3c, 0x35, - 0x07, 0x27, 0xbd, 0x80, 0x15, 0x12, 0x5e, 0x6d, 0xaf, 0x8b, 0x8c, 0xdf, 0x42, 0xfa, 0x8e, 0xac, - 0x85, 0x0c, 0x1c, 0x77, 0x3c, 0xf1, 0x08, 0x66, 0x11, 0x1d, 0x72, 0x48, 0x3f, 0x03, 0x15, 0x45, - 0x9b, 0x47, 0x46, 0xaa, 0x0f, 0xda, 0x11, 0x19, 0xa9, 0xbe, 0xa6, 0x81, 0x45, 0x47, 0x62, 0x93, - 0xec, 0x64, 0x67, 0xe6, 0x35, 0xb2, 0xc3, 0xbc, 0xa4, 0xf6, 0xc7, 0x60, 0x44, 0x19, 0x91, 0xfd, - 0x16, 0xba, 0xb5, 0xdf, 0x19, 0x84, 0xd1, 0x54, 0x19, 0x8b, 0xd4, 0x99, 0x8d, 0xb5, 0xef, 0x99, - 0x0d, 0x8b, 0x74, 0x6d, 0x07, 0xb2, 0x94, 0xb4, 0x11, 0xe9, 0xda, 0x0e, 0x08, 0xe6, 0x30, 0x6a, - 0xba, 0xd7, 0xa2, 0x1d, 0xdc, 0x0e, 0x44, 0x44, 0x9a, 0x32, 0xdd, 0xe7, 0x58, 0x2b, 0x16, 0x50, - 0xf4, 0x05, 0x0b, 0x46, 0x62, 0x76, 0x20, 0xc8, 0x4f, 0xbc, 0xc4, 0x07, 0xbd, 0x9a, 0xc7, 0x3d, - 0xcd, 0xa2, 0x64, 0x0b, 0x73, 0x66, 0x9b, 0x2d, 0x38, 0xc5, 0x11, 0x7d, 0xc9, 0x32, 0x6f, 0xa8, - 0x1e, 0xcc, 0x23, 0x92, 0x32, 0x5b, 0x25, 0x84, 0x1f, 0x95, 0xdc, 0xff, 0xa2, 0x6a, 0x7d, 0x71, - 0xfd, 0xd0, 0x83, 0xbb, 0xb8, 0xfe, 0xa3, 0x50, 0x69, 0x3a, 0x81, 0x57, 0x27, 0x71, 0xc2, 0x4f, - 0x88, 0x64, 0xf1, 0x22, 0xd9, 0x88, 0x35, 0x9c, 0x6e, 0x76, 0x31, 0x7b, 0xb1, 0xc4, 0x38, 0xd2, - 0x61, 0x9b, 0xdd, 0xaa, 0x6e, 0xc6, 0x26, 0x8e, 0x79, 0xfe, 0x04, 0x0f, 0xf5, 0xfc, 0x69, 0x78, - 0x9f, 0xf3, 0xa7, 0x7f, 0x60, 0xc1, 0x99, 0xae, 0x5f, 0xed, 0xd1, 0x8d, 0x51, 0xb2, 0xbf, 0x55, - 0x82, 0x53, 0x5d, 0xea, 0xd1, 0xa0, 0x9d, 0x63, 0xbb, 0x71, 0x5d, 0x14, 0xbc, 0x19, 0xed, 0x39, - 0x89, 0x0f, 0x76, 0xfa, 0xab, 0x4f, 0x60, 0x8b, 0x0f, 0xf6, 0x04, 0xd6, 0x98, 0x96, 0x03, 0x0f, - 0x75, 0x5a, 0x96, 0xee, 0x3f, 0x2d, 0xd1, 0x6f, 0x5b, 0x30, 0xd1, 0xec, 0x51, 0x04, 0x51, 0x9c, - 0xaa, 0xdc, 0x3c, 0x9e, 0x12, 0x8b, 0xd5, 0xa7, 0xf6, 0x76, 0x27, 0x7b, 0xd6, 0x9e, 0xc4, 0x3d, - 0x7b, 0x65, 0xbf, 0x5f, 0x04, 0x56, 0x0c, 0x89, 0x95, 0x1f, 0xd9, 0x41, 0x9f, 0x37, 0xcb, 0x5a, - 0x59, 0x79, 0x95, 0x60, 0xe2, 0xc4, 0x55, 0x59, 0x2c, 0x3e, 0x82, 0xdd, 0xaa, 0x64, 0x65, 0x85, - 0x56, 0xa1, 0x0f, 0xa1, 0xe5, 0xcb, 0xfa, 0x61, 0xc5, 0xfc, 0xeb, 0x87, 0x55, 0xb2, 0xb5, 0xc3, - 0xee, 0xff, 0x89, 0x07, 0x1e, 0xc9, 0x4f, 0xfc, 0x37, 0x2c, 0x2e, 0x78, 0x32, 0x5f, 0x41, 0x6b, - 0x06, 0xd6, 0x7d, 0x34, 0x83, 0xe7, 0xd9, 0x4d, 0x7f, 0xf5, 0x2b, 0xc4, 0xf1, 0x85, 0x06, 0x61, - 0x5e, 0xda, 0xc7, 0xda, 0xb1, 0xc2, 0x60, 0x77, 0x73, 0xf8, 0x7e, 0x78, 0xf7, 0x52, 0xb3, 0x95, - 0xec, 0x08, 0x5d, 0x42, 0xdf, 0xcd, 0xa1, 0x20, 0xd8, 0xc0, 0xb2, 0xff, 0x56, 0x81, 0xcf, 0x40, - 0xe1, 0x57, 0xbd, 0x98, 0x29, 0x04, 0xdf, 0xbf, 0x4b, 0xf2, 0x73, 0x00, 0xae, 0xba, 0xe4, 0x4b, - 0x1c, 0x78, 0x5f, 0x39, 0xf2, 0x25, 0x49, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, 0x7e, 0x29, - 0x59, 0x5a, 0xdc, 0x57, 0x96, 0xa6, 0xc4, 0xca, 0xc0, 0x3e, 0xbb, 0xdd, 0x9f, 0x59, 0x90, 0xd2, - 0x88, 0x50, 0x0b, 0x4a, 0xb4, 0xbb, 0x3b, 0xf9, 0xdc, 0x5f, 0x66, 0x92, 0xa6, 0xa2, 0x51, 0x4c, - 0x7b, 0xf6, 0x13, 0x73, 0x46, 0xc8, 0x17, 0xee, 0xd7, 0x42, 0x1e, 0x77, 0xec, 0x99, 0x0c, 0xaf, - 0x84, 0xe1, 0x26, 0xf7, 0xda, 0x68, 0x57, 0xae, 0x7d, 0x11, 0xc6, 0x3b, 0x3a, 0xc5, 0x6a, 0x3e, - 0x87, 0xf2, 0xd2, 0x36, 0x63, 0xba, 0xb2, 0x1c, 0x28, 0xcc, 0x61, 0xf6, 0xbb, 0x16, 0x9c, 0xcc, - 0x92, 0x47, 0xdf, 0xb6, 0x60, 0x3c, 0xce, 0xd2, 0x3b, 0xae, 0xb1, 0x53, 0xa1, 0x49, 0x1d, 0x20, - 0xdc, 0xd9, 0x09, 0xfb, 0xcf, 0xc5, 0xe4, 0xbf, 0xe5, 0x05, 0xb5, 0xf0, 0xae, 0x52, 0x4c, 0xac, - 0x9e, 0x8a, 0x09, 0x5d, 0x8f, 0xee, 0x06, 0xa9, 0xb5, 0xfd, 0x8e, 0xe4, 0xab, 0x55, 0xd1, 0x8e, - 0x15, 0x46, 0xea, 0xfa, 0xf6, 0xe2, 0xbe, 0xd7, 0xb7, 0xbf, 0x04, 0x23, 0xe6, 0xc5, 0x84, 0x62, - 0x5e, 0x32, 0x85, 0xdc, 0xbc, 0xc3, 0x10, 0xa7, 0xb0, 0x32, 0x57, 0x53, 0x97, 0xf6, 0xbd, 0x9a, - 0xfa, 0x39, 0x28, 0x8b, 0x6b, 0x96, 0x65, 0x00, 0x1f, 0xcf, 0xec, 0x12, 0x6d, 0x58, 0x41, 0xa9, - 0x34, 0x69, 0x3a, 0x41, 0xdb, 0xf1, 0xe9, 0x08, 0x89, 0x74, 0x54, 0xb5, 0x0c, 0x97, 0x14, 0x04, - 0x1b, 0x58, 0xf4, 0x8d, 0x13, 0xaf, 0x49, 0x5e, 0x0b, 0x03, 0x19, 0xfa, 0xa2, 0xcf, 0xb4, 0x45, - 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb5, 0x20, 0x7b, 0x47, 0x6c, 0xea, 0x94, 0xc3, 0xda, 0x37, 0x05, - 0x36, 0x9d, 0x40, 0x57, 0xe8, 0x2b, 0x81, 0xce, 0xcc, 0x6d, 0x2b, 0xde, 0x37, 0xb7, 0xed, 0xc7, - 0xf4, 0xcd, 0x21, 0x3c, 0x09, 0x6e, 0xb8, 0xdb, 0xad, 0x21, 0xc8, 0x86, 0x41, 0xd7, 0x51, 0x45, - 0x12, 0x46, 0xb8, 0xed, 0x30, 0x3b, 0xc3, 0x90, 0x04, 0xa4, 0xba, 0xfe, 0xde, 0x0f, 0xce, 0x7d, - 0xe8, 0x7b, 0x3f, 0x38, 0xf7, 0xa1, 0x3f, 0xfa, 0xc1, 0xb9, 0x0f, 0x7d, 0x61, 0xef, 0x9c, 0xf5, - 0xde, 0xde, 0x39, 0xeb, 0x7b, 0x7b, 0xe7, 0xac, 0x3f, 0xda, 0x3b, 0x67, 0xbd, 0xbf, 0x77, 0xce, - 0xfa, 0xe6, 0x7f, 0x3a, 0xf7, 0xa1, 0xd7, 0xba, 0x86, 0x2a, 0xd1, 0x1f, 0x2f, 0xb8, 0xb5, 0xe9, - 0xad, 0x0b, 0x2c, 0x5a, 0x86, 0xae, 0x86, 0x69, 0x63, 0x0a, 0x4c, 0xcb, 0xd5, 0xf0, 0xff, 0x02, - 0x00, 0x00, 0xff, 0xff, 0xbe, 0x71, 0xe6, 0x5d, 0x8f, 0xc7, 0x00, 0x00, + // 10557 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, + 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0xa1, 0xef, 0x8e, 0x04, 0x4f, 0x24, 0x71, + 0x1e, 0x96, 0x29, 0x2a, 0x22, 0x01, 0xf3, 0x44, 0x2a, 0x8c, 0x69, 0x4b, 0xc6, 0x02, 0x77, 0x38, + 0xdc, 0x01, 0x07, 0xb0, 0x81, 0xbb, 0x93, 0x28, 0x53, 0xd4, 0x60, 0xb6, 0xb1, 0x98, 0xc3, 0xec, + 0xcc, 0x72, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0xfe, 0x50, 0xa2, 0x0f, 0x2a, 0x52, 0x52, + 0x96, 0x93, 0xc8, 0x91, 0x2d, 0x27, 0x15, 0x57, 0xa2, 0x8a, 0x53, 0xf9, 0x11, 0x27, 0x4e, 0xca, + 0x65, 0x3b, 0x3f, 0x94, 0x52, 0x52, 0x51, 0xa5, 0x5c, 0x96, 0x13, 0xdb, 0x88, 0x84, 0x54, 0x2a, + 0xa9, 0x54, 0xc5, 0x55, 0xf9, 0xf8, 0x91, 0x5c, 0x52, 0x95, 0x54, 0x7f, 0xf7, 0xcc, 0xce, 0x1e, + 0x16, 0xc0, 0xe0, 0xee, 0x24, 0xf3, 0xdf, 0x6e, 0xbf, 0x37, 0xef, 0xbd, 0xe9, 0xe9, 0x7e, 0xfd, + 0xfa, 0xf5, 0x7b, 0xaf, 0x61, 0xb1, 0xe9, 0x25, 0x9b, 0x9d, 0xf5, 0x29, 0x37, 0x6c, 0x4d, 0x3b, + 0x51, 0x33, 0x6c, 0x47, 0xe1, 0x6d, 0xf6, 0xe3, 0x39, 0xb7, 0x31, 0xbd, 0x7d, 0x71, 0xba, 0xbd, + 0xd5, 0x9c, 0x76, 0xda, 0x5e, 0x3c, 0xed, 0xb4, 0xdb, 0xbe, 0xe7, 0x3a, 0x89, 0x17, 0x06, 0xd3, + 0xdb, 0xcf, 0x3b, 0x7e, 0x7b, 0xd3, 0x79, 0x7e, 0xba, 0x49, 0x02, 0x12, 0x39, 0x09, 0x69, 0x4c, + 0xb5, 0xa3, 0x30, 0x09, 0xd1, 0x8f, 0x69, 0x6a, 0x53, 0x92, 0x1a, 0xfb, 0xf1, 0xba, 0xdb, 0x98, + 0xda, 0xbe, 0x38, 0xd5, 0xde, 0x6a, 0x4e, 0x51, 0x6a, 0x53, 0x06, 0xb5, 0x29, 0x49, 0xed, 0xfc, + 0x73, 0x86, 0x2c, 0xcd, 0xb0, 0x19, 0x4e, 0x33, 0xa2, 0xeb, 0x9d, 0x0d, 0xf6, 0x8f, 0xfd, 0x61, + 0xbf, 0x38, 0xb3, 0xf3, 0xf6, 0xd6, 0x4b, 0xf1, 0x94, 0x17, 0x52, 0xf1, 0xa6, 0xdd, 0x30, 0x22, + 0xd3, 0xdb, 0x5d, 0x02, 0x9d, 0xbf, 0xa2, 0x71, 0xc8, 0x4e, 0x42, 0x82, 0xd8, 0x0b, 0x83, 0xf8, + 0x39, 0x2a, 0x02, 0x89, 0xb6, 0x49, 0x64, 0xbe, 0x9e, 0x81, 0x90, 0x47, 0xe9, 0x05, 0x4d, 0xa9, + 0xe5, 0xb8, 0x9b, 0x5e, 0x40, 0xa2, 0x5d, 0xfd, 0x78, 0x8b, 0x24, 0x4e, 0xde, 0x53, 0xd3, 0xbd, + 0x9e, 0x8a, 0x3a, 0x41, 0xe2, 0xb5, 0x48, 0xd7, 0x03, 0xef, 0x3b, 0xe8, 0x81, 0xd8, 0xdd, 0x24, + 0x2d, 0xa7, 0xeb, 0xb9, 0xf7, 0xf6, 0x7a, 0xae, 0x93, 0x78, 0xfe, 0xb4, 0x17, 0x24, 0x71, 0x12, + 0x65, 0x1f, 0xb2, 0xdf, 0x80, 0xd1, 0x99, 0x5b, 0xab, 0x33, 0x9d, 0x64, 0x73, 0x36, 0x0c, 0x36, + 0xbc, 0x26, 0x7a, 0x11, 0x86, 0x5d, 0xbf, 0x13, 0x27, 0x24, 0xba, 0xee, 0xb4, 0xc8, 0x84, 0x75, + 0xc1, 0x7a, 0xa6, 0x56, 0x3f, 0xf3, 0xcd, 0xbd, 0xc9, 0x77, 0xec, 0xef, 0x4d, 0x0e, 0xcf, 0x6a, + 0x10, 0x36, 0xf1, 0xd0, 0xbb, 0x61, 0x28, 0x0a, 0x7d, 0x32, 0x83, 0xaf, 0x4f, 0x94, 0xd8, 0x23, + 0xa7, 0xc4, 0x23, 0x43, 0x98, 0x37, 0x63, 0x09, 0xb7, 0xff, 0xa0, 0x04, 0x30, 0xd3, 0x6e, 0xaf, + 0x44, 0xe1, 0x6d, 0xe2, 0x26, 0xe8, 0xa3, 0x50, 0xa5, 0x5d, 0xd7, 0x70, 0x12, 0x87, 0x71, 0x1b, + 0xbe, 0xf8, 0x23, 0x53, 0xfc, 0x4d, 0xa6, 0xcc, 0x37, 0xd1, 0x03, 0x87, 0x62, 0x4f, 0x6d, 0x3f, + 0x3f, 0xb5, 0xbc, 0x4e, 0x9f, 0x5f, 0x22, 0x89, 0x53, 0x47, 0x82, 0x19, 0xe8, 0x36, 0xac, 0xa8, + 0xa2, 0x00, 0x06, 0xe2, 0x36, 0x71, 0x99, 0x60, 0xc3, 0x17, 0x17, 0xa7, 0x8e, 0x33, 0x42, 0xa7, + 0xb4, 0xe4, 0xab, 0x6d, 0xe2, 0xd6, 0x47, 0x04, 0xe7, 0x01, 0xfa, 0x0f, 0x33, 0x3e, 0x68, 0x1b, + 0x06, 0xe3, 0xc4, 0x49, 0x3a, 0xf1, 0x44, 0x99, 0x71, 0xbc, 0x5e, 0x18, 0x47, 0x46, 0xb5, 0x3e, + 0x26, 0x78, 0x0e, 0xf2, 0xff, 0x58, 0x70, 0xb3, 0xff, 0xc4, 0x82, 0x31, 0x8d, 0xbc, 0xe8, 0xc5, + 0x09, 0xfa, 0xc9, 0xae, 0xce, 0x9d, 0xea, 0xaf, 0x73, 0xe9, 0xd3, 0xac, 0x6b, 0x4f, 0x0b, 0x66, + 0x55, 0xd9, 0x62, 0x74, 0x6c, 0x0b, 0x2a, 0x5e, 0x42, 0x5a, 0xf1, 0x44, 0xe9, 0x42, 0xf9, 0x99, + 0xe1, 0x8b, 0x57, 0x8a, 0x7a, 0xcf, 0xfa, 0xa8, 0x60, 0x5a, 0x59, 0xa0, 0xe4, 0x31, 0xe7, 0x62, + 0xff, 0xfa, 0x88, 0xf9, 0x7e, 0xb4, 0xc3, 0xd1, 0xf3, 0x30, 0x1c, 0x87, 0x9d, 0xc8, 0x25, 0x98, + 0xb4, 0xc3, 0x78, 0xc2, 0xba, 0x50, 0xa6, 0x43, 0x8f, 0x8e, 0xd4, 0x55, 0xdd, 0x8c, 0x4d, 0x1c, + 0xf4, 0x05, 0x0b, 0x46, 0x1a, 0x24, 0x4e, 0xbc, 0x80, 0xf1, 0x97, 0xc2, 0xaf, 0x1d, 0x5b, 0x78, + 0xd9, 0x38, 0xa7, 0x89, 0xd7, 0xcf, 0x8a, 0x17, 0x19, 0x31, 0x1a, 0x63, 0x9c, 0xe2, 0x4f, 0x67, + 0x5c, 0x83, 0xc4, 0x6e, 0xe4, 0xb5, 0xe9, 0x7f, 0x36, 0x66, 0x8c, 0x19, 0x37, 0xa7, 0x41, 0xd8, + 0xc4, 0x43, 0x01, 0x54, 0xe8, 0x8c, 0x8a, 0x27, 0x06, 0x98, 0xfc, 0x0b, 0xc7, 0x93, 0x5f, 0x74, + 0x2a, 0x9d, 0xac, 0xba, 0xf7, 0xe9, 0xbf, 0x18, 0x73, 0x36, 0xe8, 0xf3, 0x16, 0x4c, 0x88, 0x19, + 0x8f, 0x09, 0xef, 0xd0, 0x5b, 0x9b, 0x5e, 0x42, 0x7c, 0x2f, 0x4e, 0x26, 0x2a, 0x4c, 0x86, 0xe9, + 0xfe, 0xc6, 0xd6, 0x7c, 0x14, 0x76, 0xda, 0xd7, 0xbc, 0xa0, 0x51, 0xbf, 0x20, 0x38, 0x4d, 0xcc, + 0xf6, 0x20, 0x8c, 0x7b, 0xb2, 0x44, 0x5f, 0xb6, 0xe0, 0x7c, 0xe0, 0xb4, 0x48, 0xdc, 0x76, 0xe8, + 0xa7, 0xe5, 0xe0, 0xba, 0xef, 0xb8, 0x5b, 0x4c, 0xa2, 0xc1, 0xa3, 0x49, 0x64, 0x0b, 0x89, 0xce, + 0x5f, 0xef, 0x49, 0x1a, 0xdf, 0x83, 0x2d, 0xfa, 0xba, 0x05, 0xe3, 0x61, 0xd4, 0xde, 0x74, 0x02, + 0xd2, 0x90, 0xd0, 0x78, 0x62, 0x88, 0x4d, 0xbd, 0x8f, 0x1c, 0xef, 0x13, 0x2d, 0x67, 0xc9, 0x2e, + 0x85, 0x81, 0x97, 0x84, 0xd1, 0x2a, 0x49, 0x12, 0x2f, 0x68, 0xc6, 0xf5, 0x73, 0xfb, 0x7b, 0x93, + 0xe3, 0x5d, 0x58, 0xb8, 0x5b, 0x1e, 0xf4, 0x53, 0x30, 0x1c, 0xef, 0x06, 0xee, 0x2d, 0x2f, 0x68, + 0x84, 0x77, 0xe2, 0x89, 0x6a, 0x11, 0xd3, 0x77, 0x55, 0x11, 0x14, 0x13, 0x50, 0x33, 0xc0, 0x26, + 0xb7, 0xfc, 0x0f, 0xa7, 0x87, 0x52, 0xad, 0xe8, 0x0f, 0xa7, 0x07, 0xd3, 0x3d, 0xd8, 0xa2, 0x5f, + 0xb0, 0x60, 0x34, 0xf6, 0x9a, 0x81, 0x93, 0x74, 0x22, 0x72, 0x8d, 0xec, 0xc6, 0x13, 0xc0, 0x04, + 0xb9, 0x7a, 0xcc, 0x5e, 0x31, 0x48, 0xd6, 0xcf, 0x09, 0x19, 0x47, 0xcd, 0xd6, 0x18, 0xa7, 0xf9, + 0xe6, 0x4d, 0x34, 0x3d, 0xac, 0x87, 0x8b, 0x9d, 0x68, 0x7a, 0x50, 0xf7, 0x64, 0x89, 0x7e, 0x02, + 0x4e, 0xf3, 0x26, 0xd5, 0xb3, 0xf1, 0xc4, 0x08, 0x53, 0xb4, 0x67, 0xf7, 0xf7, 0x26, 0x4f, 0xaf, + 0x66, 0x60, 0xb8, 0x0b, 0x1b, 0xbd, 0x01, 0x93, 0x6d, 0x12, 0xb5, 0xbc, 0x64, 0x39, 0xf0, 0x77, + 0xa5, 0xfa, 0x76, 0xc3, 0x36, 0x69, 0x08, 0x71, 0xe2, 0x89, 0xd1, 0x0b, 0xd6, 0x33, 0xd5, 0xfa, + 0xbb, 0x84, 0x98, 0x93, 0x2b, 0xf7, 0x46, 0xc7, 0x07, 0xd1, 0xb3, 0xff, 0x45, 0x09, 0x4e, 0x67, + 0x17, 0x4e, 0xf4, 0xb7, 0x2d, 0x38, 0x75, 0xfb, 0x4e, 0xb2, 0x16, 0x6e, 0x91, 0x20, 0xae, 0xef, + 0x52, 0xf5, 0xc6, 0x96, 0x8c, 0xe1, 0x8b, 0x6e, 0xb1, 0x4b, 0xf4, 0xd4, 0xd5, 0x34, 0x97, 0x4b, + 0x41, 0x12, 0xed, 0xd6, 0x1f, 0x15, 0x6f, 0x77, 0xea, 0xea, 0xad, 0x35, 0x13, 0x8a, 0xb3, 0x42, + 0x9d, 0xff, 0xac, 0x05, 0x67, 0xf3, 0x48, 0xa0, 0xd3, 0x50, 0xde, 0x22, 0xbb, 0xdc, 0x2a, 0xc3, + 0xf4, 0x27, 0x7a, 0x0d, 0x2a, 0xdb, 0x8e, 0xdf, 0x21, 0xc2, 0xba, 0x99, 0x3f, 0xde, 0x8b, 0x28, + 0xc9, 0x30, 0xa7, 0xfa, 0xa3, 0xa5, 0x97, 0x2c, 0xfb, 0x5f, 0x97, 0x61, 0xd8, 0x58, 0xdf, 0xee, + 0x83, 0xc5, 0x16, 0xa6, 0x2c, 0xb6, 0xa5, 0xc2, 0x96, 0xe6, 0x9e, 0x26, 0xdb, 0x9d, 0x8c, 0xc9, + 0xb6, 0x5c, 0x1c, 0xcb, 0x7b, 0xda, 0x6c, 0x28, 0x81, 0x5a, 0xd8, 0xa6, 0x16, 0x39, 0x5d, 0xfa, + 0x07, 0x8a, 0xf8, 0x84, 0xcb, 0x92, 0x5c, 0x7d, 0x74, 0x7f, 0x6f, 0xb2, 0xa6, 0xfe, 0x62, 0xcd, + 0xc8, 0xfe, 0x8e, 0x05, 0x67, 0x0d, 0x19, 0x67, 0xc3, 0xa0, 0xe1, 0xb1, 0x4f, 0x7b, 0x01, 0x06, + 0x92, 0xdd, 0xb6, 0x34, 0xfb, 0x55, 0x4f, 0xad, 0xed, 0xb6, 0x09, 0x66, 0x10, 0x6a, 0xe8, 0xb7, + 0x48, 0x1c, 0x3b, 0x4d, 0x92, 0x35, 0xf4, 0x97, 0x78, 0x33, 0x96, 0x70, 0x14, 0x01, 0xf2, 0x9d, + 0x38, 0x59, 0x8b, 0x9c, 0x20, 0x66, 0xe4, 0xd7, 0xbc, 0x16, 0x11, 0x1d, 0xfc, 0xe7, 0xfa, 0x1b, + 0x31, 0xf4, 0x89, 0xfa, 0x23, 0xfb, 0x7b, 0x93, 0x68, 0xb1, 0x8b, 0x12, 0xce, 0xa1, 0x6e, 0x7f, + 0xd9, 0x82, 0x47, 0xf2, 0x6d, 0x31, 0xf4, 0x34, 0x0c, 0xf2, 0x2d, 0x9f, 0x78, 0x3b, 0xfd, 0x49, + 0x58, 0x2b, 0x16, 0x50, 0x34, 0x0d, 0x35, 0xb5, 0x4e, 0x88, 0x77, 0x1c, 0x17, 0xa8, 0x35, 0xbd, + 0xb8, 0x68, 0x1c, 0xda, 0x69, 0xf4, 0x8f, 0xb0, 0xdc, 0x54, 0xa7, 0xb1, 0x4d, 0x12, 0x83, 0xd8, + 0xff, 0xde, 0x82, 0x53, 0x86, 0x54, 0xf7, 0xc1, 0x34, 0x0f, 0xd2, 0xa6, 0xf9, 0x42, 0x61, 0xe3, + 0xb9, 0x87, 0x6d, 0xfe, 0x79, 0x0b, 0xce, 0x1b, 0x58, 0x4b, 0x4e, 0xe2, 0x6e, 0x5e, 0xda, 0x69, + 0x47, 0x24, 0xa6, 0xdb, 0x69, 0xf4, 0x84, 0xa1, 0xb7, 0xea, 0xc3, 0x82, 0x42, 0xf9, 0x1a, 0xd9, + 0xe5, 0x4a, 0xec, 0x59, 0xa8, 0xf2, 0xc1, 0x19, 0x46, 0xa2, 0xc7, 0xd5, 0xbb, 0x2d, 0x8b, 0x76, + 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0x39, 0xd1, 0xc9, 0x4a, 0x97, 0x21, 0xa0, 0x1f, 0xf1, 0x26, + 0x6b, 0xc1, 0x02, 0x62, 0x2f, 0xa7, 0xc4, 0x59, 0x89, 0x08, 0xfb, 0xb8, 0x8d, 0xcb, 0x1e, 0xf1, + 0x1b, 0x31, 0xdd, 0x36, 0x38, 0x41, 0x10, 0x26, 0x62, 0x07, 0x60, 0x6c, 0x1b, 0x66, 0x74, 0x33, + 0x36, 0x71, 0xec, 0xfd, 0x12, 0xdb, 0x7c, 0xa8, 0x69, 0x4d, 0xee, 0xc7, 0xce, 0x35, 0x4a, 0xe9, + 0xc1, 0x95, 0xe2, 0x94, 0x12, 0xe9, 0xbd, 0x7b, 0x7d, 0x33, 0xa3, 0x0a, 0x71, 0xa1, 0x5c, 0xef, + 0xbd, 0x83, 0xfd, 0x9d, 0x12, 0x4c, 0xa6, 0x1f, 0xe8, 0xd2, 0xa4, 0x74, 0xbb, 0x64, 0x30, 0xca, + 0x3a, 0x28, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x50, 0x46, 0xa5, 0x93, 0x54, 0x46, 0xa6, 0xae, 0x2c, + 0x1f, 0xa0, 0x2b, 0x9f, 0x56, 0xbd, 0x3e, 0x90, 0x51, 0x4e, 0xe9, 0xf5, 0xe2, 0x02, 0x0c, 0xc4, + 0x09, 0x69, 0x4f, 0x54, 0xd2, 0xba, 0x66, 0x35, 0x21, 0x6d, 0xcc, 0x20, 0xf6, 0x7f, 0x29, 0xc1, + 0xa3, 0xe9, 0x3e, 0xd4, 0xea, 0xfd, 0x03, 0x29, 0xf5, 0xfe, 0x1e, 0x53, 0xbd, 0xdf, 0xdd, 0x9b, + 0x7c, 0x67, 0x8f, 0xc7, 0xbe, 0x6f, 0xb4, 0x3f, 0x9a, 0xcf, 0xf4, 0xe2, 0x74, 0xba, 0x17, 0xef, + 0xee, 0x4d, 0x3e, 0xd1, 0xe3, 0x1d, 0x33, 0xdd, 0xfc, 0x34, 0x0c, 0x46, 0xc4, 0x89, 0xc3, 0x40, + 0x74, 0xb4, 0xfa, 0x1c, 0x98, 0xb5, 0x62, 0x01, 0xb5, 0xff, 0x4d, 0x2d, 0xdb, 0xd9, 0xf3, 0xdc, + 0xc1, 0x16, 0x46, 0xc8, 0x83, 0x01, 0x66, 0xb2, 0x73, 0xd5, 0x70, 0xed, 0x78, 0xd3, 0x88, 0xaa, + 0x78, 0x45, 0xba, 0x5e, 0xa5, 0x5f, 0x8d, 0x36, 0x61, 0xc6, 0x02, 0xed, 0x40, 0xd5, 0x95, 0x96, + 0x74, 0xa9, 0x08, 0x9f, 0x93, 0xb0, 0xa3, 0x35, 0xc7, 0x11, 0xaa, 0x8b, 0x95, 0xf9, 0xad, 0xb8, + 0x21, 0x02, 0xe5, 0xa6, 0x97, 0x88, 0xcf, 0x7a, 0xcc, 0xbd, 0xd2, 0xbc, 0x67, 0xbc, 0xe2, 0x10, + 0x5d, 0x20, 0xe6, 0xbd, 0x04, 0x53, 0xfa, 0xe8, 0xe7, 0x2c, 0x18, 0x8e, 0xdd, 0xd6, 0x4a, 0x14, + 0x6e, 0x7b, 0x0d, 0x12, 0x09, 0x4b, 0xe9, 0x98, 0xaa, 0x69, 0x75, 0x76, 0x49, 0x12, 0xd4, 0x7c, + 0xf9, 0xde, 0x55, 0x43, 0xb0, 0xc9, 0x97, 0xee, 0x20, 0x1e, 0x15, 0xef, 0x3e, 0x47, 0x5c, 0x8f, + 0xae, 0x6d, 0x72, 0xc3, 0xc4, 0x46, 0xca, 0xb1, 0x2d, 0xc7, 0xb9, 0x8e, 0xbb, 0x45, 0xe7, 0x9b, + 0x16, 0xe8, 0x9d, 0xfb, 0x7b, 0x93, 0x8f, 0xce, 0xe6, 0xf3, 0xc4, 0xbd, 0x84, 0x61, 0x1d, 0xd6, + 0xee, 0xf8, 0x3e, 0x26, 0x6f, 0x74, 0x08, 0x73, 0x87, 0x14, 0xd0, 0x61, 0x2b, 0x9a, 0x60, 0xa6, + 0xc3, 0x0c, 0x08, 0x36, 0xf9, 0xa2, 0x37, 0x60, 0xb0, 0xe5, 0x24, 0x91, 0xb7, 0x23, 0x7c, 0x20, + 0xc7, 0xb4, 0xe5, 0x97, 0x18, 0x2d, 0xcd, 0x9c, 0x2d, 0xfd, 0xbc, 0x11, 0x0b, 0x46, 0xa8, 0x05, + 0x95, 0x16, 0x89, 0x9a, 0x64, 0xa2, 0x5a, 0x84, 0xbf, 0x77, 0x89, 0x92, 0xd2, 0x0c, 0x6b, 0xd4, + 0xf2, 0x61, 0x6d, 0x98, 0x73, 0x41, 0xaf, 0x41, 0x35, 0x26, 0x3e, 0x71, 0xa9, 0xed, 0x52, 0x63, + 0x1c, 0xdf, 0xdb, 0xa7, 0x1d, 0xe7, 0xac, 0x13, 0x7f, 0x55, 0x3c, 0xca, 0x27, 0x98, 0xfc, 0x87, + 0x15, 0x49, 0xda, 0x81, 0x6d, 0xbf, 0xd3, 0xf4, 0x82, 0x09, 0x28, 0xa2, 0x03, 0x57, 0x18, 0xad, + 0x4c, 0x07, 0xf2, 0x46, 0x2c, 0x18, 0xd9, 0xff, 0xd1, 0x02, 0x94, 0x56, 0x6a, 0xf7, 0xc1, 0x60, + 0x7d, 0x23, 0x6d, 0xb0, 0x2e, 0x16, 0x69, 0x75, 0xf4, 0xb0, 0x59, 0x7f, 0xab, 0x06, 0x99, 0xe5, + 0xe0, 0x3a, 0x89, 0x13, 0xd2, 0x78, 0x5b, 0x85, 0xbf, 0xad, 0xc2, 0xdf, 0x56, 0xe1, 0x4a, 0x85, + 0xaf, 0x67, 0x54, 0xf8, 0xfb, 0x8d, 0x59, 0xaf, 0x0f, 0x4c, 0x5f, 0x57, 0x27, 0xaa, 0xa6, 0x04, + 0x06, 0x02, 0xd5, 0x04, 0x57, 0x57, 0x97, 0xaf, 0xe7, 0xea, 0xec, 0xd7, 0xd3, 0x3a, 0xfb, 0xb8, + 0x2c, 0xfe, 0x2c, 0x68, 0xe9, 0xbf, 0x5e, 0x82, 0xc7, 0xd2, 0xda, 0x0b, 0x87, 0xbe, 0x1f, 0x76, + 0x12, 0xba, 0x17, 0x40, 0xbf, 0x6c, 0xc1, 0xe9, 0x56, 0x7a, 0x13, 0x1e, 0x0b, 0x5f, 0xe7, 0x07, + 0x0b, 0x53, 0xad, 0x99, 0x5d, 0x7e, 0x7d, 0x42, 0xa8, 0xd9, 0xd3, 0x19, 0x40, 0x8c, 0xbb, 0x64, + 0x41, 0xaf, 0x41, 0xad, 0xe5, 0xec, 0xdc, 0x68, 0x37, 0x9c, 0x44, 0x6e, 0xc3, 0x7a, 0xef, 0x9e, + 0x3b, 0x89, 0xe7, 0x4f, 0xf1, 0x13, 0xec, 0xa9, 0x85, 0x20, 0x59, 0x8e, 0x56, 0x93, 0xc8, 0x0b, + 0x9a, 0xdc, 0xc3, 0xb5, 0x24, 0xc9, 0x60, 0x4d, 0xd1, 0xfe, 0xaa, 0x95, 0xd5, 0xed, 0xaa, 0x77, + 0x22, 0x27, 0x21, 0xcd, 0x5d, 0xf4, 0x31, 0xa8, 0xd0, 0xfd, 0x92, 0xec, 0x95, 0x5b, 0x45, 0x2e, + 0x38, 0xc6, 0x97, 0xd0, 0x6b, 0x0f, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0xf2, 0x50, 0x76, 0x8d, + 0x65, 0xe7, 0x99, 0x17, 0x01, 0x9a, 0xe1, 0x1a, 0x69, 0xb5, 0x7d, 0xda, 0x2d, 0x16, 0x73, 0x8a, + 0x2b, 0x17, 0xc1, 0xbc, 0x82, 0x60, 0x03, 0x0b, 0xfd, 0x45, 0x0b, 0xa0, 0x29, 0x87, 0x8a, 0x5c, + 0x3f, 0x6f, 0x14, 0xf9, 0x3a, 0x7a, 0x20, 0x6a, 0x59, 0x14, 0x43, 0x6c, 0x30, 0x47, 0x3f, 0x63, + 0x41, 0x35, 0x91, 0xe2, 0xf3, 0x15, 0x65, 0xad, 0x48, 0x49, 0xe4, 0x4b, 0x6b, 0x53, 0x42, 0x75, + 0x89, 0xe2, 0x8b, 0x7e, 0xde, 0x02, 0x88, 0x77, 0x03, 0x77, 0x25, 0xf4, 0x3d, 0x77, 0x57, 0x2c, + 0x34, 0x37, 0x0b, 0x75, 0x63, 0x28, 0xea, 0xf5, 0x31, 0xda, 0x1b, 0xfa, 0x3f, 0x36, 0x38, 0xa3, + 0x4f, 0x40, 0x35, 0x16, 0xc3, 0x4d, 0x2c, 0x2d, 0x6b, 0xc5, 0x3a, 0x53, 0x38, 0x6d, 0xa1, 0x95, + 0xc4, 0x3f, 0xac, 0x78, 0xa2, 0x5f, 0xb4, 0xe0, 0x54, 0x3b, 0xed, 0xfa, 0x12, 0xab, 0x48, 0x71, + 0x3a, 0x20, 0xe3, 0x5a, 0xab, 0x9f, 0xd9, 0xdf, 0x9b, 0x3c, 0x95, 0x69, 0xc4, 0x59, 0x29, 0xd0, + 0x2c, 0x8c, 0xeb, 0x11, 0xbc, 0xdc, 0xe6, 0x6e, 0xb8, 0x21, 0xe6, 0x86, 0x63, 0xa7, 0x98, 0xf3, + 0x59, 0x20, 0xee, 0xc6, 0x47, 0x2b, 0x70, 0x96, 0x4a, 0xb7, 0xcb, 0xad, 0x36, 0xa9, 0x95, 0x63, + 0xb6, 0x86, 0x54, 0xeb, 0x8f, 0x8b, 0x11, 0xc2, 0x1c, 0xdd, 0x59, 0x1c, 0x9c, 0xfb, 0xa4, 0xfd, + 0xad, 0x52, 0xca, 0x2f, 0xae, 0x1c, 0x56, 0x6c, 0x8e, 0xb9, 0xd2, 0x57, 0x20, 0x55, 0x46, 0xa1, + 0x73, 0x4c, 0x79, 0x22, 0xf4, 0x1c, 0x53, 0x4d, 0x31, 0x36, 0x98, 0x53, 0x03, 0x66, 0xdc, 0xc9, + 0xba, 0xc5, 0xc4, 0xb4, 0x7f, 0xad, 0x48, 0x91, 0xba, 0x4f, 0x31, 0x1e, 0x13, 0xa2, 0x8d, 0x77, + 0x81, 0x70, 0xb7, 0x48, 0xf6, 0xb7, 0xd2, 0xbe, 0x78, 0x63, 0xc4, 0xf6, 0x71, 0xce, 0xf0, 0x05, + 0x0b, 0x86, 0xa3, 0xd0, 0xf7, 0xbd, 0xa0, 0x49, 0x67, 0x97, 0x58, 0x22, 0x3e, 0x7c, 0x22, 0x5a, + 0x5a, 0x4c, 0x23, 0x66, 0x06, 0x61, 0xcd, 0x13, 0x9b, 0x02, 0xd8, 0x7f, 0x62, 0xc1, 0x44, 0x2f, + 0x2d, 0x80, 0x08, 0xbc, 0x53, 0x0e, 0x71, 0x75, 0xca, 0xbe, 0x1c, 0xcc, 0x11, 0x9f, 0x28, 0x27, + 0x65, 0xb5, 0xfe, 0x94, 0x78, 0xcd, 0x77, 0xae, 0xf4, 0x46, 0xc5, 0xf7, 0xa2, 0x83, 0x5e, 0x85, + 0xd3, 0xc6, 0x7b, 0xc5, 0xaa, 0x63, 0x6a, 0xf5, 0x29, 0xba, 0xec, 0xce, 0x64, 0x60, 0x77, 0xf7, + 0x26, 0x1f, 0xc9, 0xb6, 0x09, 0x35, 0xd5, 0x45, 0xc7, 0xfe, 0xb5, 0x52, 0xf6, 0x6b, 0xa9, 0x15, + 0xe6, 0x2b, 0x56, 0xd7, 0xd6, 0xef, 0x83, 0x27, 0xa1, 0xd5, 0xd9, 0x26, 0x51, 0x1d, 0xe4, 0xf7, + 0xc6, 0x79, 0x80, 0x27, 0x85, 0xf6, 0xbf, 0x1c, 0x80, 0x7b, 0x48, 0xa6, 0xce, 0x82, 0xac, 0x5e, + 0x67, 0x41, 0x87, 0x3f, 0x5e, 0xfa, 0x9c, 0x05, 0x83, 0x3e, 0xb5, 0x42, 0xf9, 0x79, 0xc7, 0xf0, + 0xc5, 0xc6, 0x49, 0xf5, 0x3d, 0x37, 0x76, 0x63, 0x7e, 0x5a, 0xad, 0x5c, 0x9e, 0xbc, 0x11, 0x0b, + 0x19, 0xd0, 0xd7, 0xac, 0xf4, 0xe1, 0x09, 0x0f, 0x3f, 0xf2, 0x4e, 0x4c, 0x26, 0xe3, 0x44, 0x86, + 0x0b, 0xa6, 0x7d, 0xfd, 0x3d, 0xce, 0x6a, 0xd0, 0x14, 0xc0, 0x86, 0x17, 0x38, 0xbe, 0xf7, 0x26, + 0xdd, 0x4d, 0x57, 0xd8, 0xb2, 0xc2, 0xd6, 0xe9, 0xcb, 0xaa, 0x15, 0x1b, 0x18, 0xe7, 0xff, 0x02, + 0x0c, 0x1b, 0x6f, 0x9e, 0x73, 0xc8, 0x7e, 0xd6, 0x3c, 0x64, 0xaf, 0x19, 0x67, 0xe3, 0xe7, 0xdf, + 0x0f, 0xa7, 0xb3, 0x02, 0x1e, 0xe6, 0x79, 0xfb, 0x7f, 0x0d, 0x65, 0x4f, 0x3c, 0xd6, 0x48, 0xd4, + 0xa2, 0xa2, 0xbd, 0xed, 0x85, 0x78, 0xdb, 0x0b, 0xf1, 0xb6, 0x17, 0xc2, 0x74, 0x24, 0x8b, 0x1d, + 0xf6, 0xd0, 0x7d, 0xda, 0x61, 0xa7, 0x7c, 0x06, 0xd5, 0xc2, 0x7d, 0x06, 0xf6, 0x7e, 0x05, 0x52, + 0x76, 0x14, 0xef, 0xef, 0x77, 0xc3, 0x50, 0x44, 0xda, 0xe1, 0x0d, 0xbc, 0x28, 0xd6, 0x10, 0x1d, + 0x48, 0xcd, 0x9b, 0xb1, 0x84, 0xd3, 0xb5, 0xa6, 0xed, 0x24, 0x9b, 0x62, 0x11, 0x51, 0x6b, 0xcd, + 0x8a, 0x93, 0x6c, 0x62, 0x06, 0x41, 0xef, 0x87, 0xb1, 0xc4, 0x89, 0x9a, 0x24, 0xc1, 0x64, 0x9b, + 0x7d, 0x56, 0x71, 0x2e, 0xf6, 0x88, 0xc0, 0x1d, 0x5b, 0x4b, 0x41, 0x71, 0x06, 0x1b, 0xbd, 0x01, + 0x03, 0x9b, 0xc4, 0x6f, 0x89, 0x2e, 0x5f, 0x2d, 0x4e, 0xc7, 0xb3, 0x77, 0xbd, 0x42, 0xfc, 0x16, + 0xd7, 0x40, 0xf4, 0x17, 0x66, 0xac, 0xe8, 0x78, 0xab, 0x6d, 0x75, 0xe2, 0x24, 0x6c, 0x79, 0x6f, + 0x4a, 0x77, 0xd0, 0x07, 0x0b, 0x66, 0x7c, 0x4d, 0xd2, 0xe7, 0x0e, 0x04, 0xf5, 0x17, 0x6b, 0xce, + 0x4c, 0x8e, 0x86, 0x17, 0xb1, 0x4f, 0xb5, 0x2b, 0xbc, 0x3a, 0x45, 0xcb, 0x31, 0x27, 0xe9, 0x73, + 0x39, 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x5d, 0x35, 0xee, 0x87, 0x99, 0x0c, 0x37, 0x0a, 0x96, 0x81, + 0x8f, 0xf9, 0xdc, 0xf1, 0xff, 0x14, 0x54, 0xdc, 0x4d, 0x27, 0x4a, 0x26, 0x46, 0xd8, 0xa0, 0x51, + 0x8e, 0x8c, 0x59, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x01, 0xe5, 0x88, 0x6c, 0xb0, 0xf8, 0x3d, 0x23, + 0xb2, 0x03, 0x93, 0x0d, 0x4c, 0xdb, 0xed, 0x5f, 0x29, 0xa5, 0xcd, 0xa5, 0xf4, 0x7b, 0xf3, 0xd1, + 0xee, 0x76, 0xa2, 0x58, 0x3a, 0x3b, 0x8c, 0xd1, 0xce, 0x9a, 0xb1, 0x84, 0xa3, 0x4f, 0x59, 0x30, + 0x74, 0x3b, 0x0e, 0x83, 0x80, 0x24, 0x62, 0x69, 0xba, 0x59, 0x70, 0x57, 0x5c, 0xe5, 0xd4, 0xb5, + 0x0c, 0xa2, 0x01, 0x4b, 0xbe, 0x54, 0x5c, 0xb2, 0xe3, 0xfa, 0x9d, 0x46, 0xd7, 0x81, 0xfe, 0x25, + 0xde, 0x8c, 0x25, 0x9c, 0xa2, 0x7a, 0x01, 0x47, 0x1d, 0x48, 0xa3, 0x2e, 0x04, 0x02, 0x55, 0xc0, + 0xed, 0xbf, 0x3a, 0x08, 0xe7, 0x72, 0x27, 0x07, 0x35, 0x64, 0x98, 0xa9, 0x70, 0xd9, 0xf3, 0x89, + 0x0c, 0x53, 0x61, 0x86, 0xcc, 0x4d, 0xd5, 0x8a, 0x0d, 0x0c, 0xf4, 0xd3, 0x00, 0x6d, 0x27, 0x72, + 0x5a, 0x44, 0x2c, 0xe0, 0xe5, 0xe3, 0xdb, 0x0b, 0x54, 0x8e, 0x15, 0x49, 0x53, 0xef, 0x4d, 0x55, + 0x53, 0x8c, 0x0d, 0x96, 0xe8, 0x45, 0x18, 0x8e, 0x88, 0x4f, 0x9c, 0x98, 0x85, 0x7f, 0x66, 0x63, + 0xd9, 0xb1, 0x06, 0x61, 0x13, 0x0f, 0x3d, 0xad, 0x22, 0x7a, 0x32, 0xd1, 0x0f, 0xe9, 0xa8, 0x1e, + 0xf4, 0x96, 0x05, 0x63, 0x1b, 0x9e, 0x4f, 0x34, 0x77, 0x11, 0x79, 0xbe, 0x7c, 0xfc, 0x97, 0xbc, + 0x6c, 0xd2, 0xd5, 0x1a, 0x32, 0xd5, 0x1c, 0xe3, 0x0c, 0x7b, 0xfa, 0x99, 0xb7, 0x49, 0xc4, 0x54, + 0xeb, 0x60, 0xfa, 0x33, 0xdf, 0xe4, 0xcd, 0x58, 0xc2, 0xd1, 0x0c, 0x9c, 0x6a, 0x3b, 0x71, 0x3c, + 0x1b, 0x91, 0x06, 0x09, 0x12, 0xcf, 0xf1, 0x79, 0x5c, 0x78, 0x55, 0xc7, 0x85, 0xae, 0xa4, 0xc1, + 0x38, 0x8b, 0x8f, 0x3e, 0x04, 0x8f, 0x7a, 0xcd, 0x20, 0x8c, 0xc8, 0x92, 0x17, 0xc7, 0x5e, 0xd0, + 0xd4, 0xc3, 0x40, 0x38, 0x3d, 0x26, 0x05, 0xa9, 0x47, 0x17, 0xf2, 0xd1, 0x70, 0xaf, 0xe7, 0xd1, + 0xb3, 0x50, 0x8d, 0xb7, 0xbc, 0xf6, 0x6c, 0xd4, 0x88, 0x99, 0x83, 0xbc, 0xaa, 0x5d, 0x6c, 0xab, + 0xa2, 0x1d, 0x2b, 0x0c, 0xe4, 0xc2, 0x08, 0xff, 0x24, 0x3c, 0x6c, 0x49, 0xe8, 0xc7, 0xe7, 0x7a, + 0x2e, 0x8f, 0x22, 0x75, 0x69, 0x0a, 0x3b, 0x77, 0x2e, 0x49, 0x77, 0x7d, 0xfd, 0xf4, 0xfe, 0xde, + 0xe4, 0xc8, 0x4d, 0x83, 0x0c, 0x4e, 0x11, 0xb5, 0x7f, 0xa9, 0x94, 0xde, 0x71, 0x9b, 0x93, 0x14, + 0xc5, 0x74, 0x2a, 0x26, 0x37, 0x9d, 0x48, 0x7a, 0x63, 0x8e, 0x19, 0xbe, 0x2e, 0xe8, 0xde, 0x74, + 0x22, 0x73, 0x52, 0x33, 0x06, 0x58, 0x72, 0x42, 0xb7, 0x61, 0x20, 0xf1, 0x9d, 0x82, 0xf2, 0x5d, + 0x0c, 0x8e, 0xda, 0x01, 0xb2, 0x38, 0x13, 0x63, 0xc6, 0x03, 0x3d, 0x4e, 0xad, 0xfe, 0x75, 0x19, + 0xe3, 0x26, 0x0c, 0xf5, 0xf5, 0x18, 0xb3, 0x56, 0xfb, 0xff, 0x55, 0x73, 0xf4, 0xaa, 0x5a, 0xc8, + 0xd0, 0x45, 0x00, 0xba, 0x81, 0x5c, 0x89, 0xc8, 0x86, 0xb7, 0x23, 0x0c, 0x09, 0x35, 0x77, 0xaf, + 0x2b, 0x08, 0x36, 0xb0, 0xe4, 0x33, 0xab, 0x9d, 0x0d, 0xfa, 0x4c, 0xa9, 0xfb, 0x19, 0x0e, 0xc1, + 0x06, 0x16, 0x7a, 0x01, 0x06, 0xbd, 0x96, 0xd3, 0x54, 0xa1, 0x78, 0x8f, 0xd3, 0x49, 0xbb, 0xc0, + 0x5a, 0xee, 0xee, 0x4d, 0x8e, 0x29, 0x81, 0x58, 0x13, 0x16, 0xb8, 0xe8, 0xd7, 0x2c, 0x18, 0x71, + 0xc3, 0x56, 0x2b, 0x0c, 0xf8, 0xb6, 0x4b, 0xec, 0x21, 0x6f, 0x9f, 0xd4, 0x32, 0x3f, 0x35, 0x6b, + 0x30, 0xe3, 0x9b, 0x48, 0x95, 0x98, 0x63, 0x82, 0x70, 0x4a, 0x2a, 0x73, 0x6e, 0x57, 0x0e, 0x98, + 0xdb, 0xbf, 0x69, 0xc1, 0x38, 0x7f, 0xd6, 0xd8, 0x0d, 0x8a, 0x1c, 0x94, 0xf0, 0x84, 0x5f, 0xab, + 0x6b, 0x83, 0xac, 0xbc, 0x74, 0x5d, 0x70, 0xdc, 0x2d, 0x24, 0x9a, 0x87, 0xf1, 0x8d, 0x30, 0x72, + 0x89, 0xd9, 0x11, 0x42, 0x31, 0x29, 0x42, 0x97, 0xb3, 0x08, 0xb8, 0xfb, 0x19, 0x74, 0x13, 0x1e, + 0x31, 0x1a, 0xcd, 0x7e, 0xe0, 0xba, 0xe9, 0x49, 0x41, 0xed, 0x91, 0xcb, 0xb9, 0x58, 0xb8, 0xc7, + 0xd3, 0x69, 0x87, 0x49, 0xad, 0x0f, 0x87, 0xc9, 0xeb, 0xf0, 0x98, 0xdb, 0xdd, 0x33, 0xdb, 0x71, + 0x67, 0x3d, 0xe6, 0x9a, 0xaa, 0x5a, 0xff, 0x21, 0x41, 0xe0, 0xb1, 0xd9, 0x5e, 0x88, 0xb8, 0x37, + 0x0d, 0xf4, 0x31, 0xa8, 0x46, 0x84, 0x7d, 0x95, 0x58, 0x24, 0x64, 0x1c, 0x73, 0x97, 0xac, 0x2d, + 0x50, 0x4e, 0x56, 0xeb, 0x5e, 0xd1, 0x10, 0x63, 0xc5, 0xf1, 0xfc, 0x07, 0x60, 0xbc, 0x6b, 0x3c, + 0x1f, 0xca, 0x67, 0x31, 0x07, 0x8f, 0xe4, 0x8f, 0x9c, 0x43, 0x79, 0x2e, 0xfe, 0x61, 0x26, 0xce, + 0xd0, 0xb0, 0x26, 0xfb, 0xf0, 0x82, 0x39, 0x50, 0x26, 0xc1, 0xb6, 0x50, 0xa4, 0x97, 0x8f, 0xd7, + 0x7b, 0x97, 0x82, 0x6d, 0x3e, 0xf0, 0xd9, 0x56, 0xff, 0x52, 0xb0, 0x8d, 0x29, 0x6d, 0xf4, 0x25, + 0x2b, 0x65, 0x0d, 0x71, 0xdf, 0xd9, 0x47, 0x4e, 0xc4, 0x7c, 0xee, 0xdb, 0x40, 0xb2, 0xff, 0x55, + 0x09, 0x2e, 0x1c, 0x44, 0xa4, 0x8f, 0xee, 0x7b, 0x0a, 0x06, 0x63, 0x76, 0x04, 0x2a, 0x34, 0xd3, + 0x30, 0xd5, 0x4a, 0xfc, 0x50, 0xf4, 0x75, 0x2c, 0x40, 0xc8, 0x87, 0x72, 0xcb, 0x69, 0x0b, 0x97, + 0xca, 0xc2, 0x71, 0xb3, 0x0a, 0xe8, 0x7f, 0xc7, 0x5f, 0x72, 0xda, 0x7c, 0xa3, 0x6e, 0x34, 0x60, + 0xca, 0x06, 0x25, 0x50, 0x71, 0xa2, 0xc8, 0x91, 0xe7, 0x6d, 0xd7, 0x8a, 0xe1, 0x37, 0x43, 0x49, + 0xd6, 0xc7, 0xf7, 0xf7, 0x26, 0x47, 0x53, 0x4d, 0x98, 0x33, 0xb3, 0x3f, 0x37, 0x94, 0x8a, 0xac, + 0x67, 0x87, 0xa8, 0x31, 0x0c, 0x0a, 0x4f, 0x8a, 0x55, 0x74, 0x32, 0x07, 0x4f, 0x8d, 0x62, 0x9b, + 0x25, 0x91, 0x60, 0x2a, 0x58, 0xa1, 0xcf, 0x5a, 0x2c, 0x8d, 0x53, 0x66, 0x1b, 0x88, 0x2d, 0xca, + 0xc9, 0x64, 0x95, 0x9a, 0xc9, 0xa1, 0xb2, 0x11, 0x9b, 0xdc, 0xe9, 0xd2, 0xd5, 0xe6, 0x09, 0x49, + 0xd9, 0x8d, 0x8a, 0x4c, 0xf4, 0x94, 0x70, 0xb4, 0x93, 0x73, 0x58, 0x5a, 0x40, 0x2a, 0x60, 0x1f, + 0xc7, 0xa3, 0x5f, 0xb3, 0x60, 0x9c, 0x9b, 0xa3, 0x73, 0xde, 0xc6, 0x06, 0x89, 0x48, 0xe0, 0x12, + 0x69, 0xd0, 0x1f, 0xf3, 0x38, 0x5e, 0xba, 0xaf, 0x16, 0xb2, 0xe4, 0xf5, 0x9a, 0xd6, 0x05, 0xc2, + 0xdd, 0xc2, 0xa0, 0x06, 0x0c, 0x78, 0xc1, 0x46, 0x28, 0x56, 0xf2, 0xfa, 0xf1, 0x84, 0x5a, 0x08, + 0x36, 0x42, 0x3d, 0x9b, 0xe9, 0x3f, 0xcc, 0xa8, 0xa3, 0x45, 0x38, 0x1b, 0x09, 0x97, 0xcb, 0x15, + 0x2f, 0xa6, 0x1b, 0xe3, 0x45, 0xaf, 0xe5, 0x25, 0x6c, 0x15, 0x2e, 0xd7, 0x27, 0xf6, 0xf7, 0x26, + 0xcf, 0xe2, 0x1c, 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x09, 0x43, 0x32, 0xef, 0xb4, 0x5a, 0xc4, 0xe6, + 0xa8, 0x7b, 0xfc, 0xab, 0xc1, 0xb4, 0x2a, 0x52, 0x4c, 0x25, 0x43, 0xfb, 0xad, 0x61, 0xe8, 0x3e, + 0x1b, 0x44, 0x1f, 0x87, 0x5a, 0xa4, 0x72, 0x61, 0xad, 0x22, 0xe2, 0xfb, 0xe4, 0xf7, 0x15, 0xe7, + 0x92, 0xca, 0x1e, 0xd0, 0x59, 0xaf, 0x9a, 0x23, 0xb5, 0xda, 0x63, 0x7d, 0x84, 0x58, 0xc0, 0xd8, + 0x16, 0x5c, 0xf5, 0xf1, 0xd0, 0x6e, 0xe0, 0x62, 0xc6, 0x03, 0x45, 0x30, 0xb8, 0x49, 0x1c, 0x3f, + 0xd9, 0x2c, 0xc6, 0x93, 0x7d, 0x85, 0xd1, 0xca, 0x66, 0x4d, 0xf0, 0x56, 0x2c, 0x38, 0xa1, 0x1d, + 0x18, 0xda, 0xe4, 0x03, 0x40, 0x18, 0xd2, 0x4b, 0xc7, 0xed, 0xdc, 0xd4, 0xa8, 0xd2, 0x9f, 0x5b, + 0x34, 0x60, 0xc9, 0x8e, 0x45, 0x5a, 0x18, 0xc7, 0xe2, 0x7c, 0xea, 0x16, 0x97, 0x30, 0xd2, 0xff, + 0x99, 0xf8, 0x47, 0x61, 0x24, 0x22, 0x6e, 0x18, 0xb8, 0x9e, 0x4f, 0x1a, 0x33, 0xd2, 0x4b, 0x7d, + 0x98, 0x34, 0x03, 0xb6, 0x19, 0xc5, 0x06, 0x0d, 0x9c, 0xa2, 0x88, 0x3e, 0x63, 0xc1, 0x98, 0x4a, + 0xa0, 0xa3, 0x1f, 0x84, 0x08, 0xaf, 0xe8, 0x62, 0x41, 0xe9, 0x7a, 0x8c, 0x66, 0x1d, 0xed, 0xef, + 0x4d, 0x8e, 0xa5, 0xdb, 0x70, 0x86, 0x2f, 0x7a, 0x15, 0x20, 0x5c, 0xe7, 0xe1, 0x14, 0x33, 0x89, + 0x70, 0x91, 0x1e, 0xe6, 0x55, 0xc7, 0x78, 0xbe, 0x91, 0xa4, 0x80, 0x0d, 0x6a, 0xe8, 0x1a, 0x00, + 0x9f, 0x36, 0x6b, 0xbb, 0x6d, 0x69, 0x6d, 0xcb, 0x3c, 0x11, 0x58, 0x55, 0x90, 0xbb, 0x7b, 0x93, + 0xdd, 0x2e, 0x2b, 0x76, 0x7a, 0x6f, 0x3c, 0x8e, 0x7e, 0x0a, 0x86, 0xe2, 0x4e, 0xab, 0xe5, 0x28, + 0x07, 0x6a, 0x81, 0x19, 0x4c, 0x9c, 0xae, 0xa1, 0x8a, 0x78, 0x03, 0x96, 0x1c, 0xd1, 0x6d, 0xaa, + 0x54, 0x63, 0xe1, 0x4b, 0x63, 0xb3, 0x88, 0xdb, 0x04, 0xc3, 0xec, 0x9d, 0xde, 0x27, 0xa3, 0x43, + 0x70, 0x0e, 0xce, 0xdd, 0xbd, 0xc9, 0x47, 0xd2, 0xed, 0x8b, 0xa1, 0xc8, 0x29, 0xca, 0xa5, 0x89, + 0xae, 0xca, 0x32, 0x14, 0xf4, 0xb5, 0x65, 0x76, 0xf4, 0x33, 0xba, 0x0c, 0x05, 0x6b, 0xee, 0xdd, + 0x67, 0xe6, 0xc3, 0x68, 0x09, 0xce, 0xb8, 0x61, 0x90, 0x44, 0xa1, 0xef, 0xf3, 0xda, 0x2a, 0x7c, + 0xe3, 0xc3, 0x1d, 0xac, 0xef, 0x14, 0x62, 0x9f, 0x99, 0xed, 0x46, 0xc1, 0x79, 0xcf, 0xd9, 0x41, + 0x3a, 0xce, 0x4c, 0x74, 0xce, 0x0b, 0x30, 0x42, 0x76, 0x12, 0x12, 0x05, 0x8e, 0x7f, 0x03, 0x2f, + 0x4a, 0xd7, 0x22, 0x9b, 0x03, 0x97, 0x8c, 0x76, 0x9c, 0xc2, 0x42, 0xb6, 0xda, 0xed, 0x97, 0x74, + 0xe2, 0x1d, 0xdf, 0xed, 0xcb, 0xbd, 0xbd, 0xfd, 0xbf, 0x4b, 0x29, 0x83, 0x6c, 0x2d, 0x22, 0x04, + 0x85, 0x50, 0x09, 0xc2, 0x86, 0xd2, 0xfd, 0x57, 0x8b, 0xd1, 0xfd, 0xd7, 0xc3, 0x86, 0x51, 0xab, + 0x82, 0xfe, 0x8b, 0x31, 0xe7, 0xc3, 0x92, 0xf9, 0x65, 0xd5, 0x03, 0x06, 0x10, 0x1b, 0x8d, 0x22, + 0x39, 0xab, 0x64, 0xfe, 0x65, 0x93, 0x11, 0x4e, 0xf3, 0x45, 0x5b, 0x50, 0xd9, 0x0c, 0xe3, 0x44, + 0x6e, 0x3f, 0x8e, 0xb9, 0xd3, 0xb9, 0x12, 0xc6, 0x09, 0xb3, 0x22, 0xd4, 0x6b, 0xd3, 0x96, 0x18, + 0x73, 0x1e, 0xf6, 0x7f, 0xb2, 0x52, 0x8e, 0xe4, 0x5b, 0x2c, 0xe6, 0x72, 0x9b, 0x04, 0x74, 0x5a, + 0x9b, 0xf1, 0x36, 0x7f, 0x3e, 0x93, 0xf8, 0xf5, 0xae, 0x5e, 0x95, 0x83, 0xee, 0x50, 0x0a, 0x53, + 0x8c, 0x84, 0x11, 0x9a, 0xf3, 0x49, 0x2b, 0x9d, 0x82, 0x57, 0x2a, 0x62, 0x83, 0x61, 0xa6, 0x98, + 0x1e, 0x98, 0xcd, 0x67, 0x7f, 0xc9, 0x82, 0xa1, 0xba, 0xe3, 0x6e, 0x85, 0x1b, 0x1b, 0xe8, 0x59, + 0xa8, 0x36, 0x3a, 0x91, 0x99, 0x0d, 0xa8, 0x76, 0xcf, 0x73, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0x86, + 0x37, 0x1c, 0x57, 0x26, 0x9a, 0x96, 0xf9, 0x18, 0xbe, 0xcc, 0x5a, 0xb0, 0x80, 0xa0, 0x17, 0x61, + 0xb8, 0xe5, 0xec, 0xc8, 0x87, 0xb3, 0x5e, 0xec, 0x25, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0xcf, 0x2d, + 0x98, 0xa8, 0x3b, 0xb1, 0xe7, 0xce, 0x74, 0x92, 0xcd, 0xba, 0x97, 0xac, 0x77, 0xdc, 0x2d, 0x92, + 0xf0, 0xec, 0x62, 0x2a, 0x65, 0x27, 0xa6, 0x53, 0x49, 0xed, 0xeb, 0x94, 0x94, 0x37, 0x44, 0x3b, + 0x56, 0x18, 0xe8, 0x4d, 0x18, 0x6e, 0x3b, 0x71, 0x7c, 0x27, 0x8c, 0x1a, 0x98, 0x6c, 0x14, 0x93, + 0xdb, 0xbf, 0x4a, 0xdc, 0x88, 0x24, 0x98, 0x6c, 0x88, 0x93, 0x56, 0x4d, 0x1f, 0x9b, 0xcc, 0xec, + 0x2f, 0x58, 0xf0, 0x58, 0x9d, 0x38, 0x11, 0x89, 0x58, 0x29, 0x00, 0xf5, 0x22, 0xb3, 0x7e, 0xd8, + 0x69, 0xa0, 0x37, 0xa0, 0x9a, 0xd0, 0x66, 0x2a, 0x96, 0x55, 0xac, 0x58, 0xec, 0xa0, 0x74, 0x4d, + 0x10, 0xc7, 0x8a, 0x8d, 0xfd, 0xd7, 0x2c, 0x18, 0x61, 0x67, 0x4e, 0x73, 0x24, 0x71, 0x3c, 0xbf, + 0xab, 0x62, 0x8e, 0xd5, 0x67, 0xc5, 0x9c, 0x0b, 0x30, 0xb0, 0x19, 0xb6, 0x48, 0xf6, 0xbc, 0xf4, + 0x4a, 0x48, 0xb7, 0xd5, 0x14, 0x82, 0x9e, 0xa7, 0x1f, 0xde, 0x0b, 0x12, 0x87, 0x4e, 0x01, 0xe9, + 0xd3, 0x3c, 0xc5, 0x3f, 0xba, 0x6a, 0xc6, 0x26, 0x8e, 0xfd, 0x3b, 0x35, 0x18, 0x12, 0x87, 0xea, + 0x7d, 0x67, 0x98, 0xcb, 0xfd, 0x7d, 0xa9, 0xe7, 0xfe, 0x3e, 0x86, 0x41, 0x97, 0xd5, 0xe3, 0x12, + 0x66, 0xe4, 0xb5, 0x42, 0xa2, 0x30, 0x78, 0x89, 0x2f, 0x2d, 0x16, 0xff, 0x8f, 0x05, 0x2b, 0xf4, + 0x45, 0x0b, 0x4e, 0xb9, 0x61, 0x10, 0x10, 0x57, 0xdb, 0x38, 0x03, 0x45, 0x1c, 0xb6, 0xcf, 0xa6, + 0x89, 0xea, 0x03, 0x8f, 0x0c, 0x00, 0x67, 0xd9, 0xa3, 0x97, 0x61, 0x94, 0xf7, 0xd9, 0xcd, 0x94, + 0x23, 0x56, 0x17, 0x52, 0x31, 0x81, 0x38, 0x8d, 0x8b, 0xa6, 0xb8, 0x43, 0x5b, 0x94, 0x2c, 0x19, + 0xd4, 0xa7, 0x67, 0x46, 0xb1, 0x12, 0x03, 0x03, 0x45, 0x80, 0x22, 0xb2, 0x11, 0x91, 0x78, 0x53, + 0x04, 0x1d, 0x30, 0xfb, 0x6a, 0xe8, 0x68, 0x19, 0xab, 0xb8, 0x8b, 0x12, 0xce, 0xa1, 0x8e, 0xb6, + 0xc4, 0x06, 0xb3, 0x5a, 0x84, 0x0e, 0x15, 0x9f, 0xb9, 0xe7, 0x3e, 0x73, 0x12, 0x2a, 0xf1, 0xa6, + 0x13, 0x35, 0x98, 0x5d, 0x57, 0xe6, 0x59, 0x12, 0xab, 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x07, 0xa7, + 0x33, 0x65, 0x60, 0x62, 0xe1, 0x30, 0x55, 0xa1, 0xfd, 0x99, 0x02, 0x32, 0x31, 0xee, 0x7a, 0xc2, + 0x74, 0x3e, 0x0c, 0x1f, 0xe0, 0x7c, 0xd8, 0x55, 0xa1, 0x6d, 0x23, 0x6c, 0x7d, 0x7c, 0xa5, 0x90, + 0x0e, 0xe8, 0x2b, 0x8e, 0xed, 0xf3, 0x99, 0x38, 0xb6, 0x51, 0x26, 0xc0, 0xcd, 0x62, 0x04, 0x38, + 0x7c, 0xd0, 0xda, 0x83, 0x0c, 0x42, 0xfb, 0x9f, 0x16, 0xc8, 0xef, 0x3a, 0xeb, 0xb8, 0x9b, 0x84, + 0x0e, 0x19, 0xf4, 0x7e, 0x18, 0x53, 0x5b, 0xe8, 0xd9, 0xb0, 0x13, 0xf0, 0xf8, 0xb3, 0xb2, 0x3e, + 0x19, 0xc5, 0x29, 0x28, 0xce, 0x60, 0xa3, 0x69, 0xa8, 0xd1, 0x7e, 0xe2, 0x8f, 0xf2, 0xb5, 0x56, + 0x6d, 0xd3, 0x67, 0x56, 0x16, 0xc4, 0x53, 0x1a, 0x07, 0x85, 0x30, 0xee, 0x3b, 0x71, 0xc2, 0x24, + 0xa0, 0x3b, 0xea, 0x23, 0xe6, 0x8b, 0xb3, 0xf8, 0xf1, 0xc5, 0x2c, 0x21, 0xdc, 0x4d, 0xdb, 0xfe, + 0xce, 0x00, 0x8c, 0xa6, 0x34, 0xe3, 0x21, 0x17, 0xe9, 0x67, 0xa1, 0x2a, 0xd7, 0xcd, 0x6c, 0xd5, + 0x0a, 0xb5, 0xb8, 0x2a, 0x0c, 0xba, 0x68, 0xad, 0xeb, 0x55, 0x35, 0x6b, 0x54, 0x18, 0x0b, 0x2e, + 0x36, 0xf1, 0x98, 0x52, 0x4e, 0xfc, 0x78, 0xd6, 0xf7, 0x48, 0x90, 0x70, 0x31, 0x8b, 0x51, 0xca, + 0x6b, 0x8b, 0xab, 0x26, 0x51, 0xad, 0x94, 0x33, 0x00, 0x9c, 0x65, 0x8f, 0x7e, 0xd6, 0x82, 0x51, + 0xe7, 0x4e, 0xac, 0x8b, 0x46, 0x8a, 0x88, 0xb5, 0x63, 0x2e, 0x52, 0xa9, 0x3a, 0x94, 0xdc, 0xe5, + 0x9b, 0x6a, 0xc2, 0x69, 0xa6, 0xe8, 0x2b, 0x16, 0x20, 0xb2, 0x43, 0x5c, 0x19, 0x53, 0x27, 0x64, + 0x19, 0x2c, 0x62, 0xa7, 0x79, 0xa9, 0x8b, 0x2e, 0xd7, 0xea, 0xdd, 0xed, 0x38, 0x47, 0x06, 0xfb, + 0x9f, 0x94, 0xd5, 0x84, 0xd2, 0x61, 0x9c, 0x8e, 0x11, 0x4e, 0x66, 0x1d, 0x3d, 0x9c, 0x4c, 0x1f, + 0xcb, 0x77, 0xa7, 0xa1, 0xa5, 0xd2, 0x6f, 0x4a, 0x0f, 0x28, 0xfd, 0xe6, 0x67, 0xac, 0x54, 0x7d, + 0x96, 0xe1, 0x8b, 0xaf, 0x16, 0x1b, 0x42, 0x3a, 0xc5, 0x43, 0x06, 0x32, 0xda, 0x3d, 0x1d, 0x29, + 0x42, 0xb5, 0xa9, 0x81, 0x76, 0x28, 0x6d, 0xf8, 0xef, 0xca, 0x30, 0x6c, 0xac, 0xa4, 0xb9, 0x66, + 0x91, 0xf5, 0x90, 0x99, 0x45, 0xa5, 0x43, 0x98, 0x45, 0x3f, 0x0d, 0x35, 0x57, 0x6a, 0xf9, 0x62, + 0x2a, 0x94, 0x66, 0xd7, 0x0e, 0xad, 0xe8, 0x55, 0x13, 0xd6, 0x3c, 0xd1, 0x7c, 0x2a, 0x7f, 0x45, + 0xac, 0x10, 0x03, 0x6c, 0x85, 0xc8, 0x4b, 0x30, 0x11, 0x2b, 0x45, 0xf7, 0x33, 0xac, 0x8c, 0x4f, + 0xdb, 0x13, 0xef, 0x25, 0x03, 0xbd, 0x79, 0x19, 0x9f, 0x95, 0x05, 0xd9, 0x8c, 0x4d, 0x1c, 0xfb, + 0x3b, 0x96, 0xfa, 0xb8, 0xf7, 0x21, 0xa9, 0xfd, 0x76, 0x3a, 0xa9, 0xfd, 0x52, 0x21, 0xdd, 0xdc, + 0x23, 0x9b, 0xfd, 0x3a, 0x0c, 0xcd, 0x86, 0xad, 0x96, 0x13, 0x34, 0xd0, 0x0f, 0xc3, 0x90, 0xcb, + 0x7f, 0x0a, 0xc7, 0x0e, 0x3b, 0x1e, 0x14, 0x50, 0x2c, 0x61, 0xe8, 0x71, 0x18, 0x70, 0xa2, 0xa6, + 0x74, 0xe6, 0xb0, 0x08, 0x93, 0x99, 0xa8, 0x19, 0x63, 0xd6, 0x6a, 0xbf, 0x55, 0x06, 0x98, 0x0d, + 0x5b, 0x6d, 0x27, 0x22, 0x8d, 0xb5, 0x90, 0x55, 0x48, 0x3b, 0xd1, 0x43, 0x35, 0xbd, 0x59, 0x7a, + 0x98, 0x0f, 0xd6, 0x8c, 0xc3, 0x95, 0xf2, 0xfd, 0x3e, 0x5c, 0xf9, 0x9c, 0x05, 0x88, 0x7e, 0x91, + 0x30, 0x20, 0x41, 0xa2, 0x4f, 0x8b, 0xa7, 0xa1, 0xe6, 0xca, 0x56, 0x61, 0xb5, 0xe8, 0xf9, 0x27, + 0x01, 0x58, 0xe3, 0xf4, 0xb1, 0xfd, 0x7c, 0x4a, 0x2a, 0xc7, 0x72, 0x3a, 0xf2, 0x93, 0xa9, 0x54, + 0xa1, 0x2b, 0xed, 0xdf, 0x2d, 0xc1, 0x23, 0x7c, 0xbd, 0x5b, 0x72, 0x02, 0xa7, 0x49, 0x5a, 0x54, + 0xaa, 0x7e, 0xcf, 0xff, 0x5d, 0xba, 0xef, 0xf1, 0x64, 0x24, 0xe7, 0x71, 0x27, 0x06, 0x1f, 0xd0, + 0x7c, 0x08, 0x2f, 0x04, 0x5e, 0x82, 0x19, 0x71, 0x14, 0x43, 0x55, 0xd6, 0xbb, 0x16, 0x8a, 0xae, + 0x20, 0x46, 0x6a, 0xce, 0x8b, 0x45, 0x89, 0x60, 0xc5, 0x88, 0x5a, 0x85, 0x7e, 0xe8, 0x6e, 0x61, + 0xd2, 0x0e, 0x99, 0x52, 0x33, 0x02, 0xe9, 0x16, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0xef, 0x5a, 0x90, + 0x55, 0xf7, 0x46, 0x2d, 0x28, 0xeb, 0x9e, 0xb5, 0xa0, 0x0e, 0x51, 0x8c, 0xe9, 0x27, 0x61, 0xd8, + 0x49, 0xe8, 0x0a, 0xcd, 0xf7, 0xb4, 0xe5, 0xa3, 0x9d, 0x19, 0x2c, 0x85, 0x0d, 0x6f, 0xc3, 0x63, + 0x7b, 0x59, 0x93, 0x9c, 0xfd, 0xdf, 0x07, 0x60, 0xbc, 0x2b, 0xdf, 0x00, 0xbd, 0x04, 0x23, 0xae, + 0x18, 0x1e, 0x6d, 0xe9, 0x2d, 0xaa, 0x99, 0x81, 0x57, 0x1a, 0x86, 0x53, 0x98, 0x7d, 0x0c, 0xd0, + 0x05, 0x38, 0x13, 0xd1, 0x5d, 0x74, 0x87, 0xcc, 0x6c, 0x24, 0x24, 0x5a, 0x25, 0x6e, 0x18, 0x34, + 0x78, 0xc5, 0xb2, 0x72, 0xfd, 0xd1, 0xfd, 0xbd, 0xc9, 0x33, 0xb8, 0x1b, 0x8c, 0xf3, 0x9e, 0x41, + 0x6d, 0x18, 0xf5, 0x4d, 0x03, 0x4b, 0x58, 0xd7, 0x47, 0xb2, 0xcd, 0xd4, 0x02, 0x9c, 0x6a, 0xc6, + 0x69, 0x06, 0x69, 0x2b, 0xad, 0xf2, 0x80, 0xac, 0xb4, 0x4f, 0x6b, 0x2b, 0x8d, 0x1f, 0x6e, 0x7f, + 0xb8, 0xe0, 0x7c, 0x93, 0x93, 0x36, 0xd3, 0x5e, 0x81, 0xaa, 0x0c, 0xfc, 0xe9, 0x2b, 0x60, 0xc6, + 0xa4, 0xd3, 0x43, 0xa3, 0xdd, 0x2d, 0x41, 0x8e, 0x85, 0x4f, 0xe7, 0x99, 0x5e, 0x4e, 0x53, 0xf3, + 0xec, 0x70, 0x4b, 0x2a, 0xda, 0xe1, 0x41, 0x4f, 0x7c, 0xe1, 0xf8, 0x50, 0xd1, 0x3b, 0x14, 0x1d, + 0x07, 0xa5, 0xc2, 0xf0, 0x55, 0x2c, 0xd4, 0x45, 0x00, 0x6d, 0x05, 0x89, 0x20, 0x6b, 0x75, 0xa6, + 0xaa, 0x8d, 0x25, 0x6c, 0x60, 0xd1, 0x0d, 0xab, 0x17, 0xc4, 0x89, 0xe3, 0xfb, 0x57, 0xbc, 0x20, + 0x11, 0x9e, 0x37, 0xb5, 0x42, 0x2e, 0x68, 0x10, 0x36, 0xf1, 0xce, 0xbf, 0xcf, 0xf8, 0x2e, 0x87, + 0xf9, 0x9e, 0x9b, 0xf0, 0xd8, 0xbc, 0x97, 0xa8, 0xd4, 0x00, 0x35, 0x8e, 0xa8, 0x91, 0xa3, 0x52, + 0x5d, 0xac, 0x9e, 0xa9, 0x2e, 0x46, 0x68, 0x7e, 0x29, 0x9d, 0x49, 0x90, 0x0d, 0xcd, 0xb7, 0x5f, + 0x82, 0xb3, 0xf3, 0x5e, 0x72, 0xd9, 0xf3, 0xc9, 0x21, 0x99, 0xd8, 0xbf, 0x3d, 0x08, 0x23, 0x66, + 0x72, 0xd9, 0x61, 0xb2, 0x75, 0xbe, 0x40, 0xed, 0x18, 0xf1, 0x76, 0x9e, 0x3a, 0x91, 0xba, 0x75, + 0xec, 0x4c, 0xb7, 0xfc, 0x1e, 0x33, 0x4c, 0x19, 0xcd, 0x13, 0x9b, 0x02, 0xa0, 0x3b, 0x50, 0xd9, + 0x60, 0xa1, 0xe3, 0xe5, 0x22, 0x8e, 0xed, 0xf3, 0x7a, 0x54, 0x4f, 0x33, 0x1e, 0x7c, 0xce, 0xf9, + 0xd1, 0x15, 0x32, 0x4a, 0xe7, 0x23, 0x19, 0xe1, 0x8e, 0x22, 0x13, 0x49, 0x61, 0xf4, 0x52, 0xf5, + 0x95, 0x23, 0xa8, 0xfa, 0x94, 0xe2, 0x1d, 0x7c, 0x40, 0x8a, 0x97, 0xa5, 0x01, 0x24, 0x9b, 0xcc, + 0x7e, 0x13, 0xf1, 0xd9, 0x43, 0xac, 0x13, 0x8c, 0x34, 0x80, 0x14, 0x18, 0x67, 0xf1, 0xd1, 0x27, + 0x94, 0xea, 0xae, 0x16, 0xe1, 0xb4, 0x34, 0x47, 0xf4, 0x49, 0x6b, 0xed, 0xcf, 0x95, 0x60, 0x6c, + 0x3e, 0xe8, 0xac, 0xcc, 0xaf, 0x74, 0xd6, 0x7d, 0xcf, 0xbd, 0x46, 0x76, 0xa9, 0x6a, 0xde, 0x22, + 0xbb, 0x0b, 0x73, 0x62, 0x06, 0xa9, 0x31, 0x73, 0x8d, 0x36, 0x62, 0x0e, 0xa3, 0xca, 0x68, 0xc3, + 0x0b, 0x9a, 0x24, 0x6a, 0x47, 0x9e, 0xf0, 0x27, 0x1a, 0xca, 0xe8, 0xb2, 0x06, 0x61, 0x13, 0x8f, + 0xd2, 0x0e, 0xef, 0x04, 0x24, 0xca, 0x1a, 0xb2, 0xcb, 0xb4, 0x11, 0x73, 0x18, 0x45, 0x4a, 0xa2, + 0x4e, 0x9c, 0x88, 0xc1, 0xa8, 0x90, 0xd6, 0x68, 0x23, 0xe6, 0x30, 0x3a, 0xd3, 0xe3, 0xce, 0x3a, + 0x8b, 0x8a, 0xc8, 0x04, 0x83, 0xaf, 0xf2, 0x66, 0x2c, 0xe1, 0x14, 0x75, 0x8b, 0xec, 0xce, 0xd1, + 0x2d, 0x65, 0x26, 0x27, 0xe4, 0x1a, 0x6f, 0xc6, 0x12, 0xce, 0x4a, 0xad, 0xa5, 0xbb, 0xe3, 0xfb, + 0xae, 0xd4, 0x5a, 0x5a, 0xfc, 0x1e, 0x9b, 0xd3, 0x5f, 0xb5, 0x60, 0xc4, 0x8c, 0x65, 0x42, 0xcd, + 0x8c, 0x8d, 0xbb, 0xdc, 0x55, 0xa9, 0xf3, 0xc7, 0xf3, 0xae, 0x25, 0x6a, 0x7a, 0x49, 0xd8, 0x8e, + 0x9f, 0x23, 0x41, 0xd3, 0x0b, 0x08, 0x3b, 0xa2, 0xe6, 0x31, 0x50, 0xa9, 0x40, 0xa9, 0xd9, 0xb0, + 0x41, 0x8e, 0x60, 0x24, 0xdb, 0xb7, 0x60, 0xbc, 0x2b, 0x11, 0xa8, 0x0f, 0xd3, 0xe2, 0xc0, 0x34, + 0x4c, 0x1b, 0xc3, 0x30, 0x25, 0x2c, 0xeb, 0x96, 0xcc, 0xc2, 0x38, 0x9f, 0x48, 0x94, 0xd3, 0xaa, + 0xbb, 0x49, 0x5a, 0x2a, 0xb9, 0x8b, 0x39, 0xaf, 0x6f, 0x66, 0x81, 0xb8, 0x1b, 0xdf, 0xfe, 0xbc, + 0x05, 0xa3, 0xa9, 0xdc, 0xac, 0x82, 0x8c, 0x20, 0x36, 0xd3, 0x42, 0x16, 0x5a, 0xc7, 0xe2, 0x8b, + 0xcb, 0x6c, 0x31, 0xd5, 0x33, 0x4d, 0x83, 0xb0, 0x89, 0x67, 0x7f, 0xa9, 0x04, 0x55, 0x19, 0x9e, + 0xd0, 0x87, 0x28, 0x9f, 0xb5, 0x60, 0x54, 0x1d, 0x18, 0x30, 0x4f, 0x54, 0xa9, 0x88, 0x40, 0x7a, + 0x2a, 0x81, 0x8a, 0xfd, 0x0c, 0x36, 0x42, 0x6d, 0x91, 0x63, 0x93, 0x19, 0x4e, 0xf3, 0x46, 0x37, + 0x01, 0xe2, 0xdd, 0x38, 0x21, 0x2d, 0xc3, 0x27, 0x66, 0x1b, 0x33, 0x6e, 0xca, 0x0d, 0x23, 0x42, + 0xe7, 0xd7, 0xf5, 0xb0, 0x41, 0x56, 0x15, 0xa6, 0x36, 0xa1, 0x74, 0x1b, 0x36, 0x28, 0xd9, 0x7f, + 0xbf, 0x04, 0xa7, 0xb3, 0x22, 0xa1, 0x0f, 0xc3, 0x88, 0xe4, 0x6e, 0x5c, 0xb1, 0x24, 0x63, 0x32, + 0x46, 0xb0, 0x01, 0xbb, 0xbb, 0x37, 0x39, 0xd9, 0x7d, 0xc5, 0xd5, 0x94, 0x89, 0x82, 0x53, 0xc4, + 0xf8, 0xa9, 0x8d, 0x38, 0x5e, 0xac, 0xef, 0xce, 0xb4, 0xdb, 0xe2, 0xe8, 0xc5, 0x38, 0xb5, 0x31, + 0xa1, 0x38, 0x83, 0x8d, 0x56, 0xe0, 0xac, 0xd1, 0x72, 0x9d, 0x78, 0xcd, 0xcd, 0xf5, 0x30, 0x92, + 0x3b, 0xab, 0xc7, 0x75, 0xd4, 0x54, 0x37, 0x0e, 0xce, 0x7d, 0x92, 0xae, 0xf6, 0xae, 0xd3, 0x76, + 0x5c, 0x2f, 0xd9, 0x15, 0x4e, 0x3e, 0xa5, 0x9b, 0x66, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x12, 0x0c, + 0xf4, 0x39, 0x82, 0xfa, 0xb2, 0xe8, 0x5f, 0x81, 0x2a, 0x25, 0x27, 0xcd, 0xbb, 0x22, 0x48, 0x86, + 0x50, 0x95, 0xb7, 0x24, 0x20, 0x1b, 0xca, 0x9e, 0x23, 0x0f, 0xc6, 0xd4, 0x6b, 0x2d, 0xc4, 0x71, + 0x87, 0x6d, 0x92, 0x29, 0x10, 0x3d, 0x05, 0x65, 0xb2, 0xd3, 0xce, 0x9e, 0x80, 0x5d, 0xda, 0x69, + 0x7b, 0x11, 0x89, 0x29, 0x12, 0xd9, 0x69, 0xa3, 0xf3, 0x50, 0xf2, 0x1a, 0x62, 0x91, 0x02, 0x81, + 0x53, 0x5a, 0x98, 0xc3, 0x25, 0xaf, 0x61, 0xef, 0x40, 0x4d, 0x5d, 0xcb, 0x80, 0xb6, 0xa4, 0xee, + 0xb6, 0x8a, 0x88, 0x27, 0x92, 0x74, 0x7b, 0x68, 0xed, 0x0e, 0x80, 0x4e, 0x52, 0x2b, 0x4a, 0xbf, + 0x5c, 0x80, 0x01, 0x37, 0x14, 0x09, 0xb4, 0x55, 0x4d, 0x86, 0x29, 0x6d, 0x06, 0xb1, 0x6f, 0xc1, + 0xd8, 0xb5, 0x20, 0xbc, 0xc3, 0xea, 0x4e, 0xb3, 0x7a, 0x51, 0x94, 0xf0, 0x06, 0xfd, 0x91, 0x35, + 0x11, 0x18, 0x14, 0x73, 0x98, 0xaa, 0x29, 0x54, 0xea, 0x55, 0x53, 0xc8, 0xfe, 0xa4, 0x05, 0xa7, + 0x55, 0xaa, 0x8d, 0xd4, 0xc6, 0x2f, 0xc1, 0xc8, 0x7a, 0xc7, 0xf3, 0x1b, 0xb2, 0x0a, 0x55, 0xc6, + 0x4d, 0x51, 0x37, 0x60, 0x38, 0x85, 0x49, 0x37, 0x55, 0xeb, 0x5e, 0xe0, 0x44, 0xbb, 0x2b, 0x5a, + 0xfd, 0x2b, 0x8d, 0x50, 0x57, 0x10, 0x6c, 0x60, 0xd9, 0x9f, 0x35, 0x45, 0x10, 0xc9, 0x3d, 0x7d, + 0xf4, 0xec, 0x0d, 0xa8, 0xb8, 0xea, 0x20, 0xf5, 0x48, 0x95, 0xf2, 0x54, 0xf2, 0x36, 0x73, 0xa6, + 0x73, 0x6a, 0xf6, 0x3f, 0x2d, 0xc1, 0x68, 0xaa, 0x20, 0x08, 0xf2, 0xa1, 0x4a, 0x7c, 0xe6, 0xca, + 0x93, 0x43, 0xec, 0xb8, 0xb5, 0x18, 0xd5, 0xb4, 0xb8, 0x24, 0xe8, 0x62, 0xc5, 0xe1, 0xe1, 0x38, + 0xaf, 0x7a, 0x09, 0x46, 0xa4, 0x40, 0x1f, 0x72, 0x5a, 0xbe, 0x98, 0x85, 0x6a, 0x00, 0x5c, 0x32, + 0x60, 0x38, 0x85, 0x69, 0xff, 0x5e, 0x19, 0x26, 0xb8, 0xef, 0xb3, 0xa1, 0x42, 0x4a, 0x96, 0xa4, + 0x95, 0xf5, 0x97, 0x74, 0xd9, 0x1e, 0xde, 0x91, 0xeb, 0xc7, 0x2d, 0x7d, 0x9c, 0xcf, 0xa8, 0xaf, + 0x60, 0x87, 0x5f, 0xce, 0x04, 0x3b, 0xf0, 0xc5, 0xb6, 0x79, 0x42, 0x12, 0x7d, 0x7f, 0x45, 0x3f, + 0xfc, 0x9d, 0x12, 0x9c, 0xca, 0xd4, 0x95, 0x46, 0x6f, 0xa5, 0x6b, 0x2a, 0x5a, 0x45, 0x78, 0xc8, + 0xee, 0x59, 0x6a, 0xf8, 0x70, 0x95, 0x15, 0x1f, 0xd0, 0x54, 0xb1, 0x7f, 0xbf, 0x04, 0x63, 0xe9, + 0x82, 0xd8, 0x0f, 0x61, 0x4f, 0xbd, 0x07, 0x6a, 0xac, 0xe6, 0x2b, 0xbb, 0xc4, 0x8b, 0x3b, 0xe2, + 0x78, 0x9d, 0x50, 0xd9, 0x88, 0x35, 0xfc, 0xa1, 0x28, 0x58, 0x69, 0xff, 0x5d, 0x0b, 0xce, 0xf1, + 0xb7, 0xcc, 0x8e, 0xc3, 0xbf, 0x9c, 0xd7, 0xbb, 0xaf, 0x15, 0x2b, 0x60, 0xa6, 0xdc, 0xd4, 0x41, + 0xfd, 0xcb, 0x2e, 0x0f, 0x12, 0xd2, 0xa6, 0x87, 0xc2, 0x43, 0x28, 0xec, 0xa1, 0x06, 0x83, 0xfd, + 0xfb, 0x65, 0xd0, 0xf7, 0x25, 0x21, 0x4f, 0xa4, 0x0d, 0x15, 0x52, 0x76, 0x6b, 0x75, 0x37, 0x70, + 0xf5, 0xcd, 0x4c, 0xd5, 0x4c, 0xd6, 0xd0, 0x2f, 0x58, 0x30, 0xec, 0x05, 0x5e, 0xe2, 0x39, 0xcc, + 0x78, 0x2e, 0xe6, 0xbe, 0x17, 0xc5, 0x6e, 0x81, 0x53, 0x0e, 0x23, 0xd3, 0x7b, 0xab, 0x98, 0x61, + 0x93, 0x33, 0xfa, 0xa8, 0x88, 0x47, 0x2c, 0x17, 0x96, 0xf0, 0x56, 0xcd, 0x04, 0x21, 0xb6, 0xa1, + 0x12, 0x91, 0x24, 0x2a, 0x28, 0x4f, 0x14, 0x53, 0x52, 0xaa, 0x82, 0xa3, 0xbe, 0xb9, 0x92, 0x36, + 0x63, 0xce, 0xc8, 0x8e, 0x01, 0x75, 0xf7, 0xc5, 0x21, 0x63, 0xbd, 0xa6, 0xa1, 0xe6, 0x74, 0x92, + 0xb0, 0x45, 0xbb, 0x49, 0x38, 0x98, 0x75, 0x34, 0x9b, 0x04, 0x60, 0x8d, 0x63, 0xbf, 0x55, 0x81, + 0x4c, 0x1e, 0x0f, 0xda, 0x31, 0xef, 0xfa, 0xb2, 0x8a, 0xbd, 0xeb, 0x4b, 0x09, 0x93, 0x77, 0xdf, + 0x17, 0x6a, 0x42, 0xa5, 0xbd, 0xe9, 0xc4, 0xd2, 0x36, 0x7e, 0x45, 0x76, 0xd3, 0x0a, 0x6d, 0xbc, + 0xbb, 0x37, 0xf9, 0x13, 0xfd, 0xf9, 0x5a, 0xe8, 0x58, 0x9d, 0xe6, 0x69, 0xf1, 0x9a, 0x35, 0xa3, + 0x81, 0x39, 0xfd, 0xc3, 0xdc, 0x78, 0xf3, 0x29, 0x51, 0xa5, 0x17, 0x93, 0xb8, 0xe3, 0x27, 0x62, + 0x34, 0xbc, 0x52, 0xe0, 0x2c, 0xe3, 0x84, 0x75, 0x06, 0x2a, 0xff, 0x8f, 0x0d, 0xa6, 0xe8, 0xc3, + 0x50, 0x8b, 0x13, 0x27, 0x4a, 0x8e, 0x98, 0x33, 0xa6, 0x3a, 0x7d, 0x55, 0x12, 0xc1, 0x9a, 0x1e, + 0x7a, 0x95, 0x55, 0x21, 0xf4, 0xe2, 0xcd, 0x23, 0x86, 0x11, 0xcb, 0x8a, 0x85, 0x82, 0x02, 0x36, + 0xa8, 0xd1, 0xad, 0x07, 0x1b, 0xdb, 0x3c, 0x76, 0xa6, 0xca, 0xf6, 0x96, 0x4a, 0x15, 0x62, 0x05, + 0xc1, 0x06, 0x96, 0xfd, 0x23, 0x90, 0x4e, 0xa1, 0x46, 0x93, 0x32, 0x63, 0x9b, 0xfb, 0x9e, 0x58, + 0x38, 0x70, 0x2a, 0xb9, 0xfa, 0x37, 0x2d, 0x30, 0xf3, 0xbc, 0xd1, 0x1b, 0x3c, 0xa1, 0xdc, 0x2a, + 0xe2, 0xbc, 0xc0, 0xa0, 0x3b, 0xb5, 0xe4, 0xb4, 0x33, 0x07, 0x57, 0x32, 0xab, 0xfc, 0xfc, 0xfb, + 0xa0, 0x2a, 0xa1, 0x87, 0x32, 0xea, 0x3e, 0x01, 0x67, 0xb2, 0x37, 0xa1, 0x0a, 0x5f, 0x73, 0x33, + 0x0a, 0x3b, 0xed, 0xec, 0x46, 0x92, 0xdd, 0x94, 0x89, 0x39, 0x8c, 0x6e, 0xc7, 0xb6, 0xbc, 0xa0, + 0x91, 0xdd, 0x48, 0x5e, 0xf3, 0x82, 0x06, 0x66, 0x90, 0x3e, 0x6e, 0x7c, 0xfb, 0x2d, 0x0b, 0x2e, + 0x1c, 0x74, 0x61, 0x2b, 0x7a, 0x1c, 0x06, 0xee, 0x38, 0x91, 0x2c, 0x0f, 0xcb, 0x14, 0xe5, 0x2d, + 0x27, 0x0a, 0x30, 0x6b, 0x45, 0xbb, 0x30, 0xc8, 0x13, 0x92, 0x85, 0xb5, 0xfe, 0x4a, 0xb1, 0xd7, + 0xc7, 0x5e, 0x23, 0xc6, 0x76, 0x81, 0x27, 0x43, 0x63, 0xc1, 0xd0, 0xfe, 0xae, 0x05, 0x68, 0x79, + 0x9b, 0x44, 0x91, 0xd7, 0x30, 0x52, 0xa8, 0xd1, 0x0b, 0x30, 0x72, 0x7b, 0x75, 0xf9, 0xfa, 0x4a, + 0xe8, 0x05, 0xac, 0xa4, 0x82, 0x91, 0x35, 0x76, 0xd5, 0x68, 0xc7, 0x29, 0x2c, 0x34, 0x0b, 0xe3, + 0xb7, 0xdf, 0xa0, 0x9b, 0x5f, 0xb3, 0x14, 0x7d, 0x49, 0xbb, 0x3b, 0xaf, 0xbe, 0x92, 0x01, 0xe2, + 0x6e, 0x7c, 0xb4, 0x0c, 0xe7, 0x5a, 0x7c, 0xbb, 0xc1, 0x2b, 0x48, 0xf3, 0xbd, 0x87, 0xca, 0xd1, + 0x78, 0x6c, 0x7f, 0x6f, 0xf2, 0xdc, 0x52, 0x1e, 0x02, 0xce, 0x7f, 0xce, 0x7e, 0x1f, 0x20, 0x1e, + 0xac, 0x32, 0x9b, 0x17, 0x79, 0xd0, 0x73, 0x27, 0x6e, 0x7f, 0xb5, 0x02, 0xa7, 0x32, 0xc5, 0x03, + 0xe9, 0x56, 0xaf, 0x3b, 0xd4, 0xe1, 0xd8, 0xeb, 0x77, 0xb7, 0x78, 0x7d, 0x05, 0x4f, 0x04, 0x50, + 0xf1, 0x82, 0x76, 0x27, 0x29, 0x26, 0x2d, 0x8b, 0x0b, 0xb1, 0x40, 0x09, 0x1a, 0x4e, 0x22, 0xfa, + 0x17, 0x73, 0x36, 0x45, 0x86, 0x62, 0xa4, 0x8c, 0xf1, 0x81, 0x07, 0xe4, 0x0e, 0xf8, 0x94, 0x0e, + 0x8c, 0xa8, 0x14, 0x71, 0x50, 0x9f, 0x19, 0x2c, 0x27, 0x7d, 0xc0, 0xf6, 0x1b, 0x25, 0x18, 0x36, + 0x3e, 0x1a, 0xfa, 0x95, 0x74, 0x15, 0x14, 0xab, 0xb8, 0x57, 0x62, 0xf4, 0xa7, 0x74, 0x9d, 0x13, + 0xfe, 0x4a, 0x4f, 0x77, 0x17, 0x40, 0xb9, 0xbb, 0x37, 0x79, 0x3a, 0x53, 0xe2, 0x24, 0x55, 0x14, + 0xe5, 0xfc, 0xc7, 0xe1, 0x54, 0x86, 0x4c, 0xce, 0x2b, 0xaf, 0xa5, 0x2f, 0xba, 0x3d, 0xa6, 0x5b, + 0xca, 0xec, 0xb2, 0x6f, 0xd0, 0x2e, 0xd3, 0xf7, 0x9f, 0xf7, 0xe1, 0x8e, 0xcb, 0x24, 0xa0, 0x95, + 0xfa, 0x4c, 0x40, 0x7b, 0x06, 0xaa, 0xed, 0xd0, 0xf7, 0x5c, 0x4f, 0xd5, 0xcb, 0x62, 0x29, 0x6f, + 0x2b, 0xa2, 0x0d, 0x2b, 0x28, 0xba, 0x03, 0x35, 0x75, 0x27, 0xb0, 0x48, 0xea, 0x2f, 0xca, 0xd5, + 0xab, 0x8c, 0x16, 0x7d, 0xd7, 0xaf, 0xe6, 0x85, 0x6c, 0x18, 0x64, 0x8b, 0xa0, 0x8c, 0xa6, 0x65, + 0xe9, 0x91, 0x6c, 0x75, 0x8c, 0xb1, 0x80, 0xd8, 0x5f, 0xaf, 0xc1, 0xd9, 0xbc, 0x0a, 0xae, 0xe8, + 0x63, 0x30, 0xc8, 0x65, 0x2c, 0xa6, 0x48, 0x78, 0x1e, 0x8f, 0x79, 0x46, 0x50, 0x88, 0xc5, 0x7e, + 0x63, 0xc1, 0x53, 0x70, 0xf7, 0x9d, 0x75, 0x31, 0x42, 0x4e, 0x86, 0xfb, 0xa2, 0xa3, 0xb9, 0x2f, + 0x3a, 0x9c, 0xbb, 0xef, 0xac, 0xa3, 0x1d, 0xa8, 0x34, 0xbd, 0x84, 0x38, 0xc2, 0x89, 0x70, 0xeb, + 0x44, 0x98, 0x13, 0x87, 0x5b, 0x69, 0xec, 0x27, 0xe6, 0x0c, 0xd1, 0xd7, 0x2c, 0x38, 0xb5, 0x9e, + 0xce, 0x36, 0x15, 0xca, 0xd3, 0x39, 0x81, 0x2a, 0xbd, 0x69, 0x46, 0xfc, 0xba, 0x87, 0x4c, 0x23, + 0xce, 0x8a, 0x83, 0x3e, 0x6d, 0xc1, 0xd0, 0x86, 0xe7, 0x1b, 0x05, 0x1b, 0x4f, 0xe0, 0xe3, 0x5c, + 0x66, 0x0c, 0xf4, 0x8e, 0x83, 0xff, 0x8f, 0xb1, 0xe4, 0xdc, 0x6b, 0xa5, 0x1a, 0x3c, 0xee, 0x4a, + 0x35, 0xf4, 0x80, 0x56, 0xaa, 0xcf, 0x58, 0x50, 0x53, 0x3d, 0x2d, 0x32, 0x08, 0x3f, 0x7c, 0x82, + 0x9f, 0x9c, 0x7b, 0x4e, 0xd4, 0x5f, 0xac, 0x99, 0xa3, 0x2f, 0x5a, 0x30, 0xec, 0xbc, 0xd9, 0x89, + 0x48, 0x83, 0x6c, 0x87, 0xed, 0x58, 0x5c, 0xb1, 0xf4, 0x5a, 0xf1, 0xc2, 0xcc, 0x50, 0x26, 0x73, + 0x64, 0x7b, 0xb9, 0x1d, 0x8b, 0x48, 0x7f, 0xdd, 0x80, 0x4d, 0x11, 0xec, 0xbd, 0x12, 0x4c, 0x1e, + 0x40, 0x01, 0xbd, 0x04, 0x23, 0x61, 0xd4, 0x74, 0x02, 0xef, 0x4d, 0x33, 0x7d, 0x5c, 0x59, 0x59, + 0xcb, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0x1c, 0xc7, 0xd2, 0x01, 0x39, 0x8e, 0x17, 0x60, 0x20, 0x22, + 0xed, 0x30, 0xbb, 0x59, 0x60, 0x81, 0xc0, 0x0c, 0x82, 0x9e, 0x80, 0xb2, 0xd3, 0xf6, 0x44, 0xf8, + 0x89, 0xda, 0x03, 0xcd, 0xac, 0x2c, 0x60, 0xda, 0x9e, 0x4a, 0xb9, 0xae, 0xdc, 0x97, 0x94, 0x6b, + 0xba, 0x0c, 0x88, 0xb3, 0x8b, 0x41, 0xbd, 0x0c, 0xa4, 0xcf, 0x14, 0xec, 0xaf, 0x94, 0xe1, 0x89, + 0x7b, 0x8e, 0x17, 0x1d, 0x7d, 0x63, 0xdd, 0x23, 0xfa, 0x46, 0x76, 0x4f, 0xe9, 0xa0, 0xee, 0x29, + 0xf7, 0xe8, 0x9e, 0x4f, 0xd3, 0x69, 0x20, 0xd3, 0xee, 0x8b, 0xb9, 0xed, 0xa7, 0x57, 0x16, 0xbf, + 0x98, 0x01, 0x12, 0x8a, 0x35, 0x5f, 0xba, 0x07, 0x48, 0xe5, 0xf7, 0x55, 0x8a, 0x58, 0x06, 0x7a, + 0xa6, 0xe1, 0xf3, 0xb1, 0xdf, 0x2b, 0x69, 0xd0, 0xfe, 0xc5, 0x12, 0x3c, 0xd5, 0x87, 0xf6, 0x36, + 0x47, 0xb1, 0xd5, 0xe7, 0x28, 0xfe, 0xfe, 0xfe, 0x4c, 0xf6, 0x5f, 0xb1, 0xe0, 0x7c, 0xef, 0xc5, + 0x03, 0x3d, 0x0f, 0xc3, 0xeb, 0x91, 0x13, 0xb8, 0x9b, 0xec, 0x06, 0x33, 0xd9, 0x29, 0xac, 0xaf, + 0x75, 0x33, 0x36, 0x71, 0xe8, 0xf6, 0x96, 0x57, 0x4d, 0x37, 0x30, 0x64, 0x3e, 0x16, 0xdd, 0xde, + 0xae, 0x65, 0x81, 0xb8, 0x1b, 0xdf, 0xfe, 0xbd, 0x52, 0xbe, 0x58, 0xdc, 0xc8, 0x38, 0xcc, 0x77, + 0x12, 0x5f, 0xa1, 0xd4, 0x87, 0x2e, 0x29, 0xdf, 0x6f, 0x5d, 0x32, 0xd0, 0x4b, 0x97, 0xa0, 0x39, + 0x38, 0x6d, 0x14, 0xfb, 0xe7, 0x39, 0x76, 0x3c, 0xcc, 0x4e, 0x25, 0x9e, 0xaf, 0x64, 0xe0, 0xb8, + 0xeb, 0x09, 0xfb, 0x57, 0x4b, 0xf0, 0x58, 0x4f, 0xcb, 0xe9, 0x3e, 0x69, 0x23, 0xb3, 0x83, 0x07, + 0xee, 0x4f, 0x07, 0x3f, 0x0b, 0x55, 0x2f, 0x88, 0x89, 0xdb, 0x89, 0x78, 0xa7, 0x19, 0x19, 0x27, + 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x0f, 0x7a, 0x0f, 0x35, 0x6a, 0x45, 0xff, 0xc0, 0xf6, 0xd2, + 0xcb, 0x30, 0xea, 0xb4, 0xdb, 0x1c, 0x8f, 0xc5, 0x5d, 0x65, 0x4a, 0x49, 0xcc, 0x98, 0x40, 0x9c, + 0xc6, 0xed, 0x6b, 0x3d, 0xfc, 0x63, 0x0b, 0x6a, 0x98, 0x6c, 0xf0, 0xf9, 0x8e, 0x6e, 0x8b, 0x2e, + 0xb2, 0x8a, 0x28, 0x3a, 0x47, 0x3b, 0x36, 0xf6, 0x58, 0x31, 0xb6, 0xbc, 0xce, 0xee, 0xbe, 0xe6, + 0xa1, 0x74, 0xa8, 0x6b, 0x1e, 0x54, 0xa1, 0xff, 0x72, 0xef, 0x42, 0xff, 0xf6, 0x37, 0x86, 0xe8, + 0xeb, 0xb5, 0xc3, 0xd9, 0x88, 0x34, 0x62, 0xfa, 0x7d, 0x3b, 0x91, 0x2f, 0x06, 0x89, 0xfa, 0xbe, + 0x37, 0xf0, 0x22, 0xa6, 0xed, 0xa9, 0xc3, 0x95, 0xd2, 0xa1, 0x12, 0xe9, 0xcb, 0x07, 0x26, 0xd2, + 0xbf, 0x0c, 0xa3, 0x71, 0xbc, 0xb9, 0x12, 0x79, 0xdb, 0x4e, 0x42, 0xae, 0x91, 0x5d, 0x61, 0x37, + 0xe9, 0xe4, 0xd7, 0xd5, 0x2b, 0x1a, 0x88, 0xd3, 0xb8, 0x68, 0x1e, 0xc6, 0x75, 0x3a, 0x3b, 0x89, + 0x12, 0x16, 0xa5, 0xcb, 0x47, 0x82, 0xca, 0x3d, 0xd5, 0x09, 0xf0, 0x02, 0x01, 0x77, 0x3f, 0x43, + 0x35, 0x56, 0xaa, 0x91, 0x0a, 0x32, 0x98, 0xd6, 0x58, 0x29, 0x3a, 0x54, 0x96, 0xae, 0x27, 0xd0, + 0x12, 0x9c, 0xe1, 0x03, 0x63, 0xa6, 0xdd, 0x36, 0xde, 0x68, 0x28, 0x5d, 0xec, 0x6b, 0xbe, 0x1b, + 0x05, 0xe7, 0x3d, 0x87, 0x5e, 0x84, 0x61, 0xd5, 0xbc, 0x30, 0x27, 0xce, 0x05, 0x94, 0x5f, 0x42, + 0x91, 0x59, 0x68, 0x60, 0x13, 0x0f, 0x7d, 0x08, 0x1e, 0xd5, 0x7f, 0x79, 0x2a, 0x07, 0x3f, 0x2c, + 0x9b, 0x13, 0x95, 0x42, 0x54, 0x59, 0xf9, 0xf9, 0x5c, 0xb4, 0x06, 0xee, 0xf5, 0x3c, 0x5a, 0x87, + 0xf3, 0x0a, 0x74, 0x29, 0x48, 0x58, 0x5c, 0x76, 0x4c, 0xea, 0x4e, 0x4c, 0x6e, 0x44, 0x3e, 0xab, + 0x2d, 0x52, 0xd3, 0x37, 0x7e, 0xcd, 0x7b, 0xc9, 0x95, 0x3c, 0x4c, 0xbc, 0x88, 0xef, 0x41, 0x05, + 0x4d, 0x43, 0x8d, 0x04, 0xce, 0xba, 0x4f, 0x96, 0x67, 0x17, 0x58, 0xc5, 0x11, 0xe3, 0x6c, 0xee, + 0x92, 0x04, 0x60, 0x8d, 0xa3, 0x22, 0xc5, 0x46, 0x7a, 0xde, 0x3e, 0xb7, 0x02, 0x67, 0x9b, 0x6e, + 0x9b, 0x5a, 0x13, 0x9e, 0x4b, 0x66, 0x5c, 0x16, 0x2d, 0x45, 0x3f, 0x0c, 0xaf, 0xc2, 0xa6, 0xc2, + 0x20, 0xe7, 0x67, 0x57, 0xba, 0x70, 0x70, 0xee, 0x93, 0x74, 0x8e, 0xb5, 0xa3, 0x70, 0x67, 0x77, + 0xe2, 0x4c, 0x7a, 0x8e, 0xad, 0xd0, 0x46, 0xcc, 0x61, 0xe8, 0x2a, 0x20, 0x16, 0x53, 0x7b, 0x25, + 0x49, 0xda, 0xca, 0x7c, 0x99, 0x38, 0xcb, 0x5e, 0xe9, 0xbc, 0x78, 0x02, 0x5d, 0xee, 0xc2, 0xc0, + 0x39, 0x4f, 0xd9, 0x7f, 0x64, 0xc1, 0xa8, 0x9a, 0xaf, 0xf7, 0x21, 0xaa, 0xdc, 0x4f, 0x47, 0x95, + 0xcf, 0x1f, 0x5f, 0xe3, 0x31, 0xc9, 0x7b, 0x84, 0x26, 0xfe, 0xdc, 0x30, 0x80, 0xd6, 0x8a, 0x6a, + 0x41, 0xb2, 0x7a, 0x2e, 0x48, 0x0f, 0xad, 0x46, 0xca, 0x2b, 0x2f, 0x50, 0x79, 0xb0, 0xe5, 0x05, + 0x56, 0xe1, 0x9c, 0x34, 0x17, 0xf8, 0xe9, 0xcf, 0x95, 0x30, 0x56, 0x0a, 0xae, 0x5a, 0x7f, 0x42, + 0x10, 0x3a, 0xb7, 0x90, 0x87, 0x84, 0xf3, 0x9f, 0x4d, 0x59, 0x29, 0x43, 0x07, 0x59, 0x29, 0x7a, + 0x4e, 0x2f, 0x6e, 0xc8, 0xfa, 0xf1, 0x99, 0x39, 0xbd, 0x78, 0x79, 0x15, 0x6b, 0x9c, 0x7c, 0xc5, + 0x5e, 0x2b, 0x48, 0xb1, 0xc3, 0xa1, 0x15, 0xbb, 0x54, 0x31, 0xc3, 0x3d, 0x55, 0x8c, 0xf4, 0x32, + 0x8f, 0xf4, 0xf4, 0x32, 0xbf, 0x1f, 0xc6, 0xbc, 0x60, 0x93, 0x44, 0x5e, 0x42, 0x1a, 0x6c, 0x2e, + 0x30, 0xf5, 0x53, 0xd5, 0xcb, 0xfa, 0x42, 0x0a, 0x8a, 0x33, 0xd8, 0x69, 0xbd, 0x38, 0xd6, 0x87, + 0x5e, 0xec, 0xb1, 0x1a, 0x9d, 0x2a, 0x66, 0x35, 0x3a, 0x7d, 0xfc, 0xd5, 0x68, 0xfc, 0x44, 0x57, + 0x23, 0x54, 0xc8, 0x6a, 0xd4, 0x97, 0xa2, 0x37, 0x36, 0x74, 0x67, 0x0f, 0xd8, 0xd0, 0xf5, 0x5a, + 0x8a, 0xce, 0x1d, 0x79, 0x29, 0xca, 0x5f, 0x65, 0x1e, 0x39, 0xd2, 0x2a, 0xf3, 0x99, 0x12, 0x9c, + 0xd3, 0x7a, 0x98, 0x8e, 0x7e, 0x6f, 0x83, 0x6a, 0x22, 0x76, 0x05, 0x09, 0x3f, 0x89, 0x31, 0x92, + 0x1c, 0x74, 0xbe, 0x84, 0x82, 0x60, 0x03, 0x8b, 0xe5, 0x0a, 0x90, 0x88, 0xd5, 0x9a, 0xcc, 0x2a, + 0xe9, 0x59, 0xd1, 0x8e, 0x15, 0x06, 0x1d, 0x5f, 0xf4, 0xb7, 0xc8, 0xbf, 0xca, 0x56, 0x54, 0x9a, + 0xd5, 0x20, 0x6c, 0xe2, 0xa1, 0x67, 0x38, 0x13, 0xa6, 0x20, 0xa8, 0xa2, 0x1e, 0x11, 0x77, 0x12, + 0x4a, 0x9d, 0xa0, 0xa0, 0x52, 0x1c, 0x96, 0x14, 0x52, 0xe9, 0x16, 0x87, 0x05, 0x35, 0x29, 0x0c, + 0xfb, 0x7f, 0x58, 0xf0, 0x58, 0x6e, 0x57, 0xdc, 0x87, 0xc5, 0x77, 0x27, 0xbd, 0xf8, 0xae, 0x16, + 0xb5, 0xdd, 0x30, 0xde, 0xa2, 0xc7, 0x42, 0xfc, 0x6f, 0x2d, 0x18, 0xd3, 0xf8, 0xf7, 0xe1, 0x55, + 0xbd, 0xf4, 0xab, 0x16, 0xb7, 0xb3, 0xaa, 0x75, 0xbd, 0xdb, 0x1f, 0xb1, 0x77, 0xe3, 0xe1, 0x12, + 0x33, 0xae, 0xac, 0x21, 0x79, 0xc0, 0xd9, 0xe0, 0x2e, 0x0c, 0xb2, 0xa3, 0xcd, 0xb8, 0x98, 0xb0, + 0x8d, 0x34, 0x7f, 0x76, 0x4c, 0xaa, 0x8f, 0x8d, 0xd9, 0xdf, 0x18, 0x0b, 0x86, 0xac, 0x12, 0xaa, + 0x17, 0x53, 0x6d, 0xde, 0x10, 0xe9, 0x15, 0xba, 0x12, 0xaa, 0x68, 0xc7, 0x0a, 0xc3, 0x6e, 0xc1, + 0x44, 0x9a, 0xf8, 0x1c, 0xd9, 0x60, 0xa1, 0x80, 0x7d, 0xbd, 0xe6, 0x34, 0xd4, 0x1c, 0xf6, 0xd4, + 0x62, 0xc7, 0xc9, 0x5e, 0x63, 0x3b, 0x23, 0x01, 0x58, 0xe3, 0xd8, 0xbf, 0x6e, 0xc1, 0x99, 0x9c, + 0x97, 0x29, 0x30, 0xad, 0x24, 0xd1, 0x5a, 0x20, 0x6f, 0xc1, 0x7d, 0x37, 0x0c, 0x35, 0xc8, 0x86, + 0x23, 0x83, 0xcd, 0x0c, 0x9d, 0x3b, 0xc7, 0x9b, 0xb1, 0x84, 0xdb, 0xff, 0xd5, 0x82, 0x53, 0x69, + 0x59, 0x63, 0xaa, 0x35, 0xf9, 0xcb, 0xcc, 0x79, 0xb1, 0x1b, 0x6e, 0x93, 0x68, 0x97, 0xbe, 0x39, + 0x97, 0x5a, 0x69, 0xcd, 0x99, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0xab, 0x3d, 0xd8, 0x50, 0xbd, 0x2d, + 0x47, 0xca, 0xcd, 0x22, 0x47, 0x8a, 0xfe, 0x98, 0xe6, 0xc1, 0xb4, 0x62, 0x89, 0x4d, 0xfe, 0xf6, + 0x77, 0x07, 0x40, 0xe5, 0x9d, 0xb1, 0x48, 0x9f, 0x82, 0xe2, 0xa4, 0x52, 0x57, 0xf7, 0x94, 0xfb, + 0xb8, 0xba, 0x47, 0x0e, 0x86, 0x81, 0x7b, 0x1d, 0xbd, 0x73, 0xef, 0x85, 0xe9, 0x24, 0x54, 0x6f, + 0xb8, 0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x92, 0xf8, 0xde, 0x36, 0xe1, 0x0f, 0x0d, 0xa6, 0x25, 0x59, + 0x94, 0x00, 0xac, 0x71, 0xa8, 0x24, 0x0d, 0x6f, 0x63, 0x43, 0x6c, 0xc5, 0x95, 0x24, 0xb4, 0x77, + 0x30, 0x83, 0xf0, 0x72, 0xb2, 0xe1, 0x96, 0xb0, 0x4e, 0x8d, 0x72, 0xb2, 0xe1, 0x16, 0x66, 0x10, + 0x6a, 0x4f, 0x05, 0x61, 0xd4, 0x62, 0xd7, 0x0c, 0x37, 0x14, 0x17, 0x61, 0x95, 0x2a, 0x7b, 0xea, + 0x7a, 0x37, 0x0a, 0xce, 0x7b, 0x8e, 0x8e, 0xc0, 0x76, 0x44, 0x1a, 0x9e, 0x9b, 0x98, 0xd4, 0x20, + 0x3d, 0x02, 0x57, 0xba, 0x30, 0x70, 0xce, 0x53, 0x68, 0x06, 0x4e, 0xc9, 0xbc, 0x41, 0x59, 0x15, + 0x62, 0x38, 0x9d, 0x85, 0x8e, 0xd3, 0x60, 0x9c, 0xc5, 0xa7, 0xda, 0xa6, 0x25, 0x0a, 0xc2, 0x30, + 0x23, 0xd6, 0xd0, 0x36, 0xb2, 0x50, 0x0c, 0x56, 0x18, 0xf6, 0xa7, 0xca, 0x74, 0x75, 0xec, 0x71, + 0x2b, 0xc7, 0x7d, 0x8b, 0xcb, 0x4b, 0x8f, 0xc8, 0x81, 0x3e, 0x46, 0xe4, 0x0b, 0x30, 0x72, 0x3b, + 0x0e, 0x03, 0x15, 0xf3, 0x56, 0xe9, 0x19, 0xf3, 0x66, 0x60, 0xe5, 0xc7, 0xbc, 0x0d, 0x16, 0x15, + 0xf3, 0x36, 0x74, 0xc4, 0x98, 0xb7, 0x6f, 0x55, 0x40, 0xd5, 0xb5, 0xbf, 0x4e, 0x92, 0x3b, 0x61, + 0xb4, 0xe5, 0x05, 0x4d, 0x96, 0x6f, 0xf9, 0x35, 0x0b, 0x46, 0xf8, 0x7c, 0x59, 0x34, 0x73, 0x96, + 0x36, 0x0a, 0x2a, 0x98, 0x9e, 0x62, 0x36, 0xb5, 0x66, 0x30, 0xca, 0x5c, 0xc7, 0x66, 0x82, 0x70, + 0x4a, 0x22, 0xf4, 0x71, 0x00, 0xe9, 0xb7, 0xdc, 0x90, 0x2a, 0x73, 0xa1, 0x18, 0xf9, 0x30, 0xd9, + 0xd0, 0xb6, 0xe9, 0x9a, 0x62, 0x82, 0x0d, 0x86, 0xe8, 0x33, 0xd9, 0x6b, 0xd8, 0x3f, 0x7a, 0x22, + 0x7d, 0xd3, 0x4f, 0x36, 0x17, 0x86, 0x21, 0x2f, 0x68, 0xd2, 0x71, 0x22, 0x62, 0x83, 0xde, 0x95, + 0x97, 0xab, 0xbc, 0x18, 0x3a, 0x8d, 0xba, 0xe3, 0x3b, 0x81, 0x4b, 0xa2, 0x05, 0x8e, 0x6e, 0x5e, + 0x42, 0xca, 0x1a, 0xb0, 0x24, 0xd4, 0x75, 0x23, 0x40, 0xa5, 0x9f, 0x1b, 0x01, 0xce, 0x7f, 0x00, + 0xc6, 0xbb, 0x3e, 0xe6, 0xa1, 0x92, 0xb7, 0x8e, 0x9e, 0xf7, 0x65, 0xff, 0xb3, 0x41, 0xbd, 0x68, + 0x5d, 0x0f, 0x1b, 0xbc, 0x2e, 0x7d, 0xa4, 0xbf, 0xa8, 0xb0, 0x3d, 0x0b, 0x1c, 0x22, 0xc6, 0x45, + 0xa6, 0xaa, 0x11, 0x9b, 0x2c, 0xe9, 0x18, 0x6d, 0x3b, 0x11, 0x09, 0x4e, 0x7a, 0x8c, 0xae, 0x28, + 0x26, 0xd8, 0x60, 0x88, 0x36, 0x53, 0xd9, 0x1b, 0x97, 0x8f, 0x9f, 0xbd, 0xc1, 0xaa, 0xb8, 0xe4, + 0x95, 0x92, 0xfe, 0xa2, 0x05, 0x63, 0x41, 0x6a, 0xe4, 0x16, 0x13, 0xb0, 0x99, 0x3f, 0x2b, 0xf8, + 0xb5, 0x28, 0xe9, 0x36, 0x9c, 0xe1, 0x9f, 0xb7, 0xa4, 0x55, 0x0e, 0xb9, 0xa4, 0xe9, 0x0b, 0x2e, + 0x06, 0x7b, 0x5d, 0x70, 0x81, 0x02, 0x75, 0xc3, 0xcf, 0x50, 0xe1, 0x37, 0xfc, 0x40, 0xce, 0xed, + 0x3e, 0xb7, 0xa0, 0xe6, 0x46, 0xc4, 0x49, 0x8e, 0x78, 0xd9, 0x0b, 0x3b, 0x0a, 0x9f, 0x95, 0x04, + 0xb0, 0xa6, 0x65, 0xff, 0x9f, 0x01, 0x38, 0x2d, 0x7b, 0x44, 0x06, 0x7b, 0xd3, 0xf5, 0x91, 0xf3, + 0xd5, 0xc6, 0xad, 0x5a, 0x1f, 0xaf, 0x48, 0x00, 0xd6, 0x38, 0xd4, 0x1e, 0xeb, 0xc4, 0x64, 0xb9, + 0x4d, 0x82, 0x45, 0x6f, 0x3d, 0x16, 0xe7, 0x8f, 0x6a, 0xa2, 0xdc, 0xd0, 0x20, 0x6c, 0xe2, 0x51, + 0x63, 0x9c, 0xdb, 0xc5, 0x71, 0x36, 0x51, 0x44, 0xd8, 0xdb, 0x58, 0xc2, 0xd1, 0x2f, 0xe5, 0x5e, + 0x13, 0x56, 0x4c, 0x8a, 0x54, 0x57, 0x8c, 0xfb, 0x21, 0xef, 0x07, 0xfb, 0x5b, 0x16, 0x9c, 0xe3, + 0xad, 0xb2, 0x27, 0x6f, 0xb4, 0x1b, 0x4e, 0x42, 0xe2, 0x62, 0xca, 0x10, 0xe7, 0xc8, 0xa7, 0x9d, + 0xaf, 0x79, 0x6c, 0x71, 0xbe, 0x34, 0xe8, 0x2d, 0x0b, 0x4e, 0x6d, 0xa5, 0x72, 0xea, 0xe5, 0xd2, + 0x71, 0xcc, 0xea, 0x2f, 0xe9, 0x44, 0x7d, 0x3d, 0xd5, 0xd2, 0xed, 0x31, 0xce, 0x72, 0xb7, 0xff, + 0x9b, 0x05, 0xa6, 0x1a, 0xed, 0xcf, 0x02, 0x34, 0x6e, 0x64, 0x2d, 0x1d, 0x70, 0x23, 0xab, 0x34, + 0x16, 0xcb, 0xfd, 0x6d, 0x4e, 0x06, 0x0e, 0xb1, 0x39, 0xa9, 0xf4, 0xb4, 0x2e, 0x9f, 0x80, 0x72, + 0xc7, 0x6b, 0x88, 0xfd, 0x85, 0x3e, 0x15, 0x5d, 0x98, 0xc3, 0xb4, 0xdd, 0xfe, 0xc7, 0x15, 0xed, + 0x4f, 0x10, 0x19, 0x48, 0x3f, 0x10, 0xaf, 0xbd, 0xa1, 0x8a, 0xf9, 0xf0, 0x37, 0xbf, 0xde, 0x55, + 0xcc, 0xe7, 0xc7, 0x0e, 0x9f, 0x60, 0xc6, 0x3b, 0xa8, 0x57, 0x2d, 0x9f, 0xa1, 0x03, 0xb2, 0xcb, + 0x6e, 0x43, 0x95, 0x6e, 0xc1, 0x98, 0x63, 0xb0, 0x9a, 0x12, 0xaa, 0x7a, 0x45, 0xb4, 0xdf, 0xdd, + 0x9b, 0xfc, 0xd1, 0xc3, 0x8b, 0x25, 0x9f, 0xc6, 0x8a, 0x3e, 0x8a, 0xa1, 0x46, 0x7f, 0xb3, 0x44, + 0x38, 0xb1, 0xb9, 0xbb, 0xa1, 0x74, 0xa6, 0x04, 0x14, 0x92, 0x65, 0xa7, 0xf9, 0xa0, 0x00, 0x6a, + 0xec, 0x2a, 0x45, 0xc6, 0x94, 0xef, 0x01, 0x57, 0x54, 0x3a, 0x9a, 0x04, 0xdc, 0xdd, 0x9b, 0x7c, + 0xf9, 0xf0, 0x4c, 0xd5, 0xe3, 0x58, 0xb3, 0xb0, 0xbf, 0x34, 0xa0, 0xc7, 0xae, 0xa8, 0xe1, 0xf4, + 0x03, 0x31, 0x76, 0x5f, 0xca, 0x8c, 0xdd, 0x0b, 0x5d, 0x63, 0x77, 0x4c, 0x5f, 0xf9, 0x97, 0x1a, + 0x8d, 0xf7, 0xdb, 0x10, 0x38, 0xd8, 0xdf, 0xc0, 0x2c, 0xa0, 0x37, 0x3a, 0x5e, 0x44, 0xe2, 0x95, + 0xa8, 0x13, 0x78, 0x41, 0x53, 0x5c, 0xe5, 0x6e, 0x58, 0x40, 0x29, 0x30, 0xce, 0xe2, 0xb3, 0x6b, + 0xe0, 0x77, 0x03, 0xf7, 0x96, 0xb3, 0xcd, 0x47, 0x95, 0x51, 0xd6, 0x66, 0x55, 0xb4, 0x63, 0x85, + 0x61, 0x7f, 0x83, 0x9d, 0x31, 0x1b, 0x19, 0xb8, 0x74, 0x4c, 0xf8, 0xec, 0xee, 0x4a, 0x5e, 0x13, + 0x47, 0x8d, 0x09, 0x7e, 0x61, 0x25, 0x87, 0xa1, 0x3b, 0x30, 0xb4, 0xce, 0x2f, 0x6f, 0x2a, 0xa6, + 0xfe, 0xaf, 0xb8, 0x09, 0x8a, 0x95, 0xe8, 0x97, 0xd7, 0x42, 0xdd, 0xd5, 0x3f, 0xb1, 0xe4, 0x66, + 0x7f, 0x73, 0x00, 0x4e, 0x65, 0x6e, 0x37, 0x4c, 0x55, 0x23, 0x2c, 0x1d, 0x58, 0x8d, 0xf0, 0x23, + 0x00, 0x0d, 0xd2, 0xf6, 0xc3, 0x5d, 0x66, 0x8e, 0x0d, 0x1c, 0xda, 0x1c, 0x53, 0x16, 0xfc, 0x9c, + 0xa2, 0x82, 0x0d, 0x8a, 0xa2, 0x10, 0x10, 0x2f, 0x6e, 0x98, 0x29, 0x04, 0x64, 0x94, 0xe0, 0x1e, + 0xbc, 0xbf, 0x25, 0xb8, 0x3d, 0x38, 0xc5, 0x45, 0x54, 0x79, 0xae, 0x47, 0x48, 0x67, 0x65, 0x99, + 0x02, 0x73, 0x69, 0x32, 0x38, 0x4b, 0xf7, 0x41, 0x5e, 0x5e, 0x8a, 0xde, 0x03, 0x35, 0xf9, 0x9d, + 0xe3, 0x89, 0x9a, 0xae, 0x15, 0x20, 0x87, 0x01, 0xbb, 0x54, 0x54, 0xfc, 0xb4, 0xbf, 0x50, 0xa2, + 0xd6, 0x33, 0xff, 0xa7, 0x6a, 0xbe, 0x3c, 0x0d, 0x83, 0x4e, 0x27, 0xd9, 0x0c, 0xbb, 0x2e, 0x80, + 0x9a, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x22, 0x0c, 0x34, 0x74, 0x1d, 0x8f, 0xc3, 0xf4, 0xa2, 0x76, + 0x44, 0x3a, 0x09, 0xc1, 0x8c, 0x0a, 0x7a, 0x1c, 0x06, 0x12, 0xa7, 0x29, 0x53, 0x8a, 0x58, 0x1a, + 0xe9, 0x9a, 0xd3, 0x8c, 0x31, 0x6b, 0x35, 0x17, 0xcd, 0x81, 0x03, 0x16, 0xcd, 0x97, 0x61, 0x34, + 0xf6, 0x9a, 0x81, 0x93, 0x74, 0x22, 0x62, 0x1c, 0x7a, 0xe9, 0x38, 0x06, 0x13, 0x88, 0xd3, 0xb8, + 0xf6, 0x6f, 0x8f, 0xc0, 0xd9, 0xd5, 0xd9, 0x25, 0x59, 0x93, 0xf6, 0xc4, 0xb2, 0x82, 0xf2, 0x78, + 0xdc, 0xbf, 0xac, 0xa0, 0x1e, 0xdc, 0x7d, 0x23, 0x2b, 0xc8, 0x37, 0xb2, 0x82, 0xd2, 0x29, 0x1a, + 0xe5, 0x22, 0x52, 0x34, 0xf2, 0x24, 0xe8, 0x27, 0x45, 0xe3, 0xc4, 0xd2, 0x84, 0xee, 0x29, 0xd0, + 0xa1, 0xd2, 0x84, 0x54, 0x0e, 0x55, 0x21, 0xc1, 0xf3, 0x3d, 0x3e, 0x55, 0x6e, 0x0e, 0x95, 0xca, + 0x5f, 0xe1, 0x89, 0x21, 0x42, 0xc1, 0xbe, 0x56, 0xbc, 0x00, 0x7d, 0xe4, 0xaf, 0x88, 0xdc, 0x14, + 0x33, 0x67, 0x6a, 0xa8, 0x88, 0x9c, 0xa9, 0x3c, 0x71, 0x0e, 0xcc, 0x99, 0x7a, 0x19, 0x46, 0x5d, + 0x3f, 0x0c, 0xc8, 0x4a, 0x14, 0x26, 0xa1, 0x1b, 0xfa, 0xc2, 0x98, 0x56, 0x2a, 0x61, 0xd6, 0x04, + 0xe2, 0x34, 0x6e, 0xaf, 0x84, 0xab, 0xda, 0x71, 0x13, 0xae, 0xe0, 0x01, 0x25, 0x5c, 0xfd, 0xbc, + 0x4e, 0x0d, 0x1e, 0x66, 0x5f, 0xe4, 0x23, 0xc5, 0x7f, 0x91, 0x7e, 0xf2, 0x83, 0xd1, 0x57, 0xf8, + 0x0d, 0x4c, 0xd4, 0x1c, 0x9d, 0x0d, 0x5b, 0xd4, 0xdc, 0x1a, 0x61, 0x5d, 0xf2, 0xfa, 0x09, 0x0c, + 0xd8, 0x5b, 0xab, 0x9a, 0x8d, 0xba, 0x95, 0x49, 0x37, 0xe1, 0xb4, 0x20, 0xc7, 0x49, 0x5d, 0xfe, + 0x6a, 0x09, 0x7e, 0xe8, 0x40, 0x11, 0xd0, 0x1d, 0x80, 0xc4, 0x69, 0x8a, 0x81, 0x2a, 0x8e, 0x29, + 0x8e, 0x19, 0x6c, 0xb8, 0x26, 0xe9, 0xf1, 0x9a, 0x1b, 0xea, 0x2f, 0x3b, 0x00, 0x90, 0xbf, 0x59, + 0x8c, 0x61, 0xe8, 0x77, 0xd5, 0x17, 0xc4, 0xa1, 0x4f, 0x30, 0x83, 0xd0, 0xe5, 0x3f, 0x22, 0x4d, + 0x7d, 0x65, 0xa8, 0xfa, 0x7c, 0x98, 0xb5, 0x62, 0x01, 0x45, 0x2f, 0xc2, 0xb0, 0xe3, 0xfb, 0x3c, + 0xff, 0x83, 0xc4, 0xe2, 0x96, 0x08, 0x5d, 0x23, 0x4d, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x69, 0x09, + 0x26, 0x0f, 0xd0, 0x29, 0x5d, 0x19, 0x6d, 0x95, 0xbe, 0x33, 0xda, 0x44, 0xc4, 0xfe, 0x60, 0x8f, + 0x88, 0xfd, 0x17, 0x61, 0x38, 0x21, 0x4e, 0x4b, 0x84, 0x27, 0x89, 0xfd, 0xb7, 0x3e, 0x77, 0xd5, + 0x20, 0x6c, 0xe2, 0x51, 0x2d, 0x36, 0xe6, 0xb8, 0x2e, 0x89, 0x63, 0x19, 0x92, 0x2f, 0x7c, 0x98, + 0x85, 0xc5, 0xfb, 0x33, 0xd7, 0xf0, 0x4c, 0x8a, 0x05, 0xce, 0xb0, 0xcc, 0x76, 0x78, 0xad, 0xcf, + 0x0e, 0xff, 0x7a, 0x09, 0x9e, 0xb8, 0xe7, 0xea, 0xd6, 0x77, 0xb6, 0x44, 0x27, 0x26, 0x51, 0x76, + 0xe0, 0xdc, 0x88, 0x49, 0x84, 0x19, 0x84, 0xf7, 0x52, 0xbb, 0x6d, 0x5c, 0xc9, 0x5a, 0x74, 0x72, + 0x0e, 0xef, 0xa5, 0x14, 0x0b, 0x9c, 0x61, 0x79, 0xd4, 0x61, 0xf9, 0xf7, 0x4a, 0xf0, 0x54, 0x1f, + 0x36, 0x40, 0x81, 0x49, 0x4c, 0xe9, 0x54, 0xb2, 0xf2, 0x03, 0xca, 0xf8, 0x3b, 0x62, 0x77, 0x7d, + 0xa3, 0x04, 0xe7, 0x7b, 0x2f, 0xc5, 0xe8, 0xc7, 0xe9, 0x1e, 0x5e, 0xc6, 0x24, 0x99, 0x59, 0x68, + 0x67, 0xf8, 0xfe, 0x3d, 0x05, 0xc2, 0x59, 0x5c, 0x34, 0x05, 0xd0, 0x76, 0x92, 0xcd, 0xf8, 0xd2, + 0x8e, 0x17, 0x27, 0xa2, 0xca, 0xca, 0x18, 0x3f, 0x31, 0x92, 0xad, 0xd8, 0xc0, 0xa0, 0xec, 0xd8, + 0xbf, 0xb9, 0xf0, 0x7a, 0x98, 0xf0, 0x87, 0xf8, 0x36, 0xe2, 0x8c, 0xac, 0x44, 0x6f, 0x80, 0x70, + 0x16, 0x97, 0xb2, 0x63, 0x67, 0x92, 0x5c, 0x50, 0xbe, 0xbf, 0x60, 0xec, 0x16, 0x55, 0x2b, 0x36, + 0x30, 0xb2, 0xf9, 0x75, 0x95, 0x83, 0xf3, 0xeb, 0xec, 0x7f, 0x54, 0x82, 0xc7, 0x7a, 0x9a, 0x72, + 0xfd, 0x4d, 0xc0, 0x87, 0x2f, 0x27, 0xee, 0x68, 0x63, 0xe7, 0x90, 0x99, 0x5e, 0x7f, 0xdc, 0x63, + 0xa4, 0x89, 0x4c, 0xaf, 0xa3, 0x27, 0x3f, 0x3f, 0x7c, 0xfd, 0xd9, 0x95, 0xdc, 0x35, 0x70, 0x88, + 0xe4, 0xae, 0xcc, 0xc7, 0xa8, 0xf4, 0x39, 0x91, 0xbf, 0xdd, 0xbb, 0x7b, 0xe9, 0xd6, 0xaf, 0x2f, + 0xef, 0xe8, 0x1c, 0x9c, 0xf6, 0x02, 0x76, 0x2b, 0xc9, 0x6a, 0x67, 0x5d, 0x14, 0xde, 0x28, 0xa5, + 0x2f, 0xdc, 0x5d, 0xc8, 0xc0, 0x71, 0xd7, 0x13, 0x0f, 0x61, 0xb2, 0xdd, 0x11, 0xbb, 0xf4, 0x23, + 0x50, 0x53, 0xb4, 0x79, 0x00, 0xb1, 0xfa, 0xa0, 0x5d, 0x01, 0xc4, 0xea, 0x6b, 0x1a, 0x58, 0xb4, + 0x27, 0xa8, 0xb9, 0x99, 0x19, 0x99, 0xd7, 0xc8, 0x2e, 0xb3, 0x3d, 0xed, 0xf7, 0xc2, 0x88, 0xf2, + 0x61, 0xf4, 0x7b, 0xf5, 0x84, 0xfd, 0xa5, 0x41, 0x18, 0x4d, 0x15, 0x96, 0x4b, 0xb9, 0x0c, 0xad, + 0x03, 0x5d, 0x86, 0x2c, 0x20, 0xbc, 0x13, 0xc8, 0x7b, 0x69, 0x8c, 0x80, 0xf0, 0x4e, 0x40, 0x30, + 0x87, 0x51, 0xd3, 0xb1, 0x11, 0xed, 0xe2, 0x4e, 0x20, 0x02, 0x37, 0x95, 0xe9, 0x38, 0xc7, 0x5a, + 0xb1, 0x80, 0xa2, 0x4f, 0x5a, 0x30, 0x12, 0x33, 0x7f, 0x34, 0x77, 0xb8, 0x8a, 0x0f, 0x7a, 0xf5, + 0xf8, 0x75, 0xf3, 0x54, 0x11, 0x45, 0x16, 0xf3, 0x61, 0xb6, 0xe0, 0x14, 0x47, 0xf4, 0xb3, 0x16, + 0xd4, 0x54, 0xf9, 0x7c, 0x71, 0x79, 0xd4, 0x6a, 0xb1, 0x75, 0xfb, 0xb8, 0xa7, 0x4e, 0xb9, 0xf6, + 0xf5, 0x65, 0xd3, 0x9a, 0x31, 0x8a, 0x95, 0x37, 0x74, 0xe8, 0x64, 0xbc, 0xa1, 0x90, 0xe3, 0x09, + 0x7d, 0x0f, 0xd4, 0x5a, 0x4e, 0xe0, 0x6d, 0x90, 0x38, 0xe1, 0x0e, 0x4a, 0x59, 0x4e, 0x54, 0x36, + 0x62, 0x0d, 0xa7, 0x8b, 0x5d, 0xcc, 0x5e, 0x2c, 0x31, 0x3c, 0x8a, 0x6c, 0xb1, 0x5b, 0xd5, 0xcd, + 0xd8, 0xc4, 0x31, 0xdd, 0x9f, 0xf0, 0x40, 0xdd, 0x9f, 0xc3, 0x07, 0xb8, 0x3f, 0xff, 0x81, 0x05, + 0xe7, 0x72, 0xbf, 0xda, 0xc3, 0x1b, 0xca, 0x67, 0x7f, 0xb9, 0x02, 0x67, 0x72, 0x2a, 0x44, 0xa2, + 0x5d, 0x73, 0x3c, 0x5b, 0x45, 0x9c, 0x8a, 0xa7, 0x0f, 0x79, 0x65, 0x37, 0xe6, 0x0c, 0xe2, 0xc3, + 0x1d, 0x3e, 0xe8, 0x03, 0x80, 0xf2, 0xfd, 0x3d, 0x00, 0x30, 0x86, 0xe5, 0xc0, 0x03, 0x1d, 0x96, + 0x95, 0x7b, 0x0f, 0x4b, 0xf4, 0x1b, 0x16, 0x4c, 0xb4, 0x7a, 0x94, 0x25, 0x17, 0x4e, 0xbd, 0x9b, + 0x27, 0x53, 0xf4, 0xbc, 0xfe, 0xf8, 0xfe, 0xde, 0x64, 0xcf, 0x6a, 0xf0, 0xb8, 0xa7, 0x54, 0xf6, + 0x77, 0xcb, 0xc0, 0xca, 0x93, 0xb2, 0x2a, 0x60, 0xbb, 0xe8, 0x13, 0x66, 0xa1, 0x59, 0xab, 0xa8, + 0xa2, 0xa8, 0x9c, 0xb8, 0x2a, 0x54, 0xcb, 0x7b, 0x30, 0xaf, 0x6e, 0x6d, 0x56, 0x69, 0x95, 0xfa, + 0x50, 0x5a, 0xbe, 0xac, 0xe8, 0x5b, 0x2e, 0xbe, 0xa2, 0x6f, 0x2d, 0x5b, 0xcd, 0xf7, 0xde, 0x9f, + 0x78, 0xe0, 0xa1, 0xfc, 0xc4, 0x7f, 0xc3, 0xe2, 0x8a, 0x27, 0xf3, 0x15, 0xb4, 0x65, 0x60, 0xdd, + 0xc3, 0x32, 0x78, 0x96, 0x5d, 0x1b, 0xbe, 0x71, 0x85, 0x38, 0xbe, 0xb0, 0x20, 0xcc, 0x1b, 0xc0, + 0x59, 0x3b, 0x56, 0x18, 0xec, 0xa2, 0x3f, 0xdf, 0x0f, 0xef, 0x5c, 0x6a, 0xb5, 0x93, 0x5d, 0x61, + 0x4b, 0xe8, 0x8b, 0xfe, 0x14, 0x04, 0x1b, 0x58, 0xf6, 0xdf, 0x2c, 0xf1, 0x11, 0x28, 0x8e, 0xf5, + 0x5f, 0xca, 0x5c, 0xcd, 0xd4, 0xff, 0x89, 0xf8, 0xc7, 0x00, 0x5c, 0x75, 0x63, 0xb0, 0x38, 0x6f, + 0xb9, 0x72, 0xec, 0x1b, 0x57, 0x05, 0x3d, 0xfd, 0x1a, 0xba, 0x0d, 0x1b, 0xfc, 0x52, 0xba, 0xb4, + 0x7c, 0xa0, 0x2e, 0x4d, 0xa9, 0x95, 0x81, 0x03, 0x56, 0xbb, 0x3f, 0xb5, 0x20, 0x65, 0x11, 0xa1, + 0x36, 0x54, 0xa8, 0xb8, 0xbb, 0xc5, 0x5c, 0x86, 0x6c, 0x92, 0xa6, 0xaa, 0x51, 0x0c, 0x7b, 0xf6, + 0x13, 0x73, 0x46, 0xc8, 0x17, 0xa7, 0xff, 0xa5, 0x22, 0x2e, 0xec, 0x36, 0x19, 0x5e, 0x09, 0xc3, + 0x2d, 0x7e, 0x68, 0xa8, 0x23, 0x09, 0xec, 0x97, 0x60, 0xbc, 0x4b, 0x28, 0x76, 0x0b, 0x4b, 0x28, + 0x6f, 0x80, 0x36, 0x86, 0x2b, 0x4b, 0x15, 0xc4, 0x1c, 0x66, 0x7f, 0xc3, 0x82, 0xd3, 0x59, 0xf2, + 0xe8, 0x2b, 0x16, 0x8c, 0xc7, 0x59, 0x7a, 0x27, 0xd5, 0x77, 0x2a, 0x82, 0xaf, 0x0b, 0x84, 0xbb, + 0x85, 0xb0, 0xff, 0xaf, 0x18, 0xfc, 0xb7, 0xbc, 0xa0, 0x11, 0xde, 0x51, 0x86, 0x89, 0xd5, 0xd3, + 0x30, 0xa1, 0xf3, 0xd1, 0xdd, 0x24, 0x8d, 0x8e, 0xdf, 0x95, 0xa3, 0xb8, 0x2a, 0xda, 0xb1, 0xc2, + 0x60, 0x29, 0x59, 0x1d, 0x51, 0xf2, 0x3b, 0x33, 0x28, 0xe7, 0x44, 0x3b, 0x56, 0x18, 0xe8, 0x05, + 0x18, 0x31, 0x6f, 0x39, 0x17, 0xe3, 0x92, 0x19, 0xe4, 0xe6, 0x85, 0xe8, 0x38, 0x85, 0x85, 0xa6, + 0x00, 0x94, 0x91, 0x23, 0x97, 0x48, 0xe6, 0x84, 0x51, 0x9a, 0x28, 0xc6, 0x06, 0x06, 0x4b, 0x80, + 0xe4, 0x57, 0x89, 0xcb, 0x38, 0x57, 0x9e, 0x00, 0x29, 0xda, 0xb0, 0x82, 0x52, 0x6d, 0xd2, 0x72, + 0x82, 0x8e, 0xe3, 0xd3, 0x1e, 0x12, 0x59, 0xdb, 0x6a, 0x1a, 0x2e, 0x29, 0x08, 0x36, 0xb0, 0xe8, + 0x1b, 0x27, 0x5e, 0x8b, 0xbc, 0x1a, 0x06, 0x32, 0xf2, 0x4a, 0x1f, 0xa9, 0x88, 0x76, 0xac, 0x30, + 0xec, 0xff, 0x6c, 0xc1, 0x29, 0x9d, 0x4e, 0xcd, 0xef, 0x5b, 0x35, 0xbd, 0x1c, 0xd6, 0x81, 0x99, + 0xe2, 0xe9, 0x3c, 0xd3, 0x52, 0x5f, 0x79, 0xa6, 0x66, 0x0a, 0x68, 0xf9, 0x9e, 0x29, 0xa0, 0x3f, + 0xac, 0xef, 0xf2, 0xe3, 0xb9, 0xa2, 0xc3, 0x79, 0xf7, 0xf8, 0x21, 0x1b, 0x06, 0x5d, 0x47, 0xd5, + 0x12, 0x19, 0xe1, 0x7b, 0x87, 0xd9, 0x19, 0x86, 0x24, 0x20, 0xf6, 0x32, 0xd4, 0xd4, 0xc9, 0x82, + 0xdc, 0xa8, 0x5a, 0xf9, 0x1b, 0xd5, 0xbe, 0x52, 0xde, 0xea, 0xeb, 0xdf, 0xfc, 0xde, 0x93, 0xef, + 0xf8, 0xf6, 0xf7, 0x9e, 0x7c, 0xc7, 0x1f, 0x7e, 0xef, 0xc9, 0x77, 0x7c, 0x72, 0xff, 0x49, 0xeb, + 0x9b, 0xfb, 0x4f, 0x5a, 0xdf, 0xde, 0x7f, 0xd2, 0xfa, 0xc3, 0xfd, 0x27, 0xad, 0xef, 0xee, 0x3f, + 0x69, 0x7d, 0xf1, 0x3f, 0x3c, 0xf9, 0x8e, 0x57, 0x73, 0x43, 0xef, 0xe8, 0x8f, 0xe7, 0xdc, 0xc6, + 0xf4, 0xf6, 0x45, 0x16, 0xfd, 0x45, 0xa7, 0xd7, 0xb4, 0x31, 0xa6, 0xa6, 0xe5, 0xf4, 0xfa, 0xff, + 0x01, 0x00, 0x00, 0xff, 0xff, 0x83, 0x26, 0x25, 0x13, 0x1d, 0xd8, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -5501,6 +5778,18 @@ func (m *ApplicationSetGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) _ = i var l int _ = l + if m.Plugin != nil { + { + size, err := m.Plugin.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + } if m.Selector != nil { { size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i]) @@ -5679,6 +5968,18 @@ func (m *ApplicationSetNestedGenerator) MarshalToSizedBuffer(dAtA []byte) (int, _ = i var l int _ = l + if m.Plugin != nil { + { + size, err := m.Plugin.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + } if m.Selector != nil { { size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i]) @@ -5896,6 +6197,23 @@ func (m *ApplicationSetSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i-- + if m.ApplyNestedSelectors { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x40 + if len(m.GoTemplateOptions) > 0 { + for iNdEx := len(m.GoTemplateOptions) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.GoTemplateOptions[iNdEx]) + copy(dAtA[i:], m.GoTemplateOptions[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.GoTemplateOptions[iNdEx]))) + i-- + dAtA[i] = 0x3a + } + } if m.PreservedFields != nil { { size, err := m.PreservedFields.MarshalToSizedBuffer(dAtA[:i]) @@ -6078,6 +6396,13 @@ func (m *ApplicationSetSyncPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error _ = i var l int _ = l + if m.ApplicationsSync != nil { + i -= len(*m.ApplicationsSync) + copy(dAtA[i:], *m.ApplicationsSync) + i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ApplicationsSync))) + i-- + dAtA[i] = 0x12 + } i-- if m.PreserveResourcesOnDeletion { dAtA[i] = 1 @@ -6242,6 +6567,30 @@ func (m *ApplicationSetTerminalGenerator) MarshalToSizedBuffer(dAtA []byte) (int _ = i var l int _ = l + if m.Selector != nil { + { + size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x42 + } + if m.Plugin != nil { + { + size, err := m.Plugin.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } if m.PullRequest != nil { { size, err := m.PullRequest.MarshalToSizedBuffer(dAtA[:i]) @@ -6484,6 +6833,18 @@ func (m *ApplicationSourceHelm) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.ValuesObject != nil { + { + size, err := m.ValuesObject.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + } i-- if m.SkipCrds { dAtA[i] = 1 @@ -7005,6 +7366,11 @@ func (m *ApplicationStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i -= len(m.ControllerNamespace) + copy(dAtA[i:], m.ControllerNamespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ControllerNamespace))) + i-- + dAtA[i] = 0x6a if len(m.SourceTypes) > 0 { for iNdEx := len(m.SourceTypes) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.SourceTypes[iNdEx]) @@ -7357,6 +7723,41 @@ func (m *BasicAuthBitbucketServer) MarshalToSizedBuffer(dAtA []byte) (int, error return len(dAtA) - i, nil } +func (m *BearerTokenBitbucketCloud) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BearerTokenBitbucketCloud) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BearerTokenBitbucketCloud) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.TokenRef != nil { + { + size, err := m.TokenRef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *ChartDetails) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -8350,6 +8751,30 @@ func (m *GitGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Values) > 0 { + keysForValues := make([]string, 0, len(m.Values)) + for k := range m.Values { + keysForValues = append(keysForValues, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + for iNdEx := len(keysForValues) - 1; iNdEx >= 0; iNdEx-- { + v := m.Values[string(keysForValues[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForValues[iNdEx]) + copy(dAtA[i:], keysForValues[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForValues[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x42 + } + } i -= len(m.PathParamPrefix) copy(dAtA[i:], m.PathParamPrefix) i = encodeVarintGenerated(dAtA, i, uint64(len(m.PathParamPrefix))) @@ -9729,6 +10154,168 @@ func (m *OverrideIgnoreDiff) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *PluginConfigMapRef) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PluginConfigMapRef) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PluginConfigMapRef) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *PluginGenerator) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PluginGenerator) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PluginGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Values) > 0 { + keysForValues := make([]string, 0, len(m.Values)) + for k := range m.Values { + keysForValues = append(keysForValues, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + for iNdEx := len(keysForValues) - 1; iNdEx >= 0; iNdEx-- { + v := m.Values[string(keysForValues[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForValues[iNdEx]) + copy(dAtA[i:], keysForValues[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForValues[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x2a + } + } + { + size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + if m.RequeueAfterSeconds != nil { + i = encodeVarintGenerated(dAtA, i, uint64(*m.RequeueAfterSeconds)) + i-- + dAtA[i] = 0x18 + } + { + size, err := m.Input.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.ConfigMapRef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *PluginInput) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PluginInput) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PluginInput) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Parameters) > 0 { + keysForParameters := make([]string, 0, len(m.Parameters)) + for k := range m.Parameters { + keysForParameters = append(keysForParameters, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForParameters) + for iNdEx := len(keysForParameters) - 1; iNdEx >= 0; iNdEx-- { + v := m.Parameters[string(keysForParameters[iNdEx])] + baseI := i + { + size, err := (&v).MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + i -= len(keysForParameters[iNdEx]) + copy(dAtA[i:], keysForParameters[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForParameters[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *ProjectRole) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -9814,6 +10401,30 @@ func (m *PullRequestGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.AzureDevOps != nil { + { + size, err := m.AzureDevOps.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } + if m.Bitbucket != nil { + { + size, err := m.Bitbucket.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x42 + } { size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -9894,6 +10505,132 @@ func (m *PullRequestGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *PullRequestGeneratorAzureDevOps) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PullRequestGeneratorAzureDevOps) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PullRequestGeneratorAzureDevOps) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Labels) > 0 { + for iNdEx := len(m.Labels) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Labels[iNdEx]) + copy(dAtA[i:], m.Labels[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Labels[iNdEx]))) + i-- + dAtA[i] = 0x32 + } + } + if m.TokenRef != nil { + { + size, err := m.TokenRef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + } + i -= len(m.API) + copy(dAtA[i:], m.API) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.API))) + i-- + dAtA[i] = 0x22 + i -= len(m.Repo) + copy(dAtA[i:], m.Repo) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Repo))) + i-- + dAtA[i] = 0x1a + i -= len(m.Project) + copy(dAtA[i:], m.Project) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Project))) + i-- + dAtA[i] = 0x12 + i -= len(m.Organization) + copy(dAtA[i:], m.Organization) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Organization))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *PullRequestGeneratorBitbucket) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PullRequestGeneratorBitbucket) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PullRequestGeneratorBitbucket) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.BearerToken != nil { + { + size, err := m.BearerToken.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + } + if m.BasicAuth != nil { + { + size, err := m.BasicAuth.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + i -= len(m.API) + copy(dAtA[i:], m.API) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.API))) + i-- + dAtA[i] = 0x1a + i -= len(m.Repo) + copy(dAtA[i:], m.Repo) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Repo))) + i-- + dAtA[i] = 0x12 + i -= len(m.Owner) + copy(dAtA[i:], m.Owner) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Owner))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *PullRequestGeneratorBitbucketServer) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -9964,6 +10701,13 @@ func (m *PullRequestGeneratorFilter) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + if m.TargetBranchMatch != nil { + i -= len(*m.TargetBranchMatch) + copy(dAtA[i:], *m.TargetBranchMatch) + i = encodeVarintGenerated(dAtA, i, uint64(len(*m.TargetBranchMatch))) + i-- + dAtA[i] = 0x12 + } if m.BranchMatch != nil { i -= len(*m.BranchMatch) copy(dAtA[i:], *m.BranchMatch) @@ -11225,6 +11969,16 @@ func (m *ResourceOverride) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + { + size, err := m.IgnoreResourceUpdates.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x32 i-- if m.UseOpenLibs { dAtA[i] = 1 @@ -11681,6 +12435,42 @@ func (m *SCMProviderGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.AWSCodeCommit != nil { + { + size, err := m.AWSCodeCommit.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x62 + } + if len(m.Values) > 0 { + keysForValues := make([]string, 0, len(m.Values)) + for k := range m.Values { + keysForValues = append(keysForValues, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + for iNdEx := len(keysForValues) - 1; iNdEx >= 0; iNdEx-- { + v := m.Values[string(keysForValues[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForValues[iNdEx]) + copy(dAtA[i:], keysForValues[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForValues[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x5a + } + } { size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -11790,6 +12580,61 @@ func (m *SCMProviderGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *SCMProviderGeneratorAWSCodeCommit) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SCMProviderGeneratorAWSCodeCommit) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SCMProviderGeneratorAWSCodeCommit) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i-- + if m.AllBranches { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x20 + i -= len(m.Region) + copy(dAtA[i:], m.Region) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Region))) + i-- + dAtA[i] = 0x1a + i -= len(m.Role) + copy(dAtA[i:], m.Role) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Role))) + i-- + dAtA[i] = 0x12 + if len(m.TagFilters) > 0 { + for iNdEx := len(m.TagFilters) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.TagFilters[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *SCMProviderGeneratorAzureDevOps) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -12923,6 +13768,39 @@ func (m *TLSClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *TagFilter) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TagFilter) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TagFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Value) + copy(dAtA[i:], m.Value) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Value))) + i-- + dAtA[i] = 0x12 + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { offset -= sovGenerated(v) base := offset @@ -13274,6 +14152,10 @@ func (m *ApplicationSetGenerator) Size() (n int) { l = m.Selector.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.Plugin != nil { + l = m.Plugin.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13336,6 +14218,10 @@ func (m *ApplicationSetNestedGenerator) Size() (n int) { l = m.Selector.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.Plugin != nil { + l = m.Plugin.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13400,6 +14286,13 @@ func (m *ApplicationSetSpec) Size() (n int) { l = m.PreservedFields.Size() n += 1 + l + sovGenerated(uint64(l)) } + if len(m.GoTemplateOptions) > 0 { + for _, s := range m.GoTemplateOptions { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + n += 2 return n } @@ -13446,6 +14339,10 @@ func (m *ApplicationSetSyncPolicy) Size() (n int) { var l int _ = l n += 2 + if m.ApplicationsSync != nil { + l = len(*m.ApplicationsSync) + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13527,6 +14424,14 @@ func (m *ApplicationSetTerminalGenerator) Size() (n int) { l = m.PullRequest.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.Plugin != nil { + l = m.Plugin.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.Selector != nil { + l = m.Selector.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13614,6 +14519,10 @@ func (m *ApplicationSourceHelm) Size() (n int) { n += 2 n += 2 n += 2 + if m.ValuesObject != nil { + l = m.ValuesObject.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13832,6 +14741,8 @@ func (m *ApplicationStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + l = len(m.ControllerNamespace) + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -13927,6 +14838,19 @@ func (m *BasicAuthBitbucketServer) Size() (n int) { return n } +func (m *BearerTokenBitbucketCloud) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.TokenRef != nil { + l = m.TokenRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + func (m *ChartDetails) Size() (n int) { if m == nil { return 0 @@ -14311,6 +15235,14 @@ func (m *GitGenerator) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.PathParamPrefix) n += 1 + l + sovGenerated(uint64(l)) + if len(m.Values) > 0 { + for k, v := range m.Values { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } return n } @@ -14820,6 +15752,61 @@ func (m *OverrideIgnoreDiff) Size() (n int) { return n } +func (m *PluginConfigMapRef) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *PluginGenerator) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ConfigMapRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Input.Size() + n += 1 + l + sovGenerated(uint64(l)) + if m.RequeueAfterSeconds != nil { + n += 1 + sovGenerated(uint64(*m.RequeueAfterSeconds)) + } + l = m.Template.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Values) > 0 { + for k, v := range m.Values { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + return n +} + +func (m *PluginInput) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Parameters) > 0 { + for k, v := range m.Parameters { + _ = k + _ = v + l = v.Size() + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + l + sovGenerated(uint64(l)) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + return n +} + func (m *ProjectRole) Size() (n int) { if m == nil { return 0 @@ -14884,6 +15871,64 @@ func (m *PullRequestGenerator) Size() (n int) { } l = m.Template.Size() n += 1 + l + sovGenerated(uint64(l)) + if m.Bitbucket != nil { + l = m.Bitbucket.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.AzureDevOps != nil { + l = m.AzureDevOps.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *PullRequestGeneratorAzureDevOps) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Organization) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Project) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Repo) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.API) + n += 1 + l + sovGenerated(uint64(l)) + if m.TokenRef != nil { + l = m.TokenRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if len(m.Labels) > 0 { + for _, s := range m.Labels { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *PullRequestGeneratorBitbucket) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Owner) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Repo) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.API) + n += 1 + l + sovGenerated(uint64(l)) + if m.BasicAuth != nil { + l = m.BasicAuth.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.BearerToken != nil { + l = m.BearerToken.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -14916,6 +15961,10 @@ func (m *PullRequestGeneratorFilter) Size() (n int) { l = len(*m.BranchMatch) n += 1 + l + sovGenerated(uint64(l)) } + if m.TargetBranchMatch != nil { + l = len(*m.TargetBranchMatch) + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -15394,6 +16443,8 @@ func (m *ResourceOverride) Size() (n int) { } } n += 2 + l = m.IgnoreResourceUpdates.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -15587,6 +16638,38 @@ func (m *SCMProviderGenerator) Size() (n int) { } l = m.Template.Size() n += 1 + l + sovGenerated(uint64(l)) + if len(m.Values) > 0 { + for k, v := range m.Values { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + if m.AWSCodeCommit != nil { + l = m.AWSCodeCommit.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *SCMProviderGeneratorAWSCodeCommit) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.TagFilters) > 0 { + for _, e := range m.TagFilters { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + l = len(m.Role) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Region) + n += 1 + l + sovGenerated(uint64(l)) + n += 2 return n } @@ -16022,6 +17105,19 @@ func (m *TLSClientConfig) Size() (n int) { return n } +func (m *TagFilter) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Value) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func sovGenerated(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -16278,6 +17374,7 @@ func (this *ApplicationSetGenerator) String() string { `Matrix:` + strings.Replace(this.Matrix.String(), "MatrixGenerator", "MatrixGenerator", 1) + `,`, `Merge:` + strings.Replace(this.Merge.String(), "MergeGenerator", "MergeGenerator", 1) + `,`, `Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`, + `Plugin:` + strings.Replace(this.Plugin.String(), "PluginGenerator", "PluginGenerator", 1) + `,`, `}`, }, "") return s @@ -16312,6 +17409,7 @@ func (this *ApplicationSetNestedGenerator) String() string { `Matrix:` + strings.Replace(fmt.Sprintf("%v", this.Matrix), "JSON", "v11.JSON", 1) + `,`, `Merge:` + strings.Replace(fmt.Sprintf("%v", this.Merge), "JSON", "v11.JSON", 1) + `,`, `Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`, + `Plugin:` + strings.Replace(this.Plugin.String(), "PluginGenerator", "PluginGenerator", 1) + `,`, `}`, }, "") return s @@ -16363,6 +17461,8 @@ func (this *ApplicationSetSpec) String() string { `SyncPolicy:` + strings.Replace(this.SyncPolicy.String(), "ApplicationSetSyncPolicy", "ApplicationSetSyncPolicy", 1) + `,`, `Strategy:` + strings.Replace(this.Strategy.String(), "ApplicationSetStrategy", "ApplicationSetStrategy", 1) + `,`, `PreservedFields:` + strings.Replace(this.PreservedFields.String(), "ApplicationPreservedFields", "ApplicationPreservedFields", 1) + `,`, + `GoTemplateOptions:` + fmt.Sprintf("%v", this.GoTemplateOptions) + `,`, + `ApplyNestedSelectors:` + fmt.Sprintf("%v", this.ApplyNestedSelectors) + `,`, `}`, }, "") return s @@ -16405,6 +17505,7 @@ func (this *ApplicationSetSyncPolicy) String() string { } s := strings.Join([]string{`&ApplicationSetSyncPolicy{`, `PreserveResourcesOnDeletion:` + fmt.Sprintf("%v", this.PreserveResourcesOnDeletion) + `,`, + `ApplicationsSync:` + valueToStringGenerated(this.ApplicationsSync) + `,`, `}`, }, "") return s @@ -16465,6 +17566,8 @@ func (this *ApplicationSetTerminalGenerator) String() string { `SCMProvider:` + strings.Replace(this.SCMProvider.String(), "SCMProviderGenerator", "SCMProviderGenerator", 1) + `,`, `ClusterDecisionResource:` + strings.Replace(this.ClusterDecisionResource.String(), "DuckTypeGenerator", "DuckTypeGenerator", 1) + `,`, `PullRequest:` + strings.Replace(this.PullRequest.String(), "PullRequestGenerator", "PullRequestGenerator", 1) + `,`, + `Plugin:` + strings.Replace(this.Plugin.String(), "PluginGenerator", "PluginGenerator", 1) + `,`, + `Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`, `}`, }, "") return s @@ -16524,6 +17627,7 @@ func (this *ApplicationSourceHelm) String() string { `PassCredentials:` + fmt.Sprintf("%v", this.PassCredentials) + `,`, `IgnoreMissingValueFiles:` + fmt.Sprintf("%v", this.IgnoreMissingValueFiles) + `,`, `SkipCrds:` + fmt.Sprintf("%v", this.SkipCrds) + `,`, + `ValuesObject:` + strings.Replace(fmt.Sprintf("%v", this.ValuesObject), "RawExtension", "runtime.RawExtension", 1) + `,`, `}`, }, "") return s @@ -16694,6 +17798,7 @@ func (this *ApplicationStatus) String() string { `Summary:` + strings.Replace(strings.Replace(this.Summary.String(), "ApplicationSummary", "ApplicationSummary", 1), `&`, ``, 1) + `,`, `ResourceHealthSource:` + fmt.Sprintf("%v", this.ResourceHealthSource) + `,`, `SourceTypes:` + fmt.Sprintf("%v", this.SourceTypes) + `,`, + `ControllerNamespace:` + fmt.Sprintf("%v", this.ControllerNamespace) + `,`, `}`, }, "") return s @@ -16770,6 +17875,16 @@ func (this *BasicAuthBitbucketServer) String() string { }, "") return s } +func (this *BearerTokenBitbucketCloud) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&BearerTokenBitbucketCloud{`, + `TokenRef:` + strings.Replace(this.TokenRef.String(), "SecretRef", "SecretRef", 1) + `,`, + `}`, + }, "") + return s +} func (this *ChartDetails) String() string { if this == nil { return "nil" @@ -17063,6 +18178,16 @@ func (this *GitGenerator) String() string { repeatedStringForFiles += strings.Replace(strings.Replace(f.String(), "GitFileGeneratorItem", "GitFileGeneratorItem", 1), `&`, ``, 1) + "," } repeatedStringForFiles += "}" + keysForValues := make([]string, 0, len(this.Values)) + for k := range this.Values { + keysForValues = append(keysForValues, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + mapStringForValues := "map[string]string{" + for _, k := range keysForValues { + mapStringForValues += fmt.Sprintf("%v: %v,", k, this.Values[k]) + } + mapStringForValues += "}" s := strings.Join([]string{`&GitGenerator{`, `RepoURL:` + fmt.Sprintf("%v", this.RepoURL) + `,`, `Directories:` + repeatedStringForDirectories + `,`, @@ -17071,6 +18196,7 @@ func (this *GitGenerator) String() string { `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, `PathParamPrefix:` + fmt.Sprintf("%v", this.PathParamPrefix) + `,`, + `Values:` + mapStringForValues + `,`, `}`, }, "") return s @@ -17501,6 +18627,60 @@ func (this *OverrideIgnoreDiff) String() string { }, "") return s } +func (this *PluginConfigMapRef) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&PluginConfigMapRef{`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `}`, + }, "") + return s +} +func (this *PluginGenerator) String() string { + if this == nil { + return "nil" + } + keysForValues := make([]string, 0, len(this.Values)) + for k := range this.Values { + keysForValues = append(keysForValues, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + mapStringForValues := "map[string]string{" + for _, k := range keysForValues { + mapStringForValues += fmt.Sprintf("%v: %v,", k, this.Values[k]) + } + mapStringForValues += "}" + s := strings.Join([]string{`&PluginGenerator{`, + `ConfigMapRef:` + strings.Replace(strings.Replace(this.ConfigMapRef.String(), "PluginConfigMapRef", "PluginConfigMapRef", 1), `&`, ``, 1) + `,`, + `Input:` + strings.Replace(strings.Replace(this.Input.String(), "PluginInput", "PluginInput", 1), `&`, ``, 1) + `,`, + `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, + `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, + `Values:` + mapStringForValues + `,`, + `}`, + }, "") + return s +} +func (this *PluginInput) String() string { + if this == nil { + return "nil" + } + keysForParameters := make([]string, 0, len(this.Parameters)) + for k := range this.Parameters { + keysForParameters = append(keysForParameters, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForParameters) + mapStringForParameters := "PluginParameters{" + for _, k := range keysForParameters { + mapStringForParameters += fmt.Sprintf("%v: %v,", k, this.Parameters[k]) + } + mapStringForParameters += "}" + s := strings.Join([]string{`&PluginInput{`, + `Parameters:` + mapStringForParameters + `,`, + `}`, + }, "") + return s +} func (this *ProjectRole) String() string { if this == nil { return "nil" @@ -17537,6 +18717,37 @@ func (this *PullRequestGenerator) String() string { `Filters:` + repeatedStringForFilters + `,`, `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, + `Bitbucket:` + strings.Replace(this.Bitbucket.String(), "PullRequestGeneratorBitbucket", "PullRequestGeneratorBitbucket", 1) + `,`, + `AzureDevOps:` + strings.Replace(this.AzureDevOps.String(), "PullRequestGeneratorAzureDevOps", "PullRequestGeneratorAzureDevOps", 1) + `,`, + `}`, + }, "") + return s +} +func (this *PullRequestGeneratorAzureDevOps) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&PullRequestGeneratorAzureDevOps{`, + `Organization:` + fmt.Sprintf("%v", this.Organization) + `,`, + `Project:` + fmt.Sprintf("%v", this.Project) + `,`, + `Repo:` + fmt.Sprintf("%v", this.Repo) + `,`, + `API:` + fmt.Sprintf("%v", this.API) + `,`, + `TokenRef:` + strings.Replace(this.TokenRef.String(), "SecretRef", "SecretRef", 1) + `,`, + `Labels:` + fmt.Sprintf("%v", this.Labels) + `,`, + `}`, + }, "") + return s +} +func (this *PullRequestGeneratorBitbucket) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&PullRequestGeneratorBitbucket{`, + `Owner:` + fmt.Sprintf("%v", this.Owner) + `,`, + `Repo:` + fmt.Sprintf("%v", this.Repo) + `,`, + `API:` + fmt.Sprintf("%v", this.API) + `,`, + `BasicAuth:` + strings.Replace(this.BasicAuth.String(), "BasicAuthBitbucketServer", "BasicAuthBitbucketServer", 1) + `,`, + `BearerToken:` + strings.Replace(this.BearerToken.String(), "BearerTokenBitbucketCloud", "BearerTokenBitbucketCloud", 1) + `,`, `}`, }, "") return s @@ -17560,6 +18771,7 @@ func (this *PullRequestGeneratorFilter) String() string { } s := strings.Join([]string{`&PullRequestGeneratorFilter{`, `BranchMatch:` + valueToStringGenerated(this.BranchMatch) + `,`, + `TargetBranchMatch:` + valueToStringGenerated(this.TargetBranchMatch) + `,`, `}`, }, "") return s @@ -17916,6 +19128,7 @@ func (this *ResourceOverride) String() string { `Actions:` + fmt.Sprintf("%v", this.Actions) + `,`, `KnownTypeFields:` + repeatedStringForKnownTypeFields + `,`, `UseOpenLibs:` + fmt.Sprintf("%v", this.UseOpenLibs) + `,`, + `IgnoreResourceUpdates:` + strings.Replace(strings.Replace(this.IgnoreResourceUpdates.String(), "OverrideIgnoreDiff", "OverrideIgnoreDiff", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -18028,6 +19241,16 @@ func (this *SCMProviderGenerator) String() string { repeatedStringForFilters += strings.Replace(strings.Replace(f.String(), "SCMProviderGeneratorFilter", "SCMProviderGeneratorFilter", 1), `&`, ``, 1) + "," } repeatedStringForFilters += "}" + keysForValues := make([]string, 0, len(this.Values)) + for k := range this.Values { + keysForValues = append(keysForValues, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + mapStringForValues := "map[string]string{" + for _, k := range keysForValues { + mapStringForValues += fmt.Sprintf("%v: %v,", k, this.Values[k]) + } + mapStringForValues += "}" s := strings.Join([]string{`&SCMProviderGenerator{`, `Github:` + strings.Replace(this.Github.String(), "SCMProviderGeneratorGithub", "SCMProviderGeneratorGithub", 1) + `,`, `Gitlab:` + strings.Replace(this.Gitlab.String(), "SCMProviderGeneratorGitlab", "SCMProviderGeneratorGitlab", 1) + `,`, @@ -18039,6 +19262,26 @@ func (this *SCMProviderGenerator) String() string { `CloneProtocol:` + fmt.Sprintf("%v", this.CloneProtocol) + `,`, `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, + `Values:` + mapStringForValues + `,`, + `AWSCodeCommit:` + strings.Replace(this.AWSCodeCommit.String(), "SCMProviderGeneratorAWSCodeCommit", "SCMProviderGeneratorAWSCodeCommit", 1) + `,`, + `}`, + }, "") + return s +} +func (this *SCMProviderGeneratorAWSCodeCommit) String() string { + if this == nil { + return "nil" + } + repeatedStringForTagFilters := "[]*TagFilter{" + for _, f := range this.TagFilters { + repeatedStringForTagFilters += strings.Replace(f.String(), "TagFilter", "TagFilter", 1) + "," + } + repeatedStringForTagFilters += "}" + s := strings.Join([]string{`&SCMProviderGeneratorAWSCodeCommit{`, + `TagFilters:` + repeatedStringForTagFilters + `,`, + `Role:` + fmt.Sprintf("%v", this.Role) + `,`, + `Region:` + fmt.Sprintf("%v", this.Region) + `,`, + `AllBranches:` + fmt.Sprintf("%v", this.AllBranches) + `,`, `}`, }, "") return s @@ -18327,6 +19570,17 @@ func (this *TLSClientConfig) String() string { }, "") return s } +func (this *TagFilter) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TagFilter{`, + `Key:` + fmt.Sprintf("%v", this.Key) + `,`, + `Value:` + fmt.Sprintf("%v", this.Value) + `,`, + `}`, + }, "") + return s +} func valueToStringGenerated(v interface{}) string { rv := reflect.ValueOf(v) if rv.IsNil() { @@ -21124,6 +22378,42 @@ func (m *ApplicationSetGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Plugin", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Plugin == nil { + m.Plugin = &PluginGenerator{} + } + if err := m.Plugin.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -21615,6 +22905,42 @@ func (m *ApplicationSetNestedGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Plugin", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Plugin == nil { + m.Plugin = &PluginGenerator{} + } + if err := m.Plugin.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -22064,177 +23390,229 @@ func (m *ApplicationSetSpec) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ApplicationSetStatus) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetStatus: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetStatus: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Conditions = append(m.Conditions, ApplicationSetCondition{}) - if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ApplicationStatus", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ApplicationStatus = append(m.ApplicationStatus, ApplicationSetApplicationStatus{}) - if err := m.ApplicationStatus[len(m.ApplicationStatus)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ApplicationSetStrategy) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetStrategy: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetStrategy: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field GoTemplateOptions", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.GoTemplateOptions = append(m.GoTemplateOptions, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 8: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ApplyNestedSelectors", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.ApplyNestedSelectors = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ApplicationSetStatus) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSetStatus: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSetStatus: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Conditions = append(m.Conditions, ApplicationSetCondition{}) + if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ApplicationStatus", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ApplicationStatus = append(m.ApplicationStatus, ApplicationSetApplicationStatus{}) + if err := m.ApplicationStatus[len(m.ApplicationStatus)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ApplicationSetStrategy) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSetStrategy: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSetStrategy: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -22370,6 +23748,39 @@ func (m *ApplicationSetSyncPolicy) Unmarshal(dAtA []byte) error { } } m.PreserveResourcesOnDeletion = bool(v != 0) + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ApplicationsSync", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := ApplicationsSyncPolicy(dAtA[iNdEx:postIndex]) + m.ApplicationsSync = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -23152,6 +24563,78 @@ func (m *ApplicationSetTerminalGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Plugin", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Plugin == nil { + m.Plugin = &PluginGenerator{} + } + if err := m.Plugin.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Selector == nil { + m.Selector = &v1.LabelSelector{} + } + if err := m.Selector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -23979,6 +25462,42 @@ func (m *ApplicationSourceHelm) Unmarshal(dAtA []byte) error { } } m.SkipCrds = bool(v != 0) + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ValuesObject", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ValuesObject == nil { + m.ValuesObject = &runtime.RawExtension{} + } + if err := m.ValuesObject.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -25788,6 +27307,38 @@ func (m *ApplicationStatus) Unmarshal(dAtA []byte) error { } m.SourceTypes = append(m.SourceTypes, ApplicationSourceType(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ControllerNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ControllerNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -26442,7 +27993,7 @@ func (m *BasicAuthBitbucketServer) Unmarshal(dAtA []byte) error { } return nil } -func (m *ChartDetails) Unmarshal(dAtA []byte) error { +func (m *BearerTokenBitbucketCloud) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -26465,49 +28016,17 @@ func (m *ChartDetails) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ChartDetails: wiretype end group for non-group") + return fmt.Errorf("proto: BearerTokenBitbucketCloud: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ChartDetails: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: BearerTokenBitbucketCloud: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Description = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Home", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenRef", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -26517,55 +28036,27 @@ func (m *ChartDetails) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.Home = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Maintainers", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated + if m.TokenRef == nil { + m.TokenRef = &SecretRef{} } - if postIndex > l { - return io.ErrUnexpectedEOF + if err := m.TokenRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.Maintainers = append(m.Maintainers, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -26588,7 +28079,7 @@ func (m *ChartDetails) Unmarshal(dAtA []byte) error { } return nil } -func (m *Cluster) Unmarshal(dAtA []byte) error { +func (m *ChartDetails) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -26611,15 +28102,15 @@ func (m *Cluster) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Cluster: wiretype end group for non-group") + return fmt.Errorf("proto: ChartDetails: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Cluster: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ChartDetails: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26647,11 +28138,11 @@ func (m *Cluster) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Server = string(dAtA[iNdEx:postIndex]) + m.Description = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Home", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26679,13 +28170,13 @@ func (m *Cluster) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Home = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Maintainers", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -26695,61 +28186,77 @@ func (m *Cluster) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Maintainers = append(m.Maintainers, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionState", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err } - if msglen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Cluster) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - if err := m.ConnectionState.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - iNdEx = postIndex - case 5: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Cluster: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Cluster: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerVersion", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26777,11 +28284,11 @@ func (m *Cluster) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ServerVersion = string(dAtA[iNdEx:postIndex]) + m.Server = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 6: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespaces", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26809,11 +28316,141 @@ func (m *Cluster) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespaces = append(m.Namespaces, string(dAtA[iNdEx:postIndex])) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 7: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RefreshRequestedAt", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Config.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionState", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionState.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerVersion", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerVersion = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespaces", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespaces = append(m.Namespaces, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RefreshRequestedAt", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30068,301 +31705,428 @@ func (m *GitGenerator) Unmarshal(dAtA []byte) error { } m.PathParamPrefix = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GnuPGPublicKey) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GnuPGPublicKey: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GnuPGPublicKey: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KeyID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.KeyID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Fingerprint", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Fingerprint = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Owner = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Trust", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Trust = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SubType", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SubType = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KeyData", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.KeyData = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GnuPGPublicKeyList) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GnuPGPublicKeyList: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GnuPGPublicKeyList: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Values == nil { + m.Values = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Values[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GnuPGPublicKey) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GnuPGPublicKey: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GnuPGPublicKey: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KeyID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KeyID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Fingerprint", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Fingerprint = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Owner = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Trust", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Trust = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubType", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KeyData", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KeyData = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GnuPGPublicKeyList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GnuPGPublicKeyList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GnuPGPublicKeyList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -34051,66 +35815,1179 @@ func (m *OrphanedResourcesMonitorSettings) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Ignore = append(m.Ignore, OrphanedResourceKey{}) - if err := m.Ignore[len(m.Ignore)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Ignore = append(m.Ignore, OrphanedResourceKey{}) + if err := m.Ignore[len(m.Ignore)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *OverrideIgnoreDiff) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: OverrideIgnoreDiff: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: OverrideIgnoreDiff: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field JSONPointers", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.JSONPointers = append(m.JSONPointers, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field JQPathExpressions", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.JQPathExpressions = append(m.JQPathExpressions, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ManagedFieldsManagers", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ManagedFieldsManagers = append(m.ManagedFieldsManagers, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PluginConfigMapRef) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginConfigMapRef: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginConfigMapRef: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PluginGenerator) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginGenerator: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginGenerator: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConfigMapRef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConfigMapRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Input.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequeueAfterSeconds", wireType) + } + var v int64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.RequeueAfterSeconds = &v + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Template", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Template.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Values == nil { + m.Values = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Values[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PluginInput) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginInput: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginInput: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Parameters == nil { + m.Parameters = make(PluginParameters) + } + var mapkey string + mapvalue := &v11.JSON{} + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapmsglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapmsglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if mapmsglen < 0 { + return ErrInvalidLengthGenerated + } + postmsgIndex := iNdEx + mapmsglen + if postmsgIndex < 0 { + return ErrInvalidLengthGenerated + } + if postmsgIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = &v11.JSON{} + if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil { + return err + } + iNdEx = postmsgIndex + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Parameters[mapkey] = *mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ProjectRole) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ProjectRole: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ProjectRole: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Description = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Policies", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Policies = append(m.Policies, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field JWTTokens", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.JWTTokens = append(m.JWTTokens, JWTToken{}) + if err := m.JWTTokens[len(m.JWTTokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Groups", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Groups = append(m.Groups, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PullRequestGenerator: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PullRequestGenerator: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Github", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Github == nil { + m.Github = &PullRequestGeneratorGithub{} + } + if err := m.Github.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field GitLab", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.GitLab == nil { + m.GitLab = &PullRequestGeneratorGitLab{} + } + if err := m.GitLab.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Gitea", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Gitea == nil { + m.Gitea = &PullRequestGeneratorGitea{} + } + if err := m.Gitea.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field BitbucketServer", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.BitbucketServer == nil { + m.BitbucketServer = &PullRequestGeneratorBitbucketServer{} + } + if err := m.BitbucketServer.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { return ErrInvalidLengthGenerated } - if (iNdEx + skippy) > l { + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { return io.ErrUnexpectedEOF } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *OverrideIgnoreDiff) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated + m.Filters = append(m.Filters, PullRequestGeneratorFilter{}) + if err := m.Filters[len(m.Filters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - if iNdEx >= l { - return io.ErrUnexpectedEOF + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequeueAfterSeconds", wireType) } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + var v int64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int64(b&0x7F) << shift + if b < 0x80 { + break + } } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: OverrideIgnoreDiff: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: OverrideIgnoreDiff: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.RequeueAfterSeconds = &v + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field JSONPointers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Template", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -34120,29 +36997,30 @@ func (m *OverrideIgnoreDiff) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.JSONPointers = append(m.JSONPointers, string(dAtA[iNdEx:postIndex])) + if err := m.Template.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 2: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field JQPathExpressions", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Bitbucket", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -34152,29 +37030,33 @@ func (m *OverrideIgnoreDiff) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.JQPathExpressions = append(m.JQPathExpressions, string(dAtA[iNdEx:postIndex])) + if m.Bitbucket == nil { + m.Bitbucket = &PullRequestGeneratorBitbucket{} + } + if err := m.Bitbucket.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 3: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ManagedFieldsManagers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AzureDevOps", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -34184,23 +37066,27 @@ func (m *OverrideIgnoreDiff) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.ManagedFieldsManagers = append(m.ManagedFieldsManagers, string(dAtA[iNdEx:postIndex])) + if m.AzureDevOps == nil { + m.AzureDevOps = &PullRequestGeneratorAzureDevOps{} + } + if err := m.AzureDevOps.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -34223,7 +37109,7 @@ func (m *OverrideIgnoreDiff) Unmarshal(dAtA []byte) error { } return nil } -func (m *ProjectRole) Unmarshal(dAtA []byte) error { +func (m *PullRequestGeneratorAzureDevOps) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34246,15 +37132,15 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ProjectRole: wiretype end group for non-group") + return fmt.Errorf("proto: PullRequestGeneratorAzureDevOps: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ProjectRole: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PullRequestGeneratorAzureDevOps: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Organization", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -34282,11 +37168,11 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Organization = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -34314,11 +37200,11 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Description = string(dAtA[iNdEx:postIndex]) + m.Project = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Policies", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Repo", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -34346,11 +37232,43 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Policies = append(m.Policies, string(dAtA[iNdEx:postIndex])) + m.Repo = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field JWTTokens", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field API", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.API = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TokenRef", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -34377,14 +37295,16 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.JWTTokens = append(m.JWTTokens, JWTToken{}) - if err := m.JWTTokens[len(m.JWTTokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.TokenRef == nil { + m.TokenRef = &SecretRef{} + } + if err := m.TokenRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Groups", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -34412,7 +37332,7 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Groups = append(m.Groups, string(dAtA[iNdEx:postIndex])) + m.Labels = append(m.Labels, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -34435,7 +37355,7 @@ func (m *ProjectRole) Unmarshal(dAtA []byte) error { } return nil } -func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { +func (m *PullRequestGeneratorBitbucket) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34458,17 +37378,17 @@ func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PullRequestGenerator: wiretype end group for non-group") + return fmt.Errorf("proto: PullRequestGeneratorBitbucket: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PullRequestGenerator: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PullRequestGeneratorBitbucket: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Github", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -34478,33 +37398,29 @@ func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Github == nil { - m.Github = &PullRequestGeneratorGithub{} - } - if err := m.Github.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Owner = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field GitLab", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Repo", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -34514,33 +37430,29 @@ func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - if m.GitLab == nil { - m.GitLab = &PullRequestGeneratorGitLab{} - } - if err := m.GitLab.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Repo = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Gitea", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field API", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -34550,31 +37462,27 @@ func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Gitea == nil { - m.Gitea = &PullRequestGeneratorGitea{} - } - if err := m.Gitea.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.API = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BitbucketServer", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BasicAuth", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -34601,16 +37509,16 @@ func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.BitbucketServer == nil { - m.BitbucketServer = &PullRequestGeneratorBitbucketServer{} + if m.BasicAuth == nil { + m.BasicAuth = &BasicAuthBitbucketServer{} } - if err := m.BitbucketServer.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.BasicAuth.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BearerToken", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -34637,61 +37545,10 @@ func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Filters = append(m.Filters, PullRequestGeneratorFilter{}) - if err := m.Filters[len(m.Filters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + if m.BearerToken == nil { + m.BearerToken = &BearerTokenBitbucketCloud{} } - iNdEx = postIndex - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequeueAfterSeconds", wireType) - } - var v int64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int64(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.RequeueAfterSeconds = &v - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Template", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Template.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.BearerToken.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -34960,6 +37817,39 @@ func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.BranchMatch = &s iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TargetBranchMatch", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.TargetBranchMatch = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -39625,6 +42515,39 @@ func (m *ResourceOverride) Unmarshal(dAtA []byte) error { } } m.UseOpenLibs = bool(v != 0) + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field IgnoreResourceUpdates", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.IgnoreResourceUpdates.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -41544,6 +44467,337 @@ func (m *SCMProviderGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Values == nil { + m.Values = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Values[mapkey] = mapvalue + iNdEx = postIndex + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AWSCodeCommit", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.AWSCodeCommit == nil { + m.AWSCodeCommit = &SCMProviderGeneratorAWSCodeCommit{} + } + if err := m.AWSCodeCommit.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SCMProviderGeneratorAWSCodeCommit) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SCMProviderGeneratorAWSCodeCommit: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SCMProviderGeneratorAWSCodeCommit: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TagFilters", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TagFilters = append(m.TagFilters, &TagFilter{}) + if err := m.TagFilters[len(m.TagFilters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Role = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Region", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Region = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field AllBranches", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.AllBranches = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -45137,6 +48391,120 @@ func (m *TLSClientConfig) Unmarshal(dAtA []byte) error { } return nil } +func (m *TagFilter) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TagFilter: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TagFilter: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Value = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index c5c56a14d83a7..5f409ef4fd810 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -231,6 +231,8 @@ message ApplicationSetGenerator { // Selector allows to post-filter all generator. optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; + + optional PluginGenerator plugin = 10; } // ApplicationSetList contains a list of ApplicationSet @@ -265,6 +267,8 @@ message ApplicationSetNestedGenerator { // Selector allows to post-filter all generator. optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; + + optional PluginGenerator plugin = 10; } message ApplicationSetRolloutStep { @@ -290,6 +294,11 @@ message ApplicationSetSpec { optional ApplicationSetStrategy strategy = 5; optional ApplicationPreservedFields preservedFields = 6; + + repeated string goTemplateOptions = 7; + + // ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators + optional bool applyNestedSelectors = 8; } // ApplicationSetStatus defines the observed state of ApplicationSet @@ -313,6 +322,11 @@ message ApplicationSetStrategy { message ApplicationSetSyncPolicy { // PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted. optional bool preserveResourcesOnDeletion = 1; + + // ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Enum=create-only;create-update;create-delete;sync + optional string applicationsSync = 2; } // ApplicationSetTemplate represents argocd ApplicationSpec @@ -352,6 +366,11 @@ message ApplicationSetTerminalGenerator { optional DuckTypeGenerator clusterDecisionResource = 5; optional PullRequestGenerator pullRequest = 6; + + optional PluginGenerator plugin = 7; + + // Selector allows to post-filter all generator. + optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8; } // ApplicationSource contains all required information about the source of an application @@ -412,7 +431,8 @@ message ApplicationSourceHelm { // ReleaseName is the Helm release name to use. If omitted it will use the application name optional string releaseName = 3; - // Values specifies Helm values to be passed to helm template, typically defined as a block + // Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other. + // +patchStrategy=replace optional string values = 4; // FileParameters are file parameters to the helm template @@ -429,6 +449,10 @@ message ApplicationSourceHelm { // SkipCrds skips custom resource definition installation step (Helm's --skip-crds) optional bool skipCrds = 9; + + // ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values. + // +kubebuilder:pruning:PreserveUnknownFields + optional k8s.io.apimachinery.pkg.runtime.RawExtension valuesObject = 10; } // ApplicationSourceJsonnet holds options specific to applications of type Jsonnet @@ -572,6 +596,9 @@ message ApplicationStatus { // SourceTypes specifies the type of the sources included in the application repeated string sourceTypes = 12; + + // ControllerNamespace indicates the namespace in which the application controller is located + optional string controllerNamespace = 13; } // ApplicationSummary contains information about URLs and container images used by an application @@ -629,6 +656,12 @@ message BasicAuthBitbucketServer { optional SecretRef passwordRef = 2; } +// BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth. +message BearerTokenBitbucketCloud { + // Password (or personal access token) reference. + optional SecretRef tokenRef = 1; +} + // ChartDetails contains helm chart metadata for a specific version message ChartDetails { optional string description = 1; @@ -880,6 +913,9 @@ message GitGenerator { optional ApplicationSetTemplate template = 6; optional string pathParamPrefix = 7; + + // Values contains key/value pairs which are passed directly as parameters to the template + map values = 8; } // GnuPGPublicKey is a representation of a GnuPG public key @@ -1188,6 +1224,33 @@ message OverrideIgnoreDiff { repeated string managedFieldsManagers = 3; } +message PluginConfigMapRef { + // Name of the ConfigMap + optional string name = 1; +} + +// PluginGenerator defines connection info specific to Plugin. +message PluginGenerator { + optional PluginConfigMapRef configMapRef = 1; + + optional PluginInput input = 2; + + // RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again. + optional int64 requeueAfterSeconds = 3; + + optional ApplicationSetTemplate template = 4; + + // Values contains key/value pairs which are passed directly as parameters to the template. These values will not be + // sent as parameters to the plugin. + map values = 5; +} + +message PluginInput { + // Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the + // values can be any type. + map parameters = 1; +} + // ProjectRole represents a role that has access to a project message ProjectRole { // Name is a name for this role @@ -1224,9 +1287,53 @@ message PullRequestGenerator { optional int64 requeueAfterSeconds = 6; optional ApplicationSetTemplate template = 7; + + optional PullRequestGeneratorBitbucket bitbucket = 8; + + // Additional provider to use and config for it. + optional PullRequestGeneratorAzureDevOps azuredevops = 9; } -// PullRequestGenerator defines connection info specific to BitbucketServer. +// PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps. +message PullRequestGeneratorAzureDevOps { + // Azure DevOps org to scan. Required. + optional string organization = 1; + + // Azure DevOps project name to scan. Required. + optional string project = 2; + + // Azure DevOps repo name to scan. Required. + optional string repo = 3; + + // The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/. + optional string api = 4; + + // Authentication token reference. + optional SecretRef tokenRef = 5; + + // Labels is used to filter the PRs that you want to target + repeated string labels = 6; +} + +// PullRequestGeneratorBitbucket defines connection info specific to Bitbucket. +message PullRequestGeneratorBitbucket { + // Workspace to scan. Required. + optional string owner = 1; + + // Repo name to scan. Required. + optional string repo = 2; + + // The Bitbucket REST API URL to talk to. If blank, uses https://api.bitbucket.org/2.0. + optional string api = 3; + + // Credentials for Basic auth + optional BasicAuthBitbucketServer basicAuth = 4; + + // Credentials for AppToken (Bearer auth) + optional BearerTokenBitbucketCloud bearerToken = 5; +} + +// PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer. message PullRequestGeneratorBitbucketServer { // Project to scan. Required. optional string project = 1; @@ -1246,6 +1353,8 @@ message PullRequestGeneratorBitbucketServer { // pass for a pull request to be included. message PullRequestGeneratorFilter { optional string branchMatch = 1; + + optional string targetBranchMatch = 2; } // PullRequestGeneratorGitLab defines connection info specific to GitLab. @@ -1266,7 +1375,7 @@ message PullRequestGeneratorGitLab { optional string pullRequestState = 5; } -// PullRequestGenerator defines connection info specific to Gitea. +// PullRequestGeneratorGitea defines connection info specific to Gitea. message PullRequestGeneratorGitea { // Gitea org or user to scan. Required. optional string owner = 1; @@ -1608,6 +1717,8 @@ message ResourceOverride { optional OverrideIgnoreDiff ignoreDifferences = 2; + optional OverrideIgnoreDiff ignoreResourceUpdates = 6; + repeated KnownTypeField knownTypeFields = 4; } @@ -1764,6 +1875,28 @@ message SCMProviderGenerator { optional int64 requeueAfterSeconds = 9; optional ApplicationSetTemplate template = 10; + + // Values contains key/value pairs which are passed directly as parameters to the template + map values = 11; + + optional SCMProviderGeneratorAWSCodeCommit awsCodeCommit = 12; +} + +// SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit. +message SCMProviderGeneratorAWSCodeCommit { + // TagFilters provides the tag filter(s) for repo discovery + repeated TagFilter tagFilters = 1; + + // Role provides the AWS IAM role to assume, for cross-account repo discovery + // if not provided, AppSet controller will use its pod/node identity to discover. + optional string role = 2; + + // Region provides the AWS region to discover repos. + // if not provided, AppSet controller will infer the current region from environment. + optional string region = 3; + + // Scan all branches instead of just the default branch. + optional bool allBranches = 4; } // SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps. @@ -2087,3 +2220,9 @@ message TLSClientConfig { optional bytes caData = 5; } +message TagFilter { + optional string key = 1; + + optional string value = 2; +} + diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index c6aab58f821ad..be18f45d1e2d3 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -54,6 +54,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationWatchEvent": schema_pkg_apis_application_v1alpha1_ApplicationWatchEvent(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Backoff": schema_pkg_apis_application_v1alpha1_Backoff(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer": schema_pkg_apis_application_v1alpha1_BasicAuthBitbucketServer(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucketCloud": schema_pkg_apis_application_v1alpha1_BearerTokenBitbucketCloud(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ChartDetails": schema_pkg_apis_application_v1alpha1_ChartDetails(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Cluster": schema_pkg_apis_application_v1alpha1_Cluster(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterCacheInfo": schema_pkg_apis_application_v1alpha1_ClusterCacheInfo(ref), @@ -102,8 +103,13 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OrphanedResourceKey": schema_pkg_apis_application_v1alpha1_OrphanedResourceKey(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OrphanedResourcesMonitorSettings": schema_pkg_apis_application_v1alpha1_OrphanedResourcesMonitorSettings(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OverrideIgnoreDiff": schema_pkg_apis_application_v1alpha1_OverrideIgnoreDiff(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginConfigMapRef": schema_pkg_apis_application_v1alpha1_PluginConfigMapRef(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator": schema_pkg_apis_application_v1alpha1_PluginGenerator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginInput": schema_pkg_apis_application_v1alpha1_PluginInput(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ProjectRole": schema_pkg_apis_application_v1alpha1_ProjectRole(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator": schema_pkg_apis_application_v1alpha1_PullRequestGenerator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorAzureDevOps": schema_pkg_apis_application_v1alpha1_PullRequestGeneratorAzureDevOps(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorBitbucket": schema_pkg_apis_application_v1alpha1_PullRequestGeneratorBitbucket(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorBitbucketServer": schema_pkg_apis_application_v1alpha1_PullRequestGeneratorBitbucketServer(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorFilter": schema_pkg_apis_application_v1alpha1_PullRequestGeneratorFilter(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorGitLab": schema_pkg_apis_application_v1alpha1_PullRequestGeneratorGitLab(ref), @@ -132,6 +138,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionHistory": schema_pkg_apis_application_v1alpha1_RevisionHistory(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionMetadata": schema_pkg_apis_application_v1alpha1_RevisionMetadata(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator": schema_pkg_apis_application_v1alpha1_SCMProviderGenerator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAWSCodeCommit": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorAWSCodeCommit(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAzureDevOps": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorAzureDevOps(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucket": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorBitbucket(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucketServer": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorBitbucketServer(ref), @@ -152,6 +159,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStrategyHook": schema_pkg_apis_application_v1alpha1_SyncStrategyHook(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncWindow": schema_pkg_apis_application_v1alpha1_SyncWindow(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TLSClientConfig": schema_pkg_apis_application_v1alpha1_TLSClientConfig(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TagFilter": schema_pkg_apis_application_v1alpha1_TagFilter(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.objectMeta": schema_pkg_apis_application_v1alpha1_objectMeta(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.rawResourceOverride": schema_pkg_apis_application_v1alpha1_rawResourceOverride(ref), } @@ -934,11 +942,16 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetGenerator(ref common.Ref Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, + "plugin": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MatrixGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MergeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MatrixGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MergeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -1046,11 +1059,16 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetNestedGenerator(ref comm Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, + "plugin": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -1160,6 +1178,27 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetSpec(ref common.Referenc Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationPreservedFields"), }, }, + "goTemplateOptions": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "applyNestedSelectors": { + SchemaProps: spec.SchemaProps{ + Description: "ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators", + Type: []string{"boolean"}, + Format: "", + }, + }, }, Required: []string{"generators", "template"}, }, @@ -1251,6 +1290,13 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetSyncPolicy(ref common.Re Format: "", }, }, + "applicationsSync": { + SchemaProps: spec.SchemaProps{ + Description: "ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, @@ -1391,11 +1437,22 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref co Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator"), }, }, + "plugin": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator"), + }, + }, + "selector": { + SchemaProps: spec.SchemaProps{ + Description: "Selector allows to post-filter all generator.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -1562,8 +1619,13 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSourceHelm(ref common.Refer }, }, "values": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-strategy": "replace", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "Values specifies Helm values to be passed to helm template, typically defined as a block", + Description: "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", Type: []string{"string"}, Format: "", }, @@ -1610,11 +1672,17 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSourceHelm(ref common.Refer Format: "", }, }, + "valuesObject": { + SchemaProps: spec.SchemaProps{ + Description: "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HelmFileParameter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HelmParameter"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HelmFileParameter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HelmParameter", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -2082,6 +2150,13 @@ func schema_pkg_apis_application_v1alpha1_ApplicationStatus(ref common.Reference }, }, }, + "controllerNamespace": { + SchemaProps: spec.SchemaProps{ + Description: "ControllerNamespace indicates the namespace in which the application controller is located", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, @@ -2284,6 +2359,28 @@ func schema_pkg_apis_application_v1alpha1_BasicAuthBitbucketServer(ref common.Re } } +func schema_pkg_apis_application_v1alpha1_BearerTokenBitbucketCloud(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "tokenRef": { + SchemaProps: spec.SchemaProps{ + Description: "Password (or personal access token) reference.", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"), + }, + }, + }, + Required: []string{"tokenRef"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"}, + } +} + func schema_pkg_apis_application_v1alpha1_ChartDetails(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -3154,6 +3251,22 @@ func schema_pkg_apis_application_v1alpha1_GitGenerator(ref common.ReferenceCallb Format: "", }, }, + "values": { + SchemaProps: spec.SchemaProps{ + Description: "Values contains key/value pairs which are passed directly as parameters to the template", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, Required: []string{"repoURL", "revision"}, }, @@ -4240,6 +4353,113 @@ func schema_pkg_apis_application_v1alpha1_OverrideIgnoreDiff(ref common.Referenc } } +func schema_pkg_apis_application_v1alpha1_PluginConfigMapRef(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "Name of the ConfigMap", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_pkg_apis_application_v1alpha1_PluginGenerator(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PluginGenerator defines connection info specific to Plugin.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "configMapRef": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginConfigMapRef"), + }, + }, + "input": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginInput"), + }, + }, + "requeueAfterSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "template": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate"), + }, + }, + "values": { + SchemaProps: spec.SchemaProps{ + Description: "Values contains key/value pairs which are passed directly as parameters to the template. These values will not be sent as parameters to the plugin.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"configMapRef"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginConfigMapRef", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginInput"}, + } +} + +func schema_pkg_apis_application_v1alpha1_PluginInput(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "parameters": { + SchemaProps: spec.SchemaProps{ + Description: "Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the values can be any type.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"}, + } +} + func schema_pkg_apis_application_v1alpha1_ProjectRole(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -4370,11 +4590,141 @@ func schema_pkg_apis_application_v1alpha1_PullRequestGenerator(ref common.Refere Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate"), }, }, + "bitbucket": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorBitbucket"), + }, + }, + "azuredevops": { + SchemaProps: spec.SchemaProps{ + Description: "Additional provider to use and config for it.", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorAzureDevOps"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorFilter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorGitLab", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorGitea", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorGithub"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorAzureDevOps", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorBitbucket", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorFilter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorGitLab", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorGitea", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorGithub"}, + } +} + +func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorAzureDevOps(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "organization": { + SchemaProps: spec.SchemaProps{ + Description: "Azure DevOps org to scan. Required.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "project": { + SchemaProps: spec.SchemaProps{ + Description: "Azure DevOps project name to scan. Required.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "repo": { + SchemaProps: spec.SchemaProps{ + Description: "Azure DevOps repo name to scan. Required.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "api": { + SchemaProps: spec.SchemaProps{ + Description: "The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/.", + Type: []string{"string"}, + Format: "", + }, + }, + "tokenRef": { + SchemaProps: spec.SchemaProps{ + Description: "Authentication token reference.", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"), + }, + }, + "labels": { + SchemaProps: spec.SchemaProps{ + Description: "Labels is used to filter the PRs that you want to target", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"organization", "project", "repo"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"}, + } +} + +func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorBitbucket(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PullRequestGeneratorBitbucket defines connection info specific to Bitbucket.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "owner": { + SchemaProps: spec.SchemaProps{ + Description: "Workspace to scan. Required.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "repo": { + SchemaProps: spec.SchemaProps{ + Description: "Repo name to scan. Required.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "api": { + SchemaProps: spec.SchemaProps{ + Description: "The Bitbucket REST API URL to talk to. If blank, uses https://api.bitbucket.org/2.0.", + Type: []string{"string"}, + Format: "", + }, + }, + "basicAuth": { + SchemaProps: spec.SchemaProps{ + Description: "Credentials for Basic auth", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer"), + }, + }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "Credentials for AppToken (Bearer auth)", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucketCloud"), + }, + }, + }, + Required: []string{"owner", "repo"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucketCloud"}, } } @@ -4382,7 +4732,7 @@ func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorBitbucketServer(re return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PullRequestGenerator defines connection info specific to BitbucketServer.", + Description: "PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "project": { @@ -4437,6 +4787,12 @@ func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorFilter(ref common. Format: "", }, }, + "targetBranchMatch": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, @@ -4506,7 +4862,7 @@ func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorGitea(ref common.R return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PullRequestGenerator defines connection info specific to Gitea.", + Description: "PullRequestGeneratorGitea defines connection info specific to Gitea.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "owner": { @@ -5645,6 +6001,12 @@ func schema_pkg_apis_application_v1alpha1_ResourceOverride(ref common.ReferenceC Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OverrideIgnoreDiff"), }, }, + "IgnoreResourceUpdates": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OverrideIgnoreDiff"), + }, + }, "KnownTypeFields": { SchemaProps: spec.SchemaProps{ Type: []string{"array"}, @@ -5659,7 +6021,7 @@ func schema_pkg_apis_application_v1alpha1_ResourceOverride(ref common.ReferenceC }, }, }, - Required: []string{"HealthLua", "UseOpenLibs", "Actions", "IgnoreDifferences", "KnownTypeFields"}, + Required: []string{"HealthLua", "UseOpenLibs", "Actions", "IgnoreDifferences", "IgnoreResourceUpdates", "KnownTypeFields"}, }, }, Dependencies: []string{ @@ -6118,11 +6480,81 @@ func schema_pkg_apis_application_v1alpha1_SCMProviderGenerator(ref common.Refere Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate"), }, }, + "values": { + SchemaProps: spec.SchemaProps{ + Description: "Values contains key/value pairs which are passed directly as parameters to the template", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "awsCodeCommit": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAWSCodeCommit"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAzureDevOps", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucket", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorFilter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitea", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGithub", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitlab"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAWSCodeCommit", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAzureDevOps", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucket", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorFilter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitea", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGithub", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitlab"}, + } +} + +func schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorAWSCodeCommit(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "tagFilters": { + SchemaProps: spec.SchemaProps{ + Description: "TagFilters provides the tag filter(s) for repo discovery", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TagFilter"), + }, + }, + }, + }, + }, + "role": { + SchemaProps: spec.SchemaProps{ + Description: "Role provides the AWS IAM role to assume, for cross-account repo discovery if not provided, AppSet controller will use its pod/node identity to discover.", + Type: []string{"string"}, + Format: "", + }, + }, + "region": { + SchemaProps: spec.SchemaProps{ + Description: "Region provides the AWS region to discover repos. if not provided, AppSet controller will infer the current region from environment.", + Type: []string{"string"}, + Format: "", + }, + }, + "allBranches": { + SchemaProps: spec.SchemaProps{ + Description: "Scan all branches instead of just the default branch.", + Type: []string{"boolean"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TagFilter"}, } } @@ -7121,6 +7553,32 @@ func schema_pkg_apis_application_v1alpha1_TLSClientConfig(ref common.ReferenceCa } } +func schema_pkg_apis_application_v1alpha1_TagFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"key"}, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_objectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -7171,6 +7629,12 @@ func schema_pkg_apis_application_v1alpha1_rawResourceOverride(ref common.Referen Format: "", }, }, + "ignoreResourceUpdates": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, "knownTypeFields": { SchemaProps: spec.SchemaProps{ Type: []string{"array"}, diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 141854abb8913..2f8617be915ac 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -16,6 +16,7 @@ import ( "time" "unicode" + "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/gitops-engine/pkg/health" synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/robfig/cron/v3" @@ -25,6 +26,7 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" utilnet "k8s.io/apimachinery/pkg/util/net" @@ -298,8 +300,9 @@ type ApplicationSourceHelm struct { Parameters []HelmParameter `json:"parameters,omitempty" protobuf:"bytes,2,opt,name=parameters"` // ReleaseName is the Helm release name to use. If omitted it will use the application name ReleaseName string `json:"releaseName,omitempty" protobuf:"bytes,3,opt,name=releaseName"` - // Values specifies Helm values to be passed to helm template, typically defined as a block - Values string `json:"values,omitempty" protobuf:"bytes,4,opt,name=values"` + // Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other. + // +patchStrategy=replace + Values string `json:"values,omitempty" patchStrategy:"replace" protobuf:"bytes,4,opt,name=values"` // FileParameters are file parameters to the helm template FileParameters []HelmFileParameter `json:"fileParameters,omitempty" protobuf:"bytes,5,opt,name=fileParameters"` // Version is the Helm version to use for templating ("3") @@ -310,6 +313,9 @@ type ApplicationSourceHelm struct { IgnoreMissingValueFiles bool `json:"ignoreMissingValueFiles,omitempty" protobuf:"bytes,8,opt,name=ignoreMissingValueFiles"` // SkipCrds skips custom resource definition installation step (Helm's --skip-crds) SkipCrds bool `json:"skipCrds,omitempty" protobuf:"bytes,9,opt,name=skipCrds"` + // ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values. + // +kubebuilder:pruning:PreserveUnknownFields + ValuesObject *runtime.RawExtension `json:"valuesObject,omitempty" protobuf:"bytes,10,opt,name=valuesObject"` } // HelmParameter is a parameter that's passed to helm template during manifest generation @@ -391,7 +397,7 @@ func (in *ApplicationSourceHelm) AddFileParameter(p HelmFileParameter) { // IsZero Returns true if the Helm options in an application source are considered zero func (h *ApplicationSourceHelm) IsZero() bool { - return h == nil || (h.Version == "") && (h.ReleaseName == "") && len(h.ValueFiles) == 0 && len(h.Parameters) == 0 && len(h.FileParameters) == 0 && h.Values == "" && !h.PassCredentials && !h.IgnoreMissingValueFiles && !h.SkipCrds + return h == nil || (h.Version == "") && (h.ReleaseName == "") && len(h.ValueFiles) == 0 && len(h.Parameters) == 0 && len(h.FileParameters) == 0 && h.ValuesIsEmpty() && !h.PassCredentials && !h.IgnoreMissingValueFiles && !h.SkipCrds } // KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: @@ -893,6 +899,8 @@ type ApplicationStatus struct { ResourceHealthSource ResourceHealthLocation `json:"resourceHealthSource,omitempty" protobuf:"bytes,11,opt,name=resourceHealthSource"` // SourceTypes specifies the type of the sources included in the application SourceTypes []ApplicationSourceType `json:"sourceTypes,omitempty" protobuf:"bytes,12,opt,name=sourceTypes"` + // ControllerNamespace indicates the namespace in which the application controller is located + ControllerNamespace string `json:"controllerNamespace,omitempty" protobuf:"bytes,13,opt,name=controllerNamespace"` } // JWTTokens represents a list of JWT tokens @@ -1835,9 +1843,9 @@ type KnownTypeField struct { // OverrideIgnoreDiff contains configurations about how fields should be ignored during diffs between // the desired state and live state type OverrideIgnoreDiff struct { - //JSONPointers is a JSON path list following the format defined in RFC4627 (https://datatracker.ietf.org/doc/html/rfc6902#section-3) + // JSONPointers is a JSON path list following the format defined in RFC4627 (https://datatracker.ietf.org/doc/html/rfc6902#section-3) JSONPointers []string `json:"jsonPointers" protobuf:"bytes,1,rep,name=jSONPointers"` - //JQPathExpressions is a JQ path list that will be evaludated during the diff process + // JQPathExpressions is a JQ path list that will be evaludated during the diff process JQPathExpressions []string `json:"jqPathExpressions" protobuf:"bytes,2,opt,name=jqPathExpressions"` // ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the // desired state defined in the SCM and won't be displayed in diffs @@ -1845,21 +1853,23 @@ type OverrideIgnoreDiff struct { } type rawResourceOverride struct { - HealthLua string `json:"health.lua,omitempty"` - UseOpenLibs bool `json:"health.lua.useOpenLibs,omitempty"` - Actions string `json:"actions,omitempty"` - IgnoreDifferences string `json:"ignoreDifferences,omitempty"` - KnownTypeFields []KnownTypeField `json:"knownTypeFields,omitempty"` + HealthLua string `json:"health.lua,omitempty"` + UseOpenLibs bool `json:"health.lua.useOpenLibs,omitempty"` + Actions string `json:"actions,omitempty"` + IgnoreDifferences string `json:"ignoreDifferences,omitempty"` + IgnoreResourceUpdates string `json:"ignoreResourceUpdates,omitempty"` + KnownTypeFields []KnownTypeField `json:"knownTypeFields,omitempty"` } // ResourceOverride holds configuration to customize resource diffing and health assessment // TODO: describe the members of this type type ResourceOverride struct { - HealthLua string `protobuf:"bytes,1,opt,name=healthLua"` - UseOpenLibs bool `protobuf:"bytes,5,opt,name=useOpenLibs"` - Actions string `protobuf:"bytes,3,opt,name=actions"` - IgnoreDifferences OverrideIgnoreDiff `protobuf:"bytes,2,opt,name=ignoreDifferences"` - KnownTypeFields []KnownTypeField `protobuf:"bytes,4,opt,name=knownTypeFields"` + HealthLua string `protobuf:"bytes,1,opt,name=healthLua"` + UseOpenLibs bool `protobuf:"bytes,5,opt,name=useOpenLibs"` + Actions string `protobuf:"bytes,3,opt,name=actions"` + IgnoreDifferences OverrideIgnoreDiff `protobuf:"bytes,2,opt,name=ignoreDifferences"` + IgnoreResourceUpdates OverrideIgnoreDiff `protobuf:"bytes,6,opt,name=ignoreResourceUpdates"` + KnownTypeFields []KnownTypeField `protobuf:"bytes,4,opt,name=knownTypeFields"` } // TODO: describe this method @@ -1872,7 +1882,15 @@ func (s *ResourceOverride) UnmarshalJSON(data []byte) error { s.HealthLua = raw.HealthLua s.UseOpenLibs = raw.UseOpenLibs s.Actions = raw.Actions - return yaml.Unmarshal([]byte(raw.IgnoreDifferences), &s.IgnoreDifferences) + err := yaml.Unmarshal([]byte(raw.IgnoreDifferences), &s.IgnoreDifferences) + if err != nil { + return err + } + err = yaml.Unmarshal([]byte(raw.IgnoreResourceUpdates), &s.IgnoreResourceUpdates) + if err != nil { + return err + } + return nil } // TODO: describe this method @@ -1881,7 +1899,11 @@ func (s ResourceOverride) MarshalJSON() ([]byte, error) { if err != nil { return nil, err } - raw := &rawResourceOverride{s.HealthLua, s.UseOpenLibs, s.Actions, string(ignoreDifferencesData), s.KnownTypeFields} + ignoreResourceUpdatesData, err := yaml.Marshal(s.IgnoreResourceUpdates) + if err != nil { + return nil, err + } + raw := &rawResourceOverride{s.HealthLua, s.UseOpenLibs, s.Actions, string(ignoreDifferencesData), string(ignoreResourceUpdatesData), s.KnownTypeFields} return json.Marshal(raw) } @@ -2111,7 +2133,7 @@ type SyncWindow struct { Clusters []string `json:"clusters,omitempty" protobuf:"bytes,6,opt,name=clusters"` // ManualSync enables manual syncs when they would otherwise be blocked ManualSync bool `json:"manualSync,omitempty" protobuf:"bytes,7,opt,name=manualSync"` - //TimeZone of the sync that will be applied to the schedule + // TimeZone of the sync that will be applied to the schedule TimeZone string `json:"timeZone,omitempty" protobuf:"bytes,8,opt,name=timeZone"` } @@ -2307,6 +2329,10 @@ func (w *SyncWindows) CanSync(isManual bool) bool { } } + if active.hasAllow() { + return true + } + inactiveAllows := w.InactiveAllows() if inactiveAllows.HasWindows() { if isManual && inactiveAllows.manualEnabled() { @@ -2820,7 +2846,7 @@ func SetK8SConfigDefaults(config *rest.Config) error { func (c *Cluster) RawRestConfig() *rest.Config { var config *rest.Config var err error - if c.Server == KubernetesInternalAPIServerAddr && os.Getenv(EnvVarFakeInClusterConfig) == "true" { + if c.Server == KubernetesInternalAPIServerAddr && env.ParseBoolFromEnv(EnvVarFakeInClusterConfig, false) { conf, exists := os.LookupEnv("KUBECONFIG") if exists { config, err = clientcmd.BuildConfigFromFlags("", conf) @@ -2989,5 +3015,5 @@ func (a *Application) QualifiedName() string { // RBACName returns the full qualified RBAC resource name for the application // in a backwards-compatible way. func (a *Application) RBACName(defaultNS string) string { - return security.AppRBACName(defaultNS, a.Spec.GetProject(), a.Namespace, a.Name) + return security.RBACName(defaultNS, a.Spec.GetProject(), a.Namespace, a.Name) } diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index 0688dea0069cf..aa629529a25e9 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -2226,6 +2226,20 @@ func TestSyncWindows_CanSync(t *testing.T) { // then assert.False(t, canSync) }) + t.Run("will allow auto sync with active-allow and inactive-allow", func(t *testing.T) { + // given + t.Parallel() + proj := newProjectBuilder(). + withActiveAllowWindow(false). + withInactiveAllowWindow(false). + build() + + // when + canSync := proj.Spec.SyncWindows.CanSync(false) + + // then + assert.True(t, canSync) + }) t.Run("will deny manual sync with active-deny", func(t *testing.T) { // given t.Parallel() diff --git a/pkg/apis/application/v1alpha1/values.go b/pkg/apis/application/v1alpha1/values.go new file mode 100644 index 0000000000000..942e2a651cf71 --- /dev/null +++ b/pkg/apis/application/v1alpha1/values.go @@ -0,0 +1,61 @@ +package v1alpha1 + +import ( + "encoding/json" + "fmt" + reflect "reflect" + "strings" + + runtime "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/yaml" +) + +// Set the ValuesObject property to the json representation of the yaml contained in value +// Remove Values property if present +func (h *ApplicationSourceHelm) SetValuesString(value string) error { + if value == "" { + h.ValuesObject = nil + h.Values = "" + } else { + data, err := yaml.YAMLToJSON([]byte(value)) + if err != nil { + return fmt.Errorf("failed converting yaml to json: %v", err) + } + var v interface{} + if err := json.Unmarshal(data, &v); err != nil { + return fmt.Errorf("failed to unmarshal json: %v", err) + } + switch v.(type) { + case string: + case map[string]interface{}: + default: + return fmt.Errorf("invalid type %q", reflect.TypeOf(v)) + } + h.ValuesObject = &runtime.RawExtension{Raw: data} + h.Values = "" + } + return nil +} + +func (h *ApplicationSourceHelm) ValuesYAML() []byte { + if h.ValuesObject == nil || h.ValuesObject.Raw == nil { + return []byte(h.Values) + } + b, err := yaml.JSONToYAML(h.ValuesObject.Raw) + if err != nil { + // This should be impossible, because rawValue isn't set directly. + return []byte{} + } + return b +} + +func (h *ApplicationSourceHelm) ValuesIsEmpty() bool { + return len(h.ValuesYAML()) == 0 +} + +func (h *ApplicationSourceHelm) ValuesString() string { + if h.ValuesObject == nil || h.ValuesObject.Raw == nil { + return h.Values + } + return strings.TrimSuffix(string(h.ValuesYAML()), "\n") +} diff --git a/pkg/apis/application/v1alpha1/values_test.go b/pkg/apis/application/v1alpha1/values_test.go new file mode 100644 index 0000000000000..f21f17168a2e8 --- /dev/null +++ b/pkg/apis/application/v1alpha1/values_test.go @@ -0,0 +1,81 @@ +package v1alpha1 + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestValues_SetString(t *testing.T) { + testCases := []struct { + name string + inputValue string + expectError bool + expectValue string + }{ + { + name: "an empty string should not throw an error", + inputValue: `""`, + expectValue: "\"\"", + }, + { + name: "a string with contents should not throw an error", + inputValue: `"hello"`, + expectValue: "hello", + }, + { + name: "an array should throw an error", + inputValue: "[]", + expectError: true, + }, + { + name: "a number should throw an error", + inputValue: "42", + expectError: true, + }, + { + name: "a boolean should throw an error", + inputValue: "false", + expectError: true, + }, + { + name: "null should throw an error", + inputValue: "null", + expectError: true, + }, + { + name: "an empty object should not throw an error", + inputValue: "{}", + expectValue: "{}", + }, + { + name: "an object with contents should not throw an error", + inputValue: `{"some": "inputValue"}`, + expectValue: "some: inputValue", + }, + { + name: "a complex object should not throw an error", + inputValue: `{"a": {"nested": "object"}, "an": ["array"], "bool": true, "number": 1, "some": "string"}`, + expectValue: "a:\n nested: object\nan:\n- array\nbool: true\nnumber: 1\nsome: string", + }, + } + + for _, testCase := range testCases { + var err error + t.Run(testCase.name, func(t *testing.T) { + source := &ApplicationSourceHelm{} + err = source.SetValuesString(testCase.inputValue) + + if !testCase.expectError { + assert.Equal(t, testCase.expectValue, source.ValuesString()) + data, err := source.ValuesObject.MarshalJSON() + assert.NoError(t, err) + err = source.ValuesObject.UnmarshalJSON(data) + assert.NoError(t, err) + assert.Equal(t, testCase.expectValue, source.ValuesString()) + } else { + assert.Error(t, err) + } + }) + } +} diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index ecd2f20cc5235..3c0882587574d 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -452,6 +452,11 @@ func (in *ApplicationSetGenerator) DeepCopyInto(out *ApplicationSetGenerator) { *out = new(v1.LabelSelector) (*in).DeepCopyInto(*out) } + if in.Plugin != nil { + in, out := &in.Plugin, &out.Plugin + *out = new(PluginGenerator) + (*in).DeepCopyInto(*out) + } return } @@ -546,6 +551,11 @@ func (in *ApplicationSetNestedGenerator) DeepCopyInto(out *ApplicationSetNestedG *out = new(v1.LabelSelector) (*in).DeepCopyInto(*out) } + if in.Plugin != nil { + in, out := &in.Plugin, &out.Plugin + *out = new(PluginGenerator) + (*in).DeepCopyInto(*out) + } return } @@ -646,7 +656,7 @@ func (in *ApplicationSetSpec) DeepCopyInto(out *ApplicationSetSpec) { if in.SyncPolicy != nil { in, out := &in.SyncPolicy, &out.SyncPolicy *out = new(ApplicationSetSyncPolicy) - **out = **in + (*in).DeepCopyInto(*out) } if in.Strategy != nil { in, out := &in.Strategy, &out.Strategy @@ -658,6 +668,11 @@ func (in *ApplicationSetSpec) DeepCopyInto(out *ApplicationSetSpec) { *out = new(ApplicationPreservedFields) (*in).DeepCopyInto(*out) } + if in.GoTemplateOptions != nil { + in, out := &in.GoTemplateOptions, &out.GoTemplateOptions + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -725,6 +740,11 @@ func (in *ApplicationSetStrategy) DeepCopy() *ApplicationSetStrategy { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationSetSyncPolicy) DeepCopyInto(out *ApplicationSetSyncPolicy) { *out = *in + if in.ApplicationsSync != nil { + in, out := &in.ApplicationsSync, &out.ApplicationsSync + *out = new(ApplicationsSyncPolicy) + **out = **in + } return } @@ -824,6 +844,16 @@ func (in *ApplicationSetTerminalGenerator) DeepCopyInto(out *ApplicationSetTermi *out = new(PullRequestGenerator) (*in).DeepCopyInto(*out) } + if in.Plugin != nil { + in, out := &in.Plugin, &out.Plugin + *out = new(PluginGenerator) + (*in).DeepCopyInto(*out) + } + if in.Selector != nil { + in, out := &in.Selector, &out.Selector + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } return } @@ -930,6 +960,11 @@ func (in *ApplicationSourceHelm) DeepCopyInto(out *ApplicationSourceHelm) { *out = make([]HelmFileParameter, len(*in)) copy(*out, *in) } + if in.ValuesObject != nil { + in, out := &in.ValuesObject, &out.ValuesObject + *out = new(runtime.RawExtension) + (*in).DeepCopyInto(*out) + } return } @@ -1354,6 +1389,27 @@ func (in *BasicAuthBitbucketServer) DeepCopy() *BasicAuthBitbucketServer { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BearerTokenBitbucketCloud) DeepCopyInto(out *BearerTokenBitbucketCloud) { + *out = *in + if in.TokenRef != nil { + in, out := &in.TokenRef, &out.TokenRef + *out = new(SecretRef) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BearerTokenBitbucketCloud. +func (in *BearerTokenBitbucketCloud) DeepCopy() *BearerTokenBitbucketCloud { + if in == nil { + return nil + } + out := new(BearerTokenBitbucketCloud) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ChartDetails) DeepCopyInto(out *ChartDetails) { *out = *in @@ -1801,6 +1857,13 @@ func (in *GitGenerator) DeepCopyInto(out *GitGenerator) { **out = **in } in.Template.DeepCopyInto(&out.Template) + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } return } @@ -2485,6 +2548,98 @@ func (in *OverrideIgnoreDiff) DeepCopy() *OverrideIgnoreDiff { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PluginConfigMapRef) DeepCopyInto(out *PluginConfigMapRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginConfigMapRef. +func (in *PluginConfigMapRef) DeepCopy() *PluginConfigMapRef { + if in == nil { + return nil + } + out := new(PluginConfigMapRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PluginGenerator) DeepCopyInto(out *PluginGenerator) { + *out = *in + out.ConfigMapRef = in.ConfigMapRef + in.Input.DeepCopyInto(&out.Input) + if in.RequeueAfterSeconds != nil { + in, out := &in.RequeueAfterSeconds, &out.RequeueAfterSeconds + *out = new(int64) + **out = **in + } + in.Template.DeepCopyInto(&out.Template) + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginGenerator. +func (in *PluginGenerator) DeepCopy() *PluginGenerator { + if in == nil { + return nil + } + out := new(PluginGenerator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PluginInput) DeepCopyInto(out *PluginInput) { + *out = *in + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make(PluginParameters, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginInput. +func (in *PluginInput) DeepCopy() *PluginInput { + if in == nil { + return nil + } + out := new(PluginInput) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in PluginParameters) DeepCopyInto(out *PluginParameters) { + { + in := &in + *out = make(PluginParameters, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginParameters. +func (in PluginParameters) DeepCopy() PluginParameters { + if in == nil { + return nil + } + out := new(PluginParameters) + in.DeepCopyInto(out) + return *out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProjectRole) DeepCopyInto(out *ProjectRole) { *out = *in @@ -2552,6 +2707,16 @@ func (in *PullRequestGenerator) DeepCopyInto(out *PullRequestGenerator) { **out = **in } in.Template.DeepCopyInto(&out.Template) + if in.Bitbucket != nil { + in, out := &in.Bitbucket, &out.Bitbucket + *out = new(PullRequestGeneratorBitbucket) + (*in).DeepCopyInto(*out) + } + if in.AzureDevOps != nil { + in, out := &in.AzureDevOps, &out.AzureDevOps + *out = new(PullRequestGeneratorAzureDevOps) + (*in).DeepCopyInto(*out) + } return } @@ -2565,6 +2730,58 @@ func (in *PullRequestGenerator) DeepCopy() *PullRequestGenerator { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PullRequestGeneratorAzureDevOps) DeepCopyInto(out *PullRequestGeneratorAzureDevOps) { + *out = *in + if in.TokenRef != nil { + in, out := &in.TokenRef, &out.TokenRef + *out = new(SecretRef) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PullRequestGeneratorAzureDevOps. +func (in *PullRequestGeneratorAzureDevOps) DeepCopy() *PullRequestGeneratorAzureDevOps { + if in == nil { + return nil + } + out := new(PullRequestGeneratorAzureDevOps) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PullRequestGeneratorBitbucket) DeepCopyInto(out *PullRequestGeneratorBitbucket) { + *out = *in + if in.BasicAuth != nil { + in, out := &in.BasicAuth, &out.BasicAuth + *out = new(BasicAuthBitbucketServer) + (*in).DeepCopyInto(*out) + } + if in.BearerToken != nil { + in, out := &in.BearerToken, &out.BearerToken + *out = new(BearerTokenBitbucketCloud) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PullRequestGeneratorBitbucket. +func (in *PullRequestGeneratorBitbucket) DeepCopy() *PullRequestGeneratorBitbucket { + if in == nil { + return nil + } + out := new(PullRequestGeneratorBitbucket) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PullRequestGeneratorBitbucketServer) DeepCopyInto(out *PullRequestGeneratorBitbucketServer) { *out = *in @@ -2594,6 +2811,11 @@ func (in *PullRequestGeneratorFilter) DeepCopyInto(out *PullRequestGeneratorFilt *out = new(string) **out = **in } + if in.TargetBranchMatch != nil { + in, out := &in.TargetBranchMatch, &out.TargetBranchMatch + *out = new(string) + **out = **in + } return } @@ -3099,6 +3321,7 @@ func (in *ResourceNode) DeepCopy() *ResourceNode { func (in *ResourceOverride) DeepCopyInto(out *ResourceOverride) { *out = *in in.IgnoreDifferences.DeepCopyInto(&out.IgnoreDifferences) + in.IgnoreResourceUpdates.DeepCopyInto(&out.IgnoreResourceUpdates) if in.KnownTypeFields != nil { in, out := &in.KnownTypeFields, &out.KnownTypeFields *out = make([]KnownTypeField, len(*in)) @@ -3341,6 +3564,18 @@ func (in *SCMProviderGenerator) DeepCopyInto(out *SCMProviderGenerator) { **out = **in } in.Template.DeepCopyInto(&out.Template) + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.AWSCodeCommit != nil { + in, out := &in.AWSCodeCommit, &out.AWSCodeCommit + *out = new(SCMProviderGeneratorAWSCodeCommit) + (*in).DeepCopyInto(*out) + } return } @@ -3354,6 +3589,33 @@ func (in *SCMProviderGenerator) DeepCopy() *SCMProviderGenerator { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SCMProviderGeneratorAWSCodeCommit) DeepCopyInto(out *SCMProviderGeneratorAWSCodeCommit) { + *out = *in + if in.TagFilters != nil { + in, out := &in.TagFilters, &out.TagFilters + *out = make([]*TagFilter, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(TagFilter) + **out = **in + } + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SCMProviderGeneratorAWSCodeCommit. +func (in *SCMProviderGeneratorAWSCodeCommit) DeepCopy() *SCMProviderGeneratorAWSCodeCommit { + if in == nil { + return nil + } + out := new(SCMProviderGeneratorAWSCodeCommit) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SCMProviderGeneratorAzureDevOps) DeepCopyInto(out *SCMProviderGeneratorAzureDevOps) { *out = *in @@ -3907,3 +4169,19 @@ func (in *TLSClientConfig) DeepCopy() *TLSClientConfig { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TagFilter) DeepCopyInto(out *TagFilter) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TagFilter. +func (in *TagFilter) DeepCopy() *TagFilter { + if in == nil { + return nil + } + out := new(TagFilter) + in.DeepCopyInto(out) + return out +} diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 3e9eab42178c2..4c05248b87e16 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -36,26 +36,31 @@ type ManifestRequest struct { NoCache bool `protobuf:"varint,3,opt,name=noCache,proto3" json:"noCache,omitempty"` AppLabelKey string `protobuf:"bytes,4,opt,name=appLabelKey,proto3" json:"appLabelKey,omitempty"` // Name of the application for which the request is triggered - AppName string `protobuf:"bytes,5,opt,name=appName,proto3" json:"appName,omitempty"` - Namespace string `protobuf:"bytes,8,opt,name=namespace,proto3" json:"namespace,omitempty"` - ApplicationSource *v1alpha1.ApplicationSource `protobuf:"bytes,10,opt,name=applicationSource,proto3" json:"applicationSource,omitempty"` - Repos []*v1alpha1.Repository `protobuf:"bytes,11,rep,name=repos,proto3" json:"repos,omitempty"` - Plugins []*v1alpha1.ConfigManagementPlugin `protobuf:"bytes,12,rep,name=plugins,proto3" json:"plugins,omitempty"` - KustomizeOptions *v1alpha1.KustomizeOptions `protobuf:"bytes,13,opt,name=kustomizeOptions,proto3" json:"kustomizeOptions,omitempty"` - KubeVersion string `protobuf:"bytes,14,opt,name=kubeVersion,proto3" json:"kubeVersion,omitempty"` - ApiVersions []string `protobuf:"bytes,15,rep,name=apiVersions,proto3" json:"apiVersions,omitempty"` + AppName string `protobuf:"bytes,5,opt,name=appName,proto3" json:"appName,omitempty"` + Namespace string `protobuf:"bytes,8,opt,name=namespace,proto3" json:"namespace,omitempty"` + ApplicationSource *v1alpha1.ApplicationSource `protobuf:"bytes,10,opt,name=applicationSource,proto3" json:"applicationSource,omitempty"` + Repos []*v1alpha1.Repository `protobuf:"bytes,11,rep,name=repos,proto3" json:"repos,omitempty"` + // Deprecated: use sidecar plugins instead. + Plugins []*v1alpha1.ConfigManagementPlugin `protobuf:"bytes,12,rep,name=plugins,proto3" json:"plugins,omitempty"` + KustomizeOptions *v1alpha1.KustomizeOptions `protobuf:"bytes,13,opt,name=kustomizeOptions,proto3" json:"kustomizeOptions,omitempty"` + KubeVersion string `protobuf:"bytes,14,opt,name=kubeVersion,proto3" json:"kubeVersion,omitempty"` + ApiVersions []string `protobuf:"bytes,15,rep,name=apiVersions,proto3" json:"apiVersions,omitempty"` // Request to verify the signature when generating the manifests (only for Git repositories) - VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` - HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` - NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` - TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` - EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` - HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` - RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` + HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` + NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` + TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` + EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` + HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` + HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` + RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // This is used to surface "source not permitted" errors for Helm repositories + ProjectSourceRepos []string `protobuf:"bytes,24,rep,name=projectSourceRepos,proto3" json:"projectSourceRepos,omitempty"` + // This is used to surface "source not permitted" errors for Helm repositories + ProjectName string `protobuf:"bytes,25,opt,name=projectName,proto3" json:"projectName,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ManifestRequest) Reset() { *m = ManifestRequest{} } @@ -231,6 +236,20 @@ func (m *ManifestRequest) GetRefSources() map[string]*v1alpha1.RefTarget { return nil } +func (m *ManifestRequest) GetProjectSourceRepos() []string { + if m != nil { + return m.ProjectSourceRepos + } + return nil +} + +func (m *ManifestRequest) GetProjectName() string { + if m != nil { + return m.ProjectName + } + return "" +} + type ManifestRequestWithFiles struct { // Types that are valid to be assigned to Part: // *ManifestRequestWithFiles_Request @@ -1886,13 +1905,14 @@ func (m *HelmChartsResponse) GetItems() []*HelmChart { } type GitFilesRequest struct { - Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` - SubmoduleEnabled bool `protobuf:"varint,2,opt,name=submoduleEnabled,proto3" json:"submoduleEnabled,omitempty"` - Revision string `protobuf:"bytes,3,opt,name=revision,proto3" json:"revision,omitempty"` - Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` + SubmoduleEnabled bool `protobuf:"varint,2,opt,name=submoduleEnabled,proto3" json:"submoduleEnabled,omitempty"` + Revision string `protobuf:"bytes,3,opt,name=revision,proto3" json:"revision,omitempty"` + Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` + NewGitFileGlobbingEnabled bool `protobuf:"varint,5,opt,name=NewGitFileGlobbingEnabled,proto3" json:"NewGitFileGlobbingEnabled,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *GitFilesRequest) Reset() { *m = GitFilesRequest{} } @@ -1956,6 +1976,13 @@ func (m *GitFilesRequest) GetPath() string { return "" } +func (m *GitFilesRequest) GetNewGitFileGlobbingEnabled() bool { + if m != nil { + return m.NewGitFileGlobbingEnabled + } + return false +} + type GitFilesResponse struct { // Map consisting of path of the path to its contents in bytes Map map[string][]byte `protobuf:"bytes,1,rep,name=map,proto3" json:"map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` @@ -2162,136 +2189,140 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2061 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5a, 0x5b, 0x6f, 0x1c, 0x49, - 0x15, 0x9e, 0x9e, 0xf1, 0x65, 0xe6, 0xd8, 0xb1, 0xc7, 0x15, 0x5f, 0x3a, 0xb3, 0x59, 0xcb, 0xdb, - 0x90, 0xc8, 0x24, 0xbb, 0x33, 0xb2, 0xa3, 0xdd, 0xa0, 0x2c, 0x2c, 0xf2, 0x7a, 0x13, 0x3b, 0x9b, - 0x38, 0x31, 0x9d, 0x00, 0x5a, 0x08, 0xa0, 0x72, 0x4f, 0xcd, 0x4c, 0xed, 0xf4, 0x74, 0x57, 0xba, - 0xab, 0x8d, 0x1c, 0x89, 0x07, 0x04, 0xe2, 0x27, 0x20, 0xc4, 0xff, 0x40, 0x3c, 0x21, 0x9e, 0xb8, - 0x48, 0xbc, 0xac, 0xf8, 0x03, 0xa0, 0xfc, 0x12, 0x54, 0x97, 0xbe, 0x4e, 0xdb, 0xc9, 0x32, 0x8e, - 0x57, 0x68, 0x5f, 0x92, 0xae, 0xaa, 0x73, 0xab, 0x53, 0xa7, 0xce, 0xf9, 0x4e, 0x8d, 0xe1, 0x7a, - 0x40, 0x98, 0x1f, 0x92, 0xe0, 0x98, 0x04, 0x1d, 0xf9, 0x49, 0xb9, 0x1f, 0x9c, 0x64, 0x3e, 0xdb, - 0x2c, 0xf0, 0xb9, 0x8f, 0x20, 0x9d, 0x69, 0x3d, 0xec, 0x53, 0x3e, 0x88, 0x8e, 0xda, 0x8e, 0x3f, - 0xea, 0xe0, 0xa0, 0xef, 0xb3, 0xc0, 0xff, 0x5c, 0x7e, 0xbc, 0xe7, 0x74, 0x3b, 0xc7, 0xdb, 0x1d, - 0x36, 0xec, 0x77, 0x30, 0xa3, 0x61, 0x07, 0x33, 0xe6, 0x52, 0x07, 0x73, 0xea, 0x7b, 0x9d, 0xe3, - 0x2d, 0xec, 0xb2, 0x01, 0xde, 0xea, 0xf4, 0x89, 0x47, 0x02, 0xcc, 0x49, 0x57, 0x49, 0x6e, 0xbd, - 0xd5, 0xf7, 0xfd, 0xbe, 0x4b, 0x3a, 0x72, 0x74, 0x14, 0xf5, 0x3a, 0x64, 0xc4, 0xb8, 0x56, 0x6b, - 0xfd, 0x7e, 0x1e, 0x16, 0x0f, 0xb0, 0x47, 0x7b, 0x24, 0xe4, 0x36, 0x79, 0x1e, 0x91, 0x90, 0xa3, - 0x67, 0x30, 0x25, 0x8c, 0x31, 0x8d, 0x0d, 0x63, 0x73, 0x6e, 0x7b, 0xbf, 0x9d, 0x5a, 0xd3, 0x8e, - 0xad, 0x91, 0x1f, 0x3f, 0x77, 0xba, 0xed, 0xe3, 0xed, 0x36, 0x1b, 0xf6, 0xdb, 0xc2, 0x9a, 0x76, - 0xc6, 0x9a, 0x76, 0x6c, 0x4d, 0xdb, 0x4e, 0xb6, 0x65, 0x4b, 0xa9, 0xa8, 0x05, 0xf5, 0x80, 0x1c, - 0xd3, 0x90, 0xfa, 0x9e, 0x59, 0xdd, 0x30, 0x36, 0x1b, 0x76, 0x32, 0x46, 0x26, 0xcc, 0x7a, 0xfe, - 0x2e, 0x76, 0x06, 0xc4, 0xac, 0x6d, 0x18, 0x9b, 0x75, 0x3b, 0x1e, 0xa2, 0x0d, 0x98, 0xc3, 0x8c, - 0x3d, 0xc4, 0x47, 0xc4, 0x7d, 0x40, 0x4e, 0xcc, 0x29, 0xc9, 0x98, 0x9d, 0x12, 0xbc, 0x98, 0xb1, - 0x47, 0x78, 0x44, 0xcc, 0x69, 0xb9, 0x1a, 0x0f, 0xd1, 0x55, 0x68, 0x78, 0x78, 0x44, 0x42, 0x86, - 0x1d, 0x62, 0xd6, 0xe5, 0x5a, 0x3a, 0x81, 0x7e, 0x09, 0x4b, 0x19, 0xc3, 0x9f, 0xf8, 0x51, 0xe0, - 0x10, 0x13, 0xe4, 0xd6, 0x1f, 0x4f, 0xb6, 0xf5, 0x9d, 0xa2, 0x58, 0x7b, 0x5c, 0x13, 0xfa, 0x19, - 0x4c, 0xcb, 0x93, 0x37, 0xe7, 0x36, 0x6a, 0xe7, 0xea, 0x6d, 0x25, 0x16, 0x79, 0x30, 0xcb, 0xdc, - 0xa8, 0x4f, 0xbd, 0xd0, 0x9c, 0x97, 0x1a, 0x9e, 0x4e, 0xa6, 0x61, 0xd7, 0xf7, 0x7a, 0xb4, 0x7f, - 0x80, 0x3d, 0xdc, 0x27, 0x23, 0xe2, 0xf1, 0x43, 0x29, 0xdc, 0x8e, 0x95, 0xa0, 0x17, 0xd0, 0x1c, - 0x46, 0x21, 0xf7, 0x47, 0xf4, 0x05, 0x79, 0xcc, 0x04, 0x6f, 0x68, 0x5e, 0x92, 0xde, 0x7c, 0x34, - 0x99, 0xe2, 0x07, 0x05, 0xa9, 0xf6, 0x98, 0x1e, 0x11, 0x24, 0xc3, 0xe8, 0x88, 0xfc, 0x90, 0x04, - 0x32, 0xba, 0x16, 0x54, 0x90, 0x64, 0xa6, 0x54, 0x18, 0x51, 0x3d, 0x0a, 0xcd, 0xc5, 0x8d, 0x9a, - 0x0a, 0xa3, 0x64, 0x0a, 0x6d, 0xc2, 0xe2, 0x31, 0x09, 0x68, 0xef, 0xe4, 0x09, 0xed, 0x7b, 0x98, - 0x47, 0x01, 0x31, 0x9b, 0x32, 0x14, 0x8b, 0xd3, 0x68, 0x04, 0x97, 0x06, 0xc4, 0x1d, 0x09, 0x97, - 0xef, 0x06, 0xa4, 0x1b, 0x9a, 0x4b, 0xd2, 0xbf, 0x7b, 0x93, 0x9f, 0xa0, 0x14, 0x67, 0xe7, 0xa5, - 0x0b, 0xc3, 0x3c, 0xdf, 0xd6, 0x37, 0x45, 0xdd, 0x11, 0xa4, 0x0c, 0x2b, 0x4c, 0xa3, 0xeb, 0xb0, - 0xc0, 0x03, 0xec, 0x0c, 0xa9, 0xd7, 0x3f, 0x20, 0x7c, 0xe0, 0x77, 0xcd, 0xcb, 0xd2, 0x13, 0x85, - 0x59, 0xe4, 0x00, 0x22, 0x1e, 0x3e, 0x72, 0x49, 0x57, 0xc5, 0xe2, 0xd3, 0x13, 0x46, 0x42, 0x73, - 0x59, 0xee, 0xe2, 0x56, 0x3b, 0x93, 0xa1, 0x0a, 0x09, 0xa2, 0x7d, 0x77, 0x8c, 0xeb, 0xae, 0xc7, - 0x83, 0x13, 0xbb, 0x44, 0x1c, 0x1a, 0xc2, 0x9c, 0xd8, 0x47, 0x1c, 0x0a, 0x2b, 0x32, 0x14, 0xee, - 0x4f, 0xe6, 0xa3, 0xfd, 0x54, 0xa0, 0x9d, 0x95, 0x8e, 0xda, 0x80, 0x06, 0x38, 0x3c, 0x88, 0x5c, - 0x4e, 0x99, 0x4b, 0x94, 0x19, 0xa1, 0xb9, 0x2a, 0xdd, 0x54, 0xb2, 0x82, 0x1e, 0x00, 0x04, 0xa4, - 0x17, 0xd3, 0xad, 0xc9, 0x9d, 0xdf, 0x3c, 0x6b, 0xe7, 0x76, 0x42, 0xad, 0x76, 0x9c, 0x61, 0x6f, - 0xdd, 0x85, 0xb5, 0x53, 0x1c, 0x83, 0x9a, 0x50, 0x1b, 0x92, 0x13, 0x99, 0x50, 0x1b, 0xb6, 0xf8, - 0x44, 0xcb, 0x30, 0x7d, 0x8c, 0xdd, 0x88, 0xc8, 0x14, 0x58, 0xb7, 0xd5, 0xe0, 0x4e, 0xf5, 0xdb, - 0x46, 0xeb, 0xb7, 0x06, 0x2c, 0x16, 0xd4, 0x94, 0xf0, 0xff, 0x34, 0xcb, 0x7f, 0x0e, 0x41, 0xd7, - 0x7b, 0x8a, 0x83, 0x3e, 0xe1, 0x19, 0x43, 0xac, 0x7f, 0x19, 0x60, 0x16, 0xf6, 0xff, 0x23, 0xca, - 0x07, 0xf7, 0xa8, 0x4b, 0x42, 0x74, 0x1b, 0x66, 0x03, 0x35, 0xa7, 0xcb, 0xc4, 0x5b, 0x67, 0xb8, - 0x6d, 0xbf, 0x62, 0xc7, 0xd4, 0xe8, 0x23, 0xa8, 0x8f, 0x08, 0xc7, 0x5d, 0xcc, 0xb1, 0xb6, 0x7d, - 0xa3, 0x8c, 0x53, 0x68, 0x39, 0xd0, 0x74, 0xfb, 0x15, 0x3b, 0xe1, 0x41, 0xef, 0xc3, 0xb4, 0x33, - 0x88, 0xbc, 0xa1, 0x2c, 0x10, 0x73, 0xdb, 0x6f, 0x9f, 0xc6, 0xbc, 0x2b, 0x88, 0xf6, 0x2b, 0xb6, - 0xa2, 0xfe, 0x78, 0x06, 0xa6, 0x18, 0x0e, 0xb8, 0x75, 0x0f, 0x96, 0xcb, 0x54, 0x88, 0xaa, 0xe4, - 0x0c, 0x88, 0x33, 0x0c, 0xa3, 0x91, 0x76, 0x73, 0x32, 0x46, 0x08, 0xa6, 0x42, 0xfa, 0x42, 0xb9, - 0xba, 0x66, 0xcb, 0x6f, 0xeb, 0x5b, 0xb0, 0x34, 0xa6, 0x4d, 0x1c, 0xaa, 0xb2, 0x4d, 0x48, 0x98, - 0xd7, 0xaa, 0xad, 0x08, 0x56, 0x9e, 0x4a, 0x5f, 0x24, 0xa9, 0xf9, 0x22, 0xea, 0xac, 0xb5, 0x0f, - 0xab, 0x45, 0xb5, 0x21, 0xf3, 0xbd, 0x90, 0x88, 0x5b, 0x22, 0x73, 0x19, 0x25, 0xdd, 0x74, 0x55, - 0x5a, 0x51, 0xb7, 0x4b, 0x56, 0xac, 0x5f, 0x55, 0x61, 0xd5, 0x26, 0xa1, 0xef, 0x1e, 0x93, 0x38, - 0xd1, 0x5c, 0x0c, 0x54, 0xf8, 0x09, 0xd4, 0x30, 0x63, 0x3a, 0x4c, 0xee, 0x9f, 0x5b, 0x31, 0xb6, - 0x85, 0x54, 0xf4, 0x2e, 0x2c, 0xe1, 0xd1, 0x11, 0xed, 0x47, 0x7e, 0x14, 0xc6, 0xdb, 0x92, 0x41, - 0xd5, 0xb0, 0xc7, 0x17, 0x2c, 0x07, 0xd6, 0xc6, 0x5c, 0xa0, 0xdd, 0x99, 0x05, 0x34, 0x46, 0x01, - 0xd0, 0x94, 0x2a, 0xa9, 0x9e, 0xa6, 0xe4, 0x6f, 0x06, 0x34, 0xd3, 0xab, 0xa3, 0xc5, 0x5f, 0x85, - 0xc6, 0x48, 0xcf, 0x85, 0xa6, 0x21, 0x0b, 0x56, 0x3a, 0x91, 0xc7, 0x36, 0xd5, 0x22, 0xb6, 0x59, - 0x85, 0x19, 0x05, 0x3d, 0xf5, 0xc6, 0xf4, 0x28, 0x67, 0xf2, 0x54, 0xc1, 0xe4, 0x75, 0x80, 0x30, - 0xc9, 0x5f, 0xe6, 0x8c, 0x5c, 0xcd, 0xcc, 0x20, 0x0b, 0xe6, 0x55, 0x25, 0xb4, 0x49, 0x18, 0xb9, - 0xdc, 0x9c, 0x95, 0x14, 0xb9, 0x39, 0xcb, 0x87, 0xc5, 0x87, 0x54, 0xec, 0xa1, 0x17, 0x5e, 0x4c, - 0xb0, 0x7f, 0x00, 0x53, 0x42, 0x99, 0xd8, 0xd8, 0x51, 0x80, 0x3d, 0x67, 0x40, 0x62, 0x5f, 0x25, - 0x63, 0x71, 0x8d, 0x39, 0xee, 0x87, 0x66, 0x55, 0xce, 0xcb, 0x6f, 0xeb, 0x4f, 0x55, 0x65, 0xe9, - 0x0e, 0x63, 0xe1, 0x57, 0x0f, 0x7f, 0xcb, 0x0b, 0x72, 0x6d, 0xbc, 0x20, 0x17, 0x4c, 0xfe, 0x32, - 0x05, 0xf9, 0x9c, 0xca, 0x94, 0x15, 0xc1, 0xec, 0x0e, 0x63, 0xc2, 0x10, 0xb4, 0x05, 0x53, 0x98, - 0x31, 0xe5, 0xf0, 0x42, 0x46, 0xd6, 0x24, 0xe2, 0x7f, 0x6d, 0x92, 0x24, 0x6d, 0xdd, 0x86, 0x46, - 0x32, 0xf5, 0x2a, 0xb5, 0x8d, 0xac, 0xda, 0x0d, 0x00, 0x85, 0x38, 0xef, 0x7b, 0x3d, 0x5f, 0x1c, - 0xa9, 0x08, 0x76, 0xcd, 0x2a, 0xbf, 0xad, 0x3b, 0x31, 0x85, 0xb4, 0xed, 0x5d, 0x98, 0xa6, 0x9c, - 0x8c, 0x62, 0xe3, 0x56, 0xb3, 0xc6, 0xa5, 0x82, 0x6c, 0x45, 0x64, 0xfd, 0xbd, 0x0e, 0x57, 0xc4, - 0x89, 0x3d, 0x91, 0xd7, 0x64, 0x87, 0xb1, 0x4f, 0x08, 0xc7, 0xd4, 0x0d, 0xbf, 0x1f, 0x91, 0xe0, - 0xe4, 0x0d, 0x07, 0x46, 0x1f, 0x66, 0xd4, 0x2d, 0xd3, 0xf9, 0xee, 0xdc, 0x9b, 0x0f, 0x2d, 0x3e, - 0xed, 0x38, 0x6a, 0x6f, 0xa6, 0xe3, 0x28, 0xeb, 0x00, 0xa6, 0x2e, 0xa8, 0x03, 0x38, 0xbd, 0x09, - 0xcc, 0xb4, 0x96, 0x33, 0xf9, 0xd6, 0xb2, 0x04, 0x58, 0xcf, 0xbe, 0x2e, 0xb0, 0xae, 0x97, 0x02, - 0xeb, 0x51, 0xe9, 0x3d, 0x6e, 0x48, 0x77, 0x7f, 0x37, 0x1b, 0x81, 0xa7, 0xc6, 0xda, 0x24, 0x10, - 0x1b, 0xde, 0x28, 0xc4, 0xfe, 0x41, 0x0e, 0x32, 0xab, 0xa6, 0xf5, 0xfd, 0xd7, 0xdb, 0xd3, 0xd7, - 0x09, 0x3c, 0xff, 0x46, 0x62, 0x26, 0xe6, 0xa7, 0x3e, 0x48, 0x0a, 0xba, 0xa8, 0x43, 0xa2, 0xb4, - 0xea, 0xa4, 0x25, 0xbe, 0xd1, 0x4d, 0x98, 0x12, 0x4e, 0xd6, 0xa0, 0x76, 0x2d, 0xeb, 0x4f, 0x71, - 0x12, 0x3b, 0x8c, 0x3d, 0x61, 0xc4, 0xb1, 0x25, 0x11, 0xba, 0x03, 0x8d, 0x24, 0xf0, 0xf5, 0xcd, - 0xba, 0x9a, 0xe5, 0x48, 0xee, 0x49, 0xcc, 0x96, 0x92, 0x0b, 0xde, 0x2e, 0x0d, 0x88, 0x23, 0x21, - 0xdf, 0xf4, 0x38, 0xef, 0x27, 0xf1, 0x62, 0xc2, 0x9b, 0x90, 0xa3, 0x2d, 0x98, 0x51, 0x5d, 0xbe, - 0xbc, 0x41, 0x73, 0xdb, 0x57, 0xc6, 0x93, 0x69, 0xcc, 0xa5, 0x09, 0xad, 0xbf, 0x1a, 0xf0, 0x4e, - 0x1a, 0x10, 0xf1, 0x6d, 0x8a, 0x51, 0xf7, 0x57, 0x5f, 0x71, 0xaf, 0xc3, 0x82, 0x84, 0xf9, 0x69, - 0xb3, 0xaf, 0xde, 0x9d, 0x0a, 0xb3, 0xd6, 0x1f, 0x0d, 0xb8, 0x36, 0xbe, 0x8f, 0xdd, 0x01, 0x0e, - 0x78, 0x72, 0xbc, 0x17, 0xb1, 0x97, 0xb8, 0xe0, 0x55, 0xd3, 0x82, 0x97, 0xdb, 0x5f, 0x2d, 0xbf, - 0x3f, 0xeb, 0x2f, 0x55, 0x98, 0xcb, 0x04, 0x50, 0x59, 0xc1, 0x14, 0x80, 0x4f, 0xc6, 0xad, 0x6c, - 0xec, 0x64, 0x51, 0x68, 0xd8, 0x99, 0x19, 0x34, 0x04, 0x60, 0x38, 0xc0, 0x23, 0xc2, 0x49, 0x20, - 0x32, 0xb9, 0xb8, 0xf1, 0x0f, 0x26, 0xcf, 0x2e, 0x87, 0xb1, 0x4c, 0x3b, 0x23, 0x5e, 0x20, 0x56, - 0xa9, 0x3a, 0xd4, 0xf9, 0x5b, 0x8f, 0xd0, 0x2f, 0x60, 0xa1, 0x47, 0x5d, 0x72, 0x98, 0x1a, 0x32, - 0x23, 0x0d, 0x79, 0x3c, 0xb9, 0x21, 0xf7, 0xb2, 0x72, 0xed, 0x82, 0x1a, 0xeb, 0x06, 0x34, 0x8b, - 0xf7, 0x49, 0x18, 0x49, 0x47, 0xb8, 0x9f, 0x78, 0x4b, 0x8f, 0x2c, 0x04, 0xcd, 0xe2, 0xfd, 0xb1, - 0xfe, 0x5d, 0x85, 0x95, 0x44, 0xdc, 0x8e, 0xe7, 0xf9, 0x91, 0xe7, 0xc8, 0x87, 0xb3, 0xd2, 0xb3, - 0x58, 0x86, 0x69, 0x4e, 0xb9, 0x9b, 0x00, 0x1f, 0x39, 0x10, 0xb5, 0x8b, 0xfb, 0xbe, 0xcb, 0x29, - 0xd3, 0x07, 0x1c, 0x0f, 0xd5, 0xd9, 0x3f, 0x8f, 0x68, 0x40, 0xba, 0x32, 0x13, 0xd4, 0xed, 0x64, - 0x2c, 0xd6, 0x04, 0xaa, 0x91, 0x30, 0x5e, 0x39, 0x33, 0x19, 0xcb, 0xb8, 0xf7, 0x5d, 0x97, 0x38, - 0xc2, 0x1d, 0x19, 0xa0, 0x5f, 0x98, 0x95, 0x0d, 0x04, 0x0f, 0xa8, 0xd7, 0xd7, 0x30, 0x5f, 0x8f, - 0x84, 0x9d, 0x38, 0x08, 0xf0, 0x89, 0x59, 0x97, 0x0e, 0x50, 0x03, 0xf4, 0x1d, 0xa8, 0x8d, 0x30, - 0xd3, 0x85, 0xee, 0x46, 0x2e, 0x3b, 0x94, 0x79, 0xa0, 0x7d, 0x80, 0x99, 0xaa, 0x04, 0x82, 0xad, - 0xf5, 0x01, 0xd4, 0xe3, 0x89, 0x2f, 0x05, 0x09, 0x3f, 0x87, 0x4b, 0xb9, 0xe4, 0x83, 0x3e, 0x83, - 0xd5, 0x34, 0xa2, 0xb2, 0x0a, 0x35, 0x08, 0x7c, 0xe7, 0x95, 0x96, 0xd9, 0xa7, 0x08, 0xb0, 0x9e, - 0xc3, 0x92, 0x08, 0x19, 0x79, 0xf1, 0x2f, 0xa8, 0xb5, 0xf9, 0x10, 0x1a, 0x89, 0xca, 0xd2, 0x98, - 0x69, 0x41, 0xfd, 0x38, 0x7e, 0xd0, 0x54, 0xbd, 0x4d, 0x32, 0xb6, 0x76, 0x00, 0x65, 0xed, 0xd5, - 0x15, 0xe8, 0x66, 0x1e, 0x14, 0xaf, 0x14, 0xcb, 0x8d, 0x24, 0x8f, 0x31, 0xf1, 0x3f, 0x0d, 0x58, - 0xdc, 0xa3, 0xf2, 0x95, 0xe3, 0x82, 0x92, 0xdc, 0x0d, 0x68, 0x86, 0xd1, 0xd1, 0xc8, 0xef, 0x46, - 0x2e, 0xd1, 0xa0, 0x40, 0x57, 0xfa, 0xb1, 0xf9, 0xb3, 0x92, 0x9f, 0x70, 0x16, 0xc3, 0x7c, 0xa0, - 0x3b, 0x5c, 0xf9, 0x6d, 0xfd, 0xda, 0x80, 0x66, 0xba, 0x1b, 0xed, 0x8f, 0xdb, 0x2a, 0x6e, 0x95, - 0x37, 0xae, 0x65, 0xbd, 0x51, 0x24, 0xfd, 0xdf, 0x43, 0x76, 0x3e, 0x1b, 0xb2, 0x7f, 0x36, 0x60, - 0x65, 0x8f, 0xf2, 0x38, 0x59, 0xd0, 0xff, 0x33, 0xcf, 0x5a, 0x6d, 0x58, 0x2d, 0x9a, 0xaf, 0x5d, - 0xb9, 0x0c, 0xd3, 0xc2, 0xcf, 0x71, 0xf7, 0xad, 0x06, 0xdb, 0x5f, 0x34, 0x60, 0x29, 0x2d, 0x9f, - 0xe2, 0x5f, 0xea, 0x10, 0xf4, 0x18, 0x9a, 0x7b, 0xfa, 0xb7, 0xaa, 0xf8, 0xd5, 0x03, 0x9d, 0xf5, - 0x8c, 0xd8, 0xba, 0x5a, 0xbe, 0xa8, 0x54, 0x5b, 0x15, 0xe4, 0xc0, 0x95, 0xa2, 0xc0, 0xf4, 0xc5, - 0xf2, 0x9b, 0x67, 0x48, 0x4e, 0xa8, 0x5e, 0xa5, 0x62, 0xd3, 0x40, 0x9f, 0xc1, 0x42, 0xfe, 0x5d, - 0x0d, 0xe5, 0xf2, 0x49, 0xe9, 0x53, 0x5f, 0xcb, 0x3a, 0x8b, 0x24, 0xb1, 0xff, 0x99, 0x00, 0xaf, - 0xb9, 0x47, 0x26, 0x64, 0xe5, 0xa1, 0x75, 0xd9, 0x23, 0x5c, 0xeb, 0x1b, 0x67, 0xd2, 0x24, 0xd2, - 0x3f, 0x84, 0x7a, 0xfc, 0x28, 0x93, 0x77, 0x73, 0xe1, 0xa9, 0xa6, 0xd5, 0xcc, 0xcb, 0xeb, 0x85, - 0x56, 0x05, 0x7d, 0xa4, 0x98, 0x45, 0xd3, 0x3e, 0xce, 0x9c, 0x79, 0x8a, 0x68, 0x5d, 0x2e, 0x69, - 0xff, 0xad, 0x0a, 0xfa, 0x1e, 0xcc, 0x89, 0xaf, 0x43, 0xfd, 0x2b, 0xd1, 0x6a, 0x5b, 0xfd, 0x28, - 0xd9, 0x8e, 0x7f, 0x94, 0x6c, 0xdf, 0x1d, 0x31, 0x7e, 0xd2, 0x2a, 0xe9, 0xcf, 0xb5, 0x80, 0x67, - 0x70, 0x69, 0x8f, 0xf0, 0x14, 0x4e, 0xa3, 0x6b, 0xaf, 0xd5, 0x74, 0xb4, 0xac, 0x22, 0xd9, 0x38, - 0x22, 0xb7, 0x2a, 0xe8, 0x77, 0x06, 0x5c, 0xde, 0x23, 0xbc, 0x08, 0x50, 0xd1, 0x7b, 0xe5, 0x4a, - 0x4e, 0x01, 0xb2, 0xad, 0x47, 0x93, 0xde, 0xd7, 0xbc, 0x58, 0xab, 0x82, 0xfe, 0x60, 0xc0, 0x5a, - 0xc6, 0xb0, 0x2c, 0xe2, 0x44, 0x5b, 0x67, 0x1b, 0x57, 0x82, 0x4e, 0x5b, 0x9f, 0x4e, 0xf8, 0xe3, - 0x5f, 0x46, 0xa4, 0x55, 0x41, 0x87, 0xf2, 0x4c, 0xd2, 0x02, 0x83, 0xde, 0x2e, 0xad, 0x24, 0x89, - 0xf6, 0xf5, 0xd3, 0x96, 0x93, 0x73, 0xf8, 0x14, 0xe6, 0xf6, 0x08, 0x8f, 0xb3, 0x6e, 0x3e, 0xd2, - 0x0a, 0x45, 0x28, 0x7f, 0x55, 0x8b, 0x89, 0x5a, 0x46, 0xcc, 0x92, 0x92, 0x95, 0xc9, 0x53, 0xf9, - 0xbb, 0x5a, 0x9a, 0x82, 0xf3, 0x11, 0x53, 0x9e, 0xe6, 0xac, 0xca, 0xc7, 0x3b, 0xff, 0x78, 0xb9, - 0x6e, 0x7c, 0xf1, 0x72, 0xdd, 0xf8, 0xcf, 0xcb, 0x75, 0xe3, 0xc7, 0xb7, 0x5e, 0xf1, 0x8b, 0x7d, - 0xe6, 0x8f, 0x00, 0x30, 0xa3, 0x8e, 0x4b, 0x89, 0xc7, 0x8f, 0x66, 0x64, 0xf0, 0xdf, 0xfa, 0x6f, - 0x00, 0x00, 0x00, 0xff, 0xff, 0xfb, 0xa8, 0x48, 0x92, 0x23, 0x20, 0x00, 0x00, + // 2114 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5b, 0x6f, 0x1b, 0xc7, + 0x15, 0xe6, 0x92, 0xba, 0x90, 0x47, 0xb2, 0x44, 0x8d, 0x75, 0x59, 0x31, 0x8e, 0xa0, 0x6c, 0x6b, + 0x43, 0xb5, 0x13, 0x12, 0x92, 0x91, 0xb8, 0x70, 0xd2, 0x14, 0x8a, 0x62, 0x4b, 0x8e, 0x2d, 0x5b, + 0x5d, 0xbb, 0x2d, 0xd2, 0xba, 0x2d, 0x86, 0xcb, 0x21, 0xb9, 0xe1, 0x5e, 0xc6, 0xbb, 0xb3, 0x0a, + 0x64, 0xa0, 0x0f, 0x45, 0x8b, 0x02, 0xfd, 0x03, 0x7d, 0xe8, 0xff, 0x28, 0xfa, 0x54, 0xf4, 0xa9, + 0x97, 0xc7, 0xa0, 0x7f, 0xa0, 0x85, 0x1f, 0xfb, 0x2b, 0x8a, 0xb9, 0xec, 0x95, 0x2b, 0xd9, 0x29, + 0x65, 0x19, 0xcd, 0x8b, 0xbd, 0x73, 0xe6, 0xcc, 0x39, 0x67, 0xce, 0x9c, 0xcb, 0x37, 0x43, 0xc1, + 0xb5, 0x80, 0x50, 0x3f, 0x24, 0xc1, 0x31, 0x09, 0x3a, 0xe2, 0xd3, 0x66, 0x7e, 0x70, 0x92, 0xf9, + 0x6c, 0xd3, 0xc0, 0x67, 0x3e, 0x82, 0x94, 0xd2, 0x7a, 0x30, 0xb0, 0xd9, 0x30, 0xea, 0xb6, 0x2d, + 0xdf, 0xed, 0xe0, 0x60, 0xe0, 0xd3, 0xc0, 0xff, 0x42, 0x7c, 0xbc, 0x67, 0xf5, 0x3a, 0xc7, 0x3b, + 0x1d, 0x3a, 0x1a, 0x74, 0x30, 0xb5, 0xc3, 0x0e, 0xa6, 0xd4, 0xb1, 0x2d, 0xcc, 0x6c, 0xdf, 0xeb, + 0x1c, 0x6f, 0x63, 0x87, 0x0e, 0xf1, 0x76, 0x67, 0x40, 0x3c, 0x12, 0x60, 0x46, 0x7a, 0x52, 0x72, + 0xeb, 0xad, 0x81, 0xef, 0x0f, 0x1c, 0xd2, 0x11, 0xa3, 0x6e, 0xd4, 0xef, 0x10, 0x97, 0x32, 0xa5, + 0xd6, 0xf8, 0xcf, 0x3c, 0x2c, 0x1e, 0x62, 0xcf, 0xee, 0x93, 0x90, 0x99, 0xe4, 0x59, 0x44, 0x42, + 0x86, 0x9e, 0xc2, 0x14, 0x37, 0x46, 0xd7, 0x36, 0xb5, 0xad, 0xb9, 0x9d, 0x83, 0x76, 0x6a, 0x4d, + 0x3b, 0xb6, 0x46, 0x7c, 0xfc, 0xc2, 0xea, 0xb5, 0x8f, 0x77, 0xda, 0x74, 0x34, 0x68, 0x73, 0x6b, + 0xda, 0x19, 0x6b, 0xda, 0xb1, 0x35, 0x6d, 0x33, 0xd9, 0x96, 0x29, 0xa4, 0xa2, 0x16, 0xd4, 0x03, + 0x72, 0x6c, 0x87, 0xb6, 0xef, 0xe9, 0xd5, 0x4d, 0x6d, 0xab, 0x61, 0x26, 0x63, 0xa4, 0xc3, 0xac, + 0xe7, 0xef, 0x61, 0x6b, 0x48, 0xf4, 0xda, 0xa6, 0xb6, 0x55, 0x37, 0xe3, 0x21, 0xda, 0x84, 0x39, + 0x4c, 0xe9, 0x03, 0xdc, 0x25, 0xce, 0x7d, 0x72, 0xa2, 0x4f, 0x89, 0x85, 0x59, 0x12, 0x5f, 0x8b, + 0x29, 0x7d, 0x88, 0x5d, 0xa2, 0x4f, 0x8b, 0xd9, 0x78, 0x88, 0xae, 0x40, 0xc3, 0xc3, 0x2e, 0x09, + 0x29, 0xb6, 0x88, 0x5e, 0x17, 0x73, 0x29, 0x01, 0xfd, 0x12, 0x96, 0x32, 0x86, 0x3f, 0xf6, 0xa3, + 0xc0, 0x22, 0x3a, 0x88, 0xad, 0x3f, 0x9a, 0x6c, 0xeb, 0xbb, 0x45, 0xb1, 0xe6, 0xb8, 0x26, 0xf4, + 0x73, 0x98, 0x16, 0x27, 0xaf, 0xcf, 0x6d, 0xd6, 0xce, 0xd5, 0xdb, 0x52, 0x2c, 0xf2, 0x60, 0x96, + 0x3a, 0xd1, 0xc0, 0xf6, 0x42, 0x7d, 0x5e, 0x68, 0x78, 0x32, 0x99, 0x86, 0x3d, 0xdf, 0xeb, 0xdb, + 0x83, 0x43, 0xec, 0xe1, 0x01, 0x71, 0x89, 0xc7, 0x8e, 0x84, 0x70, 0x33, 0x56, 0x82, 0x9e, 0x43, + 0x73, 0x14, 0x85, 0xcc, 0x77, 0xed, 0xe7, 0xe4, 0x11, 0xe5, 0x6b, 0x43, 0xfd, 0x92, 0xf0, 0xe6, + 0xc3, 0xc9, 0x14, 0xdf, 0x2f, 0x48, 0x35, 0xc7, 0xf4, 0xf0, 0x20, 0x19, 0x45, 0x5d, 0xf2, 0x23, + 0x12, 0x88, 0xe8, 0x5a, 0x90, 0x41, 0x92, 0x21, 0xc9, 0x30, 0xb2, 0xd5, 0x28, 0xd4, 0x17, 0x37, + 0x6b, 0x32, 0x8c, 0x12, 0x12, 0xda, 0x82, 0xc5, 0x63, 0x12, 0xd8, 0xfd, 0x93, 0xc7, 0xf6, 0xc0, + 0xc3, 0x2c, 0x0a, 0x88, 0xde, 0x14, 0xa1, 0x58, 0x24, 0x23, 0x17, 0x2e, 0x0d, 0x89, 0xe3, 0x72, + 0x97, 0xef, 0x05, 0xa4, 0x17, 0xea, 0x4b, 0xc2, 0xbf, 0xfb, 0x93, 0x9f, 0xa0, 0x10, 0x67, 0xe6, + 0xa5, 0x73, 0xc3, 0x3c, 0xdf, 0x54, 0x99, 0x22, 0x73, 0x04, 0x49, 0xc3, 0x0a, 0x64, 0x74, 0x0d, + 0x16, 0x58, 0x80, 0xad, 0x91, 0xed, 0x0d, 0x0e, 0x09, 0x1b, 0xfa, 0x3d, 0xfd, 0xb2, 0xf0, 0x44, + 0x81, 0x8a, 0x2c, 0x40, 0xc4, 0xc3, 0x5d, 0x87, 0xf4, 0x64, 0x2c, 0x3e, 0x39, 0xa1, 0x24, 0xd4, + 0x97, 0xc5, 0x2e, 0x6e, 0xb6, 0x33, 0x15, 0xaa, 0x50, 0x20, 0xda, 0x77, 0xc6, 0x56, 0xdd, 0xf1, + 0x58, 0x70, 0x62, 0x96, 0x88, 0x43, 0x23, 0x98, 0xe3, 0xfb, 0x88, 0x43, 0x61, 0x45, 0x84, 0xc2, + 0xbd, 0xc9, 0x7c, 0x74, 0x90, 0x0a, 0x34, 0xb3, 0xd2, 0x51, 0x1b, 0xd0, 0x10, 0x87, 0x87, 0x91, + 0xc3, 0x6c, 0xea, 0x10, 0x69, 0x46, 0xa8, 0xaf, 0x0a, 0x37, 0x95, 0xcc, 0xa0, 0xfb, 0x00, 0x01, + 0xe9, 0xc7, 0x7c, 0x6b, 0x62, 0xe7, 0x37, 0xce, 0xda, 0xb9, 0x99, 0x70, 0xcb, 0x1d, 0x67, 0x96, + 0x73, 0xe5, 0x7c, 0x1b, 0xc4, 0x62, 0x2a, 0xdb, 0x45, 0x5a, 0xeb, 0x22, 0xc4, 0x4a, 0x66, 0x78, + 0x2c, 0x2a, 0xaa, 0x28, 0x5a, 0xeb, 0x32, 0x5a, 0x33, 0xa4, 0xd6, 0x1d, 0x58, 0x3b, 0xc5, 0xd5, + 0xa8, 0x09, 0xb5, 0x11, 0x39, 0x11, 0x25, 0xba, 0x61, 0xf2, 0x4f, 0xb4, 0x0c, 0xd3, 0xc7, 0xd8, + 0x89, 0x88, 0x28, 0xaa, 0x75, 0x53, 0x0e, 0x6e, 0x57, 0xbf, 0xab, 0xb5, 0x7e, 0xab, 0xc1, 0x62, + 0xc1, 0xf0, 0x92, 0xf5, 0x3f, 0xcb, 0xae, 0x3f, 0x87, 0x30, 0xee, 0x3f, 0xc1, 0xc1, 0x80, 0xb0, + 0x8c, 0x21, 0xc6, 0x3f, 0x35, 0xd0, 0x0b, 0x1e, 0xfd, 0xb1, 0xcd, 0x86, 0x77, 0x6d, 0x87, 0x84, + 0xe8, 0x16, 0xcc, 0x06, 0x92, 0xa6, 0x1a, 0xcf, 0x5b, 0x67, 0x1c, 0xc4, 0x41, 0xc5, 0x8c, 0xb9, + 0xd1, 0xc7, 0x50, 0x77, 0x09, 0xc3, 0x3d, 0xcc, 0xb0, 0xb2, 0x7d, 0xb3, 0x6c, 0x25, 0xd7, 0x72, + 0xa8, 0xf8, 0x0e, 0x2a, 0x66, 0xb2, 0x06, 0xbd, 0x0f, 0xd3, 0xd6, 0x30, 0xf2, 0x46, 0xa2, 0xe5, + 0xcc, 0xed, 0xbc, 0x7d, 0xda, 0xe2, 0x3d, 0xce, 0x74, 0x50, 0x31, 0x25, 0xf7, 0x27, 0x33, 0x30, + 0x45, 0x71, 0xc0, 0x8c, 0xbb, 0xb0, 0x5c, 0xa6, 0x82, 0xf7, 0x39, 0x6b, 0x48, 0xac, 0x51, 0x18, + 0xb9, 0xca, 0xcd, 0xc9, 0x18, 0x21, 0x98, 0x0a, 0xed, 0xe7, 0xd2, 0xd5, 0x35, 0x53, 0x7c, 0x1b, + 0xdf, 0x81, 0xa5, 0x31, 0x6d, 0xfc, 0x50, 0xa5, 0x6d, 0x5c, 0xc2, 0xbc, 0x52, 0x6d, 0x44, 0xb0, + 0xf2, 0x44, 0xf8, 0x22, 0x29, 0xf6, 0x17, 0xd1, 0xb9, 0x8d, 0x03, 0x58, 0x2d, 0xaa, 0x0d, 0xa9, + 0xef, 0x85, 0x84, 0x87, 0xbe, 0xa8, 0x8e, 0x36, 0xe9, 0xa5, 0xb3, 0xc2, 0x8a, 0xba, 0x59, 0x32, + 0x63, 0xfc, 0xaa, 0x0a, 0xab, 0x26, 0x09, 0x7d, 0xe7, 0x98, 0xc4, 0xa5, 0xeb, 0x62, 0xc0, 0xc7, + 0x4f, 0xa1, 0x86, 0x29, 0x55, 0x61, 0x72, 0xef, 0xdc, 0xda, 0xbb, 0xc9, 0xa5, 0xa2, 0x77, 0x61, + 0x09, 0xbb, 0x5d, 0x7b, 0x10, 0xf9, 0x51, 0x18, 0x6f, 0x4b, 0x04, 0x55, 0xc3, 0x1c, 0x9f, 0x30, + 0x2c, 0x58, 0x1b, 0x73, 0x81, 0x72, 0x67, 0x16, 0x22, 0x69, 0x05, 0x88, 0x54, 0xaa, 0xa4, 0x7a, + 0x9a, 0x92, 0xbf, 0x69, 0xd0, 0x4c, 0x53, 0x47, 0x89, 0xbf, 0x02, 0x0d, 0x57, 0xd1, 0x42, 0x5d, + 0x13, 0xf5, 0x29, 0x25, 0xe4, 0xd1, 0x52, 0xb5, 0x88, 0x96, 0x56, 0x61, 0x46, 0x82, 0x59, 0xb5, + 0x31, 0x35, 0xca, 0x99, 0x3c, 0x55, 0x30, 0x79, 0x03, 0x20, 0x4c, 0xea, 0x97, 0x3e, 0x23, 0x66, + 0x33, 0x14, 0x64, 0xc0, 0xbc, 0xec, 0xad, 0x26, 0x09, 0x23, 0x87, 0xe9, 0xb3, 0x82, 0x23, 0x47, + 0x33, 0x7c, 0x58, 0x7c, 0x60, 0xf3, 0x3d, 0xf4, 0xc3, 0x8b, 0x09, 0xf6, 0x0f, 0x60, 0x8a, 0x2b, + 0xe3, 0x1b, 0xeb, 0x06, 0xd8, 0xb3, 0x86, 0x24, 0xf6, 0x55, 0x32, 0xe6, 0x69, 0xcc, 0xf0, 0x20, + 0xd4, 0xab, 0x82, 0x2e, 0xbe, 0x8d, 0x3f, 0x55, 0xa5, 0xa5, 0xbb, 0x94, 0x86, 0x6f, 0x1e, 0x50, + 0x97, 0xb7, 0xf8, 0xda, 0x78, 0x8b, 0x2f, 0x98, 0xfc, 0x75, 0x5a, 0xfc, 0x39, 0xb5, 0x29, 0x23, + 0x82, 0xd9, 0x5d, 0x4a, 0xb9, 0x21, 0x68, 0x1b, 0xa6, 0x30, 0xa5, 0xd2, 0xe1, 0x85, 0x8a, 0xac, + 0x58, 0xf8, 0xff, 0xca, 0x24, 0xc1, 0xda, 0xba, 0x05, 0x8d, 0x84, 0xf4, 0x32, 0xb5, 0x8d, 0xac, + 0xda, 0x4d, 0x00, 0x89, 0x61, 0xef, 0x79, 0x7d, 0x9f, 0x1f, 0x29, 0x0f, 0x76, 0xb5, 0x54, 0x7c, + 0x1b, 0xb7, 0x63, 0x0e, 0x61, 0xdb, 0xbb, 0x30, 0x6d, 0x33, 0xe2, 0xc6, 0xc6, 0xad, 0x66, 0x8d, + 0x4b, 0x05, 0x99, 0x92, 0xc9, 0xf8, 0x7b, 0x1d, 0xd6, 0xf9, 0x89, 0x3d, 0x16, 0x69, 0xb2, 0x4b, + 0xe9, 0xa7, 0x84, 0x61, 0xdb, 0x09, 0x7f, 0x10, 0x91, 0xe0, 0xe4, 0x35, 0x07, 0xc6, 0x00, 0x66, + 0x64, 0x96, 0xa9, 0x7a, 0x77, 0xee, 0xd7, 0x19, 0x25, 0x3e, 0xbd, 0xc3, 0xd4, 0x5e, 0xcf, 0x1d, + 0xa6, 0xec, 0x4e, 0x31, 0x75, 0x41, 0x77, 0x8a, 0xd3, 0xaf, 0x95, 0x99, 0xcb, 0xea, 0x4c, 0xfe, + 0xb2, 0x5a, 0x02, 0xd5, 0x67, 0x5f, 0x15, 0xaa, 0xd7, 0x4b, 0xa1, 0xba, 0x5b, 0x9a, 0xc7, 0x0d, + 0xe1, 0xee, 0xef, 0x65, 0x23, 0xf0, 0xd4, 0x58, 0x9b, 0x04, 0xb4, 0xc3, 0x6b, 0x05, 0xed, 0x3f, + 0xcc, 0x81, 0x70, 0x79, 0x0d, 0x7e, 0xff, 0xd5, 0xf6, 0x74, 0x06, 0x1c, 0xff, 0xc6, 0x81, 0xe7, + 0xdf, 0x08, 0xcc, 0x44, 0xfd, 0xd4, 0x07, 0x49, 0x43, 0xe7, 0x7d, 0x88, 0xb7, 0x56, 0x55, 0xb4, + 0xf8, 0x37, 0xba, 0x01, 0x53, 0xdc, 0xc9, 0x0a, 0xd4, 0xae, 0x65, 0xfd, 0xc9, 0x4f, 0x62, 0x97, + 0xd2, 0xc7, 0x94, 0x58, 0xa6, 0x60, 0x42, 0xb7, 0xa1, 0x91, 0x04, 0xbe, 0xca, 0xac, 0x2b, 0xd9, + 0x15, 0x49, 0x9e, 0xc4, 0xcb, 0x52, 0x76, 0xbe, 0xb6, 0x67, 0x07, 0xc4, 0x12, 0x90, 0x6f, 0x7a, + 0x7c, 0xed, 0xa7, 0xf1, 0x64, 0xb2, 0x36, 0x61, 0x47, 0xdb, 0x30, 0x23, 0xdf, 0x0d, 0x44, 0x06, + 0xcd, 0xed, 0xac, 0x8f, 0x17, 0xd3, 0x78, 0x95, 0x62, 0x34, 0xfe, 0xaa, 0xc1, 0x3b, 0x69, 0x40, + 0xc4, 0xd9, 0x14, 0xa3, 0xee, 0x37, 0xdf, 0x71, 0xaf, 0xc1, 0x82, 0x80, 0xf9, 0xe9, 0xf3, 0x81, + 0x7c, 0xc9, 0x2a, 0x50, 0x8d, 0x3f, 0x6a, 0x70, 0x75, 0x7c, 0x1f, 0x7b, 0x43, 0x1c, 0xb0, 0xe4, + 0x78, 0x2f, 0x62, 0x2f, 0x71, 0xc3, 0xab, 0xa6, 0x0d, 0x2f, 0xb7, 0xbf, 0x5a, 0x7e, 0x7f, 0xc6, + 0x5f, 0xaa, 0x30, 0x97, 0x09, 0xa0, 0xb2, 0x86, 0xc9, 0x01, 0x9f, 0x88, 0x5b, 0x71, 0xb1, 0x13, + 0x4d, 0xa1, 0x61, 0x66, 0x28, 0x68, 0x04, 0x40, 0x71, 0x80, 0x5d, 0xc2, 0x48, 0xc0, 0x2b, 0x39, + 0xcf, 0xf8, 0xfb, 0x93, 0x57, 0x97, 0xa3, 0x58, 0xa6, 0x99, 0x11, 0xcf, 0x11, 0xab, 0x50, 0x1d, + 0xaa, 0xfa, 0xad, 0x46, 0xe8, 0x4b, 0x58, 0xe8, 0xdb, 0x0e, 0x39, 0x4a, 0x0d, 0x99, 0x11, 0x86, + 0x3c, 0x9a, 0xdc, 0x90, 0xbb, 0x59, 0xb9, 0x66, 0x41, 0x8d, 0x71, 0x1d, 0x9a, 0xc5, 0x7c, 0xe2, + 0x46, 0xda, 0x2e, 0x1e, 0x24, 0xde, 0x52, 0x23, 0x03, 0x41, 0xb3, 0x98, 0x3f, 0xc6, 0xbf, 0xaa, + 0xb0, 0x92, 0x88, 0xdb, 0xf5, 0x3c, 0x3f, 0xf2, 0x2c, 0xf1, 0x14, 0x57, 0x7a, 0x16, 0xcb, 0x30, + 0xcd, 0x6c, 0xe6, 0x24, 0xc0, 0x47, 0x0c, 0x78, 0xef, 0x62, 0xbe, 0xef, 0x30, 0x9b, 0xaa, 0x03, + 0x8e, 0x87, 0xf2, 0xec, 0x9f, 0x45, 0x76, 0x40, 0x7a, 0xa2, 0x12, 0xd4, 0xcd, 0x64, 0xcc, 0xe7, + 0x38, 0xaa, 0x11, 0x30, 0x5e, 0x3a, 0x33, 0x19, 0x8b, 0xb8, 0xf7, 0x1d, 0x87, 0x58, 0xdc, 0x1d, + 0x19, 0xa0, 0x5f, 0xa0, 0x8a, 0x0b, 0x04, 0x0b, 0x6c, 0x6f, 0xa0, 0x60, 0xbe, 0x1a, 0x71, 0x3b, + 0x71, 0x10, 0xe0, 0x13, 0xbd, 0x2e, 0x1c, 0x20, 0x07, 0xe8, 0x23, 0xa8, 0xb9, 0x98, 0xaa, 0x46, + 0x77, 0x3d, 0x57, 0x1d, 0xca, 0x3c, 0xd0, 0x3e, 0xc4, 0x54, 0x76, 0x02, 0xbe, 0xac, 0xf5, 0x01, + 0xd4, 0x63, 0xc2, 0xd7, 0x82, 0x84, 0x5f, 0xc0, 0xa5, 0x5c, 0xf1, 0x41, 0x9f, 0xc3, 0x6a, 0x1a, + 0x51, 0x59, 0x85, 0x0a, 0x04, 0xbe, 0xf3, 0x52, 0xcb, 0xcc, 0x53, 0x04, 0x18, 0xcf, 0x60, 0x89, + 0x87, 0x8c, 0x48, 0xfc, 0x0b, 0xba, 0xda, 0x7c, 0x08, 0x8d, 0x44, 0x65, 0x69, 0xcc, 0xb4, 0xa0, + 0x7e, 0x1c, 0x3f, 0x91, 0xca, 0xbb, 0x4d, 0x32, 0x36, 0x76, 0x01, 0x65, 0xed, 0x55, 0x1d, 0xe8, + 0x46, 0x1e, 0x14, 0xaf, 0x14, 0xdb, 0x8d, 0x60, 0x8f, 0x31, 0xf1, 0xef, 0xaa, 0xb0, 0xb8, 0x6f, + 0x8b, 0x57, 0x8e, 0x0b, 0x2a, 0x72, 0xd7, 0xa1, 0x19, 0x46, 0x5d, 0xd7, 0xef, 0x45, 0x0e, 0x51, + 0xa0, 0x40, 0x75, 0xfa, 0x31, 0xfa, 0x59, 0xc5, 0x8f, 0x3b, 0x8b, 0x62, 0x36, 0x54, 0x37, 0x5c, + 0xf1, 0x8d, 0x3e, 0x82, 0xf5, 0x87, 0xe4, 0x4b, 0xb5, 0x9f, 0x7d, 0xc7, 0xef, 0x76, 0x6d, 0x6f, + 0x10, 0x2b, 0x99, 0x16, 0x4a, 0x4e, 0x67, 0x30, 0x7e, 0xad, 0x41, 0x33, 0xf5, 0x85, 0xf2, 0xe6, + 0x2d, 0x19, 0xf5, 0xd2, 0x97, 0x57, 0xb3, 0xbe, 0x2c, 0xb2, 0xfe, 0xef, 0x01, 0x3f, 0x9f, 0x0d, + 0xf8, 0x3f, 0x6b, 0xb0, 0xb2, 0x6f, 0xb3, 0xb8, 0xd4, 0xd8, 0xff, 0x67, 0xe7, 0x62, 0xb4, 0x61, + 0xb5, 0x68, 0xbe, 0x72, 0xe5, 0x32, 0x4c, 0xf3, 0x53, 0x8a, 0xef, 0xee, 0x72, 0xb0, 0xf3, 0x55, + 0x03, 0x96, 0xd2, 0xe6, 0xcb, 0xff, 0xb5, 0x2d, 0x82, 0x1e, 0x41, 0x73, 0x5f, 0xfd, 0x76, 0x16, + 0xbf, 0x99, 0xa0, 0xb3, 0x1e, 0x21, 0x5b, 0x57, 0xca, 0x27, 0xa5, 0x6a, 0xa3, 0x82, 0x2c, 0x58, + 0x2f, 0x0a, 0x4c, 0xdf, 0x3b, 0xbf, 0x7d, 0x86, 0xe4, 0x84, 0xeb, 0x65, 0x2a, 0xb6, 0x34, 0xf4, + 0x39, 0x2c, 0xe4, 0x5f, 0xe5, 0x50, 0xae, 0x1a, 0x95, 0x3e, 0x14, 0xb6, 0x8c, 0xb3, 0x58, 0x12, + 0xfb, 0x9f, 0x72, 0xe8, 0x9b, 0x7b, 0xa2, 0x42, 0x46, 0x1e, 0x98, 0x97, 0x3d, 0xe1, 0xb5, 0xbe, + 0x75, 0x26, 0x4f, 0x22, 0xfd, 0x43, 0xa8, 0xc7, 0x4f, 0x3a, 0x79, 0x37, 0x17, 0x1e, 0x7a, 0x5a, + 0xcd, 0xbc, 0xbc, 0x7e, 0x68, 0x54, 0xd0, 0xc7, 0x72, 0x31, 0xbf, 0xf2, 0x8f, 0x2f, 0xce, 0x3c, + 0x64, 0xb4, 0x2e, 0x97, 0x3c, 0x1e, 0x18, 0x15, 0xf4, 0x7d, 0x98, 0xe3, 0x5f, 0x47, 0xea, 0x57, + 0xab, 0xd5, 0xb6, 0xfc, 0x91, 0xb4, 0x1d, 0xff, 0x48, 0xda, 0xbe, 0xe3, 0x52, 0x76, 0xd2, 0x2a, + 0xb9, 0xdd, 0x2b, 0x01, 0x4f, 0xe1, 0xd2, 0x3e, 0x61, 0x29, 0x18, 0x47, 0x57, 0x5f, 0xe9, 0xca, + 0xd2, 0x32, 0x8a, 0x6c, 0xe3, 0x78, 0xde, 0xa8, 0xa0, 0xdf, 0x6b, 0x70, 0x79, 0x9f, 0xb0, 0x22, + 0xbc, 0x45, 0xef, 0x95, 0x2b, 0x39, 0x05, 0x06, 0xb7, 0x1e, 0x4e, 0x9a, 0xaf, 0x79, 0xb1, 0x46, + 0x05, 0xfd, 0x41, 0x83, 0xb5, 0x8c, 0x61, 0x59, 0xbc, 0x8a, 0xb6, 0xcf, 0x36, 0xae, 0x04, 0xdb, + 0xb6, 0x3e, 0x9b, 0xf0, 0xc7, 0xc8, 0x8c, 0x48, 0xa3, 0x82, 0x8e, 0xc4, 0x99, 0xa4, 0xed, 0x09, + 0xbd, 0x5d, 0xda, 0x87, 0x12, 0xed, 0x1b, 0xa7, 0x4d, 0x27, 0xe7, 0xf0, 0x19, 0xcc, 0xed, 0x13, + 0x16, 0x57, 0xdd, 0x7c, 0xa4, 0x15, 0x5a, 0x58, 0x3e, 0x55, 0x8b, 0x85, 0x5a, 0x44, 0xcc, 0x92, + 0x94, 0x95, 0xa9, 0x53, 0xf9, 0x5c, 0x2d, 0x2d, 0xc1, 0xf9, 0x88, 0x29, 0x2f, 0x73, 0x46, 0xe5, + 0x93, 0xdd, 0x7f, 0xbc, 0xd8, 0xd0, 0xbe, 0x7a, 0xb1, 0xa1, 0xfd, 0xfb, 0xc5, 0x86, 0xf6, 0x93, + 0x9b, 0x2f, 0xf9, 0x0b, 0x82, 0xcc, 0x1f, 0x25, 0x60, 0x6a, 0x5b, 0x8e, 0x4d, 0x3c, 0xd6, 0x9d, + 0x11, 0xc1, 0x7f, 0xf3, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf8, 0x86, 0xe4, 0x0d, 0xb3, 0x20, + 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2891,6 +2922,26 @@ func (m *ManifestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ProjectName) > 0 { + i -= len(m.ProjectName) + copy(dAtA[i:], m.ProjectName) + i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectName))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xca + } + if len(m.ProjectSourceRepos) > 0 { + for iNdEx := len(m.ProjectSourceRepos) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.ProjectSourceRepos[iNdEx]) + copy(dAtA[i:], m.ProjectSourceRepos[iNdEx]) + i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectSourceRepos[iNdEx]))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xc2 + } + } if len(m.RefSources) > 0 { for k := range m.RefSources { v := m.RefSources[k] @@ -4628,6 +4679,16 @@ func (m *GitFilesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.NewGitFileGlobbingEnabled { + i-- + if m.NewGitFileGlobbingEnabled { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x28 + } if len(m.Path) > 0 { i -= len(m.Path) copy(dAtA[i:], m.Path) @@ -4921,6 +4982,16 @@ func (m *ManifestRequest) Size() (n int) { n += mapEntrySize + 2 + sovRepository(uint64(mapEntrySize)) } } + if len(m.ProjectSourceRepos) > 0 { + for _, s := range m.ProjectSourceRepos { + l = len(s) + n += 2 + l + sovRepository(uint64(l)) + } + } + l = len(m.ProjectName) + if l > 0 { + n += 2 + l + sovRepository(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -5612,6 +5683,9 @@ func (m *GitFilesRequest) Size() (n int) { if l > 0 { n += 1 + l + sovRepository(uint64(l)) } + if m.NewGitFileGlobbingEnabled { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6512,6 +6586,70 @@ func (m *ManifestRequest) Unmarshal(dAtA []byte) error { } m.RefSources[mapkey] = mapvalue iNdEx = postIndex + case 24: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ProjectSourceRepos", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ProjectSourceRepos = append(m.ProjectSourceRepos, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 25: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ProjectName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ProjectName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) @@ -10716,6 +10854,26 @@ func (m *GitFilesRequest) Unmarshal(dAtA []byte) error { } m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field NewGitFileGlobbingEnabled", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.NewGitFileGlobbingEnabled = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/gpgwatcher.go b/reposerver/gpgwatcher.go index bf2387a7e38b2..9c2c9be790813 100644 --- a/reposerver/gpgwatcher.go +++ b/reposerver/gpgwatcher.go @@ -21,7 +21,11 @@ func StartGPGWatcher(sourcePath string) error { if err != nil { return err } - defer watcher.Close() + defer func(watcher *fsnotify.Watcher) { + if err = watcher.Close(); err != nil { + log.Errorf("Error closing watcher: %v", err) + } + }(watcher) done := make(chan bool) go func() { diff --git a/reposerver/repository/chart.go b/reposerver/repository/chart.go index 819cc498c2255..f4bcf48fba569 100644 --- a/reposerver/repository/chart.go +++ b/reposerver/repository/chart.go @@ -9,16 +9,7 @@ import ( ) func getChartDetails(chartYAML string) (*v1alpha1.ChartDetails, error) { - // see: https://helm.sh/docs/topics/charts/ for more details - var chart struct { - Description string `yaml:"description,omitempty"` - Home string `yaml:"home,omitempty"` - Maintainers []struct { - Name string `yaml:"name,omitempty"` - Email string `yaml:"email,omitempty"` - Url string `yaml:"url,omitempty"` - } `yaml:"maintainers,omitempty"` - } + var chart Chart err := yaml.Unmarshal([]byte(chartYAML), &chart) if err != nil { return nil, fmt.Errorf("failed to unmarshal chart: %w", err) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 71a6bdc876ca3..df046b12b0229 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -10,7 +10,6 @@ import ( "io/fs" "net/url" "os" - "os/exec" "path" "path/filepath" "regexp" @@ -56,7 +55,6 @@ import ( argopath "github.com/argoproj/argo-cd/v2/util/app/path" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/cmp" - executil "github.com/argoproj/argo-cd/v2/util/exec" "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/glob" "github.com/argoproj/argo-cd/v2/util/gpg" @@ -149,16 +147,16 @@ func (s *Service) Init() error { // give itself read permissions to list previously written directories err = os.Chmod(s.rootDir, 0700) } - var files []fs.DirEntry + var dirEntries []fs.DirEntry if err == nil { - files, err = os.ReadDir(s.rootDir) + dirEntries, err = os.ReadDir(s.rootDir) } if err != nil { log.Warnf("Failed to restore cloned repositories paths: %v", err) return nil } - for _, file := range files { + for _, file := range dirEntries { if !file.IsDir() { continue } @@ -175,7 +173,7 @@ func (s *Service) Init() error { return os.Chmod(s.rootDir, 0300) } -// List a subset of the refs (currently, branches and tags) of a git repo +// ListRefs List a subset of the refs (currently, branches and tags) of a git repo func (s *Service) ListRefs(ctx context.Context, q *apiclient.ListRefsRequest) (*apiclient.Refs, error) { gitClient, err := s.newClient(q.Repo) if err != nil { @@ -242,7 +240,7 @@ func (s *Service) ListPlugins(ctx context.Context, _ *empty.Empty) (*apiclient.P return nil, fmt.Errorf("failed to get plugins from dir %v, error=%w", pluginSockFilePath, err) } - plugins := []*apiclient.PluginInfo{} + var plugins []*apiclient.PluginInfo for _, file := range sockFiles { if file.Type() == os.ModeSocket { plugins = append(plugins, &apiclient.PluginInfo{Name: strings.TrimSuffix(file.Name(), ".sock")}) @@ -294,7 +292,7 @@ func (s *Service) runRepoOperation( refSources map[string]*v1alpha1.RefTarget) error { if sanitizer, ok := grpc.SanitizerFromContext(ctx); ok { - // make sure randomized path replaced with '.' in the error message + // make sure a randomized path replaced with '.' in the error message sanitizer.AddRegexReplacement(getRepoSanitizerRegex(s.rootDir), "") } @@ -337,14 +335,6 @@ func (s *Service) runRepoOperation( defer settings.sem.Release(1) } - // do not generate manifests if Path and Chart fields are not set for a source in Multiple Sources - if hasMultipleSources && source.Path == "" && source.Chart == "" { - log.WithFields(map[string]interface{}{ - "source": source, - }).Debugf("not generating manifests as path and chart fields are empty") - return nil - } - if source.IsHelm() { if settings.noCache { err = helmClient.CleanChartCache(source.Chart, revision) @@ -427,7 +417,16 @@ func (s *Service) runRepoOperation( return operation(gitClient.Root(), commitSHA, revision, func() (*operationContext, error) { var signature string if verifyCommit { - signature, err = gitClient.VerifyCommitSignature(unresolvedRevision) + // When the revision is an annotated tag, we need to pass the unresolved revision (i.e. the tag name) + // to the verification routine. For everything else, we work with the SHA that the target revision is + // pointing to (i.e. the resolved revision). + var rev string + if gitClient.IsAnnotatedTag(revision) { + rev = unresolvedRevision + } else { + rev = revision + } + signature, err = gitClient.VerifyCommitSignature(rev) if err != nil { return nil, err } @@ -459,38 +458,38 @@ type gitClientGetter func(repo *v1alpha1.Repository, revision string, opts ...gi // should be updated. func resolveReferencedSources(hasMultipleSources bool, source *v1alpha1.ApplicationSourceHelm, refSources map[string]*v1alpha1.RefTarget, newClientResolveRevision gitClientGetter) (map[string]string, error) { repoRefs := make(map[string]string) - if hasMultipleSources { - if source != nil { - for _, valueFile := range source.ValueFiles { - if strings.HasPrefix(valueFile, "$") { - refVar := strings.Split(valueFile, "/")[0] - - refSourceMapping, ok := refSources[refVar] - if !ok { - if len(refSources) == 0 { - return nil, fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar) - } - refKeys := make([]string, 0) - for refKey := range refSources { - refKeys = append(refKeys, refKey) - } - return nil, fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", ")) - } - if refSourceMapping.Chart != "" { - return nil, fmt.Errorf("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources") - } - normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo) - _, ok = repoRefs[normalizedRepoURL] - if !ok { - _, referencedCommitSHA, err := newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision) - if err != nil { - log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err) - return nil, fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo) - } + if !hasMultipleSources || source == nil { + return repoRefs, nil + } - repoRefs[normalizedRepoURL] = referencedCommitSHA - } + for _, valueFile := range source.ValueFiles { + if strings.HasPrefix(valueFile, "$") { + refVar := strings.Split(valueFile, "/")[0] + + refSourceMapping, ok := refSources[refVar] + if !ok { + if len(refSources) == 0 { + return nil, fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar) + } + refKeys := make([]string, 0) + for refKey := range refSources { + refKeys = append(refKeys, refKey) } + return nil, fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", ")) + } + if refSourceMapping.Chart != "" { + return nil, fmt.Errorf("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources") + } + normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo) + _, ok = repoRefs[normalizedRepoURL] + if !ok { + _, referencedCommitSHA, err := newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision) + if err != nil { + log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err) + return nil, fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo) + } + + repoRefs[normalizedRepoURL] = referencedCommitSHA } } } @@ -510,6 +509,17 @@ func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestReq var promise *ManifestResponsePromise operation := func(repoRoot, commitSHA, cacheKey string, ctxSrc operationContextSrc) error { + // do not generate manifests if Path and Chart fields are not set for a source in Multiple Sources + if q.HasMultipleSources && q.ApplicationSource.Path == "" && q.ApplicationSource.Chart == "" { + log.WithFields(map[string]interface{}{ + "source": q.ApplicationSource, + }).Debugf("not generating manifests as path and chart fields are empty") + res = &apiclient.ManifestResponse{ + Revision: commitSHA, + } + return nil + } + promise = s.runManifestGen(ctx, repoRoot, commitSHA, cacheKey, ctxSrc, q) // The fist channel to send the message will resume this operation. // The main purpose for using channels here is to be able to unlock @@ -542,10 +552,6 @@ func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestReq return nil, err } } - - if q.HasMultipleSources && err == nil && res == nil { - res = &apiclient.ManifestResponse{} - } return res, err } @@ -1044,6 +1050,11 @@ func runHelmBuild(appPath string, h helm.Helm) error { return os.WriteFile(markerFile, []byte("marker"), 0644) } +func isSourcePermitted(url string, repos []string) bool { + p := v1alpha1.AppProject{Spec: v1alpha1.AppProjectSpec{SourceRepos: repos}} + return p.IsSourcePermitted(v1alpha1.ApplicationSource{RepoURL: url}) +} + func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool, gitRepoPaths io.TempPaths) ([]*unstructured.Unstructured, error) { concurrencyAllowed := isConcurrencyAllowed(appPath) if !concurrencyAllowed { @@ -1055,7 +1066,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie // contain any underscore characters and must not exceed 53 characters. // We are not interested in the fully qualified application name while // templating, thus, we just use the name part of the identifier. - appName, _ := argo.ParseAppInstanceName(q.AppName, "") + appName, _ := argo.ParseInstanceName(q.AppName, "") templateOpts := &helm.TemplateOpts{ Name: appName, @@ -1085,7 +1096,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie templateOpts.Values = resolvedValueFiles - if appHelm.Values != "" { + if !appHelm.ValuesIsEmpty() { rand, err := uuid.NewRandom() if err != nil { return nil, err @@ -1097,7 +1108,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie _ = os.RemoveAll(p) } }() - err = os.WriteFile(p, []byte(appHelm.Values), 0644) + err = os.WriteFile(p, appHelm.ValuesYAML(), 0644) if err != nil { return nil, err } @@ -1140,6 +1151,20 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie if err != nil { return nil, err } + + var reposNotPermitted []string + // We do a sanity check here to give a nicer error message in case any of the Helm repositories are not permitted by + // the AppProject which the application is a part of + for _, repo := range helmRepos { + if !isSourcePermitted(repo.Repo, q.ProjectSourceRepos) { + reposNotPermitted = append(reposNotPermitted, repo.Repo) + } + } + + if len(reposNotPermitted) > 0 { + return nil, status.Errorf(codes.PermissionDenied, "helm repos %s are not permitted in project '%s'", strings.Join(reposNotPermitted, ", "), q.ProjectName) + } + h, err := helm.NewHelmApp(appPath, helmRepos, isLocal, version, proxy, passCredentials) if err != nil { return nil, err @@ -1298,7 +1323,6 @@ func WithCMPTarExcludedGlobs(excludedGlobs []string) GenerateManifestOpt { func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, q *apiclient.ManifestRequest, isLocal bool, gitCredsStore git.CredsStore, maxCombinedManifestQuantity resource.Quantity, gitRepoPaths io.TempPaths, opts ...GenerateManifestOpt) (*apiclient.ManifestResponse, error) { opt := newGenerateManifestOpt(opts...) var targetObjs []*unstructured.Unstructured - var dest *v1alpha1.ApplicationDestination resourceTracking := argo.NewResourceTracking() @@ -1323,28 +1347,14 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, k := kustomize.NewKustomizeApp(appPath, q.Repo.GetGitCreds(gitCredsStore), repoURL, kustomizeBinary) targetObjs, _, err = k.Build(q.ApplicationSource.Kustomize, q.KustomizeOptions, env) case v1alpha1.ApplicationSourceTypePlugin: - var plugin *v1alpha1.ConfigManagementPlugin - if q.ApplicationSource.Plugin != nil && q.ApplicationSource.Plugin.Name != "" { - plugin = findPlugin(q.Plugins, q.ApplicationSource.Plugin.Name) + pluginName := "" + if q.ApplicationSource.Plugin != nil { + pluginName = q.ApplicationSource.Plugin.Name } - if plugin != nil { - // argocd-cm deprecated plugin is being used - targetObjs, err = runConfigManagementPlugin(appPath, repoRoot, env, q, q.Repo.GetGitCreds(gitCredsStore), plugin) - log.WithFields(map[string]interface{}{ - "application": q.AppName, - "plugin": q.ApplicationSource.Plugin.Name, - }).Warnf(common.ConfigMapPluginDeprecationWarning) - } else { - // if the named plugin was not found in argocd-cm try sidecar plugin - pluginName := "" - if q.ApplicationSource.Plugin != nil { - pluginName = q.ApplicationSource.Plugin.Name - } - // if pluginName is provided it has to be `-` or just `` if plugin version is empty - targetObjs, err = runConfigManagementPluginSidecars(ctx, appPath, repoRoot, pluginName, env, q, q.Repo.GetGitCreds(gitCredsStore), opt.cmpTarDoneCh, opt.cmpTarExcludedGlobs) - if err != nil { - err = fmt.Errorf("plugin sidecar failed. %s", err.Error()) - } + // if pluginName is provided it has to be `-` or just `` if plugin version is empty + targetObjs, err = runConfigManagementPluginSidecars(ctx, appPath, repoRoot, pluginName, env, q, q.Repo.GetGitCreds(gitCredsStore), opt.cmpTarDoneCh, opt.cmpTarExcludedGlobs) + if err != nil { + err = fmt.Errorf("plugin sidecar failed. %s", err.Error()) } case v1alpha1.ApplicationSourceTypeDirectory: var directory *v1alpha1.ApplicationSourceDirectory @@ -1398,15 +1408,10 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, } } - res := apiclient.ManifestResponse{ + return &apiclient.ManifestResponse{ Manifests: manifests, SourceType: string(appSourceType), - } - if dest != nil { - res.Namespace = dest.Namespace - res.Server = dest.Server - } - return &res, nil + }, nil } func newEnv(q *apiclient.ManifestRequest, revision string) *v1alpha1.Env { @@ -1806,74 +1811,17 @@ func makeJsonnetVm(appPath string, repoRoot string, sourceJsonnet v1alpha1.Appli return vm, nil } -func runCommand(command v1alpha1.Command, path string, env []string) (string, error) { - if len(command.Command) == 0 { - return "", fmt.Errorf("Command is empty") - } - cmd := exec.Command(command.Command[0], append(command.Command[1:], command.Args...)...) - cmd.Env = env - cmd.Dir = path - return executil.Run(cmd) -} - -func findPlugin(plugins []*v1alpha1.ConfigManagementPlugin, name string) *v1alpha1.ConfigManagementPlugin { - for _, plugin := range plugins { - if plugin.Name == name { - return plugin - } - } - return nil -} - -func runConfigManagementPlugin(appPath, repoRoot string, envVars *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds, plugin *v1alpha1.ConfigManagementPlugin) ([]*unstructured.Unstructured, error) { - // Plugins can request to lock the complete repository when they need to - // use git client operations. - if plugin.LockRepo { - manifestGenerateLock.Lock(repoRoot) - defer manifestGenerateLock.Unlock(repoRoot) - } else { - concurrencyAllowed := isConcurrencyAllowed(appPath) - if !concurrencyAllowed { - manifestGenerateLock.Lock(appPath) - defer manifestGenerateLock.Unlock(appPath) - } - } - - env, err := getPluginEnvs(envVars, q, creds, false) - if err != nil { - return nil, err - } - - if plugin.Init != nil { - _, err := runCommand(*plugin.Init, appPath, env) - if err != nil { - return nil, err - } - } - out, err := runCommand(plugin.Generate, appPath, env) - if err != nil { - return nil, err - } - return kube.SplitYAML([]byte(out)) -} - -func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds, remote bool) ([]string, error) { +func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds) ([]string, error) { envVars := env.Environ() envVars = append(envVars, "KUBE_VERSION="+text.SemVer(q.KubeVersion)) envVars = append(envVars, "KUBE_API_VERSIONS="+strings.Join(q.ApiVersions, ",")) - return getPluginParamEnvs(envVars, q.ApplicationSource.Plugin, creds, remote) + return getPluginParamEnvs(envVars, q.ApplicationSource.Plugin, creds) } // getPluginParamEnvs gets environment variables for plugin parameter announcement generation. -func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlugin, creds git.Creds, remote bool) ([]string, error) { +func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlugin, creds git.Creds) ([]string, error) { env := envVars - // Local plugins need also to have access to the local environment variables. - // Remote sidecar plugins will use the environment in the sidecar - // container. - if !remote { - env = append(os.Environ(), envVars...) - } if creds != nil { closer, environ, err := creds.Environ() if err != nil { @@ -1910,12 +1858,12 @@ func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlug func runConfigManagementPluginSidecars(ctx context.Context, appPath, repoPath, pluginName string, envVars *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds, tarDoneCh chan<- bool, tarExcludedGlobs []string) ([]*unstructured.Unstructured, error) { // compute variables. - env, err := getPluginEnvs(envVars, q, creds, true) + env, err := getPluginEnvs(envVars, q, creds) if err != nil { return nil, err } - // detect config management plugin server (sidecar) + // detect config management plugin server conn, cmpClient, err := discovery.DetectConfigManagementPlugin(ctx, appPath, repoPath, pluginName, env, tarExcludedGlobs) if err != nil { return nil, err @@ -2084,7 +2032,7 @@ func populateHelmAppDetails(res *apiclient.RepoAppDetailsResponse, appPath strin for _, v := range fileParameters(q) { res.Helm.FileParameters = append(res.Helm.FileParameters, &v1alpha1.HelmFileParameter{ Name: v.Name, - Path: v.Path, //filepath.Join(appPath, v.Path), + Path: v.Path, // filepath.Join(appPath, v.Path), }) } return nil @@ -2161,7 +2109,7 @@ func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetails fmt.Sprintf("ARGOCD_APP_SOURCE_TARGET_REVISION=%s", q.Source.TargetRevision), } - env, err := getPluginParamEnvs(envVars, q.Source.Plugin, creds, true) + env, err := getPluginParamEnvs(envVars, q.Source.Plugin, creds) if err != nil { return fmt.Errorf("failed to get env vars for plugin: %w", err) } @@ -2533,6 +2481,7 @@ func (s *Service) GetGitFiles(_ context.Context, request *apiclient.GitFilesRequ repo := request.GetRepo() revision := request.GetRevision() gitPath := request.GetPath() + enableNewGitFileGlobbing := request.GetNewGitFileGlobbingEnabled() if gitPath == "" { gitPath = "." } @@ -2566,7 +2515,7 @@ func (s *Service) GetGitFiles(_ context.Context, request *apiclient.GitFilesRequ } defer io.Close(closer) - gitFiles, err := gitClient.LsFiles(gitPath) + gitFiles, err := gitClient.LsFiles(gitPath, enableNewGitFileGlobbing) if err != nil { return nil, status.Errorf(codes.Internal, "unable to list files. repo %s with revision %s pattern %s: %v", repo.Repo, revision, gitPath, err) } diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index 685526a5b08af..8e4b69000f7e1 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -18,6 +18,7 @@ message ManifestRequest { string namespace = 8; github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSource applicationSource = 10; repeated github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository repos = 11; + // Deprecated: use sidecar plugins instead. repeated github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConfigManagementPlugin plugins = 12; github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.KustomizeOptions kustomizeOptions = 13; string kubeVersion = 14; @@ -31,6 +32,10 @@ message ManifestRequest { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HelmOptions helmOptions = 21; bool hasMultipleSources = 22; map refSources = 23; + // This is used to surface "source not permitted" errors for Helm repositories + repeated string projectSourceRepos = 24; + // This is used to surface "source not permitted" errors for Helm repositories + string projectName = 25; } message ManifestRequestWithFiles { @@ -230,6 +235,7 @@ message GitFilesRequest { bool submoduleEnabled = 2; string revision = 3; string path = 4; + bool NewGitFileGlobbingEnabled = 5; } message GitFilesResponse { diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 1c5e655c571a2..e3e29d0b0c0ad 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -63,6 +63,7 @@ func newServiceWithMocks(root string, signed bool) (*Service, *gitmocks.Client) gitClient.On("LsRemote", mock.Anything).Return(mock.Anything, nil) gitClient.On("CommitSHA").Return(mock.Anything, nil) gitClient.On("Root").Return(root) + gitClient.On("IsAnnotatedTag").Return(false) if signed { gitClient.On("VerifyCommitSignature", mock.Anything).Return(testSignature, nil) } else { @@ -152,10 +153,15 @@ func TestGenerateYamlManifestInDir(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} + q := apiclient.ManifestRequest{ + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + } // update this value if we add/remove manifests - const countOfManifests = 49 + const countOfManifests = 48 res1, err := service.GenerateManifest(context.Background(), &q) @@ -218,7 +224,8 @@ func Test_GenerateManifests_NoOutOfBoundsAccess(t *testing.T) { mustNotContain = testCaseCopy.mustNotContain } - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.Error(t, err) assert.NotContains(t, err.Error(), mustNotContain) @@ -233,7 +240,8 @@ func TestGenerateManifests_MissingSymlinkDestination(t *testing.T) { err := os.Symlink("/obviously/does/not/exist", path.Join(repoDir, "test.yaml")) require.NoError(t, err) - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} _, err = GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.NoError(t, err) } @@ -243,8 +251,11 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - KubeVersion: "v1.16.0", - Repo: &argoappv1.Repository{}, ApplicationSource: &src, + KubeVersion: "v1.16.0", + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []string{"Fake"}} @@ -268,7 +279,10 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &src, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: nil}, nil) @@ -283,7 +297,8 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { func TestHelmManifestFromChartRepo(t *testing.T) { service := newService(".") source := &argoappv1.ApplicationSource{Chart: "my-chart", TargetRevision: ">= 1.0.0"} - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -312,7 +327,8 @@ func TestHelmChartReferencingExternalValues(t *testing.T) { }, nil) refSources, err := argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -364,7 +380,8 @@ func TestGenerateManifestsUseExactRevision(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc"} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc", ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -377,7 +394,8 @@ func TestRecurseManifestsInDir(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -410,6 +428,8 @@ func TestGenerateJsonnetManifestInDir(t *testing.T) { }, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -431,6 +451,8 @@ func TestGenerateJsonnetManifestInRootDir(t *testing.T) { }, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -450,6 +472,8 @@ func TestGenerateJsonnetLibOutside(t *testing.T) { }, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } _, err := service.GenerateManifest(context.Background(), &q) require.Error(t, err) @@ -624,6 +648,8 @@ func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: ".", }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) fmt.Println("-", step, "-", res != nil, err != nil, errorExpected) @@ -788,10 +814,12 @@ func TestGenerateHelmWithValues(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: ".", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"values-production.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"values-production.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -827,6 +855,8 @@ func TestHelmWithMissingValueFiles(t *testing.T) { ValueFiles: []string{"values-production.yaml", missingValuesFile}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } // Should fail since we're passing a non-existent values file, and error should indicate that @@ -852,6 +882,8 @@ func TestGenerateHelmWithEnvVars(t *testing.T) { ValueFiles: []string{"values-$ARGOCD_APP_NAME.yaml"}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -874,7 +906,7 @@ func TestGenerateHelmWithEnvVars(t *testing.T) { } // The requested value file (`../minio/values.yaml`) is outside the app path (`./util/helm/testdata/redis`), however -// since the requested value is sill under the repo directory (`~/go/src/github.com/argoproj/argo-cd`), it is allowed +// since the requested value is still under the repo directory (`~/go/src/github.com/argoproj/argo-cd`), it is allowed func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { service := newService("../../util/helm/testdata") _, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ @@ -883,10 +915,12 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./redis", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"../minio/values.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"../minio/values.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -898,6 +932,8 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) } @@ -921,7 +957,12 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) { ValueFiles: []string{"./my-chart-values.yaml"}, }, } - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} + request := &apiclient.ManifestRequest{ + Repo: &argoappv1.Repository{}, + ApplicationSource: source, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -960,7 +1001,8 @@ func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) { ValueFiles: []string{"my-chart-link.yaml"}, }, } - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} _, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) }) @@ -975,11 +1017,13 @@ func TestGenerateHelmWithURL(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: ".", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"https://raw.githubusercontent.com/argoproj/argocd-example-apps/master/helm-guestbook/values.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"https://raw.githubusercontent.com/argoproj/argocd-example-apps/master/helm-guestbook/values.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, }) assert.NoError(t, err) } @@ -995,10 +1039,12 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: ".", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"../minio/values.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"../minio/values.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1012,10 +1058,12 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"../my-chart/my-chart-values.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"../my-chart/my-chart-values.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1028,10 +1076,12 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"/my-chart/my-chart-values.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"/my-chart/my-chart-values.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1044,10 +1094,12 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"/../../../my-chart-values.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"/../../../my-chart-values.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1061,10 +1113,12 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"file://../../../../my-chart-values.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"file://../../../../my-chart-values.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "is not allowed") @@ -1081,7 +1135,9 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValueFiles: []string{"s3://my-bucket/my-chart-values.yaml"}, }, }, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "s3://my-bucket/my-chart-values.yaml: no such file or directory") @@ -1112,43 +1168,47 @@ func TestGenerateHelmWithAbsoluteFileParameter(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./util/helm/testdata/redis", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"values-production.yaml"}, - Values: `cluster: {slaveCount: 2}`, + ValueFiles: []string{"values-production.yaml"}, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, FileParameters: []argoappv1.HelmFileParameter{{ Name: "passwordContent", Path: externalSecretPath, }}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) } // The requested file parameter (`../external/external-secret.txt`) is outside the app path -// (`./util/helm/testdata/redis`), however since the requested value is sill under the repo +// (`./util/helm/testdata/redis`), however since the requested value is still under the repo // directory (`~/go/src/github.com/argoproj/argo-cd`), it is allowed. It is used as a means of // providing direct content to a helm chart via a specific key. func TestGenerateHelmWithFileParameter(t *testing.T) { service := newService("../../util/helm/testdata") - _, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ + res, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ Repo: &argoappv1.Repository{}, AppName: "test", ApplicationSource: &argoappv1.ApplicationSource{ Path: "./redis", Helm: &argoappv1.ApplicationSourceHelm{ - ValueFiles: []string{"values-production.yaml"}, - Values: `cluster: {slaveCount: 2}`, - FileParameters: []argoappv1.HelmFileParameter{ - argoappv1.HelmFileParameter{ - Name: "passwordContent", - Path: "../external/external-secret.txt", - }, - }, + ValueFiles: []string{"values-production.yaml"}, + Values: `cluster: {slaveCount: 10}`, + ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, + FileParameters: []argoappv1.HelmFileParameter{{ + Name: "passwordContent", + Path: "../external/external-secret.txt", + }}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) + assert.Contains(t, res.Manifests[6], `"replicas":2`, "ValuesObject should override Values") } func TestGenerateNullList(t *testing.T) { @@ -1156,9 +1216,11 @@ func TestGenerateNullList(t *testing.T) { t.Run("null list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, - NoCache: true, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1167,9 +1229,11 @@ func TestGenerateNullList(t *testing.T) { t.Run("empty list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, - NoCache: true, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1178,9 +1242,11 @@ func TestGenerateNullList(t *testing.T) { t.Run("weird list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, - NoCache: true, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Nil(t, err) assert.Len(t, res1.Manifests, 2) @@ -1201,53 +1267,12 @@ func TestIdentifyAppSourceTypeByAppDirWithKustomizations(t *testing.T) { assert.Equal(t, argoappv1.ApplicationSourceTypeKustomize, sourceType) } -func TestRunCustomTool(t *testing.T) { - service := newService(".") - - res, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - AppName: "test-app", - Namespace: "test-namespace", - ApplicationSource: &argoappv1.ApplicationSource{ - Plugin: &argoappv1.ApplicationSourcePlugin{ - Name: "test", - Env: argoappv1.Env{ - { - Name: "TEST_REVISION", - Value: "prefix-$ARGOCD_APP_REVISION", - }, - }, - }, - }, - Plugins: []*argoappv1.ConfigManagementPlugin{{ - Name: "test", - Generate: argoappv1.Command{ - Command: []string{"sh", "-c"}, - Args: []string{`echo "{\"kind\": \"FakeObject\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GIT_ASKPASS\": \"$GIT_ASKPASS\", \"GIT_USERNAME\": \"$GIT_USERNAME\", \"GIT_PASSWORD\": \"$GIT_PASSWORD\"}, \"labels\": {\"revision\": \"$ARGOCD_ENV_TEST_REVISION\"}}}"`}, - }, - }}, - Repo: &argoappv1.Repository{ - Username: "foo", Password: "bar", - }, - }) - - assert.NoError(t, err) - assert.Equal(t, 1, len(res.Manifests)) - - obj := &unstructured.Unstructured{} - assert.NoError(t, json.Unmarshal([]byte(res.Manifests[0]), obj)) - - assert.Equal(t, obj.GetName(), "test-app") - assert.Equal(t, obj.GetNamespace(), "test-namespace") - assert.Empty(t, obj.GetAnnotations()["GIT_USERNAME"]) - assert.Empty(t, obj.GetAnnotations()["GIT_PASSWORD"]) - // Git client is mocked, so the revision is always mock.Anything - assert.Equal(t, map[string]string{"revision": "prefix-mock.Anything"}, obj.GetLabels()) -} - func TestGenerateFromUTF16(t *testing.T) { q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{}, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } res1, err := GenerateManifests(context.Background(), "./testdata/utf-16", "/", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) assert.Nil(t, err) @@ -1425,7 +1450,13 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newServiceWithSignature("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} + q := apiclient.ManifestRequest{ + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + VerifySignature: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + } res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1436,7 +1467,8 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newServiceWithSignature("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1447,7 +1479,8 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1458,7 +1491,8 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1617,6 +1651,8 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1646,6 +1682,8 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1675,7 +1713,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp", + AppName: "testapp", + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1705,7 +1745,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp2", + AppName: "testapp2", + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1735,9 +1777,11 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { } sourceCopy := source.DeepCopy() // make a copy in case GenerateManifest mutates it. _, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: sourceCopy, - AppName: "test", + Repo: &argoappv1.Repository{}, + ApplicationSource: sourceCopy, + AppName: "test", + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) res := &cache.CachedManifestResponse{} @@ -1771,7 +1815,9 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: regularGitTagHash, }, - NoCache: true, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }, wantError: false, service: newServiceWithCommitSHA(".", regularGitTagHash), @@ -1785,7 +1831,9 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: annotatedGitTaghash, }, - NoCache: true, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }, wantError: false, service: newServiceWithCommitSHA(".", annotatedGitTaghash), @@ -1799,7 +1847,9 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: invalidGitTaghash, }, - NoCache: true, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }, wantError: true, service: newServiceWithCommitSHA(".", invalidGitTaghash), @@ -2932,7 +2982,7 @@ func TestGetGitFiles(t *testing.T) { gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("Root").Return(root) - gitClient.On("LsFiles", mock.Anything).Once().Return(files, nil) + gitClient.On("LsFiles", mock.Anything, mock.Anything).Once().Return(files, nil) paths.On("GetPath", mock.Anything).Return(root, nil) paths.On("GetPathIfExists", mock.Anything).Return(root, nil) }, root) diff --git a/reposerver/repository/types.go b/reposerver/repository/types.go new file mode 100644 index 0000000000000..3e45a5bf3a1cf --- /dev/null +++ b/reposerver/repository/types.go @@ -0,0 +1,14 @@ +package repository + +// Chart see: https://helm.sh/docs/topics/charts/ for more details +type Chart struct { + Description string `yaml:"description,omitempty"` + Home string `yaml:"home,omitempty"` + Maintainers []Maintainer `yaml:"maintainers,omitempty"` +} + +type Maintainer struct { + Name string `yaml:"name,omitempty"` + Email string `yaml:"email,omitempty"` + Url string `yaml:"url,omitempty"` +} diff --git a/resource_customizations/apps/Deployment/actions/testdata/deployment-pause.yaml b/resource_customizations/apps/Deployment/actions/testdata/deployment-pause.yaml index 38cb1faf8498f..3ddbbe3e5cef2 100644 --- a/resource_customizations/apps/Deployment/actions/testdata/deployment-pause.yaml +++ b/resource_customizations/apps/Deployment/actions/testdata/deployment-pause.yaml @@ -4,6 +4,8 @@ metadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: "2021-09-21T22:35:20Z" + name: nginx-deploy + namespace: default generation: 2 spec: paused: true diff --git a/resource_customizations/apps/Deployment/actions/testdata/deployment-resume.yaml b/resource_customizations/apps/Deployment/actions/testdata/deployment-resume.yaml index ea8d3b14de51d..8ccb8dcab0802 100644 --- a/resource_customizations/apps/Deployment/actions/testdata/deployment-resume.yaml +++ b/resource_customizations/apps/Deployment/actions/testdata/deployment-resume.yaml @@ -5,6 +5,8 @@ metadata: deployment.kubernetes.io/revision: "1" creationTimestamp: "2021-09-21T22:35:20Z" generation: 3 + name: nginx-deploy + namespace: default spec: progressDeadlineSeconds: 600 replicas: 3 diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/action_test.yaml b/resource_customizations/argoproj.io/CronWorkflow/actions/action_test.yaml new file mode 100644 index 0000000000000..4c7aa77ff127a --- /dev/null +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/action_test.yaml @@ -0,0 +1,4 @@ +actionTests: +- action: create-workflow + inputPath: testdata/cronworkflow.yaml + expectedOutputPath: testdata/workflow.yaml diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/create-workflow/action.lua b/resource_customizations/argoproj.io/CronWorkflow/actions/create-workflow/action.lua new file mode 100644 index 0000000000000..35f7a66b80413 --- /dev/null +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/create-workflow/action.lua @@ -0,0 +1,82 @@ +local os = require("os") + +-- This action constructs a Workflow resource from a CronWorkflow resource, to enable creating a CronWorkflow instance +-- on demand. +-- It returns an array with a single member - a table with the operation to perform (create) and the Workflow resource. +-- It mimics the output of "argo submit --from=CronWorkflow/" command, declaratively. + +-- This code is written to mimic what the Argo Workflows API server does to create a Workflow from a CronWorkflow. +-- https://github.com/argoproj/argo-workflows/blob/873a58de7dd9dad76d5577b8c4294a58b52849b8/workflow/common/convert.go#L12 + +-- Deep-copying an object is a ChatGPT generated code. +-- Since empty tables are treated as empty arrays, the resulting k8s resource might be invalid (arrays instead of maps). +-- So empty tables are not cloned to the target object. +function deepCopy(object) + local lookup_table = {} + local function _copy(obj) + if type(obj) ~= "table" then + return obj + elseif lookup_table[obj] then + return lookup_table[obj] + elseif next(obj) == nil then + return nil + else + local new_table = {} + lookup_table[obj] = new_table + for key, value in pairs(obj) do + new_table[_copy(key)] = _copy(value) + end + return setmetatable(new_table, getmetatable(obj)) + end + end + return _copy(object) +end + +workflow = {} +workflow.apiVersion = "argoproj.io/v1alpha1" +workflow.kind = "Workflow" + +workflow.metadata = {} +workflow.metadata.name = obj.metadata.name .. "-" ..os.date("!%Y%m%d%H%M") +workflow.metadata.namespace = obj.metadata.namespace +workflow.metadata.labels = {} +workflow.metadata.annotations = {} +if (obj.spec.workflowMetadata ~= nil) then + if (obj.spec.workflowMetadata.labels ~= nil) then + workflow.metadata.labels = deepCopy(obj.spec.workflowMetadata.labels) + end + if (obj.spec.workflowMetadata.annotations ~= nil) then + workflow.metadata.annotations = deepCopy(obj.spec.workflowMetadata.annotations) + end +end +workflow.metadata.labels["workflows.argoproj.io/cron-workflow"] = obj.metadata.name +if (obj.metadata.labels["workflows.argoproj.io/controller-instanceid"] ~= nil) then + workflow.metadata.labels["workflows.argoproj.io/controller-instanceid"] = obj.metadata.labels["workflows.argoproj.io/controller-instanceid"] +end +workflow.metadata.annotations["workflows.argoproj.io/scheduled-time"] = os.date("!%Y-%m-%dT%d:%H:%MZ") + +workflow.finalizers = {} +-- add all finalizers from obj.spec.workflowMetadata.finalizers +if (obj.spec.workflowMetadata ~= nil and obj.spec.workflowMetadata.finalizers ~= nil) then + for i, finalizer in ipairs(obj.spec.workflowMetadata.finalizers) do + workflow.finalizers[i] = finalizer + end +end + +ownerRef = {} +ownerRef.apiVersion = obj.apiVersion +ownerRef.kind = obj.kind +ownerRef.name = obj.metadata.name +ownerRef.uid = obj.metadata.uid +workflow.metadata.ownerReferences = {} +workflow.metadata.ownerReferences[1] = ownerRef + +workflow.spec = deepCopy(obj.spec.workflowSpec) + +impactedResource = {} +impactedResource.operation = "create" +impactedResource.resource = workflow +result = {} +result[1] = impactedResource + +return result \ No newline at end of file diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua b/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua new file mode 100644 index 0000000000000..5e16c6c1c14d8 --- /dev/null +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua @@ -0,0 +1,3 @@ +actions = {} +actions["create-workflow"] = {} +return actions \ No newline at end of file diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/cronworkflow.yaml b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/cronworkflow.yaml new file mode 100644 index 0000000000000..2a2c7d1807db4 --- /dev/null +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/cronworkflow.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: CronWorkflow +metadata: + annotations: + cronworkflows.argoproj.io/last-used-schedule: CRON_TZ=America/Los_Angeles * * * * * + labels: + workflows.argoproj.io/controller-instanceid: test-instance + app.kubernetes.io/instance: test + name: hello-world + namespace: default +spec: + concurrencyPolicy: Replace + failedJobsHistoryLimit: 4 + schedule: '* * * * *' + startingDeadlineSeconds: 0 + successfulJobsHistoryLimit: 4 + suspend: true + timezone: America/Los_Angeles + workflowSpec: + entrypoint: whalesay + templates: + - container: + args: + - "\U0001F553 hello world. Scheduled on: {{workflow.scheduledTime}}" + command: + - cowsay + image: 'docker/whalesay:latest' + name: whalesay + workflowMetadata: + labels: + example: test + annotations: + another-example: another-test + finalizers: [test-finalizer] diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/workflow.yaml b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/workflow.yaml new file mode 100644 index 0000000000000..9f231dbb5c5b3 --- /dev/null +++ b/resource_customizations/argoproj.io/CronWorkflow/actions/testdata/workflow.yaml @@ -0,0 +1,28 @@ +- k8sOperation: create + unstructuredObj: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + annotations: + another-example: another-test + labels: + workflows.argoproj.io/cron-workflow: hello-world + workflows.argoproj.io/controller-instanceid: test-instance + example: test + name: hello-world-202306221736 + namespace: default + ownerReferences: + - apiVersion: argoproj.io/v1alpha1 + kind: CronWorkflow + name: hello-world + finalizers: [test-finalizer] + spec: + entrypoint: whalesay + templates: + - container: + args: + - "\U0001F553 hello world. Scheduled on: {{workflow.scheduledTime}}" + command: + - cowsay + image: 'docker/whalesay:latest' + name: whalesay diff --git a/resource_customizations/argoproj.io/EventBus/health.lua b/resource_customizations/argoproj.io/EventBus/health.lua new file mode 100644 index 0000000000000..4d2c676f72892 --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/health.lua @@ -0,0 +1,21 @@ +hs={ status = "Progressing", message = "Waiting for initialization" } + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Deployed" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message or condition.reason + return hs + end + if condition.type == "Deployed" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message or condition.reason + return hs + end + end + end +end + + +return hs diff --git a/resource_customizations/argoproj.io/EventBus/health_test.yaml b/resource_customizations/argoproj.io/EventBus/health_test.yaml new file mode 100644 index 0000000000000..7babe7fc7f9a3 --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/health_test.yaml @@ -0,0 +1,9 @@ +tests: + - healthStatus: + status: Healthy + message: "JetStream is deployed" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: 'failed to get jetstream version, err: unsupported version "iwillfail", supported versions: "2.9.5,latest"' + inputPath: testdata/degraded.yaml \ No newline at end of file diff --git a/resource_customizations/argoproj.io/EventBus/testdata/degraded.yaml b/resource_customizations/argoproj.io/EventBus/testdata/degraded.yaml new file mode 100644 index 0000000000000..4ffd1cf6a9623 --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/testdata/degraded.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: test + namespace: eventbus-test +spec: + jetstream: + replicas: 3 + version: iwillfail +status: + conditions: + - lastTransitionTime: null + status: 'True' + type: Configured + - lastTransitionTime: null + message: >- + failed to get jetstream version, err: unsupported version "iwillfail", + supported versions: "2.9.5,latest" + reason: JetStreamStatefulSetFailed + status: 'False' + type: Deployed \ No newline at end of file diff --git a/resource_customizations/argoproj.io/EventBus/testdata/healthy.yaml b/resource_customizations/argoproj.io/EventBus/testdata/healthy.yaml new file mode 100644 index 0000000000000..8db1455a14d8e --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/testdata/healthy.yaml @@ -0,0 +1,19 @@ +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: test + namespace: eventbus-test +spec: + jetstream: + replicas: 3 + version: latest +status: + conditions: + - lastTransitionTime: '2022-12-30T11:44:15Z' + status: 'True' + type: Configured + - lastTransitionTime: '2022-12-30T11:44:15Z' + message: JetStream is deployed + reason: Succeeded + status: 'True' + type: Deployed \ No newline at end of file diff --git a/resource_customizations/argoproj.io/WorkflowTemplate/actions/action_test.yaml b/resource_customizations/argoproj.io/WorkflowTemplate/actions/action_test.yaml new file mode 100644 index 0000000000000..db503fe0b6aae --- /dev/null +++ b/resource_customizations/argoproj.io/WorkflowTemplate/actions/action_test.yaml @@ -0,0 +1,4 @@ +actionTests: +- action: create-workflow + inputPath: testdata/workflowtemplate.yaml + expectedOutputPath: testdata/workflow.yaml diff --git a/resource_customizations/argoproj.io/WorkflowTemplate/actions/create-workflow/action.lua b/resource_customizations/argoproj.io/WorkflowTemplate/actions/create-workflow/action.lua new file mode 100644 index 0000000000000..66f5ec55d3a16 --- /dev/null +++ b/resource_customizations/argoproj.io/WorkflowTemplate/actions/create-workflow/action.lua @@ -0,0 +1,39 @@ +local os = require("os") + +-- This action constructs a Workflow resource from a WorkflowTemplate resource, to enable creating a WorkflowTemplate instance +-- on demand. +-- It returns an array with a single member - a table with the operation to perform (create) and the Workflow resource. +-- It mimics the output of "argo submit --from=workflowtemplate/" command, declaratively. + +-- This code is written to mimic what the Argo Workflows API server does to create a Workflow from a WorkflowTemplate. +-- https://github.com/argoproj/argo-workflows/blob/873a58de7dd9dad76d5577b8c4294a58b52849b8/workflow/common/convert.go#L34 + +workflow = {} +workflow.apiVersion = "argoproj.io/v1alpha1" +workflow.kind = "Workflow" + +workflow.metadata = {} +workflow.metadata.name = obj.metadata.name .. "-" ..os.date("!%Y%m%d%H%M") +workflow.metadata.namespace = obj.metadata.namespace +workflow.metadata.labels = {} +workflow.metadata.labels["workflows.argoproj.io/workflow-template"] = obj.metadata.name + +workflow.spec = {} +workflow.spec.workflowTemplateRef = {} +workflow.spec.workflowTemplateRef.name = obj.metadata.name + +ownerRef = {} +ownerRef.apiVersion = obj.apiVersion +ownerRef.kind = obj.kind +ownerRef.name = obj.metadata.name +ownerRef.uid = obj.metadata.uid +workflow.metadata.ownerReferences = {} +workflow.metadata.ownerReferences[1] = ownerRef + +impactedResource = {} +impactedResource.operation = "create" +impactedResource.resource = workflow +result = {} +result[1] = impactedResource + +return result \ No newline at end of file diff --git a/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua b/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua new file mode 100644 index 0000000000000..5e16c6c1c14d8 --- /dev/null +++ b/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua @@ -0,0 +1,3 @@ +actions = {} +actions["create-workflow"] = {} +return actions \ No newline at end of file diff --git a/resource_customizations/argoproj.io/WorkflowTemplate/actions/testdata/workflow.yaml b/resource_customizations/argoproj.io/WorkflowTemplate/actions/testdata/workflow.yaml new file mode 100644 index 0000000000000..46063bee03397 --- /dev/null +++ b/resource_customizations/argoproj.io/WorkflowTemplate/actions/testdata/workflow.yaml @@ -0,0 +1,16 @@ +- k8sOperation: create + unstructuredObj: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + labels: + workflows.argoproj.io/workflow-template: workflow-template-submittable + name: workflow-template-submittable-202306221735 + namespace: default + ownerReferences: + - apiVersion: argoproj.io/v1alpha1 + kind: WorkflowTemplate + name: workflow-template-submittable + spec: + workflowTemplateRef: + name: workflow-template-submittable diff --git a/resource_customizations/argoproj.io/WorkflowTemplate/actions/testdata/workflowtemplate.yaml b/resource_customizations/argoproj.io/WorkflowTemplate/actions/testdata/workflowtemplate.yaml new file mode 100644 index 0000000000000..5b7d2319e9c9e --- /dev/null +++ b/resource_customizations/argoproj.io/WorkflowTemplate/actions/testdata/workflowtemplate.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + labels: + app.kubernetes.io/instance: test + name: workflow-template-submittable + namespace: default +spec: + arguments: + parameters: + - name: message + value: hello world + entrypoint: whalesay-template + templates: + - container: + args: + - '{{inputs.parameters.message}}' + command: + - cowsay + image: docker/whalesay + inputs: + parameters: + - name: message + name: whalesay-template diff --git a/resource_customizations/batch/CronJob/actions/action_test.yaml b/resource_customizations/batch/CronJob/actions/action_test.yaml new file mode 100644 index 0000000000000..a9b5320db5721 --- /dev/null +++ b/resource_customizations/batch/CronJob/actions/action_test.yaml @@ -0,0 +1,4 @@ +actionTests: +- action: create-job + inputPath: testdata/cronjob.yaml + expectedOutputPath: testdata/job.yaml diff --git a/resource_customizations/batch/CronJob/actions/create-job/action.lua b/resource_customizations/batch/CronJob/actions/create-job/action.lua new file mode 100644 index 0000000000000..119e0d35eccb6 --- /dev/null +++ b/resource_customizations/batch/CronJob/actions/create-job/action.lua @@ -0,0 +1,58 @@ +local os = require("os") + +-- This action constructs a Job resource from a CronJob resource, to enable creating a CronJob instance on demand. +-- It returns an array with a single member - a table with the operation to perform (create) and the Job resource. +-- It mimics the output of "kubectl create job --from=" command, declaratively. + +-- Deep-copying an object is a ChatGPT generated code. +-- Since empty tables are treated as empty arrays, the resulting k8s resource might be invalid (arrays instead of maps). +-- So empty tables are not cloned to the target object. +function deepCopy(object) + local lookup_table = {} + local function _copy(obj) + if type(obj) ~= "table" then + return obj + elseif lookup_table[obj] then + return lookup_table[obj] + elseif next(obj) == nil then + return nil + else + local new_table = {} + lookup_table[obj] = new_table + for key, value in pairs(obj) do + new_table[_copy(key)] = _copy(value) + end + return setmetatable(new_table, getmetatable(obj)) + end + end + return _copy(object) +end + +job = {} +job.apiVersion = "batch/v1" +job.kind = "Job" + +job.metadata = {} +job.metadata.name = obj.metadata.name .. "-" ..os.date("!%Y%m%d%H%M") +job.metadata.namespace = obj.metadata.namespace + +ownerRef = {} +ownerRef.apiVersion = obj.apiVersion +ownerRef.kind = obj.kind +ownerRef.name = obj.metadata.name +ownerRef.uid = obj.metadata.uid +job.metadata.ownerReferences = {} +job.metadata.ownerReferences[1] = ownerRef + +job.spec = {} +job.spec.suspend = false +job.spec.template = {} +job.spec.template.spec = deepCopy(obj.spec.jobTemplate.spec.template.spec) + +impactedResource = {} +impactedResource.operation = "create" +impactedResource.resource = job +result = {} +result[1] = impactedResource + +return result \ No newline at end of file diff --git a/resource_customizations/batch/CronJob/actions/discovery.lua b/resource_customizations/batch/CronJob/actions/discovery.lua new file mode 100644 index 0000000000000..f90293c1aa671 --- /dev/null +++ b/resource_customizations/batch/CronJob/actions/discovery.lua @@ -0,0 +1,3 @@ +actions = {} +actions["create-job"] = {} +return actions \ No newline at end of file diff --git a/resource_customizations/batch/CronJob/actions/testdata/cronjob.yaml b/resource_customizations/batch/CronJob/actions/testdata/cronjob.yaml new file mode 100644 index 0000000000000..118fc83929e96 --- /dev/null +++ b/resource_customizations/batch/CronJob/actions/testdata/cronjob.yaml @@ -0,0 +1,22 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: hello + namespace: test-ns + uid: "123" +spec: + schedule: "* * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: hello + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + resources: {} + restartPolicy: OnFailure \ No newline at end of file diff --git a/resource_customizations/batch/CronJob/actions/testdata/job.yaml b/resource_customizations/batch/CronJob/actions/testdata/job.yaml new file mode 100644 index 0000000000000..cf0f92da24818 --- /dev/null +++ b/resource_customizations/batch/CronJob/actions/testdata/job.yaml @@ -0,0 +1,19 @@ +- k8sOperation: create + unstructuredObj: + apiVersion: batch/v1 + kind: Job + metadata: + name: hello-00000000000 + namespace: test-ns + spec: + template: + spec: + containers: + - name: hello + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + restartPolicy: OnFailure \ No newline at end of file diff --git a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua index 3bac570b0c4d7..2670862b41602 100644 --- a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua +++ b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua @@ -17,7 +17,7 @@ if obj.status ~= nil then hs.message = "Elasticsearch Cluster status is Green" return hs elseif obj.status.health == "yellow" then - hs.status = "Degraded" + hs.status = "Progressing" hs.message = "Elasticsearch Cluster status is Yellow. Check the status of indices, replicas and shards" return hs elseif obj.status.health == "red" then diff --git a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml index 0a0ef51d16f6c..015bc145d8ff8 100644 --- a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml +++ b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml @@ -4,7 +4,7 @@ tests: message: "Elasticsearch Cluster status is Green" inputPath: testdata/ready_green.yaml - healthStatus: - status: Degraded + status: Progressing message: "Elasticsearch Cluster status is Yellow. Check the status of indices, replicas and shards" inputPath: testdata/ready_yellow.yaml - healthStatus: diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/health.lua b/resource_customizations/external-secrets.io/ClusterExternalSecret/health.lua new file mode 100644 index 0000000000000..2157b5c7a78fa --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/health.lua @@ -0,0 +1,25 @@ +hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + -- For ClusterExternalSecret, new statuses are appended to the end of the list + lastStatus = obj.status.conditions[#obj.status.conditions] + if lastStatus.type == "Ready" and lastStatus.status == "True" then + hs.status = "Healthy" + hs.message = lastStatus.message + return hs + end + if lastStatus.type == "PartiallyReady" and lastStatus.status == "True" then + hs.status = "Degraded" + hs.message = lastStatus.message + return hs + end + if lastStatus.type == "NotReady" and lastStatus.status == "True" then + hs.status = "Degraded" + hs.message = lastStatus.message + return hs + end + end +end +hs.status = "Progressing" +hs.message = "Waiting for ClusterExternalSecret" +return hs diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/health_test.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/health_test.yaml new file mode 100644 index 0000000000000..52e4c7c13740f --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/health_test.yaml @@ -0,0 +1,21 @@ +tests: + - healthStatus: + status: Progressing + message: Waiting for ClusterExternalSecret + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: 'one or more namespaces failed' + inputPath: testdata/notready.yaml + - healthStatus: + status: Degraded + message: 'one or more namespaces failed' + inputPath: testdata/partiallyready.yaml + - healthStatus: + status: Degraded + message: 'one or more namespaces failed' + inputPath: testdata/partiallyready-multiple-conditions.yaml + - healthStatus: + status: Healthy + message: '' + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/healthy.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/healthy.yaml new file mode 100644 index 0000000000000..1a5f61b44a48f --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/healthy.yaml @@ -0,0 +1,37 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: PartiallyReady + - status: "True" + type: Ready diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/notready.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/notready.yaml new file mode 100644 index 0000000000000..eeea3069bfb2d --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/notready.yaml @@ -0,0 +1,38 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: NotReady + failedNamespaces: + - namespace: default + reason: external secret already exists in namespace diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready-multiple-conditions.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready-multiple-conditions.yaml new file mode 100644 index 0000000000000..52f6141871de0 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready-multiple-conditions.yaml @@ -0,0 +1,43 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: NotReady + - message: one or more namespaces failed + status: "True" + type: PartiallyReady + failedNamespaces: + - namespace: default + reason: external secret already exists in namespace + provisionedNamespaces: + - other-namespace diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready.yaml new file mode 100644 index 0000000000000..f6a291526fd7f --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready.yaml @@ -0,0 +1,40 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: PartiallyReady + failedNamespaces: + - namespace: default + reason: external secret already exists in namespace + provisionedNamespaces: + - other-namespace diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/progressing.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/progressing.yaml new file mode 100644 index 0000000000000..8e326e413cf8a --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/progressing.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/health.lua b/resource_customizations/external-secrets.io/ClusterSecretStore/health.lua new file mode 100644 index 0000000000000..14a77a70354ae --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/health.lua @@ -0,0 +1,20 @@ +hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs + end + end + end +end +hs.status = "Progressing" +hs.message = "Waiting for ClusterSecretStore" +return hs diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/health_test.yaml b/resource_customizations/external-secrets.io/ClusterSecretStore/health_test.yaml new file mode 100644 index 0000000000000..6e692158e6e10 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/health_test.yaml @@ -0,0 +1,9 @@ +tests: + - healthStatus: + status: Degraded + message: 'unable to validate store' + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: 'store validated' + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/degraded.yaml b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/degraded.yaml new file mode 100644 index 0000000000000..1f00cc4ea61e7 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/degraded.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: secretmanager +spec: + provider: + aws: + region: us-east-1 + service: SecretsManager +status: + conditions: + - lastTransitionTime: "2023-03-21T22:58:01Z" + message: unable to validate store + reason: ValidationFailed + status: "False" + type: Ready diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/healthy.yaml b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/healthy.yaml new file mode 100644 index 0000000000000..8c99de1326179 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/healthy.yaml @@ -0,0 +1,17 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: secretmanager +spec: + provider: + aws: + region: us-east-1 + service: SecretsManager +status: + capabilities: ReadWrite + conditions: + - lastTransitionTime: "2023-03-22T04:51:03Z" + message: store validated + reason: Valid + status: "True" + type: Ready diff --git a/resource_customizations/external-secrets.io/ExternalSecret/actions/action_test.yaml b/resource_customizations/external-secrets.io/ExternalSecret/actions/action_test.yaml new file mode 100644 index 0000000000000..83f49fcff7439 --- /dev/null +++ b/resource_customizations/external-secrets.io/ExternalSecret/actions/action_test.yaml @@ -0,0 +1,4 @@ +actionTests: + - action: refresh + inputPath: testdata/external-secret.yaml + expectedOutputPath: testdata/external-secret-updated.yaml diff --git a/resource_customizations/external-secrets.io/ExternalSecret/actions/discovery.lua b/resource_customizations/external-secrets.io/ExternalSecret/actions/discovery.lua new file mode 100644 index 0000000000000..cfac448cba278 --- /dev/null +++ b/resource_customizations/external-secrets.io/ExternalSecret/actions/discovery.lua @@ -0,0 +1,3 @@ +actions = {} +actions["refresh"] = {["disabled"] = false} +return actions diff --git a/resource_customizations/external-secrets.io/ExternalSecret/actions/refresh/action.lua b/resource_customizations/external-secrets.io/ExternalSecret/actions/refresh/action.lua new file mode 100644 index 0000000000000..fa29c485fa16a --- /dev/null +++ b/resource_customizations/external-secrets.io/ExternalSecret/actions/refresh/action.lua @@ -0,0 +1,6 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["force-sync"] = os.date("!%Y-%m-%dT%XZ") +return obj diff --git a/resource_customizations/external-secrets.io/ExternalSecret/actions/testdata/external-secret-updated.yaml b/resource_customizations/external-secrets.io/ExternalSecret/actions/testdata/external-secret-updated.yaml new file mode 100644 index 0000000000000..4266e9a5d18fd --- /dev/null +++ b/resource_customizations/external-secrets.io/ExternalSecret/actions/testdata/external-secret-updated.yaml @@ -0,0 +1,56 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ExternalSecret +metadata: + annotations: + force-sync: '0001-01-01T00:00:00Z' + creationTimestamp: '2021-11-16T21:59:33Z' + generation: 1 + name: test-healthy + namespace: argocd + resourceVersion: '136487331' + selfLink: /apis/external-secrets.io/v1alpha1/namespaces/argocd/externalsecrets/test-healthy + uid: 1e754a7e-0781-4d57-932d-4651d5b19586 +spec: + data: + - remoteRef: + key: secret/sa/example + property: api.address + secretKey: url + - remoteRef: + key: secret/sa/example + property: ca.crt + secretKey: ca + - remoteRef: + key: secret/sa/example + property: token + secretKey: token + refreshInterval: 1m + secretStoreRef: + kind: SecretStore + name: example + target: + creationPolicy: Owner + template: + data: + config: | + { + "bearerToken": "{{ .token | base64decode | toString }}", + "tlsClientConfig": { + "insecure": false, + "caData": "{{ .ca | toString }}" + } + } + name: cluster-test + server: '{{ .url | toString }}' + metadata: + labels: + argocd.argoproj.io/secret-type: cluster +status: + conditions: + - lastTransitionTime: '2021-11-16T21:59:34Z' + message: Secret was synced + reason: SecretSynced + status: 'True' + type: Ready + refreshTime: '2021-11-29T18:32:24Z' + syncedResourceVersion: 1-519a61da0dc68b2575b4f8efada70e42 diff --git a/resource_customizations/external-secrets.io/ExternalSecret/actions/testdata/external-secret.yaml b/resource_customizations/external-secrets.io/ExternalSecret/actions/testdata/external-secret.yaml new file mode 100644 index 0000000000000..da17edbfe902d --- /dev/null +++ b/resource_customizations/external-secrets.io/ExternalSecret/actions/testdata/external-secret.yaml @@ -0,0 +1,54 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ExternalSecret +metadata: + creationTimestamp: '2021-11-16T21:59:33Z' + generation: 1 + name: test-healthy + namespace: argocd + resourceVersion: '136487331' + selfLink: /apis/external-secrets.io/v1alpha1/namespaces/argocd/externalsecrets/test-healthy + uid: 1e754a7e-0781-4d57-932d-4651d5b19586 +spec: + data: + - remoteRef: + key: secret/sa/example + property: api.address + secretKey: url + - remoteRef: + key: secret/sa/example + property: ca.crt + secretKey: ca + - remoteRef: + key: secret/sa/example + property: token + secretKey: token + refreshInterval: 1m + secretStoreRef: + kind: SecretStore + name: example + target: + creationPolicy: Owner + template: + data: + config: | + { + "bearerToken": "{{ .token | base64decode | toString }}", + "tlsClientConfig": { + "insecure": false, + "caData": "{{ .ca | toString }}" + } + } + name: cluster-test + server: '{{ .url | toString }}' + metadata: + labels: + argocd.argoproj.io/secret-type: cluster +status: + conditions: + - lastTransitionTime: '2021-11-16T21:59:34Z' + message: Secret was synced + reason: SecretSynced + status: 'True' + type: Ready + refreshTime: '2021-11-29T18:32:24Z' + syncedResourceVersion: 1-519a61da0dc68b2575b4f8efada70e42 diff --git a/resource_customizations/operator.openshift.io/IngressController/health.lua b/resource_customizations/operator.openshift.io/IngressController/health.lua new file mode 100644 index 0000000000000..cd0d9821ee64f --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/health.lua @@ -0,0 +1,31 @@ +-- healthcheck for IngressController resources +hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + -- if the status conditions are present, iterate over them and check their status + for _, condition in pairs(obj.status.conditions) do + if condition.type == "Degraded" and condition.status == "True" then + hs.status = "Degraded" + hs.message = condition.message + return hs + elseif condition.type == "DeploymentReplicasAllAvailable" and condition.status == "False" then + hs.status = "Progressing" + hs.message = condition.message + return hs + elseif condition.type == "Progressing" and condition.status == "True" then + hs.status = "Progressing" + hs.message = condition.reason + return hs + elseif condition.type == "Available" and condition.status == "True" then + hs.status = "Healthy" + hs.message = "IngressController is available" + return hs + end + end + end +end + +-- default status when none of the previous condition matches +hs.status = "Progressing" +hs.message = "Status of IngressController is not known yet" +return hs diff --git a/resource_customizations/operator.openshift.io/IngressController/health_test.yaml b/resource_customizations/operator.openshift.io/IngressController/health_test.yaml new file mode 100644 index 0000000000000..761d0d6e8fac1 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/health_test.yaml @@ -0,0 +1,17 @@ +tests: +- healthStatus: + status: Progressing + message: "Status of IngressController is not known yet" + inputPath: testdata/progressing_initialization.yaml +- healthStatus: + status: Progressing + message: "0/1 of replicas are available" + inputPath: testdata/progressing_pod_rollout.yaml +- healthStatus: + status: Degraded + message: "One or more other status conditions indicate a degraded state." + inputPath: testdata/degraded.yaml +- healthStatus: + status: Healthy + message: "IngressController is available" + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/degraded.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/degraded.yaml new file mode 100644 index 0000000000000..73c7c89e370a9 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/degraded.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: default + namespace: openshift-ingress-operator +spec: + domain: openshift.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 0 + conditions: + - lastTransitionTime: "2023-01-28T10:05:06Z" + reason: Valid + status: "True" + type: Admitted + - lastTransitionTime: "2023-01-28T10:09:15Z" + status: "True" + type: PodsScheduled + - lastTransitionTime: "2023-01-28T10:05:06Z" + message: The configured endpoint publishing strategy does not include a managed + load balancer + reason: EndpointPublishingStrategyExcludesManagedLoadBalancer + status: "False" + type: LoadBalancerManaged + - lastTransitionTime: "2023-01-28T10:05:06Z" + message: No DNS zones are defined in the cluster dns config. + reason: NoDNSZones + status: "False" + type: DNSManaged + - lastTransitionTime: "2023-01-28T10:05:06Z" + status: "False" + type: Progressing + - lastTransitionTime: "2023-01-28T10:13:55Z" + message: "One or more other status conditions indicate a degraded state." + # message: 'One or more other status conditions indicate a degraded state: CanaryChecksSucceeding=False + # (CanaryChecksRepetitiveFailures: Canary route checks for the default ingress + # controller are failing)' + reason: DegradedConditions + status: "True" + type: Degraded + - lastTransitionTime: "2023-01-28T10:05:06Z" + message: IngressController is upgradeable. + reason: Upgradeable + status: "True" + type: Upgradeable + - lastTransitionTime: "2023-01-28T10:12:55Z" + message: Canary route checks for the default ingress controller are failing + reason: CanaryChecksRepetitiveFailures + status: "False" + type: CanaryChecksSucceeding + domain: openshift.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + namespaceSelector: {} + observedGeneration: 2 + routeSelector: {} + selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default + tlsProfile: + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES256-SHA384 + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES128-SHA + - DHE-RSA-AES256-SHA256 + - DHE-RSA-AES256-SHA + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - '!DSS' + minTLSVersion: VersionTLS11 diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/healthy.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/healthy.yaml new file mode 100644 index 0000000000000..4c7ad766f1d86 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/healthy.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: apps-shard-2 + namespace: openshift-ingress-operator +spec: + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 1 + conditions: + - lastTransitionTime: "2023-01-28T09:34:36Z" + reason: Valid + status: "True" + type: Admitted + - lastTransitionTime: "2023-01-28T09:43:42Z" + status: "True" + type: PodsScheduled + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The deployment has Available status condition set to True + reason: DeploymentAvailable + status: "True" + type: DeploymentAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: Minimum replicas requirement is met + reason: DeploymentMinimumReplicasMet + status: "True" + type: DeploymentReplicasMinAvailable + - lastTransitionTime: "2023-01-28T09:44:36Z" + message: All replicas are available + reason: DeploymentReplicasAvailable + status: "True" + type: DeploymentReplicasAllAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The configured endpoint publishing strategy does not include a managed + load balancer + reason: EndpointPublishingStrategyExcludesManagedLoadBalancer + status: "False" + type: LoadBalancerManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: No DNS zones are defined in the cluster dns config. + reason: NoDNSZones + status: "False" + type: DNSManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "True" + type: Available + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Progressing + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Degraded + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: IngressController is upgradeable. + reason: Upgradeable + status: "True" + type: Upgradeable + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + observedGeneration: 5 + selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=apps-shard-2 + tlsProfile: + ciphers: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: VersionTLS12 diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_initialization.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_initialization.yaml new file mode 100644 index 0000000000000..470216e376e84 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_initialization.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: apps-shard-2 + namespace: openshift-ingress-operator +spec: + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 0 + conditions: + - lastTransitionTime: "2023-01-28T09:34:36Z" + reason: Valid + status: "True" + type: Admitted + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + observedGeneration: 1 + selector: "" diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_pod_rollout.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_pod_rollout.yaml new file mode 100644 index 0000000000000..73a33ae48613b --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_pod_rollout.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: apps-shard-2 + namespace: openshift-ingress-operator +spec: + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 0 + conditions: + - lastTransitionTime: "2023-01-28T09:34:36Z" + reason: Valid + status: "True" + type: Admitted + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: 'Some pods are not scheduled: Pod "router-apps-shard-2-7b5cb5f98d-gk4hj" + cannot be scheduled: 0/6 nodes are available: 2 node(s) didn''t have free ports + for the requested pod ports, 3 node(s) had untolerated taint {node-role.kubernetes.io/master: + }, 5 node(s) didn''t match Pod''s node affinity/selector. preemption: 0/6 nodes + are available: 1 node(s) didn''t have free ports for the requested pod ports, + 5 Preemption is not helpful for scheduling. Make sure you have sufficient worker + nodes.' + reason: PodsNotScheduled + status: "False" + type: PodsScheduled + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The deployment has Available status condition set to True + reason: DeploymentAvailable + status: "True" + type: DeploymentAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: Minimum replicas requirement is met + reason: DeploymentMinimumReplicasMet + status: "True" + type: DeploymentReplicasMinAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: 0/1 of replicas are available + reason: DeploymentReplicasNotAvailable + status: "False" + type: DeploymentReplicasAllAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The configured endpoint publishing strategy does not include a managed + load balancer + reason: EndpointPublishingStrategyExcludesManagedLoadBalancer + status: "False" + type: LoadBalancerManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: No DNS zones are defined in the cluster dns config. + reason: NoDNSZones + status: "False" + type: DNSManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "True" + type: Available + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Progressing + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Degraded + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: IngressController is upgradeable. + reason: Upgradeable + status: "True" + type: Upgradeable + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + observedGeneration: 2 + selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=apps-shard-2 + tlsProfile: + ciphers: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: VersionTLS12 diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health.lua b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health.lua new file mode 100644 index 0000000000000..ca1e046c001ef --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health.lua @@ -0,0 +1,29 @@ +adopted = { status = "Unknown" } +advertised = { status = "Unknown" } +discovered = { status = "Unknown" } + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, c in ipairs(obj.status.conditions) do + if c.type == "Adopted" then + adopted = c + elseif c.type == "Advertised" then + advertised = c + elseif c.type == "Discoverable" then + discovered = c + end + end + end +end + +if adopted.status == "False" then + return { status = "Degraded", message = adopted.message } +elseif advertised.reason == "AdvertiseError" or advertised.reason == "UnadvertiseError" then + return { status = "Degraded", message = advertised.message } +elseif discovered.reason == "DiscoveryError" then + return { status = "Unknown", message = discovered.message } +elseif discovered.status == "True" then + return { status = "Healthy", message = discovered.message } +else + return { status = "Progressing", message = discovered.message } +end diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health_test.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health_test.yaml new file mode 100644 index 0000000000000..1b9b30cf2e44b --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health_test.yaml @@ -0,0 +1,29 @@ +tests: + - healthStatus: + status: Healthy + message: DNS-SD browse and lookup results match the advertised DNS records + inputPath: testdata/healthy.yaml + - healthStatus: + status: Progressing + message: DNS-SD browse could not find this instance + inputPath: testdata/progressing_negativeBrowse.yaml + - healthStatus: + status: Progressing + message: DNS-SD lookup could not find this instance + inputPath: testdata/progressing_negativeLookup.yaml + - healthStatus: + status: Degraded + message: none of the configured providers can advertise on "example.org" + inputPath: testdata/degraded_notAdopted.yaml + - healthStatus: + status: Degraded + message: "" + inputPath: testdata/degraded_advertiseError.yaml + - healthStatus: + status: Degraded + message: "" + inputPath: testdata/degraded_unadvertiseError.yaml + - healthStatus: + status: Unknown + message: "" + inputPath: testdata/unknown_discoveryError.yaml diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_advertiseError.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_advertiseError.yaml new file mode 100644 index 0000000000000..905b2e9194e8b --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_advertiseError.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: "" + observedGeneration: 2 + reason: AdvertiseError + status: "False" + type: Advertised diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_notAdopted.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_notAdopted.yaml new file mode 100644 index 0000000000000..efccdb2c3f247 --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_notAdopted.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: none of the configured providers can advertise on "example.org" + observedGeneration: 2 + reason: InstanceIgnored + status: "False" + type: Adopted diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_unadvertiseError.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_unadvertiseError.yaml new file mode 100644 index 0000000000000..552eadbe702cc --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_unadvertiseError.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: "" + observedGeneration: 2 + reason: UnadvertiseError + status: "False" + type: Advertised diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/healthy.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/healthy.yaml new file mode 100644 index 0000000000000..f8ad890b9f934 --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/healthy.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: DNS-SD browse and lookup results match the advertised DNS records + observedGeneration: 2 + reason: Discovered + status: "True" + type: Discoverable diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeBrowse.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeBrowse.yaml new file mode 100644 index 0000000000000..e34e6c18f853a --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeBrowse.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: DNS-SD browse could not find this instance + observedGeneration: 2 + reason: NegativeBrowseResult + status: "False" + type: Discoverable diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeLookup.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeLookup.yaml new file mode 100644 index 0000000000000..a563e7c9c40ca --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeLookup.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: DNS-SD lookup could not find this instance + observedGeneration: 2 + reason: NegativeLookupResult + status: "False" + type: Discoverable diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/unknown_discoveryError.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/unknown_discoveryError.yaml new file mode 100644 index 0000000000000..c6139a504c3ff --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/unknown_discoveryError.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: "" + observedGeneration: 2 + reason: DiscoveryError + status: "Unknown" + type: Discoverable diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health.lua b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health.lua new file mode 100644 index 0000000000000..e28ef99f9f05a --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health.lua @@ -0,0 +1,38 @@ +hs = {} +if obj.status ~= nil then + + if obj.status.state == "initializing" then + hs.status = "Progressing" + hs.message = obj.status.ready .. "/" .. obj.status.size .. " node(s) are ready" + return hs + end + + if obj.status.state == "ready" then + hs.status = "Healthy" + hs.message = obj.status.ready .. "/" .. obj.status.size .. " node(s) are ready" + return hs + end + + if obj.status.state == "paused" then + hs.status = "Unknown" + hs.message = "Cluster is paused" + return hs + end + + if obj.status.state == "stopping" then + hs.status = "Degraded" + hs.message = "Cluster is stopping (" .. obj.status.ready .. "/" .. obj.status.size .. " node(s) are ready)" + return hs + end + + if obj.status.state == "error" then + hs.status = "Degraded" + hs.message = "Cluster is on error: " .. table.concat(obj.status.messages, ", ") + return hs + end + +end + +hs.status = "Unknown" +hs.message = "Cluster status is unknown. Ensure your ArgoCD is current and then check for/file a bug report: https://github.com/argoproj/argo-cd/issues" +return hs diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health_test.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health_test.yaml new file mode 100644 index 0000000000000..73b9968ff7a4c --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health_test.yaml @@ -0,0 +1,25 @@ +tests: +- healthStatus: + status: Progressing + message: "0/1 node(s) are ready" + inputPath: testdata/initializing.yaml +- healthStatus: + status: Healthy + message: "1/1 node(s) are ready" + inputPath: testdata/ready.yaml +- healthStatus: + status: Unknown + message: "Cluster is paused" + inputPath: testdata/paused.yaml +- healthStatus: + status: Degraded + message: "Cluster is stopping (1/2 node(s) are ready)" + inputPath: testdata/stopping.yaml +- healthStatus: + status: Degraded + message: "Cluster is on error: we lost node" + inputPath: testdata/error.yaml +- healthStatus: + status: Unknown + message: "Cluster status is unknown. Ensure your ArgoCD is current and then check for/file a bug report: https://github.com/argoproj/argo-cd/issues" + inputPath: testdata/unknown.yaml diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/error.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/error.yaml new file mode 100644 index 0000000000000..b6f1884be0819 --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/error.yaml @@ -0,0 +1,24 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 2 + status: error + version: 8.0.21-12.1 + ready: 1 + size: 2 + state: error + messages: + - we lost node diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/initializing.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/initializing.yaml new file mode 100644 index 0000000000000..11f3ff046543e --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/initializing.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 0 + size: 1 + status: initializing + version: 8.0.21-12.1 + ready: 0 + size: 1 + state: initializing diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/paused.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/paused.yaml new file mode 100644 index 0000000000000..46440a23df7e2 --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/paused.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 1 + status: paused + version: 8.0.21-12.1 + ready: 1 + size: 1 + state: paused diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/ready.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/ready.yaml new file mode 100644 index 0000000000000..bd7d82a2a08fe --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/ready.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 1 + status: ready + version: 8.0.21-12.1 + ready: 1 + size: 1 + state: ready diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/stopping.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/stopping.yaml new file mode 100644 index 0000000000000..f527445c506a0 --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/stopping.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 2 + status: stopping + version: 8.0.21-12.1 + ready: 1 + size: 2 + state: stopping diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/unknown.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/unknown.yaml new file mode 100644 index 0000000000000..c12b04682b18e --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/unknown.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 1 + status: dontknow + version: 8.0.21-12.1 + ready: 1 + size: 1 + state: dontknow diff --git a/resource_customizations/serving.kserve.io/InferenceService/health.lua b/resource_customizations/serving.kserve.io/InferenceService/health.lua new file mode 100644 index 0000000000000..e256bfccd36c1 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/health.lua @@ -0,0 +1,40 @@ +health_status = {} +health_status.status = "Progressing" +health_status.message = "Waiting for status update." +if obj.status ~= nil and obj.status.conditions ~= nil then + status_true = 0 + status_false = 0 + status_unknown = 0 + health_status.message = "" + for i, condition in pairs(obj.status.conditions) do + if condition.status == "True" and (condition.type == "IngressReady" or condition.type == "PredictorConfigurationReady" or condition.type == "PredictorReady" or condition.type == "PredictorRouteReady" or condition.type == "Ready") then + status_true = status_true + 1 + elseif condition.status == "False" or condition.status == "Unknown" then + msg = condition.type .. " is " .. condition.status + if condition.reason ~= nil and condition.reason ~= "" then + msg = msg .. ", since " .. condition.reason .. "." + end + if condition.message ~= nil and condition.message ~= "" then + msg = msg .. " " .. condition.message + end + health_status.message = health_status.message .. msg .. "\n" + if condition.status == "False" then + status_false = status_false + 1 + else + status_unknown = status_unknown + 1 + end + end + end + if status_true == 5 and status_false == 0 and status_unknown == 0 then + health_status.message = "Inference Service is healthy." + health_status.status = "Healthy" + return health_status + elseif status_false > 0 then + health_status.status = "Degraded" + return health_status + else + health_status.status = "Progressing" + return health_status + end +end +return health_status \ No newline at end of file diff --git a/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml b/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml new file mode 100644 index 0000000000000..e8f32bd51f798 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Progressing + message: "PredictorConfigurationReady is Unknown\nPredictorReady is Unknown, since RevisionMissing. Configuration \"hello-world-predictor-default\" is waiting for a Revision to become ready.\nPredictorRouteReady is Unknown, since RevisionMissing. Configuration \"hello-world-predictor-default\" is waiting for a Revision to become ready.\nReady is Unknown, since RevisionMissing. Configuration \"hello-world-predictor-default\" is waiting for a Revision to become ready.\n" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Degraded + message: "IngressReady is False, since Predictor ingress not created.\nPredictorConfigurationReady is False, since RevisionFailed. Revision \"helloworld-00002\" failed with message: Container failed with: container exited with no error.\nPredictorReady is False, since RevisionFailed. Revision \"helloworld-00002\" failed with message: Container failed with: container exited with no error.\nReady is False, since Predictor ingress not created.\n" + inputPath: testdata/degraded.yaml +- healthStatus: + status: Healthy + message: Inference Service is healthy. + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded.yaml new file mode 100644 index 0000000000000..0cd337860c670 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded.yaml @@ -0,0 +1,30 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: "2022-06-14T03:45:38Z" + reason: Predictor ingress not created + status: "False" + type: IngressReady + - lastTransitionTime: "2022-06-14T03:45:38Z" + message: 'Revision "helloworld-00002" failed with message: Container failed with: container exited with no error.' + reason: RevisionFailed + status: "False" + type: PredictorConfigurationReady + - lastTransitionTime: "2022-06-14T03:45:38Z" + message: 'Revision "helloworld-00002" failed with message: Container failed with: container exited with no error.' + reason: RevisionFailed + status: "False" + type: PredictorReady + - lastTransitionTime: "2022-06-14T03:45:38Z" + severity: Info + status: "True" + type: PredictorRouteReady + - lastTransitionTime: "2022-06-14T03:45:38Z" + reason: Predictor ingress not created + status: "False" + type: Ready diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy.yaml new file mode 100644 index 0000000000000..3c28c61d48602 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy.yaml @@ -0,0 +1,25 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: "2023-06-20T22:44:51Z" + status: "True" + type: IngressReady + - lastTransitionTime: "2023-06-20T22:44:50Z" + severity: Info + status: "True" + type: PredictorConfigurationReady + - lastTransitionTime: "2023-06-20T22:44:51Z" + status: "True" + type: PredictorReady + - lastTransitionTime: "2023-06-20T22:44:51Z" + severity: Info + status: "True" + type: PredictorRouteReady + - lastTransitionTime: "2023-06-20T22:44:51Z" + status: "True" + type: Ready diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing.yaml new file mode 100644 index 0000000000000..fab0a57b61f23 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing.yaml @@ -0,0 +1,28 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: "2023-06-21T22:25:58Z" + severity: Info + status: Unknown + type: PredictorConfigurationReady + - lastTransitionTime: "2023-06-21T22:25:58Z" + message: 'Configuration "hello-world-predictor-default" is waiting for a Revision to become ready.' + reason: RevisionMissing + status: Unknown + type: PredictorReady + - lastTransitionTime: "2023-06-21T22:25:58Z" + message: 'Configuration "hello-world-predictor-default" is waiting for a Revision to become ready.' + reason: RevisionMissing + severity: Info + status: Unknown + type: PredictorRouteReady + - lastTransitionTime: "2023-06-21T22:25:58Z" + message: 'Configuration "hello-world-predictor-default" is waiting for a Revision to become ready.' + reason: RevisionMissing + status: Unknown + type: Ready diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health.lua b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health.lua new file mode 100644 index 0000000000000..aa10e766dac18 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health.lua @@ -0,0 +1,18 @@ +hs = {} + +if obj.status ~= nil and obj.status.readyToUse then + hs.status = "Healthy" + hs.message = "Ready to use" + return hs +end + +if obj.status ~= nil and obj.status.error ~= nil then + hs.status = "Degraded" + hs.message = obj.status.error.message + return hs +end + +hs.status = "Progressing" +hs.message = "Waiting for status" + +return hs diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health_test.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health_test.yaml new file mode 100644 index 0000000000000..7914d4acdd3d8 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health_test.yaml @@ -0,0 +1,14 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for status" + inputPath: testdata/initializing.yaml +- healthStatus: + status: Healthy + message: "Ready to use" + inputPath: testdata/good.yaml +- healthStatus: + status: Degraded + message: "VolumeSnapshotContent is dynamically provisioned while expecting a pre-provisioned one" + inputPath: testdata/bad.yaml + diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/bad.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/bad.yaml new file mode 100644 index 0000000000000..2d7447f1334e7 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/bad.yaml @@ -0,0 +1,14 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: data-04-06-2023 +spec: + source: + volumeSnapshotContentName: data-04-06-2023 +status: + error: + message: >- + VolumeSnapshotContent is dynamically provisioned while expecting a + pre-provisioned one + time: '2023-06-05T14:51:25Z' + readyToUse: false diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/good.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/good.yaml new file mode 100644 index 0000000000000..b8a82eff5b45c --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/good.yaml @@ -0,0 +1,15 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + finalizers: + - snapshot.storage.kubernetes.io/volumesnapshot-as-source-protection + - snapshot.storage.kubernetes.io/volumesnapshot-bound-protection +status: + boundVolumeSnapshotContentName: snapcontent-7db10be0-424c-4ed2-9dfe-6c2120eae05b + creationTime: '2023-06-04T19:13:20Z' + readyToUse: true + restoreSize: 1Ti +spec: + source: + persistentVolumeClaimName: mask-data-process-trcxk-mysql-data + volumeSnapshotClassName: azure-tools diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/initializing.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/initializing.yaml new file mode 100644 index 0000000000000..3df029d9a46cf --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/initializing.yaml @@ -0,0 +1,7 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: data-04-06-2023 +spec: + driver: disk.csi.azure.com +status: {} diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health.lua b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health.lua new file mode 100644 index 0000000000000..aa10e766dac18 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health.lua @@ -0,0 +1,18 @@ +hs = {} + +if obj.status ~= nil and obj.status.readyToUse then + hs.status = "Healthy" + hs.message = "Ready to use" + return hs +end + +if obj.status ~= nil and obj.status.error ~= nil then + hs.status = "Degraded" + hs.message = obj.status.error.message + return hs +end + +hs.status = "Progressing" +hs.message = "Waiting for status" + +return hs diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health_test.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health_test.yaml new file mode 100644 index 0000000000000..6cc455afabe0a --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for status" + inputPath: testdata/initializing.yaml +- healthStatus: + status: Healthy + message: "Ready to use" + inputPath: testdata/good.yaml +- healthStatus: + status: Degraded + message: "Failed to check and update snapshot content" + inputPath: testdata/bad.yaml diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/bad.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/bad.yaml new file mode 100644 index 0000000000000..d8d3d3d7b5ff0 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/bad.yaml @@ -0,0 +1,12 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotContent +metadata: + name: data-04-06-2023 +spec: + driver: disk.csi.azure.com +status: + error: + message: >- + Failed to check and update snapshot content + time: '2023-06-05T15:44:50Z' + readyToUse: false diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/good.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/good.yaml new file mode 100644 index 0000000000000..56166bec0c859 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/good.yaml @@ -0,0 +1,20 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotContent +metadata: + creationTimestamp: '2023-06-04T19:13:19Z' + finalizers: + - snapshot.storage.kubernetes.io/volumesnapshotcontent-bound-protection +status: + creationTime: 1685906000388294100 + readyToUse: true + restoreSize: 1099511627776 + snapshotHandle: >- + /subscriptions/XXXXXX +spec: + driver: disk.csi.azure.com + source: + volumeHandle: >- + /subscriptions/XXXXXX + volumeSnapshotClassName: azure-tools + volumeSnapshotRef: + apiVersion: snapshot.storage.k8s.io/v1 diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/initializing.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/initializing.yaml new file mode 100644 index 0000000000000..8558cf3e44966 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/initializing.yaml @@ -0,0 +1,7 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotContent +metadata: + name: data-04-06-2023 +spec: + driver: disk.csi.azure.com +status: {} diff --git a/server/application/application.go b/server/application/application.go index 47525c9aed391..0a82be5f2f35c 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -28,6 +28,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/kubernetes" @@ -402,10 +403,6 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan return fmt.Errorf("error getting app instance label key from settings: %w", err) } - plugins, err := s.plugins() - if err != nil { - return fmt.Errorf("error getting plugins: %w", err) - } config, err := s.getApplicationClusterConfig(ctx, a) if err != nil { return fmt.Errorf("error getting application cluster config: %w", err) @@ -421,6 +418,11 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan return fmt.Errorf("error getting API resources: %w", err) } + proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) + if err != nil { + return fmt.Errorf("error getting app project: %w", err) + } + manifestInfo, err = client.GenerateManifest(ctx, &apiclient.ManifestRequest{ Repo: repo, Revision: revision, @@ -429,7 +431,6 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan Namespace: a.Spec.Destination.Namespace, ApplicationSource: &source, Repos: helmRepos, - Plugins: plugins, KustomizeOptions: kustomizeOptions, KubeVersion: serverVersion, ApiVersions: argo.APIResourcesToStrings(apiResources, true), @@ -437,6 +438,8 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return fmt.Errorf("error generating manifests: %w", err) @@ -496,10 +499,6 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get return fmt.Errorf("error getting app instance label key from settings: %w", err) } - plugins, err := s.plugins() - if err != nil { - return fmt.Errorf("error getting plugins: %w", err) - } config, err := s.getApplicationClusterConfig(ctx, a) if err != nil { return fmt.Errorf("error getting application cluster config: %w", err) @@ -516,6 +515,12 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get } source := a.Spec.GetSource() + + proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) + if err != nil { + return fmt.Errorf("error getting app project: %w", err) + } + req := &apiclient.ManifestRequest{ Repo: repo, Revision: source.TargetRevision, @@ -524,7 +529,6 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get Namespace: a.Spec.Destination.Namespace, ApplicationSource: &source, Repos: helmRepos, - Plugins: plugins, KustomizeOptions: kustomizeOptions, KubeVersion: serverVersion, ApiVersions: argo.APIResourcesToStrings(apiResources, true), @@ -532,6 +536,8 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, } repoStreamClient, err := client.GenerateManifestWithFiles(stream.Context()) @@ -1096,19 +1102,16 @@ func (s *Server) validateAndNormalizeApp(ctx context.Context, app *appv1.Applica return err } } - plugins, err := s.plugins() - if err != nil { - return fmt.Errorf("error getting plugins: %w", err) - } if err := argo.ValidateDestination(ctx, &app.Spec.Destination, s.db); err != nil { return status.Errorf(codes.InvalidArgument, "application destination spec for %s is invalid: %s", app.Name, err.Error()) } var conditions []appv1.ApplicationCondition + if validate { conditions := make([]appv1.ApplicationCondition, 0) - condition, err := argo.ValidateRepo(ctx, app, s.repoClientset, s.db, plugins, s.kubectl, proj, s.settingsMgr) + condition, err := argo.ValidateRepo(ctx, app, s.repoClientset, s.db, s.kubectl, proj, s.settingsMgr) if err != nil { return fmt.Errorf("error validating the repo: %w", err) } @@ -2066,6 +2069,7 @@ func (s *Server) getUnstructuredLiveResourceOrApp(ctx context.Context, rbacReque return nil, nil, nil, nil, err } obj, err = s.kubectl.GetResource(ctx, config, res.GroupKindVersion(), res.Name, res.Namespace) + } if err != nil { return nil, nil, nil, nil, fmt.Errorf("error getting resource: %w", err) @@ -2109,6 +2113,11 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA return nil, err } + liveObjBytes, err := json.Marshal(liveObj) + if err != nil { + return nil, fmt.Errorf("error marshaling live object: %w", err) + } + resourceOverrides, err := s.settingsMgr.GetResourceOverrides() if err != nil { return nil, fmt.Errorf("error getting resource overrides: %w", err) @@ -2122,21 +2131,80 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA return nil, fmt.Errorf("error getting Lua resource action: %w", err) } - newObj, err := luaVM.ExecuteResourceAction(liveObj, action.ActionLua) + newObjects, err := luaVM.ExecuteResourceAction(liveObj, action.ActionLua) if err != nil { return nil, fmt.Errorf("error executing Lua resource action: %w", err) } - newObjBytes, err := json.Marshal(newObj) - if err != nil { - return nil, fmt.Errorf("error marshaling new object: %w", err) + var app *appv1.Application + // Only bother getting the app if we know we're going to need it for a resource permission check. + if len(newObjects) > 0 { + // No need for an RBAC check, we checked above that the user is allowed to run this action. + app, err = s.appLister.Applications(s.appNamespaceOrDefault(q.GetAppNamespace())).Get(q.GetName()) + if err != nil { + return nil, err + } } - liveObjBytes, err := json.Marshal(liveObj) - if err != nil { - return nil, fmt.Errorf("error marshaling live object: %w", err) + // First, make sure all the returned resources are permitted, for each operation. + // Also perform create with dry-runs for all create-operation resources. + // This is performed separately to reduce the risk of only some of the resources being successfully created later. + // TODO: when apply/delete operations would be supported for custom actions, + // the dry-run for relevant apply/delete operation would have to be invoked as well. + for _, impactedResource := range newObjects { + newObj := impactedResource.UnstructuredObj + err := s.verifyResourcePermitted(ctx, app, newObj) + if err != nil { + return nil, err + } + switch impactedResource.K8SOperation { + case lua.CreateOperation: + createOptions := metav1.CreateOptions{DryRun: []string{"All"}} + _, err := s.kubectl.CreateResource(ctx, config, newObj.GroupVersionKind(), newObj.GetName(), newObj.GetNamespace(), newObj, createOptions) + if err != nil { + return nil, err + } + } + } + + // Now, perform the actual operations. + // The creation itself is not transactional. + // TODO: maybe create a k8s list representation of the resources, + // and invoke create on this list resource to make it semi-transactional (there is still patch operation that is separate, + // thus can fail separately from create). + for _, impactedResource := range newObjects { + newObj := impactedResource.UnstructuredObj + newObjBytes, err := json.Marshal(newObj) + + if err != nil { + return nil, fmt.Errorf("error marshaling new object: %w", err) + } + + switch impactedResource.K8SOperation { + // No default case since a not supported operation would have failed upon unmarshaling earlier + case lua.PatchOperation: + _, err := s.patchResource(ctx, config, liveObjBytes, newObjBytes, newObj) + if err != nil { + return nil, err + } + case lua.CreateOperation: + _, err := s.createResource(ctx, config, newObj) + if err != nil { + return nil, err + } + } } + if res == nil { + s.logAppEvent(a, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s", q.GetAction())) + } else { + s.logAppEvent(a, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s on resource %s/%s/%s", q.GetAction(), res.Group, res.Kind, res.Name)) + s.logResourceEvent(res, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s", q.GetAction())) + } + return &application.ApplicationResponse{}, nil +} + +func (s *Server) patchResource(ctx context.Context, config *rest.Config, liveObjBytes, newObjBytes []byte, newObj *unstructured.Unstructured) (*application.ApplicationResponse, error) { diffBytes, err := jsonpatch.CreateMergePatch(liveObjBytes, newObjBytes) if err != nil { return nil, fmt.Errorf("error calculating merge patch: %w", err) @@ -2176,12 +2244,38 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA return nil, fmt.Errorf("error patching resource: %w", err) } } + return &application.ApplicationResponse{}, nil +} - if res == nil { - s.logAppEvent(a, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s", q.GetAction())) - } else { - s.logAppEvent(a, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s on resource %s/%s/%s", q.GetAction(), res.Group, res.Kind, res.Name)) - s.logResourceEvent(res, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s", q.GetAction())) +func (s *Server) verifyResourcePermitted(ctx context.Context, app *appv1.Application, obj *unstructured.Unstructured) error { + proj, err := argo.GetAppProject(app, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) + if err != nil { + if apierr.IsNotFound(err) { + return fmt.Errorf("application references project %s which does not exist", app.Spec.Project) + } + return fmt.Errorf("failed to get project %s: %w", app.Spec.Project, err) + } + permitted, err := proj.IsResourcePermitted(schema.GroupKind{Group: obj.GroupVersionKind().Group, Kind: obj.GroupVersionKind().Kind}, obj.GetNamespace(), app.Spec.Destination, func(project string) ([]*appv1.Cluster, error) { + clusters, err := s.db.GetProjectClusters(context.TODO(), project) + if err != nil { + return nil, fmt.Errorf("failed to get project clusters: %w", err) + } + return clusters, nil + }) + if err != nil { + return fmt.Errorf("error checking resource permissions: %w", err) + } + if !permitted { + return fmt.Errorf("application %s is not permitted to manage %s/%s/%s in %s", app.RBACName(s.ns), obj.GroupVersionKind().Group, obj.GroupVersionKind().Kind, obj.GetName(), obj.GetNamespace()) + } + + return nil +} + +func (s *Server) createResource(ctx context.Context, config *rest.Config, newObj *unstructured.Unstructured) (*application.ApplicationResponse, error) { + _, err := s.kubectl.CreateResource(ctx, config, newObj.GroupVersionKind(), newObj.GetName(), newObj.GetNamespace(), newObj, metav1.CreateOptions{}) + if err != nil { + return nil, fmt.Errorf("error creating resource: %w", err) } return &application.ApplicationResponse{}, nil } @@ -2219,19 +2313,6 @@ func splitStatusPatch(patch []byte) ([]byte, []byte, error) { return nonStatusPatch, statusPatch, nil } -func (s *Server) plugins() ([]*appv1.ConfigManagementPlugin, error) { - plugins, err := s.settingsMgr.GetConfigManagementPlugins() - if err != nil { - return nil, fmt.Errorf("error getting config management plugin: %w", err) - } - tools := make([]*appv1.ConfigManagementPlugin, len(plugins)) - for i, p := range plugins { - p := p - tools[i] = &p - } - return tools, nil -} - func (s *Server) GetApplicationSyncWindows(ctx context.Context, q *application.ApplicationSyncWindowsQuery) (*application.ApplicationSyncWindowsResponse, error) { a, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionGet, q.GetAppNamespace(), q.GetName(), "") if err != nil { diff --git a/server/application/application_test.go b/server/application/application_test.go index 37c1761b1af38..2dcefc121dfca 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -23,6 +23,8 @@ import ( "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" k8sappsv1 "k8s.io/api/apps/v1" + k8sbatchv1 "k8s.io/api/batch/v1" + corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -1877,7 +1879,7 @@ func TestLogsGetSelectedPod(t *testing.T) { // refreshAnnotationRemover runs an infinite loop until it detects and removes refresh annotation or given context is done func refreshAnnotationRemover(t *testing.T, ctx context.Context, patched *int32, appServer *Server, appName string, ch chan string) { for ctx.Err() == nil { - aName, appNs := argo.ParseAppQualifiedName(appName, appServer.ns) + aName, appNs := argo.ParseFromQualifiedName(appName, appServer.ns) a, err := appServer.appLister.Applications(appNs).Get(aName) require.NoError(t, err) a = a.DeepCopy() @@ -2000,3 +2002,203 @@ func TestInferResourcesStatusHealth(t *testing.T) { assert.Equal(t, health.HealthStatusDegraded, testApp.Status.Resources[0].Health.Status) assert.Nil(t, testApp.Status.Resources[1].Health) } + +func TestRunNewStyleResourceAction(t *testing.T) { + cacheClient := cacheutil.NewCache(cacheutil.NewInMemoryCache(1 * time.Hour)) + + group := "batch" + kind := "CronJob" + version := "v1" + resourceName := "my-cron-job" + namespace := testNamespace + action := "create-job" + uid := "1" + + resources := []appsv1.ResourceStatus{{ + Group: group, + Kind: kind, + Name: resourceName, + Namespace: testNamespace, + Version: version, + }} + + appStateCache := appstate.NewCache(cacheClient, time.Minute) + + nodes := []appsv1.ResourceNode{{ + ResourceRef: appsv1.ResourceRef{ + Group: group, + Kind: kind, + Version: version, + Name: resourceName, + Namespace: testNamespace, + UID: uid, + }, + }} + + createJobDenyingProj := &appsv1.AppProject{ + ObjectMeta: metav1.ObjectMeta{Name: "createJobDenyingProj", Namespace: "default"}, + Spec: appsv1.AppProjectSpec{ + SourceRepos: []string{"*"}, + Destinations: []appsv1.ApplicationDestination{{Server: "*", Namespace: "*"}}, + NamespaceResourceWhitelist: []metav1.GroupKind{{Group: "never", Kind: "mind"}}, + }, + } + + cronJob := k8sbatchv1.CronJob{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "batch/v1", + Kind: "CronJob", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cron-job", + Namespace: testNamespace, + Labels: map[string]string{ + "some": "label", + }, + }, + Spec: k8sbatchv1.CronJobSpec{ + Schedule: "* * * * *", + JobTemplate: k8sbatchv1.JobTemplateSpec{ + Spec: k8sbatchv1.JobSpec{ + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "hello", + Image: "busybox:1.28", + ImagePullPolicy: "IfNotPresent", + Command: []string{"/bin/sh", "-c", "date; echo Hello from the Kubernetes cluster"}, + }, + }, + RestartPolicy: corev1.RestartPolicyOnFailure, + }, + }, + }, + }, + }, + } + + t.Run("CreateOperationNotPermitted", func(t *testing.T) { + testApp := newTestApp() + testApp.Spec.Project = "createJobDenyingProj" + testApp.Status.ResourceHealthSource = appsv1.ResourceHealthLocationAppTree + testApp.Status.Resources = resources + + appServer := newTestAppServer(t, testApp, createJobDenyingProj, kube.MustToUnstructured(&cronJob)) + appServer.cache = servercache.NewCache(appStateCache, time.Minute, time.Minute, time.Minute) + + err := appStateCache.SetAppResourcesTree(testApp.Name, &appsv1.ApplicationTree{Nodes: nodes}) + require.NoError(t, err) + + appResponse, runErr := appServer.RunResourceAction(context.Background(), &application.ResourceActionRunRequest{ + Name: &testApp.Name, + Namespace: &namespace, + Action: &action, + AppNamespace: &testApp.Namespace, + ResourceName: &resourceName, + Version: &version, + Group: &group, + Kind: &kind, + }) + + assert.Contains(t, runErr.Error(), "is not permitted to manage") + assert.Nil(t, appResponse) + }) + + t.Run("CreateOperationPermitted", func(t *testing.T) { + testApp := newTestApp() + testApp.Status.ResourceHealthSource = appsv1.ResourceHealthLocationAppTree + testApp.Status.Resources = resources + + appServer := newTestAppServer(t, testApp, kube.MustToUnstructured(&cronJob)) + appServer.cache = servercache.NewCache(appStateCache, time.Minute, time.Minute, time.Minute) + + err := appStateCache.SetAppResourcesTree(testApp.Name, &appsv1.ApplicationTree{Nodes: nodes}) + require.NoError(t, err) + + appResponse, runErr := appServer.RunResourceAction(context.Background(), &application.ResourceActionRunRequest{ + Name: &testApp.Name, + Namespace: &namespace, + Action: &action, + AppNamespace: &testApp.Namespace, + ResourceName: &resourceName, + Version: &version, + Group: &group, + Kind: &kind, + }) + + require.NoError(t, runErr) + assert.NotNil(t, appResponse) + }) +} + +func TestRunOldStyleResourceAction(t *testing.T) { + cacheClient := cacheutil.NewCache(cacheutil.NewInMemoryCache(1 * time.Hour)) + + group := "apps" + kind := "Deployment" + version := "v1" + resourceName := "nginx-deploy" + namespace := testNamespace + action := "pause" + uid := "2" + + resources := []appsv1.ResourceStatus{{ + Group: group, + Kind: kind, + Name: resourceName, + Namespace: testNamespace, + Version: version, + }} + + appStateCache := appstate.NewCache(cacheClient, time.Minute) + + nodes := []appsv1.ResourceNode{{ + ResourceRef: appsv1.ResourceRef{ + Group: group, + Kind: kind, + Version: version, + Name: resourceName, + Namespace: testNamespace, + UID: uid, + }, + }} + + deployment := k8sappsv1.Deployment{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apps/v1", + Kind: "Deployment", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "nginx-deploy", + Namespace: testNamespace, + }, + } + + t.Run("DefaultPatchOperation", func(t *testing.T) { + testApp := newTestApp() + testApp.Status.ResourceHealthSource = appsv1.ResourceHealthLocationAppTree + testApp.Status.Resources = resources + + // appServer := newTestAppServer(t, testApp, returnDeployment()) + appServer := newTestAppServer(t, testApp, kube.MustToUnstructured(&deployment)) + appServer.cache = servercache.NewCache(appStateCache, time.Minute, time.Minute, time.Minute) + + err := appStateCache.SetAppResourcesTree(testApp.Name, &appsv1.ApplicationTree{Nodes: nodes}) + require.NoError(t, err) + + appResponse, runErr := appServer.RunResourceAction(context.Background(), &application.ResourceActionRunRequest{ + Name: &testApp.Name, + Namespace: &namespace, + Action: &action, + AppNamespace: &testApp.Namespace, + ResourceName: &resourceName, + Version: &version, + Group: &group, + Kind: &kind, + }) + + require.NoError(t, runErr) + assert.NotNil(t, appResponse) + }) +} diff --git a/server/application/terminal.go b/server/application/terminal.go index 5052e38d92c1c..667ff529ae076 100644 --- a/server/application/terminal.go +++ b/server/application/terminal.go @@ -139,7 +139,7 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { ctx := r.Context() - appRBACName := security.AppRBACName(s.namespace, project, appNamespace, app) + appRBACName := security.RBACName(s.namespace, project, appNamespace, app) if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, appRBACName); err != nil { http.Error(w, err.Error(), http.StatusUnauthorized) return diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go index abe95358c2a3b..26de80530e93b 100644 --- a/server/applicationset/applicationset.go +++ b/server/applicationset/applicationset.go @@ -30,23 +30,25 @@ import ( "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/rbac" + "github.com/argoproj/argo-cd/v2/util/security" "github.com/argoproj/argo-cd/v2/util/session" "github.com/argoproj/argo-cd/v2/util/settings" ) type Server struct { - ns string - db db.ArgoDB - enf *rbac.Enforcer - cache *servercache.Cache - appclientset appclientset.Interface - appLister applisters.ApplicationLister - appsetInformer cache.SharedIndexInformer - appsetLister applisters.ApplicationSetNamespaceLister - projLister applisters.AppProjectNamespaceLister - auditLogger *argo.AuditLogger - settings *settings.SettingsManager - projectLock sync.KeyLock + ns string + db db.ArgoDB + enf *rbac.Enforcer + cache *servercache.Cache + appclientset appclientset.Interface + appLister applisters.ApplicationLister + appsetInformer cache.SharedIndexInformer + appsetLister applisters.ApplicationSetNamespaceLister + projLister applisters.AppProjectNamespaceLister + auditLogger *argo.AuditLogger + settings *settings.SettingsManager + projectLock sync.KeyLock + enabledNamespaces []string } // NewServer returns a new instance of the ApplicationSet service @@ -63,31 +65,40 @@ func NewServer( settings *settings.SettingsManager, namespace string, projectLock sync.KeyLock, + enabledNamespaces []string, ) applicationset.ApplicationSetServiceServer { s := &Server{ - ns: namespace, - cache: cache, - db: db, - enf: enf, - appclientset: appclientset, - appLister: appLister, - appsetInformer: appsetInformer, - appsetLister: appsetLister, - projLister: projLister, - settings: settings, - projectLock: projectLock, - auditLogger: argo.NewAuditLogger(namespace, kubeclientset, "argocd-server"), + ns: namespace, + cache: cache, + db: db, + enf: enf, + appclientset: appclientset, + appLister: appLister, + appsetInformer: appsetInformer, + appsetLister: appsetLister, + projLister: projLister, + settings: settings, + projectLock: projectLock, + auditLogger: argo.NewAuditLogger(namespace, kubeclientset, "argocd-server"), + enabledNamespaces: enabledNamespaces, } return s } func (s *Server) Get(ctx context.Context, q *applicationset.ApplicationSetGetQuery) (*v1alpha1.ApplicationSet, error) { - a, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(s.ns).Get(ctx, q.GetName(), metav1.GetOptions{}) + + namespace := s.appsetNamespaceOrDefault(q.AppsetNamespace) + + if !s.isNamespaceEnabled(namespace) { + return nil, security.NamespaceNotPermittedError(namespace) + } + + a, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(namespace).Get(ctx, q.Name, metav1.GetOptions{}) if err != nil { return nil, fmt.Errorf("error getting ApplicationSet: %w", err) } - if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName()); err != nil { + if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName(s.ns)); err != nil { return nil, err } @@ -96,20 +107,27 @@ func (s *Server) Get(ctx context.Context, q *applicationset.ApplicationSetGetQue // List returns list of ApplicationSets func (s *Server) List(ctx context.Context, q *applicationset.ApplicationSetListQuery) (*v1alpha1.ApplicationSetList, error) { - labelsMap, err := labels.ConvertSelectorToLabelsMap(q.GetSelector()) + selector, err := labels.Parse(q.GetSelector()) if err != nil { - return nil, fmt.Errorf("error converting selector to labels map: %w", err) + return nil, fmt.Errorf("error parsing the selector: %w", err) } - appIf := s.appclientset.ArgoprojV1alpha1().ApplicationSets(s.ns) - appsetList, err := appIf.List(ctx, metav1.ListOptions{LabelSelector: labelsMap.AsSelector().String()}) + appIf := s.appclientset.ArgoprojV1alpha1().ApplicationSets(q.AppsetNamespace) + appsetList, err := appIf.List(ctx, metav1.ListOptions{LabelSelector: selector.String()}) if err != nil { return nil, fmt.Errorf("error listing ApplicationSets with selectors: %w", err) } newItems := make([]v1alpha1.ApplicationSet, 0) for _, a := range appsetList.Items { - if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName()) { + + // Skip any application that is neither in the conrol plane's namespace + // nor in the list of enabled namespaces. + if !security.IsNamespaceEnabled(a.Namespace, s.ns, s.enabledNamespaces) { + continue + } + + if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName(s.ns)) { newItems = append(newItems, a) } } @@ -143,6 +161,12 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre return nil, fmt.Errorf("error validating ApplicationSets: %w", err) } + namespace := s.appsetNamespaceOrDefault(appset.Namespace) + + if !s.isNamespaceEnabled(namespace) { + return nil, security.NamespaceNotPermittedError(namespace) + } + if err := s.checkCreatePermissions(ctx, appset, projectName); err != nil { return nil, fmt.Errorf("error checking create permissions for ApplicationSets %s : %s", appset.Name, err) } @@ -150,7 +174,7 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre s.projectLock.RLock(projectName) defer s.projectLock.RUnlock(projectName) - created, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(s.ns).Create(ctx, appset, metav1.CreateOptions{}) + created, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(namespace).Create(ctx, appset, metav1.CreateOptions{}) if err == nil { s.logAppSetEvent(created, ctx, argo.EventReasonResourceCreated, "created ApplicationSet") s.waitSync(created) @@ -180,7 +204,7 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre if !q.Upsert { return nil, status.Errorf(codes.InvalidArgument, "existing ApplicationSet spec is different, use upsert flag to force update") } - if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, appset.RBACName()); err != nil { + if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, appset.RBACName(s.ns)); err != nil { return nil, err } updated, err := s.updateAppSet(existing, appset, ctx, true) @@ -208,11 +232,11 @@ func (s *Server) updateAppSet(appset *v1alpha1.ApplicationSet, newAppset *v1alph if appset != nil && appset.Spec.Template.Spec.Project != newAppset.Spec.Template.Spec.Project { // When changing projects, caller must have applicationset create and update privileges in new project // NOTE: the update check was already verified in the caller to this function - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, newAppset.RBACName()); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, newAppset.RBACName(s.ns)); err != nil { return nil, err } // They also need 'update' privileges in the old project - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, appset.RBACName()); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, appset.RBACName(s.ns)); err != nil { return nil, err } } @@ -247,19 +271,21 @@ func (s *Server) updateAppSet(appset *v1alpha1.ApplicationSet, newAppset *v1alph func (s *Server) Delete(ctx context.Context, q *applicationset.ApplicationSetDeleteRequest) (*applicationset.ApplicationSetResponse, error) { - appset, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(s.ns).Get(ctx, q.Name, metav1.GetOptions{}) + namespace := s.appsetNamespaceOrDefault(q.AppsetNamespace) + + appset, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(namespace).Get(ctx, q.Name, metav1.GetOptions{}) if err != nil { return nil, fmt.Errorf("error getting ApplicationSets: %w", err) } - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionDelete, appset.RBACName()); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionDelete, appset.RBACName(s.ns)); err != nil { return nil, err } s.projectLock.RLock(appset.Spec.Template.Spec.Project) defer s.projectLock.RUnlock(appset.Spec.Template.Spec.Project) - err = s.appclientset.ArgoprojV1alpha1().ApplicationSets(s.ns).Delete(ctx, q.Name, metav1.DeleteOptions{}) + err = s.appclientset.ArgoprojV1alpha1().ApplicationSets(namespace).Delete(ctx, q.Name, metav1.DeleteOptions{}) if err != nil { return nil, fmt.Errorf("error deleting ApplicationSets: %w", err) } @@ -288,7 +314,7 @@ func (s *Server) validateAppSet(ctx context.Context, appset *v1alpha1.Applicatio func (s *Server) checkCreatePermissions(ctx context.Context, appset *v1alpha1.ApplicationSet, projectName string) error { - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, appset.RBACName()); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, appset.RBACName(s.ns)); err != nil { return err } @@ -345,3 +371,15 @@ func (s *Server) logAppSetEvent(a *v1alpha1.ApplicationSet, ctx context.Context, message := fmt.Sprintf("%s %s", user, action) s.auditLogger.LogAppSetEvent(a, eventInfo, message, user) } + +func (s *Server) appsetNamespaceOrDefault(appNs string) string { + if appNs == "" { + return s.ns + } else { + return appNs + } +} + +func (s *Server) isNamespaceEnabled(namespace string) bool { + return security.IsNamespaceEnabled(namespace, s.ns, s.enabledNamespaces) +} diff --git a/server/applicationset/applicationset.proto b/server/applicationset/applicationset.proto index 8f6d09cf2b75b..2a857d41a00ce 100644 --- a/server/applicationset/applicationset.proto +++ b/server/applicationset/applicationset.proto @@ -14,6 +14,8 @@ import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1/generated.p message ApplicationSetGetQuery { // the applicationsets's name string name = 1; + // The application set namespace. Default empty is argocd control plane namespace + string appsetNamespace = 2; } message ApplicationSetListQuery { @@ -21,6 +23,8 @@ message ApplicationSetListQuery { repeated string projects = 1; // the selector to restrict returned list to applications only with matched labels string selector = 2; + // The application set namespace. Default empty is argocd control plane namespace + string appsetNamespace = 3; } @@ -38,6 +42,8 @@ message ApplicationSetCreateRequest { message ApplicationSetDeleteRequest { string name = 1; + // The application set namespace. Default empty is argocd control plane namespace + string appsetNamespace = 2; } diff --git a/server/applicationset/applicationset_test.go b/server/applicationset/applicationset_test.go new file mode 100644 index 0000000000000..aef61f289d494 --- /dev/null +++ b/server/applicationset/applicationset_test.go @@ -0,0 +1,434 @@ +package applicationset + +import ( + "context" + "testing" + + "github.com/argoproj/pkg/sync" + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes/fake" + k8scache "k8s.io/client-go/tools/cache" + + "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apiclient/applicationset" + appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + apps "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" + appinformer "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions" + "github.com/argoproj/argo-cd/v2/server/rbacpolicy" + "github.com/argoproj/argo-cd/v2/util/assets" + "github.com/argoproj/argo-cd/v2/util/db" + "github.com/argoproj/argo-cd/v2/util/errors" + "github.com/argoproj/argo-cd/v2/util/rbac" + "github.com/argoproj/argo-cd/v2/util/settings" +) + +const ( + testNamespace = "default" + fakeRepoURL = "https://git.com/repo.git" +) + +func fakeRepo() *appsv1.Repository { + return &appsv1.Repository{ + Repo: fakeRepoURL, + } +} + +func fakeCluster() *appsv1.Cluster { + return &appsv1.Cluster{ + Server: "https://cluster-api.com", + Name: "fake-cluster", + Config: appsv1.ClusterConfig{}, + } +} + +// return an ApplicationServiceServer which returns fake data +func newTestAppSetServer(objects ...runtime.Object) *Server { + f := func(enf *rbac.Enforcer) { + _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) + enf.SetDefaultRole("role:admin") + } + return newTestAppSetServerWithEnforcerConfigure(f, objects...) +} + +func newTestAppSetServerWithEnforcerConfigure(f func(*rbac.Enforcer), objects ...runtime.Object) *Server { + kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: testNamespace, + Name: "argocd-cm", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + }, &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: testNamespace, + }, + Data: map[string][]byte{ + "admin.password": []byte("test"), + "server.secretkey": []byte("test"), + }, + }) + ctx := context.Background() + db := db.NewDB(testNamespace, settings.NewSettingsManager(ctx, kubeclientset, testNamespace), kubeclientset) + _, err := db.CreateRepository(ctx, fakeRepo()) + errors.CheckError(err) + _, err = db.CreateCluster(ctx, fakeCluster()) + errors.CheckError(err) + + defaultProj := &appsv1.AppProject{ + ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "default"}, + Spec: appsv1.AppProjectSpec{ + SourceRepos: []string{"*"}, + Destinations: []appsv1.ApplicationDestination{{Server: "*", Namespace: "*"}}, + }, + } + myProj := &appsv1.AppProject{ + ObjectMeta: metav1.ObjectMeta{Name: "my-proj", Namespace: "default"}, + Spec: appsv1.AppProjectSpec{ + SourceRepos: []string{"*"}, + Destinations: []appsv1.ApplicationDestination{{Server: "*", Namespace: "*"}}, + }, + } + + objects = append(objects, defaultProj, myProj) + + fakeAppsClientset := apps.NewSimpleClientset(objects...) + factory := appinformer.NewSharedInformerFactoryWithOptions(fakeAppsClientset, 0, appinformer.WithNamespace(""), appinformer.WithTweakListOptions(func(options *metav1.ListOptions) {})) + fakeProjLister := factory.Argoproj().V1alpha1().AppProjects().Lister().AppProjects(testNamespace) + + enforcer := rbac.NewEnforcer(kubeclientset, testNamespace, common.ArgoCDRBACConfigMapName, nil) + f(enforcer) + enforcer.SetClaimsEnforcerFunc(rbacpolicy.NewRBACPolicyEnforcer(enforcer, fakeProjLister).EnforceClaims) + + settingsMgr := settings.NewSettingsManager(ctx, kubeclientset, testNamespace) + + // populate the app informer with the fake objects + appInformer := factory.Argoproj().V1alpha1().Applications().Informer() + // TODO(jessesuen): probably should return cancel function so tests can stop background informer + //ctx, cancel := context.WithCancel(context.Background()) + go appInformer.Run(ctx.Done()) + if !k8scache.WaitForCacheSync(ctx.Done(), appInformer.HasSynced) { + panic("Timed out waiting for caches to sync") + } + + projInformer := factory.Argoproj().V1alpha1().AppProjects().Informer() + go projInformer.Run(ctx.Done()) + if !k8scache.WaitForCacheSync(ctx.Done(), projInformer.HasSynced) { + panic("Timed out waiting for caches to sync") + } + + server := NewServer( + db, + kubeclientset, + enforcer, + nil, + fakeAppsClientset, + factory.Argoproj().V1alpha1().Applications().Lister(), + appInformer, + factory.Argoproj().V1alpha1().ApplicationSets().Lister().ApplicationSets(testNamespace), + fakeProjLister, + settingsMgr, + testNamespace, + sync.NewKeyLock(), + []string{testNamespace, "external-namespace"}, + ) + return server.(*Server) +} + +func newTestAppSet(opts ...func(appset *appsv1.ApplicationSet)) *appsv1.ApplicationSet { + appset := appsv1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: testNamespace, + }, + Spec: appsv1.ApplicationSetSpec{ + Template: appsv1.ApplicationSetTemplate{ + Spec: appsv1.ApplicationSpec{ + Project: "default", + }, + }, + }, + } + for i := range opts { + opts[i](&appset) + } + return &appset +} + +func testListAppsetsWithLabels(t *testing.T, appsetQuery applicationset.ApplicationSetListQuery, appServer *Server) { + validTests := []struct { + testName string + label string + expectedResult []string + }{ + {testName: "Equality based filtering using '=' operator", + label: "key1=value1", + expectedResult: []string{"AppSet1"}}, + {testName: "Equality based filtering using '==' operator", + label: "key1==value1", + expectedResult: []string{"AppSet1"}}, + {testName: "Equality based filtering using '!=' operator", + label: "key1!=value1", + expectedResult: []string{"AppSet2", "AppSet3"}}, + {testName: "Set based filtering using 'in' operator", + label: "key1 in (value1, value3)", + expectedResult: []string{"AppSet1", "AppSet3"}}, + {testName: "Set based filtering using 'notin' operator", + label: "key1 notin (value1, value3)", + expectedResult: []string{"AppSet2"}}, + {testName: "Set based filtering using 'exists' operator", + label: "key1", + expectedResult: []string{"AppSet1", "AppSet2", "AppSet3"}}, + {testName: "Set based filtering using 'not exists' operator", + label: "!key2", + expectedResult: []string{"AppSet2", "AppSet3"}}, + } + //test valid scenarios + for _, validTest := range validTests { + t.Run(validTest.testName, func(t *testing.T) { + appsetQuery.Selector = validTest.label + res, err := appServer.List(context.Background(), &appsetQuery) + assert.NoError(t, err) + apps := []string{} + for i := range res.Items { + apps = append(apps, res.Items[i].Name) + } + assert.Equal(t, validTest.expectedResult, apps) + }) + } + + invalidTests := []struct { + testName string + label string + errorMesage string + }{ + {testName: "Set based filtering using '>' operator", + label: "key1>value1", + errorMesage: "error parsing the selector"}, + {testName: "Set based filtering using '<' operator", + label: "key1 0 { maxConcurrentLoginRequestsCount = maxConcurrentLoginRequestsCount / replicasCount } - enableGRPCTimeHistogram = os.Getenv(common.EnvEnableGRPCTimeHistogramEnv) == "true" + enableGRPCTimeHistogram = env.ParseBoolFromEnv(common.EnvEnableGRPCTimeHistogramEnv, false) } // ArgoCDServer is the API server for Argo CD @@ -202,7 +202,9 @@ type ArgoCDServerOpts struct { Insecure bool StaticAssetsDir string ListenPort int + ListenHost string MetricsPort int + MetricsHost string Namespace string DexServerAddr string DexTLSConfig *dex.DexTLSConfig @@ -216,7 +218,6 @@ type ArgoCDServerOpts struct { TLSConfigCustomizer tlsutil.ConfigCustomizer XFrameOptions string ContentSecurityPolicy string - ListenHost string ApplicationNamespaces []string EnableProxyExtension bool } @@ -447,7 +448,7 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) { httpsS.Handler = &bug21955Workaround{handler: httpsS.Handler} } - metricsServ := metrics.NewMetricsServer(a.ListenHost, a.MetricsPort) + metricsServ := metrics.NewMetricsServer(a.MetricsHost, a.MetricsPort) if a.RedisClient != nil { cacheutil.CollectMetrics(a.RedisClient, metricsServ) } @@ -779,7 +780,21 @@ func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { a.projInformer, a.ApplicationNamespaces) - applicationSetService := applicationset.NewServer(a.db, a.KubeClientset, a.enf, a.Cache, a.AppClientset, a.appLister, a.appsetInformer, a.appsetLister, a.projLister, a.settingsMgr, a.Namespace, projectLock) + applicationSetService := applicationset.NewServer( + a.db, + a.KubeClientset, + a.enf, + a.Cache, + a.AppClientset, + a.appLister, + a.appsetInformer, + a.appsetLister, + a.projLister, + a.settingsMgr, + a.Namespace, + projectLock, + a.ApplicationNamespaces) + projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr, a.policyEnforcer, a.projInformer, a.settingsMgr, a.db) appsInAnyNamespaceEnabled := len(a.ArgoCDServerOpts.ApplicationNamespaces) > 0 settingsService := settings.NewServer(a.settingsMgr, a.RepoClientset, a, a.DisableAuth, appsInAnyNamespaceEnabled) diff --git a/server/settings/settings.go b/server/settings/settings.go index 5dfd3597b569e..2f797d552f4ce 100644 --- a/server/settings/settings.go +++ b/server/settings/settings.go @@ -62,10 +62,6 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin if err != nil { return nil, err } - plugins, err := s.plugins(ctx, false) - if err != nil { - return nil, err - } userLoginsDisabled := true accounts, err := s.mgr.GetAccounts() if err != nil { @@ -110,7 +106,6 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin ChatText: help.ChatText, BinaryUrls: help.BinaryURLs, }, - Plugins: plugins, UserLoginsDisabled: userLoginsDisabled, KustomizeVersions: kustomizeVersions, UiCssURL: argoCDSettings.UiCssURL, @@ -121,15 +116,6 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin } if sessionmgr.LoggedIn(ctx) || s.disableAuth { - configManagementPlugins, err := s.mgr.GetConfigManagementPlugins() - if err != nil { - return nil, err - } - tools := make([]*v1alpha1.ConfigManagementPlugin, len(configManagementPlugins)) - for i := range configManagementPlugins { - tools[i] = &configManagementPlugins[i] - } - set.ConfigManagementPlugins = tools set.UiBannerContent = argoCDSettings.UiBannerContent set.UiBannerURL = argoCDSettings.UiBannerURL set.UiBannerPermanent = argoCDSettings.UiBannerPermanent @@ -160,39 +146,29 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin // GetPlugins returns a list of plugins func (s *Server) GetPlugins(ctx context.Context, q *settingspkg.SettingsQuery) (*settingspkg.SettingsPluginsResponse, error) { - plugins, err := s.plugins(ctx, true) + plugins, err := s.plugins(ctx) if err != nil { return nil, err } return &settingspkg.SettingsPluginsResponse{Plugins: plugins}, nil } -func (s *Server) plugins(ctx context.Context, includeV2Plugins bool) ([]*settingspkg.Plugin, error) { - in, err := s.mgr.GetConfigManagementPlugins() +func (s *Server) plugins(ctx context.Context) ([]*settingspkg.Plugin, error) { + closer, client, err := s.repoClient.NewRepoServerClient() if err != nil { - return nil, err - } - var out []*settingspkg.Plugin - for _, p := range in { - out = append(out, &settingspkg.Plugin{Name: p.Name}) + return nil, fmt.Errorf("error creating repo server client: %w", err) } + defer ioutil.Close(closer) - if includeV2Plugins { - closer, client, err := s.repoClient.NewRepoServerClient() - if err != nil { - return nil, fmt.Errorf("error creating repo server client: %w", err) - } - defer ioutil.Close(closer) - - pluginList, err := client.ListPlugins(ctx, &empty.Empty{}) - if err != nil { - return nil, fmt.Errorf("failed to list sidecar plugins from reposerver: %w", err) - } + pluginList, err := client.ListPlugins(ctx, &empty.Empty{}) + if err != nil { + return nil, fmt.Errorf("failed to list sidecar plugins from reposerver: %w", err) + } - if pluginList != nil && len(pluginList.Items) > 0 { - for _, p := range pluginList.Items { - out = append(out, &settingspkg.Plugin{Name: p.Name}) - } + var out []*settingspkg.Plugin + if pluginList != nil && len(pluginList.Items) > 0 { + for _, p := range pluginList.Items { + out = append(out, &settingspkg.Plugin{Name: p.Name}) } } diff --git a/server/settings/settings.proto b/server/settings/settings.proto index 932da5269d2d4..9f95c9433b545 100644 --- a/server/settings/settings.proto +++ b/server/settings/settings.proto @@ -28,6 +28,7 @@ message Settings { Help help = 9; repeated Plugin plugins = 10; bool userLoginsDisabled = 11; + // Deprecated: use sidecar plugins instead. repeated github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConfigManagementPlugin configManagementPlugins = 12; repeated string kustomizeVersions = 13; string uiCssURL = 14; diff --git a/test/container/Dockerfile b/test/container/Dockerfile index a94a35dd31073..373505ee3ef5a 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -5,17 +5,16 @@ FROM docker.io/library/redis:7.0.11@sha256:f50031a49f41e493087fb95f96fdb3523bb25 # architecture, so we create a symlink here to facilitate copying. RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu - # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 as node +FROM docker.io/library/node:20.3.1@sha256:2f0b0c15f97441defa812268ee943bbfaaf666ea6cf7cac62ee3f127906b35c6 as node -FROM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 as golang +FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f as golang FROM docker.io/library/registry:2.8@sha256:41f413c22d6156587e2a51f3e80c09808b8c70e82be149b82b5e0196a88d49b4 as registry -FROM docker.io/bitnami/kubectl:1.26@sha256:90d54ce960bf00b6d06cf1c69075a120d88e9f3237096b237c0a5efcacd5ed0b as kubectl +FROM docker.io/bitnami/kubectl:1.27@sha256:670fe3f50d45c0511bb0f2af018e2fc082ac8cdfaea02dba4e32866296036926 as kubectl -FROM docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f +FROM docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index d33e3166735d7..6bf4cc18312d0 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -50,6 +50,7 @@ const ( guestbookPathLocal = "./testdata/guestbook_local" globalWithNoNameSpace = "global-with-no-namespace" guestbookWithNamespace = "guestbook-with-namespace" + resourceActions = "resource-actions" appLogsRetryCount = 5 ) @@ -270,6 +271,61 @@ func TestSyncToSignedCommitWithKnownKey(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)) } +func TestSyncToSignedBranchWithKnownKey(t *testing.T) { + SkipOnEnv(t, "GPG") + Given(t). + Project("gpg"). + Path(guestbookPath). + Revision("master"). + GPGPublicKeyAdded(). + Sleep(2). + When(). + AddSignedFile("test.yaml", "null"). + IgnoreErrors(). + CreateApp(). + Sync(). + Then(). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(HealthIs(health.HealthStatusHealthy)) +} + +func TestSyncToSignedBranchWithUnknownKey(t *testing.T) { + SkipOnEnv(t, "GPG") + Given(t). + Project("gpg"). + Path(guestbookPath). + Revision("master"). + Sleep(2). + When(). + AddSignedFile("test.yaml", "null"). + IgnoreErrors(). + CreateApp(). + Sync(). + Then(). + Expect(OperationPhaseIs(OperationError)). + Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). + Expect(HealthIs(health.HealthStatusMissing)) +} + +func TestSyncToUnsignedBranch(t *testing.T) { + SkipOnEnv(t, "GPG") + Given(t). + Project("gpg"). + Revision("master"). + Path(guestbookPath). + GPGPublicKeyAdded(). + Sleep(2). + When(). + IgnoreErrors(). + CreateApp(). + Sync(). + Then(). + Expect(OperationPhaseIs(OperationError)). + Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). + Expect(HealthIs(health.HealthStatusMissing)) +} + func TestSyncToSignedTagWithKnownKey(t *testing.T) { SkipOnEnv(t, "GPG") Given(t). @@ -939,7 +995,7 @@ definitions: obj.metadata.labels.sample = 'test' return obj` -func TestResourceAction(t *testing.T) { +func TestOldStyleResourceAction(t *testing.T) { Given(t). Path(guestbookPath). ResourceOverrides(map[string]ResourceOverride{"apps/Deployment": {Actions: actionsConfig}}). @@ -981,6 +1037,224 @@ func TestResourceAction(t *testing.T) { }) } +const newStyleActionsConfig = `discovery.lua: return { sample = {} } +definitions: +- name: sample + action.lua: | + local os = require("os") + + function deepCopy(object) + local lookup_table = {} + local function _copy(obj) + if type(obj) ~= "table" then + return obj + elseif lookup_table[obj] then + return lookup_table[obj] + elseif next(obj) == nil then + return nil + else + local new_table = {} + lookup_table[obj] = new_table + for key, value in pairs(obj) do + new_table[_copy(key)] = _copy(value) + end + return setmetatable(new_table, getmetatable(obj)) + end + end + return _copy(object) + end + + job = {} + job.apiVersion = "batch/v1" + job.kind = "Job" + + job.metadata = {} + job.metadata.name = obj.metadata.name .. "-123" + job.metadata.namespace = obj.metadata.namespace + + ownerRef = {} + ownerRef.apiVersion = obj.apiVersion + ownerRef.kind = obj.kind + ownerRef.name = obj.metadata.name + ownerRef.uid = obj.metadata.uid + job.metadata.ownerReferences = {} + job.metadata.ownerReferences[1] = ownerRef + + job.spec = {} + job.spec.suspend = false + job.spec.template = {} + job.spec.template.spec = deepCopy(obj.spec.jobTemplate.spec.template.spec) + + impactedResource = {} + impactedResource.operation = "create" + impactedResource.resource = job + result = {} + result[1] = impactedResource + + return result` + +func TestNewStyleResourceActionPermitted(t *testing.T) { + Given(t). + Path(resourceActions). + ResourceOverrides(map[string]ResourceOverride{"batch/CronJob": {Actions: newStyleActionsConfig}}). + ProjectSpec(AppProjectSpec{ + SourceRepos: []string{"*"}, + Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, + NamespaceResourceWhitelist: []metav1.GroupKind{ + {Group: "batch", Kind: "Job"}, + {Group: "batch", Kind: "CronJob"}, + }}). + When(). + CreateApp(). + Sync(). + Then(). + And(func(app *Application) { + + closer, client, err := ArgoCDClientset.NewApplicationClient() + assert.NoError(t, err) + defer io.Close(closer) + + actions, err := client.ListResourceActions(context.Background(), &applicationpkg.ApplicationResourceRequest{ + Name: &app.Name, + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), + }) + assert.NoError(t, err) + assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions) + + _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{Name: &app.Name, + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), + Action: pointer.String("sample"), + }) + assert.NoError(t, err) + + _, err = KubeClientset.BatchV1().Jobs(DeploymentNamespace()).Get(context.Background(), "hello-123", metav1.GetOptions{}) + assert.NoError(t, err) + }) +} + +const newStyleActionsConfigMixedOk = `discovery.lua: return { sample = {} } +definitions: +- name: sample + action.lua: | + local os = require("os") + + function deepCopy(object) + local lookup_table = {} + local function _copy(obj) + if type(obj) ~= "table" then + return obj + elseif lookup_table[obj] then + return lookup_table[obj] + elseif next(obj) == nil then + return nil + else + local new_table = {} + lookup_table[obj] = new_table + for key, value in pairs(obj) do + new_table[_copy(key)] = _copy(value) + end + return setmetatable(new_table, getmetatable(obj)) + end + end + return _copy(object) + end + + job = {} + job.apiVersion = "batch/v1" + job.kind = "Job" + + job.metadata = {} + job.metadata.name = obj.metadata.name .. "-123" + job.metadata.namespace = obj.metadata.namespace + + ownerRef = {} + ownerRef.apiVersion = obj.apiVersion + ownerRef.kind = obj.kind + ownerRef.name = obj.metadata.name + ownerRef.uid = obj.metadata.uid + job.metadata.ownerReferences = {} + job.metadata.ownerReferences[1] = ownerRef + + job.spec = {} + job.spec.suspend = false + job.spec.template = {} + job.spec.template.spec = deepCopy(obj.spec.jobTemplate.spec.template.spec) + + impactedResource1 = {} + impactedResource1.operation = "create" + impactedResource1.resource = job + result = {} + result[1] = impactedResource1 + + obj.metadata.labels["aKey"] = 'aValue' + impactedResource2 = {} + impactedResource2.operation = "patch" + impactedResource2.resource = obj + + result[2] = impactedResource2 + + return result` + +func TestNewStyleResourceActionMixedOk(t *testing.T) { + Given(t). + Path(resourceActions). + ResourceOverrides(map[string]ResourceOverride{"batch/CronJob": {Actions: newStyleActionsConfigMixedOk}}). + ProjectSpec(AppProjectSpec{ + SourceRepos: []string{"*"}, + Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, + NamespaceResourceWhitelist: []metav1.GroupKind{ + {Group: "batch", Kind: "Job"}, + {Group: "batch", Kind: "CronJob"}, + }}). + When(). + CreateApp(). + Sync(). + Then(). + And(func(app *Application) { + + closer, client, err := ArgoCDClientset.NewApplicationClient() + assert.NoError(t, err) + defer io.Close(closer) + + actions, err := client.ListResourceActions(context.Background(), &applicationpkg.ApplicationResourceRequest{ + Name: &app.Name, + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), + }) + assert.NoError(t, err) + assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions) + + _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{Name: &app.Name, + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), + Action: pointer.String("sample"), + }) + assert.NoError(t, err) + + // Assert new Job was created + _, err = KubeClientset.BatchV1().Jobs(DeploymentNamespace()).Get(context.Background(), "hello-123", metav1.GetOptions{}) + assert.NoError(t, err) + // Assert the original CronJob was patched + cronJob, err := KubeClientset.BatchV1().CronJobs(DeploymentNamespace()).Get(context.Background(), "hello", metav1.GetOptions{}) + assert.Equal(t, "aValue", cronJob.Labels["aKey"]) + assert.NoError(t, err) + }) +} + func TestSyncResourceByLabel(t *testing.T) { Given(t). Path(guestbookPath). @@ -1240,7 +1514,7 @@ func TestPermissions(t *testing.T) { And(func(app *Application) { closer, cdClient := ArgoCDClientset.NewApplicationClientOrDie() defer io.Close(closer) - appName, appNs := argo.ParseAppQualifiedName(app.Name, "") + appName, appNs := argo.ParseFromQualifiedName(app.Name, "") fmt.Printf("APP NAME: %s\n", appName) tree, err := cdClient.ResourceTree(context.Background(), &applicationpkg.ResourcesQuery{ApplicationName: &appName, AppNamespace: &appNs}) require.NoError(t, err) diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index c0413c8084c7b..7cabe65a5637b 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -43,8 +43,114 @@ var ( Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, }, } + LabelKeyAppSetInstance = "argocd.argoproj.io/application-set-name" ) +func TestSimpleListGeneratorExternalNamespace(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster-guestbook", + Namespace: utils.ArgoCDExternalNamespace, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator-external", + }, + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook", + }, + }, + } + var expectedAppNewNamespace *argov1alpha1.Application + var expectedAppNewMetadata *argov1alpha1.Application + + Given(t). + // Create a ListGenerator-based ApplicationSet + When(). + SwitchToExternalNamespace(). + CreateNamespace(utils.ArgoCDExternalNamespace).Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator-external", + Namespace: utils.ArgoCDExternalNamespace, + }, + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "{{.url}}", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + expectedAppNewNamespace = expectedApp.DeepCopy() + expectedAppNewNamespace.Spec.Destination.Namespace = "guestbook2" + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the metadata fields in the appset template, and make sure it propagates to the apps + When(). + And(func() { + expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() + expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "simple-list-generator-external", + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "simple-list-generator-external", + } + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewMetadata})). + + // verify the ApplicationSet status conditions were set correctly + Expect(ApplicationSetHasConditions("simple-list-generator-external", ExpectedConditions)). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) + +} + func TestSimpleListGenerator(t *testing.T) { expectedApp := argov1alpha1.Application{ @@ -53,8 +159,11 @@ func TestSimpleListGenerator(t *testing.T) { APIVersion: "argoproj.io/v1alpha1", }, ObjectMeta: metav1.ObjectMeta{ - Name: "my-cluster-guestbook", - Namespace: fixture.TestNamespace(), + Name: "my-cluster-guestbook", + Namespace: fixture.TestNamespace(), + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, }, Spec: argov1alpha1.ApplicationSpec{ @@ -121,7 +230,10 @@ func TestSimpleListGenerator(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -148,6 +260,9 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { Name: "my-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -214,7 +329,10 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -230,6 +348,327 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { } +func TestSyncPolicyCreateUpdate(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster-guestbook-sync-policy-create-update", + Namespace: utils.ArgoCDNamespace, + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "sync-policy-create-update", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook", + }, + }, + } + var expectedAppNewNamespace *argov1alpha1.Application + var expectedAppNewMetadata *argov1alpha1.Application + + Given(t). + // Create a ListGenerator-based ApplicationSet + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "sync-policy-create-update", + }, + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook-sync-policy-create-update"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "{{.url}}", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + expectedAppNewNamespace = expectedApp.DeepCopy() + expectedAppNewNamespace.Spec.Destination.Namespace = "guestbook2" + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the metadata fields in the appset template + // Update as well the policy + // As policy is create-update, updates must reflected + When(). + And(func() { + expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() + expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "sync-policy-create-update", + "label-key": "label-value", + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{ + LabelKeyAppSetInstance: "sync-policy-create-update", + "label-key": "label-value", + } + applicationsSyncPolicy := argov1alpha1.ApplicationsSyncPolicyCreateUpdate + appset.Spec.SyncPolicy = &argov1alpha1.ApplicationSetSyncPolicy{ + ApplicationsSync: &applicationsSyncPolicy, + } + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewMetadata})). + + // Update the list and remove element + // As policy is create-update, app deletion must not be reflected + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Generators = []v1alpha1.ApplicationSetGenerator{} + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewMetadata})). + + // verify the ApplicationSet status conditions were set correctly + Expect(ApplicationSetHasConditions("sync-policy-create-update", ExpectedConditions)). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) + +} + +func TestSyncPolicyCreateDelete(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster-guestbook-sync-policy-create-delete", + Namespace: utils.ArgoCDNamespace, + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "sync-policy-create-delete", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook", + }, + }, + } + var expectedAppNewNamespace *argov1alpha1.Application + + Given(t). + // Create a ListGenerator-based ApplicationSet + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "sync-policy-create-delete", + }, + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook-sync-policy-create-delete"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "{{.url}}", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + expectedAppNewNamespace = expectedApp.DeepCopy() + expectedAppNewNamespace.Spec.Destination.Namespace = "guestbook2" + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the metadata fields in the appset template + // Update as well the policy + // As policy is create-delete, updates must not be reflected + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{"label-key": "label-value"} + applicationsSyncPolicy := argov1alpha1.ApplicationsSyncPolicyCreateDelete + appset.Spec.SyncPolicy = &argov1alpha1.ApplicationSetSyncPolicy{ + ApplicationsSync: &applicationsSyncPolicy, + } + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the list and remove element + // As policy is create-delete, app deletion must be reflected + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Generators = []v1alpha1.ApplicationSetGenerator{} + }).Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // verify the ApplicationSet status conditions were set correctly + Expect(ApplicationSetHasConditions("sync-policy-create-delete", ExpectedConditions)). + + // Delete the ApplicationSet + When(). + Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})) + +} + +func TestSyncPolicyCreateOnly(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster-guestbook-sync-policy-create-only", + Namespace: utils.ArgoCDNamespace, + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "sync-policy-create-only", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook", + }, + }, + } + var expectedAppNewNamespace *argov1alpha1.Application + + Given(t). + // Create a ListGenerator-based ApplicationSet + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "sync-policy-create-only", + }, + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook-sync-policy-create-only"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "{{.url}}", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + expectedAppNewNamespace = expectedApp.DeepCopy() + expectedAppNewNamespace.Spec.Destination.Namespace = "guestbook2" + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the metadata fields in the appset template + // Update as well the policy + // As policy is create-only, updates must not be reflected + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{"label-key": "label-value"} + applicationsSyncPolicy := argov1alpha1.ApplicationsSyncPolicyCreateOnly + appset.Spec.SyncPolicy = &argov1alpha1.ApplicationSetSyncPolicy{ + ApplicationsSync: &applicationsSyncPolicy, + } + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the list and remove element + // As policy is create-only, app deletion must not be reflected + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Generators = []v1alpha1.ApplicationSetGenerator{} + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // verify the ApplicationSet status conditions were set correctly + Expect(ApplicationSetHasConditions("sync-policy-create-only", ExpectedConditions)). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})) + +} + func TestSimpleGitDirectoryGenerator(t *testing.T) { generateExpectedApp := func(name string) argov1alpha1.Application { return argov1alpha1.Application{ @@ -241,6 +680,9 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -322,7 +764,10 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -350,6 +795,9 @@ func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -432,7 +880,10 @@ func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -461,6 +912,9 @@ func TestSimpleGitFilesGenerator(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -541,7 +995,10 @@ func TestSimpleGitFilesGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -570,6 +1027,9 @@ func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -651,7 +1111,10 @@ func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -672,7 +1135,7 @@ func TestSimpleGitFilesPreserveResourcesOnDeletion(t *testing.T) { Given(t). When(). - CreateNamespace(). + CreateNamespace(utils.ApplicationsResourcesNamespace). // Create a GitGenerator-based ApplicationSet Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ Name: "simple-git-generator", @@ -689,7 +1152,7 @@ func TestSimpleGitFilesPreserveResourcesOnDeletion(t *testing.T) { }, Destination: argov1alpha1.ApplicationDestination{ Server: "https://kubernetes.default.svc", - Namespace: utils.ApplicationSetNamespace, + Namespace: utils.ApplicationsResourcesNamespace, }, // Automatically create resources @@ -732,7 +1195,7 @@ func TestSimpleGitFilesPreserveResourcesOnDeletionGoTemplate(t *testing.T) { Given(t). When(). - CreateNamespace(). + CreateNamespace(utils.ApplicationsResourcesNamespace). // Create a GitGenerator-based ApplicationSet Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ Name: "simple-git-generator", @@ -750,7 +1213,7 @@ func TestSimpleGitFilesPreserveResourcesOnDeletionGoTemplate(t *testing.T) { }, Destination: argov1alpha1.ApplicationDestination{ Server: "https://kubernetes.default.svc", - Namespace: utils.ApplicationSetNamespace, + Namespace: utils.ApplicationsResourcesNamespace, }, // Automatically create resources @@ -993,6 +1456,9 @@ func TestSimpleSCMProviderGenerator(t *testing.T) { Name: "argo-cd-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-scm-provider-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1066,6 +1532,9 @@ func TestSimpleSCMProviderGeneratorGoTemplate(t *testing.T) { Name: "argo-cd-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-scm-provider-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1135,6 +1604,9 @@ func TestCustomApplicationFinalizers(t *testing.T) { Name: "my-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1201,6 +1673,9 @@ func TestCustomApplicationFinalizersGoTemplate(t *testing.T) { Name: "my-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1271,6 +1746,10 @@ func githubPullMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request "name": "preview" } ], + "base": { + "ref": "master", + "sha": "7a4a5c987fdfb2b0629e9dbf5f31636c69ba4775" + }, "head": { "ref": "pull-request", "sha": "824a5c987fdfb2b0629e9dbf5f31636c69ba4772" @@ -1301,6 +1780,9 @@ func TestSimplePullRequestGenerator(t *testing.T) { Name: "guestbook-1", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-pull-request-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1376,7 +1858,10 @@ func TestSimplePullRequestGeneratorGoTemplate(t *testing.T) { Name: "guestbook-1", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - Labels: map[string]string{"app": "preview"}, + Labels: map[string]string{ + "app": "preview", + LabelKeyAppSetInstance: "simple-pull-request-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1452,6 +1937,9 @@ func TestGitGeneratorPrivateRepo(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator-private", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1527,6 +2015,9 @@ func TestGitGeneratorPrivateRepoGoTemplate(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator-private", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", diff --git a/test/e2e/cluster_generator_test.go b/test/e2e/cluster_generator_test.go index 260f85c9e8ab0..9b744241adf75 100644 --- a/test/e2e/cluster_generator_test.go +++ b/test/e2e/cluster_generator_test.go @@ -11,10 +11,116 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets" + "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets/utils" "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) +func TestSimpleClusterGeneratorExternalNamespace(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster1-guestbook", + Namespace: utils.ArgoCDExternalNamespace, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Name: "cluster1", + Namespace: "guestbook", + }, + }, + } + + var expectedAppNewNamespace *argov1alpha1.Application + var expectedAppNewMetadata *argov1alpha1.Application + + Given(t). + // Create a ClusterGenerator-based ApplicationSet + When(). + CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). + SwitchToExternalNamespace(). + CreateNamespace(utils.ArgoCDExternalNamespace). + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Name: "{{name}}", + // Server: "{{server}}", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Clusters: &v1alpha1.ClusterGenerator{ + Selector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "argocd.argoproj.io/secret-type": "cluster", + }, + }, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + expectedAppNewNamespace = expectedApp.DeepCopy() + expectedAppNewNamespace.Spec.Destination.Namespace = "guestbook2" + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the metadata fields in the appset template, and make sure it propagates to the apps + When(). + And(func() { + expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() + expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "simple-cluster-generator", + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "simple-cluster-generator", + } + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewMetadata})). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})) +} + func TestSimpleClusterGenerator(t *testing.T) { expectedApp := argov1alpha1.Application{ @@ -26,6 +132,9 @@ func TestSimpleClusterGenerator(t *testing.T) { Name: "cluster1-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -97,7 +206,10 @@ func TestSimpleClusterGenerator(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -119,6 +231,9 @@ func TestClusterGeneratorWithLocalCluster(t *testing.T) { Name: "in-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "in-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -211,7 +326,10 @@ func TestClusterGeneratorWithLocalCluster(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "in-cluster-generator", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -236,6 +354,9 @@ func TestSimpleClusterGeneratorAddingCluster(t *testing.T) { Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -318,6 +439,9 @@ func TestSimpleClusterGeneratorDeletingCluster(t *testing.T) { Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", diff --git a/test/e2e/clusterdecisiongenerator_e2e_test.go b/test/e2e/clusterdecisiongenerator_e2e_test.go index 6ead361e9429b..94081d705fd77 100644 --- a/test/e2e/clusterdecisiongenerator_e2e_test.go +++ b/test/e2e/clusterdecisiongenerator_e2e_test.go @@ -10,12 +10,126 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets" + "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets/utils" "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) var tenSec = int64(10) +func TestSimpleClusterDecisionResourceGeneratorExternalNamespace(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster1-guestbook", + Namespace: utils.ArgoCDExternalNamespace, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Name: "cluster1", + Namespace: "guestbook", + }, + }, + } + + var expectedAppNewNamespace *argov1alpha1.Application + var expectedAppNewMetadata *argov1alpha1.Application + + clusterList := []interface{}{ + map[string]interface{}{ + "clusterName": "cluster1", + "reason": "argotest", + }, + } + + Given(t). + // Create a ClusterGenerator-based ApplicationSet + When(). + CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). + CreatePlacementRoleAndRoleBinding(). + CreatePlacementDecisionConfigMap("my-configmap"). + CreatePlacementDecision("my-placementdecision"). + StatusUpdatePlacementDecision("my-placementdecision", clusterList). + CreateNamespace(utils.ArgoCDExternalNamespace). + SwitchToExternalNamespace(). + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "guestbook", + }, + Destination: argov1alpha1.ApplicationDestination{ + Name: "{{clusterName}}", + // Server: "{{server}}", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + ClusterDecisionResource: &v1alpha1.DuckTypeGenerator{ + ConfigMapRef: "my-configmap", + Name: "my-placementdecision", + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + expectedAppNewNamespace = expectedApp.DeepCopy() + expectedAppNewNamespace.Spec.Destination.Namespace = "guestbook2" + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})). + + // Update the metadata fields in the appset template, and make sure it propagates to the apps + When(). + And(func() { + expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() + expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "simple-cluster-generator", + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "simple-cluster-generator", + } + }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewMetadata})). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})) +} + func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { expectedApp := argov1alpha1.Application{ @@ -27,6 +141,9 @@ func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { Name: "cluster1-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -106,7 +223,10 @@ func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -129,6 +249,9 @@ func TestSimpleClusterDecisionResourceGeneratorAddingCluster(t *testing.T) { Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -224,6 +347,9 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterSecret(t *testing. Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -321,6 +447,9 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterFromResource(t *te Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", diff --git a/test/e2e/custom_tool_test.go b/test/e2e/custom_tool_test.go index f99129e2bee2f..4469931795332 100644 --- a/test/e2e/custom_tool_test.go +++ b/test/e2e/custom_tool_test.go @@ -2,6 +2,7 @@ package e2e import ( "os" + "path/filepath" "sort" "strings" "testing" @@ -22,21 +23,16 @@ import ( func TestCustomToolWithGitCreds(t *testing.T) { ctx := Given(t) ctx. - // path does not matter, we ignore it - ConfigManagementPlugin( - ConfigManagementPlugin{ - Name: Name(), - Generate: Command{ - Command: []string{"sh", "-c"}, - Args: []string{`echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitAskpass\": \"$GIT_ASKPASS\"}}}"`}, - }, - }, - ). + And(func() { + go startCMPServer(t, "./testdata/cmp-gitcreds") + time.Sleep(1 * time.Second) + t.Setenv("ARGOCD_BINARY_NAME", "argocd") + }). CustomCACertAdded(). // add the private repo with credentials HTTPSRepoURLAdded(true). RepoURLType(RepoURLTypeHTTPS). - Path("https-kustomize-base"). + Path("cmp-gitcreds"). When(). CreateApp(). Sync(). @@ -55,23 +51,18 @@ func TestCustomToolWithGitCreds(t *testing.T) { func TestCustomToolWithGitCredsTemplate(t *testing.T) { ctx := Given(t) ctx. - // path does not matter, we ignore it - ConfigManagementPlugin( - ConfigManagementPlugin{ - Name: Name(), - Generate: Command{ - Command: []string{"sh", "-c"}, - Args: []string{`echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitAskpass\": \"$GIT_ASKPASS\", \"GitUsername\": \"$GIT_USERNAME\", \"GitPassword\": \"$GIT_PASSWORD\"}}}"`}, - }, - }, - ). + And(func() { + go startCMPServer(t, "./testdata/cmp-gitcredstemplate") + time.Sleep(1 * time.Second) + t.Setenv("ARGOCD_BINARY_NAME", "argocd") + }). CustomCACertAdded(). // add the git creds template HTTPSCredentialsUserPassAdded(). // add the private repo without credentials HTTPSRepoURLAdded(false). RepoURLType(RepoURLTypeHTTPS). - Path("https-kustomize-base"). + Path("cmp-gitcredstemplate"). When(). CreateApp(). Sync(). @@ -100,24 +91,21 @@ func TestCustomToolWithGitCredsTemplate(t *testing.T) { func TestCustomToolWithEnv(t *testing.T) { ctx := Given(t) ctx. - // path does not matter, we ignore it - ConfigManagementPlugin( - ConfigManagementPlugin{ - Name: Name(), - Generate: Command{ - Command: []string{"sh", "-c"}, - Args: []string{`echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"`}, - }, - }, - ). + And(func() { + go startCMPServer(t, "./testdata/cmp-fileName") + time.Sleep(1 * time.Second) + t.Setenv("ARGOCD_BINARY_NAME", "argocd") + }). // does not matter what the path is - Path("guestbook"). + Path("cmp-fileName"). When(). CreateFromFile(func(app *Application) { - app.Spec.GetSource().Plugin.Env = Env{{ - Name: "FOO", - Value: "bar", - }} + app.Spec.Source.Plugin = &ApplicationSourcePlugin{ + Env: Env{{ + Name: "FOO", + Value: "bar", + }}, + } }). Sync(). Then(). @@ -159,23 +147,21 @@ func TestCustomToolWithEnv(t *testing.T) { // make sure we can sync and diff with --local func TestCustomToolSyncAndDiffLocal(t *testing.T) { + testdataPath, err := filepath.Abs("testdata") + require.NoError(t, err) ctx := Given(t) + appPath := filepath.Join(testdataPath, "guestbook") ctx. - // path does not matter, we ignore it - ConfigManagementPlugin( - ConfigManagementPlugin{ - Name: Name(), - Generate: Command{ - Command: []string{"sh", "-c"}, - Args: []string{`echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"`}, - }, - }, - ). + And(func() { + go startCMPServer(t, "./testdata/cmp-kustomize") + time.Sleep(1 * time.Second) + t.Setenv("ARGOCD_BINARY_NAME", "argocd") + }). // does not matter what the path is Path("guestbook"). When(). - CreateApp("--config-management-plugin", ctx.AppName()). - Sync("--local", "testdata/guestbook"). + CreateApp("--config-management-plugin", "cmp-kustomize-v1.0"). + Sync("--local", appPath, "--local-repo-root", testdataPath). Then(). Expect(OperationPhaseIs(OperationSucceeded)). Expect(SyncStatusIs(SyncStatusCodeSynced)). @@ -184,22 +170,22 @@ func TestCustomToolSyncAndDiffLocal(t *testing.T) { time.Sleep(1 * time.Second) }). And(func(app *Application) { - FailOnErr(RunCli("app", "sync", ctx.AppName(), "--local", "testdata/guestbook")) + FailOnErr(RunCli("app", "sync", ctx.AppName(), "--local", appPath, "--local-repo-root", testdataPath)) }). And(func(app *Application) { - FailOnErr(RunCli("app", "diff", ctx.AppName(), "--local", "testdata/guestbook")) + FailOnErr(RunCli("app", "diff", ctx.AppName(), "--local", appPath, "--local-repo-root", testdataPath)) }) } -func startCMPServer(configFile string) { +func startCMPServer(t *testing.T, configFile string) { pluginSockFilePath := TmpDir + PluginSockFilePath - os.Setenv("ARGOCD_BINARY_NAME", "argocd-cmp-server") + t.Setenv("ARGOCD_BINARY_NAME", "argocd-cmp-server") // ARGOCD_PLUGINSOCKFILEPATH should be set as the same value as repo server env var - os.Setenv("ARGOCD_PLUGINSOCKFILEPATH", pluginSockFilePath) + t.Setenv("ARGOCD_PLUGINSOCKFILEPATH", pluginSockFilePath) if _, err := os.Stat(pluginSockFilePath); os.IsNotExist(err) { // path/to/whatever does not exist err := os.Mkdir(pluginSockFilePath, 0700) - CheckError(err) + require.NoError(t, err) } FailOnErr(RunWithStdin("", "", "../../dist/argocd", "--config-dir-path", configFile)) } @@ -209,9 +195,9 @@ func TestCMPDiscoverWithFileName(t *testing.T) { pluginName := "cmp-fileName" Given(t). And(func() { - go startCMPServer("./testdata/cmp-fileName") + go startCMPServer(t, "./testdata/cmp-fileName") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path(pluginName + "/subdir"). When(). @@ -227,9 +213,9 @@ func TestCMPDiscoverWithFileName(t *testing.T) { func TestCMPDiscoverWithFindGlob(t *testing.T) { Given(t). And(func() { - go startCMPServer("./testdata/cmp-find-glob") + go startCMPServer(t, "./testdata/cmp-find-glob") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook"). When(). @@ -245,9 +231,9 @@ func TestCMPDiscoverWithFindGlob(t *testing.T) { func TestCMPDiscoverWithPluginName(t *testing.T) { Given(t). And(func() { - go startCMPServer("./testdata/cmp-find-glob") + go startCMPServer(t, "./testdata/cmp-find-glob") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook"). When(). @@ -268,9 +254,9 @@ func TestCMPDiscoverWithFindCommandWithEnv(t *testing.T) { ctx := Given(t) ctx. And(func() { - go startCMPServer("./testdata/cmp-find-command") + go startCMPServer(t, "./testdata/cmp-find-command") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path(pluginName). When(). @@ -311,9 +297,9 @@ func TestCMPDiscoverWithFindCommandWithEnv(t *testing.T) { func TestPruneResourceFromCMP(t *testing.T) { Given(t). And(func() { - go startCMPServer("./testdata/cmp-find-glob") + go startCMPServer(t, "./testdata/cmp-find-glob") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook"). When(). @@ -334,9 +320,9 @@ func TestPruneResourceFromCMP(t *testing.T) { func TestPreserveFileModeForCMP(t *testing.T) { Given(t). And(func() { - go startCMPServer("./testdata/cmp-preserve-file-mode") + go startCMPServer(t, "./testdata/cmp-preserve-file-mode") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("cmp-preserve-file-mode"). When(). @@ -354,9 +340,9 @@ func TestPreserveFileModeForCMP(t *testing.T) { func TestCMPWithSymlinkPartialFiles(t *testing.T) { Given(t, WithTestData("testdata2")). And(func() { - go startCMPServer("./testdata2/cmp-symlink") + go startCMPServer(t, "./testdata2/cmp-symlink") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook-partial-symlink-files"). When(). @@ -371,9 +357,9 @@ func TestCMPWithSymlinkPartialFiles(t *testing.T) { func TestCMPWithSymlinkFiles(t *testing.T) { Given(t, WithTestData("testdata2")). And(func() { - go startCMPServer("./testdata2/cmp-symlink") + go startCMPServer(t, "./testdata2/cmp-symlink") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook-symlink-files"). When(). @@ -388,9 +374,9 @@ func TestCMPWithSymlinkFiles(t *testing.T) { func TestCMPWithSymlinkFolder(t *testing.T) { Given(t, WithTestData("testdata2")). And(func() { - go startCMPServer("./testdata2/cmp-symlink") + go startCMPServer(t, "./testdata2/cmp-symlink") time.Sleep(1 * time.Second) - os.Setenv("ARGOCD_BINARY_NAME", "argocd") + t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook-symlink-folder"). When(). diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index 5baa5937ff40a..c4e173ddf6336 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -76,6 +76,12 @@ func (a *Actions) AddTag(name string) *Actions { return a } +func (a *Actions) RemoveSubmodule() *Actions { + a.context.t.Helper() + fixture.RemoveSubmodule() + return a +} + func (a *Actions) CreateFromPartialFile(data string, flags ...string) *Actions { a.context.t.Helper() tmpFile, err := os.CreateTemp("", "") diff --git a/test/e2e/fixture/app/context.go b/test/e2e/fixture/app/context.go index f0befbe456c27..d653b6a0280ca 100644 --- a/test/e2e/fixture/app/context.go +++ b/test/e2e/fixture/app/context.go @@ -300,13 +300,6 @@ func (c *Context) ResourceFilter(filter settings.ResourcesFilter) *Context { return c } -// this both configures the plugin, but forces use of it -func (c *Context) ConfigManagementPlugin(plugin v1alpha1.ConfigManagementPlugin) *Context { - fixture.SetConfigManagementPlugins(plugin) - c.configManagementPlugin = plugin.Name - return c -} - func (c *Context) And(block func()) *Context { block() return c diff --git a/test/e2e/fixture/applicationsets/actions.go b/test/e2e/fixture/applicationsets/actions.go index 956d62ad86707..ee9a857988f99 100644 --- a/test/e2e/fixture/applicationsets/actions.go +++ b/test/e2e/fixture/applicationsets/actions.go @@ -15,6 +15,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/dynamic" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -62,6 +63,18 @@ func (a *Actions) Then() *Consequences { return &Consequences{a.context, a} } +func (a *Actions) SwitchToExternalNamespace() *Actions { + a.context.useExternalNamespace = true + log.Infof("switched to external namespace: %s", utils.ArgoCDExternalNamespace) + return a +} + +func (a *Actions) SwitchToArgoCDNamespace() *Actions { + a.context.useExternalNamespace = false + log.Infof("switched to argocd namespace: %s", utils.ArgoCDNamespace) + return a +} + // CreateClusterSecret creates a faux cluster secret, with the given cluster server and cluster name (this cluster // will not actually be used by the Argo CD controller, but that's not needed for our E2E tests) func (a *Actions) CreateClusterSecret(secretName string, clusterName string, clusterServer string) *Actions { @@ -176,15 +189,15 @@ func (a *Actions) DeletePlacementDecision(placementDecisionName string) *Actions // Create a temporary namespace, from utils.ApplicationSet, for use by the test. // This namespace will be deleted on subsequent tests. -func (a *Actions) CreateNamespace() *Actions { +func (a *Actions) CreateNamespace(namespace string) *Actions { a.context.t.Helper() fixtureClient := utils.GetE2EFixtureK8sClient() _, err := fixtureClient.KubeClientset.CoreV1().Namespaces().Create(context.Background(), - &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: utils.ApplicationSetNamespace}}, metav1.CreateOptions{}) + &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}}, metav1.CreateOptions{}) - a.describeAction = fmt.Sprintf("creating namespace '%s'", utils.ApplicationSetNamespace) + a.describeAction = fmt.Sprintf("creating namespace '%s'", namespace) a.lastOutput, a.lastError = "", err a.verifyAction() @@ -195,17 +208,27 @@ func (a *Actions) CreateNamespace() *Actions { func (a *Actions) Create(appSet v1alpha1.ApplicationSet) *Actions { a.context.t.Helper() + fixtureClient := utils.GetE2EFixtureK8sClient() + appSet.APIVersion = "argoproj.io/v1alpha1" appSet.Kind = "ApplicationSet" - fixtureClient := utils.GetE2EFixtureK8sClient() - newResource, err := fixtureClient.AppSetClientset.Create(context.Background(), utils.MustToUnstructured(&appSet), metav1.CreateOptions{}) + var appSetClientSet dynamic.ResourceInterface + + if a.context.useExternalNamespace { + appSetClientSet = fixtureClient.ExternalAppSetClientset + } else { + appSetClientSet = fixtureClient.AppSetClientset + } + + newResource, err := appSetClientSet.Create(context.Background(), utils.MustToUnstructured(&appSet), metav1.CreateOptions{}) if err == nil { a.context.name = newResource.GetName() + a.context.namespace = newResource.GetNamespace() } - a.describeAction = fmt.Sprintf("creating ApplicationSet '%s'", appSet.Name) + a.describeAction = fmt.Sprintf("creating ApplicationSet '%s/%s'", appSet.Namespace, appSet.Name) a.lastOutput, a.lastError = "", err a.verifyAction() @@ -364,9 +387,17 @@ func (a *Actions) Delete() *Actions { fixtureClient := utils.GetE2EFixtureK8sClient() + var appSetClientSet dynamic.ResourceInterface + + if a.context.useExternalNamespace { + appSetClientSet = fixtureClient.ExternalAppSetClientset + } else { + appSetClientSet = fixtureClient.AppSetClientset + } + deleteProp := metav1.DeletePropagationForeground - err := fixtureClient.AppSetClientset.Delete(context.Background(), a.context.name, metav1.DeleteOptions{PropagationPolicy: &deleteProp}) - a.describeAction = fmt.Sprintf("Deleting ApplicationSet '%s' %v", a.context.name, err) + err := appSetClientSet.Delete(context.Background(), a.context.name, metav1.DeleteOptions{PropagationPolicy: &deleteProp}) + a.describeAction = fmt.Sprintf("Deleting ApplicationSet '%s/%s' %v", a.context.namespace, a.context.name, err) a.lastOutput, a.lastError = "", err a.verifyAction() @@ -378,7 +409,16 @@ func (a *Actions) get() (*v1alpha1.ApplicationSet, error) { appSet := v1alpha1.ApplicationSet{} fixtureClient := utils.GetE2EFixtureK8sClient() - newResource, err := fixtureClient.AppSetClientset.Get(context.Background(), a.context.name, metav1.GetOptions{}) + + var appSetClientSet dynamic.ResourceInterface + + if a.context.useExternalNamespace { + appSetClientSet = fixtureClient.ExternalAppSetClientset + } else { + appSetClientSet = fixtureClient.AppSetClientset + } + + newResource, err := appSetClientSet.Get(context.Background(), a.context.name, metav1.GetOptions{}) if err != nil { return nil, err } @@ -413,10 +453,19 @@ func (a *Actions) Update(toUpdate func(*v1alpha1.ApplicationSet)) *Actions { if err == nil { // Keep trying to update until it succeeds, or the test times out toUpdate(appSet) - a.describeAction = fmt.Sprintf("updating ApplicationSet '%s'", appSet.Name) + a.describeAction = fmt.Sprintf("updating ApplicationSet '%s/%s'", appSet.Namespace, appSet.Name) fixtureClient := utils.GetE2EFixtureK8sClient() - _, err = fixtureClient.AppSetClientset.Update(context.Background(), utils.MustToUnstructured(&appSet), metav1.UpdateOptions{}) + + var appSetClientSet dynamic.ResourceInterface + + if a.context.useExternalNamespace { + appSetClientSet = fixtureClient.ExternalAppSetClientset + } else { + appSetClientSet = fixtureClient.AppSetClientset + } + + _, err = appSetClientSet.Update(context.Background(), utils.MustToUnstructured(&appSet), metav1.UpdateOptions{}) if err != nil { mostRecentError = err diff --git a/test/e2e/fixture/applicationsets/consequences.go b/test/e2e/fixture/applicationsets/consequences.go index 305a06a4d7174..2672b58fe9317 100644 --- a/test/e2e/fixture/applicationsets/consequences.go +++ b/test/e2e/fixture/applicationsets/consequences.go @@ -3,12 +3,14 @@ package applicationsets import ( "context" "encoding/json" - "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "time" + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + "github.com/argoproj/pkg/errors" log "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/dynamic" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets/utils" @@ -74,8 +76,15 @@ func (c *Consequences) app(name string) *v1alpha1.Application { func (c *Consequences) apps() []v1alpha1.Application { + var namespace string + if c.context.useExternalNamespace { + namespace = utils.ArgoCDExternalNamespace + } else { + namespace = fixture.TestNamespace() + } + fixtureClient := utils.GetE2EFixtureK8sClient() - list, err := fixtureClient.AppClientset.ArgoprojV1alpha1().Applications(fixture.TestNamespace()).List(context.Background(), metav1.ListOptions{}) + list, err := fixtureClient.AppClientset.ArgoprojV1alpha1().Applications(namespace).List(context.Background(), metav1.ListOptions{}) errors.CheckError(err) if list == nil { @@ -88,7 +97,16 @@ func (c *Consequences) apps() []v1alpha1.Application { func (c *Consequences) applicationSet(applicationSetName string) *v1alpha1.ApplicationSet { fixtureClient := utils.GetE2EFixtureK8sClient() - list, err := fixtureClient.AppSetClientset.Get(context.Background(), c.actions.context.name, metav1.GetOptions{}) + + var appSetClientSet dynamic.ResourceInterface + + if c.context.useExternalNamespace { + appSetClientSet = fixtureClient.ExternalAppSetClientset + } else { + appSetClientSet = fixtureClient.AppSetClientset + } + + list, err := appSetClientSet.Get(context.Background(), c.actions.context.name, metav1.GetOptions{}) errors.CheckError(err) var appSet v1alpha1.ApplicationSet diff --git a/test/e2e/fixture/applicationsets/context.go b/test/e2e/fixture/applicationsets/context.go index c6269c4b36b61..d2a0479a62aee 100644 --- a/test/e2e/fixture/applicationsets/context.go +++ b/test/e2e/fixture/applicationsets/context.go @@ -12,7 +12,9 @@ type Context struct { t *testing.T // name is the ApplicationSet's name, created by a Create action - name string + name string + namespace string + useExternalNamespace bool } func Given(t *testing.T) *Context { diff --git a/test/e2e/fixture/applicationsets/expectation.go b/test/e2e/fixture/applicationsets/expectation.go index fce722b70c9e3..990ad5f33dbfb 100644 --- a/test/e2e/fixture/applicationsets/expectation.go +++ b/test/e2e/fixture/applicationsets/expectation.go @@ -63,7 +63,7 @@ func ApplicationsExist(expectedApps []v1alpha1.Application) Expectation { for _, expectedApp := range expectedApps { foundApp := c.app(expectedApp.Name) if foundApp == nil { - return pending, fmt.Sprintf("missing app '%s'", expectedApp.Name) + return pending, fmt.Sprintf("missing app '%s'", expectedApp.QualifiedName()) } if !appsAreEqual(expectedApp, *foundApp) { @@ -73,7 +73,7 @@ func ApplicationsExist(expectedApps []v1alpha1.Application) Expectation { return failed, err.Error() } - return pending, fmt.Sprintf("apps are not equal: '%s', diff: %s\n", expectedApp.Name, diff) + return pending, fmt.Sprintf("apps are not equal: '%s', diff: %s\n", expectedApp.QualifiedName(), diff) } @@ -112,7 +112,7 @@ func ApplicationsDoNotExist(expectedApps []v1alpha1.Application) Expectation { for _, expectedApp := range expectedApps { foundApp := c.app(expectedApp.Name) if foundApp != nil { - return pending, fmt.Sprintf("app '%s' should no longer exist", expectedApp.Name) + return pending, fmt.Sprintf("app '%s' should no longer exist", expectedApp.QualifiedName()) } } @@ -123,7 +123,7 @@ func ApplicationsDoNotExist(expectedApps []v1alpha1.Application) Expectation { // Pod checks whether a specified condition is true for any of the pods in the namespace func Pod(predicate func(p corev1.Pod) bool) Expectation { return func(c *Consequences) (state, string) { - pods, err := pods(utils.ApplicationSetNamespace) + pods, err := pods(utils.ApplicationsResourcesNamespace) if err != nil { return failed, err.Error() } diff --git a/test/e2e/fixture/applicationsets/utils/fixture.go b/test/e2e/fixture/applicationsets/utils/fixture.go index 1f782f5fc3ea4..6cf984f99afc7 100644 --- a/test/e2e/fixture/applicationsets/utils/fixture.go +++ b/test/e2e/fixture/applicationsets/utils/fixture.go @@ -32,10 +32,13 @@ const ( // and in which Application resources should be created. ArgoCDNamespace = "argocd-e2e" - // ApplicationSetNamespace is the namespace into which temporary resources (such as Deployments/Pods/etc) + // ArgoCDExternalNamespace is an external namespace to test additional namespaces + ArgoCDExternalNamespace = "argocd-e2e-external" + + // ApplicationsResourcesNamespace is the namespace into which temporary resources (such as Deployments/Pods/etc) // can be deployed, such as using it as the target namespace in an Application resource. // Note: this is NOT the namespace the ApplicationSet controller is deployed to; see ArgoCDNamespace. - ApplicationSetNamespace = "applicationset-e2e" + ApplicationsResourcesNamespace = "applicationset-e2e" TmpDir = "/tmp/applicationset-e2e" TestingLabel = "e2e.argoproj.io" @@ -51,10 +54,11 @@ var ( // E2EFixtureK8sClient contains Kubernetes clients initialized from local k8s configuration type E2EFixtureK8sClient struct { - KubeClientset kubernetes.Interface - DynamicClientset dynamic.Interface - AppClientset appclientset.Interface - AppSetClientset dynamic.ResourceInterface + KubeClientset kubernetes.Interface + DynamicClientset dynamic.Interface + AppClientset appclientset.Interface + AppSetClientset dynamic.ResourceInterface + ExternalAppSetClientset dynamic.ResourceInterface } func GetEnvWithDefault(envName, defaultValue string) string { @@ -74,7 +78,6 @@ func TestNamespace() string { // GetE2EFixtureK8sClient initializes the Kubernetes clients (if needed), and returns the most recently initalized value. // Note: this requires a local Kubernetes configuration (for example, while running the E2E tests). func GetE2EFixtureK8sClient() *E2EFixtureK8sClient { - // Initialize the Kubernetes clients only on first use clientInitialized.Do(func() { @@ -88,7 +91,7 @@ func GetE2EFixtureK8sClient() *E2EFixtureK8sClient { } internalClientVars.AppSetClientset = internalClientVars.DynamicClientset.Resource(v1alpha1.SchemeGroupVersion.WithResource("applicationsets")).Namespace(TestNamespace()) - + internalClientVars.ExternalAppSetClientset = internalClientVars.DynamicClientset.Resource(v1alpha1.SchemeGroupVersion.WithResource("applicationsets")).Namespace(ArgoCDExternalNamespace) }) return internalClientVars } @@ -103,11 +106,17 @@ func EnsureCleanState(t *testing.T) { policy := v1.DeletePropagationForeground // Delete the applicationset-e2e namespace, if it exists - err := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), ApplicationSetNamespace, v1.DeleteOptions{PropagationPolicy: &policy}) + err := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), ApplicationsResourcesNamespace, v1.DeleteOptions{PropagationPolicy: &policy}) if err != nil && !strings.Contains(err.Error(), "not found") { // 'not found' error is expected CheckError(err) } + // Delete the argocd-e2e-external namespace, if it exists + err2 := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), ArgoCDExternalNamespace, v1.DeleteOptions{PropagationPolicy: &policy}) + if err2 != nil && !strings.Contains(err2.Error(), "not found") { // 'not found' error is expected + CheckError(err) + } + // delete resources // kubectl delete applicationsets --all CheckError(fixtureClient.AppSetClientset.DeleteCollection(context.Background(), v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{})) @@ -199,12 +208,37 @@ func waitForExpectedClusterState() error { // Wait up to 120 seconds for namespace to not exist if err := waitForSuccess(func() error { - _, err := fixtureClient.KubeClientset.CoreV1().Namespaces().Get(context.Background(), ApplicationSetNamespace, v1.GetOptions{}) + _, err := fixtureClient.KubeClientset.CoreV1().Namespaces().Get(context.Background(), ApplicationsResourcesNamespace, v1.GetOptions{}) + + msg := "" + + if err == nil { + msg = fmt.Sprintf("namespace '%s' still exists, after delete", ApplicationsResourcesNamespace) + } + + if msg == "" && err != nil && strings.Contains(err.Error(), "not found") { + // Success is an error containing 'applicationset-e2e' not found. + return nil + } + + if msg == "" { + msg = err.Error() + } + + return fmt.Errorf(msg) + + }, time.Now().Add(120*time.Second)); err != nil { + return err + } + + // Wait up to 120 seconds for namespace to not exist + if err := waitForSuccess(func() error { + _, err := fixtureClient.KubeClientset.CoreV1().Namespaces().Get(context.Background(), ArgoCDExternalNamespace, v1.GetOptions{}) msg := "" if err == nil { - msg = fmt.Sprintf("namespace '%s' still exists, after delete", ApplicationSetNamespace) + msg = fmt.Sprintf("namespace '%s' still exists, after delete", ArgoCDExternalNamespace) } if msg == "" && err != nil && strings.Contains(err.Error(), "not found") { diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index dd54222ca3120..095b3e2f116be 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -29,6 +29,7 @@ import ( sessionpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" + "github.com/argoproj/argo-cd/v2/util/env" . "github.com/argoproj/argo-cd/v2/util/errors" grpcutil "github.com/argoproj/argo-cd/v2/util/grpc" "github.com/argoproj/argo-cd/v2/util/io" @@ -92,6 +93,7 @@ type ACL struct { const ( RepoURLTypeFile = "file" RepoURLTypeHTTPS = "https" + RepoURLTypeHTTPSOrg = "https-org" RepoURLTypeHTTPSClientCert = "https-cc" RepoURLTypeHTTPSSubmodule = "https-sub" RepoURLTypeHTTPSSubmoduleParent = "https-par" @@ -103,6 +105,8 @@ const ( RepoURLTypeHelmOCI = "helm-oci" GitUsername = "admin" GitPassword = "password" + GithubAppID = "2978632978" + GithubAppInstallationID = "7893789433789" GpgGoodKeyID = "D56C4FCA57A46444" HelmOCIRegistryURL = "localhost:5000/myrepo" ) @@ -139,8 +143,7 @@ func GetEnvWithDefault(envName, defaultValue string) string { // IsRemote returns true when the tests are being run against a workload that // is running in a remote cluster. func IsRemote() bool { - r := os.Getenv("ARGOCD_E2E_REMOTE") - return r == "true" + return env.ParseBoolFromEnv("ARGOCD_E2E_REMOTE", false) } // IsLocal returns when the tests are being run against a local workload @@ -251,6 +254,7 @@ const ( EnvRepoURLTypeSSHSubmodule = "ARGOCD_E2E_REPO_SSH_SUBMODULE" EnvRepoURLTypeSSHSubmoduleParent = "ARGOCD_E2E_REPO_SSH_SUBMODULE_PARENT" EnvRepoURLTypeHTTPS = "ARGOCD_E2E_REPO_HTTPS" + EnvRepoURLTypeHTTPSOrg = "ARGOCD_E2E_REPO_HTTPS_ORG" EnvRepoURLTypeHTTPSClientCert = "ARGOCD_E2E_REPO_HTTPS_CLIENT_CERT" EnvRepoURLTypeHTTPSSubmodule = "ARGOCD_E2E_REPO_HTTPS_SUBMODULE" EnvRepoURLTypeHTTPSSubmoduleParent = "ARGOCD_E2E_REPO_HTTPS_SUBMODULE_PARENT" @@ -272,6 +276,9 @@ func RepoURL(urlType RepoURLType) string { // Git server via HTTPS case RepoURLTypeHTTPS: return GetEnvWithDefault(EnvRepoURLTypeHTTPS, "https://localhost:9443/argo-e2e/testdata.git") + // Git "organisation" via HTTPS + case RepoURLTypeHTTPSOrg: + return GetEnvWithDefault(EnvRepoURLTypeHTTPSOrg, "https://localhost:9443/argo-e2e") // Git server via HTTPS - Client Cert protected case RepoURLTypeHTTPSClientCert: return GetEnvWithDefault(EnvRepoURLTypeHTTPSClientCert, "https://localhost:9444/argo-e2e/testdata.git") @@ -443,17 +450,6 @@ func SetPermissions(permissions []ACL, username string, roleName string) { }) } -func SetConfigManagementPlugins(plugin ...v1alpha1.ConfigManagementPlugin) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { - yamlBytes, err := yaml.Marshal(plugin) - if err != nil { - return err - } - cm.Data["configManagementPlugins"] = string(yamlBytes) - return nil - }) -} - func SetResourceFilter(filters settings.ResourcesFilter) { updateSettingConfigMap(func(cm *corev1.ConfigMap) error { exclusions, err := yaml.Marshal(filters.ResourceExclusions) @@ -855,6 +851,18 @@ func CreateSubmoduleRepos(repoType string) { CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", oldEnv)) } +func RemoveSubmodule() { + log.Info("removing submodule") + + FailOnErr(Run(submoduleParentDirectory(), "git", "rm", "submodule/test")) + FailOnErr(Run(submoduleParentDirectory(), "touch", "submodule/.gitkeep")) + FailOnErr(Run(submoduleParentDirectory(), "git", "add", "submodule/.gitkeep")) + FailOnErr(Run(submoduleParentDirectory(), "git", "commit", "-m", "remove submodule")) + if IsRemote() { + FailOnErr(Run(submoduleParentDirectory(), "git", "push", "-f", "origin", "master")) + } +} + // RestartRepoServer performs a restart of the repo server deployment and waits // until the rollout has completed. func RestartRepoServer() { diff --git a/test/e2e/git_submodule_test.go b/test/e2e/git_submodule_test.go index 27476db84a1ed..525c13d4b35ef 100644 --- a/test/e2e/git_submodule_test.go +++ b/test/e2e/git_submodule_test.go @@ -40,3 +40,25 @@ func TestGitSubmoduleHTTPSSupport(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(Pod(func(p v1.Pod) bool { return p.Name == "pod-in-submodule" })) } + +func TestGitSubmoduleRemovalSupport(t *testing.T) { + Given(t). + RepoURLType(fixture.RepoURLTypeSSHSubmoduleParent). + Path("submodule"). + Recurse(). + CustomSSHKnownHostsAdded(). + SubmoduleSSHRepoURLAdded(true). + When(). + CreateFromFile(func(app *Application) {}). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(Pod(func(p v1.Pod) bool { return p.Name == "pod-in-submodule" })). + When(). + RemoveSubmodule(). + Refresh(RefreshTypeNormal). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(NotPod(func(p v1.Pod) bool { return p.Name == "pod-in-submodule" })) +} diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index a723d3a90bb30..a8dc3a8332805 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -6,6 +6,7 @@ import ( "net" "net/http" "os" + "strings" "testing" "github.com/argoproj/gitops-engine/pkg/health" @@ -19,6 +20,7 @@ import ( "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" + projectFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/project" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/repos" . "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/settings" @@ -200,7 +202,7 @@ func TestHelmValuesLiteralFileLocal(t *testing.T) { if err != nil { panic(err) } - assert.Equal(t, string(data), app.Spec.GetSource().Helm.Values) + assert.Equal(t, strings.TrimSuffix(string(data), "\n"), app.Spec.GetSource().Helm.ValuesString()) }). When(). AppUnSet("--values-literal"). @@ -242,7 +244,7 @@ func TestHelmValuesLiteralFileRemote(t *testing.T) { AppSet("--values-literal-file", "http://"+address). Then(). And(func(app *Application) { - assert.Equal(t, "a: b", app.Spec.GetSource().Helm.Values) + assert.Equal(t, "a: b", app.Spec.GetSource().Helm.ValuesString()) }). When(). AppUnSet("--values-literal"). @@ -399,6 +401,45 @@ func TestHelmWithMultipleDependencies(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)) } +func TestHelmWithMultipleDependenciesPermissionDenied(t *testing.T) { + SkipOnEnv(t, "HELM") + + projName := "argo-helm-project-denied" + projectFixture. + Given(t). + Name(projName). + Destination("*,*"). + When(). + Create(). + AddSource(RepoURL(RepoURLTypeFile)) + + expectedErr := fmt.Sprintf("helm repos localhost:5000/myrepo are not permitted in project '%s'", projName) + GivenWithSameState(t). + Project(projName). + Path("helm-oci-with-dependencies"). + CustomCACertAdded(). + HelmHTTPSCredentialsUserPassAdded(). + HelmPassCredentials(). + When(). + IgnoreErrors(). + CreateApp(). + Then(). + Expect(Error("", expectedErr)) + + expectedErr = fmt.Sprintf("helm repos https://localhost:9444/argo-e2e/testdata.git/helm-repo/local, https://localhost:9444/argo-e2e/testdata.git/helm-repo/local2 are not permitted in project '%s'", projName) + GivenWithSameState(t). + Project(projName). + Path("helm-with-multiple-dependencies"). + CustomCACertAdded(). + HelmHTTPSCredentialsUserPassAdded(). + HelmPassCredentials(). + When(). + IgnoreErrors(). + CreateApp(). + Then(). + Expect(Error("", expectedErr)) +} + func TestHelmWithDependenciesLegacyRepo(t *testing.T) { SkipOnEnv(t, "HELM") testHelmWithDependencies(t, "helm-with-dependencies", true) diff --git a/test/e2e/matrix_e2e_test.go b/test/e2e/matrix_e2e_test.go index 02e9b60c7a6b2..d61c5ec680e1f 100644 --- a/test/e2e/matrix_e2e_test.go +++ b/test/e2e/matrix_e2e_test.go @@ -26,6 +26,9 @@ func TestListMatrixGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s", cluster, name), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "matrix-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -125,7 +128,10 @@ func TestListMatrixGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "matrix-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -150,6 +156,9 @@ func TestClusterMatrixGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s", cluster, name), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "matrix-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -252,7 +261,10 @@ func TestClusterMatrixGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "matrix-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -265,3 +277,310 @@ func TestClusterMatrixGenerator(t *testing.T) { When(). Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) } + +func TestMatrixTerminalMatrixGeneratorSelector(t *testing.T) { + generateExpectedApp := func(cluster, name string) argov1alpha1.Application { + return argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-%s", cluster, name), + Namespace: utils.TestNamespace(), + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "matrix-generator-nested-matrix", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: name, + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: name, + }, + }, + } + } + + expectedApps1 := []argov1alpha1.Application{ + generateExpectedApp("cluster1", "kustomize-guestbook"), + generateExpectedApp("cluster1", "helm-guestbook"), + generateExpectedApp("cluster1", "ksonnet-guestbook"), + } + expectedApps2 := []argov1alpha1.Application{ + generateExpectedApp("cluster2", "kustomize-guestbook"), + generateExpectedApp("cluster2", "helm-guestbook"), + generateExpectedApp("cluster2", "ksonnet-guestbook"), + } + + Given(t). + // Create ApplicationSet with LabelSelector on an ApplicationSetTerminalGenerator + When(). + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "matrix-generator-nested-matrix", + }, + Spec: v1alpha1.ApplicationSetSpec{ + ApplyNestedSelectors: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{values.name}}-{{path.basename}}"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "{{path}}", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "{{path.basename}}", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Matrix: &v1alpha1.MatrixGenerator{ + Generators: []v1alpha1.ApplicationSetNestedGenerator{ + { + Matrix: toAPIExtensionsJSON(t, &v1alpha1.NestedMatrixGenerator{ + Generators: []v1alpha1.ApplicationSetTerminalGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc", "values": {"name": "cluster1"}}`)}, + {Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc", "values": {"name": "cluster2"}}`)}, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.name": "cluster1", + }, + }, + }, + { + Git: &v1alpha1.GitGenerator{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + { + Path: "*guestbook*", + }, + }, + }, + }, + }, + }), + }, + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{}`)}, + }, + }, + }, + }, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist(expectedApps1)).Expect(ApplicationsDoNotExist(expectedApps2)). + + // Update the ApplicationSetTerminalGenerator LabelSelector, and verify the Applications are deleted and created + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Generators[0].Matrix.Generators[0].Matrix = toAPIExtensionsJSON(t, &v1alpha1.NestedMatrixGenerator{ + Generators: []v1alpha1.ApplicationSetTerminalGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc", "values": {"name": "cluster1"}}`)}, + {Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc", "values": {"name": "cluster2"}}`)}, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.name": "cluster2", + }, + }, + }, + { + Git: &v1alpha1.GitGenerator{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + { + Path: "*guestbook*", + }, + }, + }, + }, + }, + }) + }).Then().Expect(ApplicationsExist(expectedApps2)).Expect(ApplicationsDoNotExist(expectedApps1)). + + // Set ApplyNestedSelector to false and verify all Applications are created + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.ApplyNestedSelectors = false + }).Then().Expect(ApplicationsExist(expectedApps1)).Expect(ApplicationsExist(expectedApps2)). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist(expectedApps1)).Expect(ApplicationsDoNotExist(expectedApps2)) +} + +func TestMatrixTerminalMergeGeneratorSelector(t *testing.T) { + generateExpectedApp := func(name, nameSuffix string) argov1alpha1.Application { + return argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-%s", name, nameSuffix), + Namespace: utils.TestNamespace(), + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "matrix-generator-nested-merge", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: name, + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: name, + }, + }, + } + } + + expectedApps1 := []argov1alpha1.Application{ + generateExpectedApp("kustomize-guestbook", "1"), + } + expectedApps2 := []argov1alpha1.Application{ + generateExpectedApp("helm-guestbook", "2"), + } + + Given(t). + // Create ApplicationSet with LabelSelector on an ApplicationSetTerminalGenerator + When(). + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "matrix-generator-nested-merge", + }, + Spec: v1alpha1.ApplicationSetSpec{ + ApplyNestedSelectors: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{path.basename}}-{{name-suffix}}"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "{{path}}", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "{{path.basename}}", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Matrix: &v1alpha1.MatrixGenerator{ + Generators: []v1alpha1.ApplicationSetNestedGenerator{ + { + Merge: toAPIExtensionsJSON(t, &v1alpha1.NestedMergeGenerator{ + MergeKeys: []string{"path.basename"}, + Generators: []v1alpha1.ApplicationSetTerminalGenerator{ + { + Git: &v1alpha1.GitGenerator{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + { + Path: "*guestbook*", + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "path.basename": "kustomize-guestbook", + }, + }, + }, + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{"path.basename": "kustomize-guestbook", "name-suffix": "1"}`)}, + {Raw: []byte(`{"path.basename": "helm-guestbook", "name-suffix": "2"}`)}, + }, + }, + }, + }, + }), + }, + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{}`)}, + }, + }, + }, + }, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist(expectedApps1)).Expect(ApplicationsDoNotExist(expectedApps2)). + + // Update the ApplicationSetTerminalGenerator LabelSelector, and verify the Applications are deleted and created + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + + appset.Spec.Generators[0].Matrix.Generators[0].Merge = toAPIExtensionsJSON(t, &v1alpha1.NestedMergeGenerator{ + MergeKeys: []string{"path.basename"}, + Generators: []v1alpha1.ApplicationSetTerminalGenerator{ + { + Git: &v1alpha1.GitGenerator{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + { + Path: "*guestbook*", + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "path.basename": "helm-guestbook", + }, + }, + }, + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{"path.basename": "kustomize-guestbook", "name-suffix": "1"}`)}, + {Raw: []byte(`{"path.basename": "helm-guestbook", "name-suffix": "2"}`)}, + }, + }, + }, + }, + }) + }).Then().Expect(ApplicationsExist(expectedApps2)).Expect(ApplicationsDoNotExist(expectedApps1)). + + // Set ApplyNestedSelector to false and verify all Applications are created + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.ApplyNestedSelectors = false + }).Then().Expect(ApplicationsExist(expectedApps1)).Expect(ApplicationsExist(expectedApps2)). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist(expectedApps1)).Expect(ApplicationsDoNotExist(expectedApps2)) +} diff --git a/test/e2e/merge_e2e_test.go b/test/e2e/merge_e2e_test.go index e2a695bea7be0..065e3f73c474b 100644 --- a/test/e2e/merge_e2e_test.go +++ b/test/e2e/merge_e2e_test.go @@ -27,6 +27,9 @@ func TestListMergeGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s", name, nameSuffix), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "merge-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -122,7 +125,10 @@ func TestListMergeGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "merge-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -147,6 +153,9 @@ func TestClusterMergeGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s-%s", cluster, name, nameSuffix), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "merge-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -267,7 +276,10 @@ func TestClusterMergeGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "merge-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -281,6 +293,160 @@ func TestClusterMergeGenerator(t *testing.T) { Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) } +func TestMergeTerminalMergeGeneratorSelector(t *testing.T) { + generateExpectedApp := func(name, nameSuffix string) argov1alpha1.Application { + return argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-%s", name, nameSuffix), + Namespace: utils.TestNamespace(), + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "merge-generator-nested-merge", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: name, + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: name, + }, + }, + } + } + + expectedApps1 := []argov1alpha1.Application{ + generateExpectedApp("kustomize-guestbook", "1"), + } + expectedApps2 := []argov1alpha1.Application{ + generateExpectedApp("helm-guestbook", "2"), + } + + Given(t). + // Create ApplicationSet with LabelSelector on an ApplicationSetTerminalGenerator + When(). + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "merge-generator-nested-merge", + }, + Spec: v1alpha1.ApplicationSetSpec{ + ApplyNestedSelectors: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{path.basename}}-{{name-suffix}}"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "{{path}}", + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "{{path.basename}}", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Merge: &v1alpha1.MergeGenerator{ + MergeKeys: []string{"path.basename"}, + Generators: []v1alpha1.ApplicationSetNestedGenerator{ + { + Merge: toAPIExtensionsJSON(t, &v1alpha1.NestedMergeGenerator{ + MergeKeys: []string{"path.basename"}, + Generators: []v1alpha1.ApplicationSetTerminalGenerator{ + { + Git: &v1alpha1.GitGenerator{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + { + Path: "*guestbook*", + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "path.basename": "kustomize-guestbook", + }, + }, + }, + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{"path.basename": "kustomize-guestbook", "name-suffix": "1"}`)}, + {Raw: []byte(`{"path.basename": "helm-guestbook", "name-suffix": "2"}`)}, + }, + }, + }, + }, + }), + }, + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{}`)}, + }, + }, + }, + }, + }, + }, + }, + }, + }).Then().Expect(ApplicationsExist(expectedApps1)).Expect(ApplicationsDoNotExist(expectedApps2)). + + // Update the ApplicationSetTerminalGenerator LabelSelector, and verify the Applications are deleted and created + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + + appset.Spec.Generators[0].Merge.Generators[0].Merge = toAPIExtensionsJSON(t, &v1alpha1.NestedMergeGenerator{ + MergeKeys: []string{"path.basename"}, + Generators: []v1alpha1.ApplicationSetTerminalGenerator{ + { + Git: &v1alpha1.GitGenerator{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + { + Path: "*guestbook*", + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "path.basename": "helm-guestbook", + }, + }, + }, + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{ + {Raw: []byte(`{"path.basename": "kustomize-guestbook", "name-suffix": "1"}`)}, + {Raw: []byte(`{"path.basename": "helm-guestbook", "name-suffix": "2"}`)}, + }, + }, + }, + }, + }) + }).Then().Expect(ApplicationsExist(expectedApps2)).Expect(ApplicationsDoNotExist(expectedApps1)). + + // Set ApplyNestedSelector to false and verify all Applications are created + When(). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.ApplyNestedSelectors = false + }).Then().Expect(ApplicationsExist(expectedApps1)).Expect(ApplicationsExist(expectedApps2)). + + // Delete the ApplicationSet, and verify it deletes the Applications + When(). + Delete().Then().Expect(ApplicationsDoNotExist(expectedApps1)).Expect(ApplicationsDoNotExist(expectedApps2)) +} + func toAPIExtensionsJSON(t *testing.T, g interface{}) *apiextensionsv1.JSON { resVal, err := json.Marshal(g) diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 31aa01f2d3b46..d4d49adc0d746 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:7b3ccabffc97de872a30dfd234fd972a66d247c8cfc69b0550f276481852627c +FROM docker.io/library/busybox@sha256:2376a0c12759aa1214ba83e771ff252c7b1663216b192fbe5e0fb364e952f85c CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/e2e/repo_management_test.go b/test/e2e/repo_management_test.go index 30b304c8b7b2e..70b14d5682299 100644 --- a/test/e2e/repo_management_test.go +++ b/test/e2e/repo_management_test.go @@ -7,9 +7,11 @@ import ( "github.com/stretchr/testify/assert" repositorypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/repos" + . "github.com/argoproj/argo-cd/v2/util/errors" argoio "github.com/argoproj/argo-cd/v2/util/io" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -52,6 +54,38 @@ func TestAddRemovePublicRepo(t *testing.T) { }) } +func TestGetRepoWithInheritedCreds(t *testing.T) { + app.Given(t).And(func() { + // create repo credentials + FailOnErr(fixture.RunCli("repocreds", "add", fixture.RepoURL(fixture.RepoURLTypeHTTPSOrg), "--github-app-id", fixture.GithubAppID, "--github-app-installation-id", fixture.GithubAppInstallationID, "--github-app-private-key-path", repos.CertKeyPath)) + + repoUrl := fixture.RepoURL(fixture.RepoURLTypeHTTPS) + + // Hack: First we need to create repo with valid credentials + FailOnErr(fixture.RunCli("repo", "add", repoUrl, "--username", fixture.GitUsername, "--password", fixture.GitPassword, "--insecure-skip-server-verification")) + + // Then, we remove username/password so that the repo inherits the credentials from our repocreds + conn, repoClient, err := fixture.ArgoCDClientset.NewRepoClient() + assert.NoError(t, err) + defer argoio.Close(conn) + + _, err = repoClient.UpdateRepository(context.Background(), &repositorypkg.RepoUpdateRequest{ + Repo: &v1alpha1.Repository{ + Repo: repoUrl, + }, + }) + assert.NoError(t, err) + + // CLI output should indicate that repo has inherited credentials + out, err := fixture.RunCli("repo", "get", repoUrl) + assert.NoError(t, err) + assert.Contains(t, out, "inherited") + + _, err = fixture.RunCli("repo", "rm", repoUrl) + assert.NoError(t, err) + }) +} + func TestUpsertExistingRepo(t *testing.T) { app.Given(t).And(func() { fixture.SetRepos(settings.RepositoryCredentials{URL: fixture.RepoURL(fixture.RepoURLTypeFile)}) diff --git a/test/e2e/testdata/cmp-fileName/plugin.yaml b/test/e2e/testdata/cmp-fileName/plugin.yaml index 1263c60054880..b3f8068de2100 100644 --- a/test/e2e/testdata/cmp-fileName/plugin.yaml +++ b/test/e2e/testdata/cmp-fileName/plugin.yaml @@ -5,6 +5,6 @@ metadata: spec: version: v1.0 generate: - command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"'] + command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"'] discover: - fileName: "cmp-fileName/subdir/s*.yaml" + fileName: "subdir/s*.yaml" diff --git a/test/e2e/testdata/cmp-gitcreds/plugin.yaml b/test/e2e/testdata/cmp-gitcreds/plugin.yaml new file mode 100644 index 0000000000000..024804f495cc9 --- /dev/null +++ b/test/e2e/testdata/cmp-gitcreds/plugin.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ConfigManagementPlugin +metadata: + name: cmp-gitcreds +spec: + version: v1.0 + generate: + command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitAskpass\": \"$GIT_ASKPASS\"}}}"'] + discover: + fileName: "subdir/s*.yaml" diff --git a/test/e2e/testdata/cmp-gitcreds/subdir/special.yaml b/test/e2e/testdata/cmp-gitcreds/subdir/special.yaml new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/test/e2e/testdata/cmp-gitcredstemplate/plugin.yaml b/test/e2e/testdata/cmp-gitcredstemplate/plugin.yaml new file mode 100644 index 0000000000000..e57ee747bd078 --- /dev/null +++ b/test/e2e/testdata/cmp-gitcredstemplate/plugin.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ConfigManagementPlugin +metadata: + name: cmp-gitcredstemplate +spec: + version: v1.0 + generate: + command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitAskpass\": \"$GIT_ASKPASS\", \"GitUsername\": \"$GIT_USERNAME\", \"GitPassword\": \"$GIT_PASSWORD\"}}}"'] + discover: + fileName: "subdir/s*.yaml" diff --git a/test/e2e/testdata/cmp-gitcredstemplate/subdir/special.yaml b/test/e2e/testdata/cmp-gitcredstemplate/subdir/special.yaml new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/test/e2e/testdata/cmp-kustomize/plugin.yaml b/test/e2e/testdata/cmp-kustomize/plugin.yaml new file mode 100644 index 0000000000000..3cdcc6d643758 --- /dev/null +++ b/test/e2e/testdata/cmp-kustomize/plugin.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ConfigManagementPlugin +metadata: + name: cmp-kustomize +spec: + version: v1.0 + generate: + command: [kustomize, build, .] + discover: + fileName: "kustomization.yaml" diff --git a/test/e2e/testdata/git-submodule/submodule-pod.yaml b/test/e2e/testdata/git-submodule/submodule-pod.yaml index fa3b92c2f5875..134107da31cba 100644 --- a/test/e2e/testdata/git-submodule/submodule-pod.yaml +++ b/test/e2e/testdata/git-submodule/submodule-pod.yaml @@ -7,6 +7,4 @@ spec: - name: main image: quay.io/argoprojlabs/argocd-e2e-container:0.1 imagePullPolicy: IfNotPresent - command: - - "true" - restartPolicy: Never + terminationGracePeriodSeconds: 0 diff --git a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml index fc1982761746c..f7f144d20e123 100644 --- a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml +++ b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml @@ -1,7 +1,11 @@ apiVersion: v2 -name: helm-with-dependencies +name: helm-with-multiple-dependencies version: v1.0.0 dependencies: - name: helm repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local" version: v1.0.0 + - name: helm + repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local2" + version: v1.0.0 + alias: helm2 \ No newline at end of file diff --git a/test/e2e/testdata/resource-actions/cron-job.yaml b/test/e2e/testdata/resource-actions/cron-job.yaml new file mode 100644 index 0000000000000..3ab1fb9b1cd8a --- /dev/null +++ b/test/e2e/testdata/resource-actions/cron-job.yaml @@ -0,0 +1,19 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: hello +spec: + schedule: "* * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: hello + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + restartPolicy: OnFailure \ No newline at end of file diff --git a/test/fixture/testrepos/start-git.sh b/test/fixture/testrepos/start-git.sh index b36da58a28388..4a660c29a7575 100755 --- a/test/fixture/testrepos/start-git.sh +++ b/test/fixture/testrepos/start-git.sh @@ -2,5 +2,5 @@ docker run --name e2e-git --rm -i \ -p 2222:2222 -p 9080:9080 -p 9443:9443 -p 9444:9444 -p 9445:9445 \ - -w /go/src/github.com/argoproj/argo-cd -v $(pwd):/go/src/github.com/argoproj/argo-cd -v /tmp:/tmp argoproj/argo-cd-ci-builder:v1.0.0 \ + -w /go/src/github.com/argoproj/argo-cd -v $(pwd):/go/src/github.com/argoproj/argo-cd -v /tmp:/tmp docker.io/argoproj/argo-cd-ci-builder:v1.0.0 \ bash -c "goreman -f ./test/fixture/testrepos/Procfile start" diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 38af465d84d41..effd69c9768af 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 -FROM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 AS go +FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 0bd9d544370e5..e3ed314621d5c 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 AS node +FROM docker.io/library/node:20.3.1@sha256:2f0b0c15f97441defa812268ee943bbfaaf666ea6cf7cac62ee3f127906b35c6 AS node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui/.nvmrc b/ui/.nvmrc index e048c8ca198f9..04f4e7ab35f38 100644 --- a/ui/.nvmrc +++ b/ui/.nvmrc @@ -1 +1 @@ -v18.15.0 +v20.3.1 diff --git a/ui/jest.config.js b/ui/jest.config.js index dd5d29b688e59..abd8a45bcecd6 100644 --- a/ui/jest.config.js +++ b/ui/jest.config.js @@ -1,6 +1,6 @@ module.exports = { preset: 'ts-jest', - testEnvironment: 'jsdom', + testEnvironment: 'node', reporters: ['default', 'jest-junit'], collectCoverage: true, transformIgnorePatterns: ['node_modules/(?!(argo-ui)/)'], diff --git a/ui/package.json b/ui/package.json index b36d7664cf562..497b0d04a0f85 100644 --- a/ui/package.json +++ b/ui/package.json @@ -5,12 +5,13 @@ "scripts": { "start": "webpack-dev-server --config ./src/app/webpack.config.js --mode development", "docker": "./scripts/build_docker.sh", - "build": "find ./dist -type f -not -name gitkeep -delete && webpack --config ./src/app/webpack.config.js --mode production --stats-children", + "build": "find ./dist -type f -not -name gitkeep -delete && webpack --config ./src/app/webpack.config.js --mode production", "lint": "tsc --noEmit --project ./src/app && tslint -p ./src/app", "lint:fix": "tslint -p ./src/app --fix", "test": "jest" }, "dependencies": { + "@fortawesome/fontawesome-free": "^6.4.0", "@types/react-virtualized": "^9.21.21", "@types/superagent": "^4.1.15", "ansi-to-react": "^6.1.6", @@ -19,16 +20,17 @@ "classnames": "^2.2.5", "color": "^3.2.1", "dagre": "^0.8.5", + "date-fns": "^2.30.0", "deepmerge": "^3.2.0", - "foundation-sites": "^6.7.4", + "foundation-sites": "^6.7.5", "git-url-parse": "^13.1.0", + "history": "^4.7.2", "js-yaml": "^3.14.1", "json-merge-patch": "^0.2.3", "lodash-es": "^4.17.21", "minimatch": "^3.1.2", "moment": "^2.29.4", "monaco-editor": "^0.33.0", - "monaco-kubernetes": "0.2.2", "path": "^0.12.7", "prop-types": "^15.8.1", "react": "^16.9.3", @@ -52,7 +54,7 @@ "tsx": "^3.4.0", "unidiff": "^1.0.2", "url": "^0.11.0", - "xterm": "^4.18.0", + "xterm": "^4.19.0", "xterm-addon-fit": "^0.5.0" }, "resolutions": { @@ -75,7 +77,7 @@ "@types/js-yaml": "^3.11.2", "@types/lodash-es": "^4.17.6", "@types/minimatch": "^3.0.3", - "@types/node": "18.15.3", + "@types/node": "20.3.1", "@types/prop-types": "^15.7.5", "@types/react": "^16.8.5", "@types/react-autocomplete": "^1.8.4", @@ -86,10 +88,11 @@ "@types/react-router": "^4.0.27", "@types/react-router-dom": "^4.2.3", "@types/react-test-renderer": "^16.8.3", + "@types/uuid": "^9.0.1", "add": "^2.0.6", "babel-jest": "^26.6.3", "babel-loader": "^8.0.6", - "codecov": "^3.7.2", + "codecov": "^3.8.3", "copy-webpack-plugin": "^6.1.1", "esbuild-loader": "^2.18.0", "html-webpack-plugin": "^5.5.0", @@ -107,13 +110,13 @@ "source-map-loader": "^0.2.3", "style-loader": "^0.20.1", "ts-jest": "^27.1.3", - "ts-node": "^10.7.0", + "ts-node": "10.9.1", "tslint": "^6.1.3", "tslint-config-prettier": "^1.18.0", "tslint-plugin-prettier": "^2.0.1", "tslint-react": "^5.0.0", "typescript": "^4.9.5", - "webpack": "^5.70.0", + "webpack": "^5.84.1", "webpack-cli": "^4.9.2", "webpack-dev-server": "^4.7.4", "yarn": "^1.22.10" diff --git a/ui/src/app/applications/components/application-details/application-details.scss b/ui/src/app/applications/components/application-details/application-details.scss index 6eac2b2f57097..32d29a6e2c1ee 100644 --- a/ui/src/app/applications/components/application-details/application-details.scss +++ b/ui/src/app/applications/components/application-details/application-details.scss @@ -29,7 +29,7 @@ $header: 120px; overflow-x: auto; overflow-y: auto; margin-top: 150px; - height: calc(100vh - 2 * 50px - 115px); + height: calc(100vh - 2 * 70px - 115px); @media screen and (max-width: map-get($breakpoints, xlarge)) { margin-top: 165px; } @@ -275,77 +275,71 @@ $header: 120px; color: $argo-color-gray-7; } } -} -@media screen and (max-width: map-get($breakpoints, large)) { -.sliding-panel__body { - padding: 4px !important; -} -.sliding-panel--is-middle .sliding-panel__wrapper { - width: 90% !important; -} -.sliding-panel--is-middle .sliding-panel__body { - padding: 18px !important; -} -.sliding-panel__close { - z-index: 2 !important; -} -.top-bar__title { - display: none; -} - -.top-bar__left-side { - white-space: normal !important; -} -.top-bar__left-side > div { - display: block !important; -} -.top-bar__right-side { - justify-content: right !important; -} -.application-status-panel.row { - flex-flow: unset; -} -.application-status-panel__item label { - margin-right: 0; -} -.application-status-panel__item { - padding: 5px 10px; -} + @media screen and (max-width: map-get($breakpoints, large)) { + .sliding-panel__body { + padding: 4px !important; + } + .sliding-panel--is-middle .sliding-panel__wrapper { + width: 90% !important; + } + .sliding-panel--is-middle .sliding-panel__body { + padding: 18px !important; + } + .sliding-panel__close { + z-index: 2 !important; + } + .top-bar__title { + display: none; + } -.white-box, .tabs__content { - padding: 4px !important; -} -.white-box__details-row .columns.small-3 { - overflow-wrap: unset !important; - overflow: scroll; -} -.white-box__details-row .columns.small-9{ - padding-left: 4px; -} + .top-bar__left-side { + white-space: normal !important; + } + .top-bar__left-side > div { + display: block !important; + } + .top-bar__right-side { + justify-content: right !important; + } + .application-status-panel.row { + flex-flow: unset; + } + .application-status-panel__item label { + margin-right: 0; + } + .application-status-panel__item { + padding: 5px 10px; + } -.resource-details__header h1 { - font-size: 16px; -} -.resource-details__header { - margin-top: 30px; - padding-right: 4px; -} + .white-box, .tabs__content { + padding: 4px !important; + } + .white-box__details-row .columns.small-3 { + overflow-wrap: unset !important; + overflow: scroll; + } + .white-box__details-row .columns.small-9{ + padding-left: 4px; + } -.tabs__nav a:first-child, .tabs__nav a { - margin-left: 0 !important; -} + .resource-details__header h1 { + font-size: 16px; + } + .resource-details__header { + margin-top: 30px; + padding-right: 4px; + } -.editable-panel__buttons { - top: unset; -} -} + .tabs__nav a:first-child, .tabs__nav a { + margin-left: 0 !important; + } -@media screen and (max-width: map-get($breakpoints, medium)) { -.sb-page-wrapper .top-bar.row { - display: none !important; -} + .editable-panel__buttons { + top: unset; + } + } } .resource-parent-node-info-title { diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.scss b/ui/src/app/applications/components/application-node-info/application-node-info.scss index 1d1fbf941fac7..f50e67279cc52 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.scss +++ b/ui/src/app/applications/components/application-node-info/application-node-info.scss @@ -39,7 +39,10 @@ color: $argo-color-gray-8; } } - + &__err_msg { + padding-right: 2em; + color: $argo-failed-color; + } &__container { display: flex; align-items: center; @@ -66,4 +69,4 @@ border-bottom: none; } } -} +} \ No newline at end of file diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx index 8ecb965a1ab8b..05c3dcae95ab3 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx +++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx @@ -9,16 +9,9 @@ import * as models from '../../../shared/models'; import {services} from '../../../shared/services'; import {ResourceTreeNode} from '../application-resource-tree/application-resource-tree'; import {ApplicationResourcesDiff} from '../application-resources-diff/application-resources-diff'; -import { - ComparisonStatusIcon, - formatCreationTimestamp, - getPodReadinessGatesState, - getPodReadinessGatesState as _getPodReadinessGatesState, - getPodStateReason, - HealthStatusIcon -} from '../utils'; +import {ComparisonStatusIcon, formatCreationTimestamp, getPodReadinessGatesState, getPodStateReason, HealthStatusIcon} from '../utils'; import './application-node-info.scss'; -import {ReadinessGatesFailedWarning} from './readiness-gates-failed-warning'; +import {ReadinessGatesNotPassedWarning} from './readiness-gates-not-passed-warning'; const RenderContainerState = (props: {container: any}) => { const state = (props.container.state?.waiting && 'waiting') || (props.container.state?.terminated && 'terminated') || (props.container.state?.running && 'running'); @@ -115,6 +108,7 @@ export const ApplicationNodeInfo = (props: { ) }); } + if (props.live) { if (props.node.kind === 'Pod') { const {reason, message, netContainerStatuses} = getPodStateReason(props.live); @@ -184,7 +178,7 @@ export const ApplicationNodeInfo = (props: { } as any); } } - + let showLiveState = true; if (props.links) { attributes.push({ title: 'LINKS', @@ -200,35 +194,62 @@ export const ApplicationNodeInfo = (props: { services.viewPreferences.getPreferences()}> {pref => { const live = deepMerge(props.live, {}) as any; + if (Object.keys(live).length === 0) { + showLiveState = false; + } + if (live?.metadata?.managedFields && pref.appDetails.hideManagedFields) { delete live.metadata.managedFields; } return ( - <> -
                                                                                                                                                                                          - - services.viewPreferences.updatePreferences({ - appDetails: { - ...pref.appDetails, - hideManagedFields: !pref.appDetails.hideManagedFields + + {showLiveState ? ( + +
                                                                                                                                                                                          + + services.viewPreferences.updatePreferences({ + appDetails: { + ...pref.appDetails, + hideManagedFields: !pref.appDetails.hideManagedFields + } + }) } - }) - } - /> - -
                                                                                                                                                                                          - - services.applications.patchResource(props.application.metadata.name, props.application.metadata.namespace, props.node, patch, patchType) - } - /> - + /> + +
                                                                                                                                                                                          + + services.applications.patchResource( + props.application.metadata.name, + props.application.metadata.namespace, + props.node, + patch, + patchType + ) + } + /> + + ) : ( +
                                                                                                                                                                                          + Resource not found in cluster:{' '} + {`${props?.controlled?.state?.targetState?.apiVersion}/${props?.controlled?.state?.targetState?.kind}:${props.node.name}`} +
                                                                                                                                                                                          + {props?.controlled?.state?.normalizedLiveState?.apiVersion && ( + + Please update your resource specification to use the latest Kubernetes API resources supported by the target cluster. The + recommended syntax is{' '} + {`${props.controlled.state.normalizedLiveState.apiVersion}/${props?.controlled.state.normalizedLiveState?.kind}:${props.node.name}`} + + )} +
                                                                                                                                                                                          + )} + ); }}                                                                                                                                                                                           @@ -250,6 +271,14 @@ export const ApplicationNodeInfo = (props: { } const readinessGatesState = React.useMemo(() => { + // If containers are not ready then readiness gate status is not important. + if (!props.live?.status?.containerStatuses?.length) { + return null; + } + if (props.live?.status?.containerStatuses?.some((containerStatus: {ready: boolean}) => !containerStatus.ready)) { + return null; + } + if (props.live && props.node?.kind === 'Pod') { return getPodReadinessGatesState(props.live); } @@ -259,7 +288,7 @@ export const ApplicationNodeInfo = (props: { return (
                                                                                                                                                                                          - {Boolean(readinessGatesState) && } + {Boolean(readinessGatesState) && }
                                                                                                                                                                                          {attributes.map(attr => ( diff --git a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.scss b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.scss similarity index 72% rename from ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.scss rename to ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.scss index b7c9ad7f0bd50..7887918671396 100644 --- a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.scss +++ b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.scss @@ -3,7 +3,7 @@ .white-box { &__readiness-gates-alert { padding: 20px; - border-left: 6px solid $argo-status-failed-color !important; + border-left: 6px solid $argo-status-warning-color !important; ul { margin-bottom: 0; diff --git a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.tsx b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.tsx similarity index 62% rename from ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.tsx rename to ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.tsx index c38dc598d6634..31af11b1d0349 100644 --- a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.tsx +++ b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.tsx @@ -1,29 +1,29 @@ import * as React from 'react'; import {selectPostfix} from '../utils'; -import './readiness-gates-failed-warning.scss'; +import './readiness-gates-not-passed-warning.scss'; -export interface ReadinessGatesFailedWarningProps { +export interface ReadinessGatesNotPassedWarningProps { readinessGatesState: { nonExistingConditions: string[]; - failedConditions: string[]; + notPassedConditions: string[]; }; } -export const ReadinessGatesFailedWarning = ({readinessGatesState}: ReadinessGatesFailedWarningProps) => { - if (readinessGatesState.failedConditions.length > 0 || readinessGatesState.nonExistingConditions.length > 0) { +export const ReadinessGatesNotPassedWarning = ({readinessGatesState}: ReadinessGatesNotPassedWarningProps) => { + if (readinessGatesState.notPassedConditions.length > 0 || readinessGatesState.nonExistingConditions.length > 0) { return (
                                                                                                                                                                                          -
                                                                                                                                                                                          Readiness Gates Failing:
                                                                                                                                                                                          +
                                                                                                                                                                                          Readiness Gates Not Passing:
                                                                                                                                                                                            - {readinessGatesState.failedConditions.length > 0 && ( + {readinessGatesState.notPassedConditions.length > 0 && (
                                                                                                                                                                                          • - The status of pod readiness gate{selectPostfix(readinessGatesState.failedConditions, '', 's')}{' '} - {readinessGatesState.failedConditions + The status of pod readiness gate{selectPostfix(readinessGatesState.notPassedConditions, '', 's')}{' '} + {readinessGatesState.notPassedConditions .map(t => `"${t}"`) .join(', ') .trim()}{' '} - {selectPostfix(readinessGatesState.failedConditions, 'is', 'are')} False. + {selectPostfix(readinessGatesState.notPassedConditions, 'is', 'are')} False.
                                                                                                                                                                                            • )} {readinessGatesState.nonExistingConditions.length > 0 && ( diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index 819f063d31d4a..f374678540189 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -24,6 +24,9 @@ import * as kustomize from './kustomize-image'; import {VarsInputField} from './vars-input-field'; import {concatMaps} from '../../../shared/utils'; import {getAppDefaultSource} from '../utils'; +import * as jsYaml from 'js-yaml'; + +let isValuesRaw = false; const TextWithMetadataField = ReactFormField((props: {metadata: {value: string}; fieldApi: FieldApi; className: string}) => { const { @@ -130,6 +133,12 @@ export const ApplicationParameters = (props: { const [removedOverrides, setRemovedOverrides] = React.useState(new Array()); let attributes: EditablePanelItem[] = []; + let appValues: string; + if (source && source.helm && source.helm.values) { + isValuesRaw = typeof source.helm.values !== 'string'; // nolint + appValues = isValuesRaw ? jsYaml.safeDump(source.helm.values) : source.helm.values; + source.helm.values = appValues; + } const [appParamsDeletedState, setAppParamsDeletedState] = React.useState([]); if (props.details.type === 'Kustomize' && props.details.kustomize) { @@ -216,7 +225,7 @@ export const ApplicationParameters = (props: { title: 'VALUES', view: source.helm && ( - 
                                                                                                                                                                                            {source.helm.values}
                                                                                                                                                                                            + 
                                                                                                                                                                                            {appValues}
                                                                                                                                                                                             ), edit: (formApi: FormApi) => ( @@ -518,7 +527,9 @@ export const ApplicationParameters = (props: { params = params.filter(param => !appParamsDeletedState.includes(param.name)); input.spec.source.plugin.parameters = params; } - + if (input.spec.source.helm && input.spec.source.helm.values && isValuesRaw) { + input.spec.source.helm.values = jsYaml.safeLoad(input.spec.source.helm.values); // Load values as json + } await props.save(input, {}); setRemovedOverrides(new Array()); }) @@ -532,6 +543,11 @@ export const ApplicationParameters = (props: { errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; } + if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { + const parsedValues = jsYaml.safeLoad(updatedApp.spec.source.helm.values); + errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; + } + return errors; }} onModeSwitch={ diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx index 5343e2f256ca9..96a8ea55b4f58 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx @@ -528,11 +528,15 @@ function renderPodGroup(props: ApplicationResourceTreeProps, id: string, node: R ))} {(node.info || []).length > 4 && ( ( -
                                                                                                                                                                                            - {i.name}: {i.value} -
                                                                                                                                                                                            - ))} + content={ + <> + {(node.info || []).map(i => ( +
                                                                                                                                                                                            + {i.name}: {i.value} +
                                                                                                                                                                                            + ))} + + } key={node.uid}> More @@ -822,11 +826,15 @@ function renderResourceNode(props: ApplicationResourceTreeProps, id: string, nod })} {(node.info || []).length > 4 && ( ( -
                                                                                                                                                                                            - {i.name}: {i.value} -
                                                                                                                                                                                            - ))} + content={ + <> + {(node.info || []).map(i => ( +
                                                                                                                                                                                            + {i.name}: {i.value} +
                                                                                                                                                                                            + ))} + + } key={node.uid}> More diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 36328660724dc..9072f650f5026 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -319,7 +319,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { { title: 'LINKS', view: ( - services.applications.getLinks(app.metadata.name)} input={app} key='appLinks'> + services.applications.getLinks(app.metadata.name, app.metadata.namespace)} input={app} key='appLinks'> {(links: models.LinksResponse) => } ) diff --git a/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx b/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx index f8cca173f3078..8aa2bcacdbb0d 100644 --- a/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx +++ b/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx @@ -45,7 +45,7 @@ export const ApplicationsRefreshPanel = ({show, apps, hide}: {show: boolean; app return; } - setProgress({percentage: 0, title: 'Starting...'}); + setProgress({percentage: 0, title: 'Refreshing applications'}); let i = 0; for (const app of selectedApps) { await services.applications.get(app.metadata.name, app.metadata.namespace, params.refreshType).catch(e => { @@ -57,7 +57,7 @@ export const ApplicationsRefreshPanel = ({show, apps, hide}: {show: boolean; app i++; setProgress({ percentage: i / selectedApps.length, - title: `${i} of ${selectedApps.length} apps now refreshing` + title: `Refreshed ${i} of ${selectedApps.length} applications` }); } setProgress({percentage: 100, title: 'Complete'}); diff --git a/ui/src/app/applications/components/pod-logs-viewer/auto-scroll-button.tsx b/ui/src/app/applications/components/pod-logs-viewer/auto-scroll-button.tsx new file mode 100644 index 0000000000000..ac4454c840d11 --- /dev/null +++ b/ui/src/app/applications/components/pod-logs-viewer/auto-scroll-button.tsx @@ -0,0 +1,14 @@ +import * as React from 'react'; +import {ToggleButton} from '../../../shared/components/toggle-button'; + +export const AutoScrollButton = ({scrollToBottom, setScrollToBottom}: {scrollToBottom: boolean; setScrollToBottom: (value: boolean) => void}) => { + return ( + setScrollToBottom(!scrollToBottom)} + toggled={scrollToBottom} + beat={scrollToBottom} + title='Automatically scroll to the bottom when new content appears' + /> + ); +}; diff --git a/ui/src/app/applications/components/pod-logs-viewer/copy-logs-button.tsx b/ui/src/app/applications/components/pod-logs-viewer/copy-logs-button.tsx index dca726bec8989..7adf5186c3e8e 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/copy-logs-button.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/copy-logs-button.tsx @@ -1,12 +1,12 @@ import * as React from 'react'; import {useContext} from 'react'; -import {LogLoader} from './log-loader'; import {Button} from '../../../shared/components/button'; import {Context} from '../../../shared/context'; import {NotificationType} from 'argo-ui/src/components/notifications/notifications'; +import {LogEntry} from '../../../shared/models'; // CopyLogsButton is a button that copies the logs to the clipboard -export const CopyLogsButton = ({loader}: {loader: LogLoader}) => { +export const CopyLogsButton = ({logs}: {logs: LogEntry[]}) => { const ctx = useContext(Context); return (
                                                                                                                                                                                          ))} diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx index 3819f7d911074..d096658bb7d8f 100644 --- a/ui/src/app/applications/components/utils.tsx +++ b/ui/src/app/applications/components/utils.tsx @@ -946,11 +946,12 @@ export function getPodStateReason(pod: appModels.State): {message: string; reaso return {reason, message, netContainerStatuses}; } -export const getPodReadinessGatesState = (pod: appModels.State): {nonExistingConditions: string[]; failedConditions: string[]} => { +export const getPodReadinessGatesState = (pod: appModels.State): {nonExistingConditions: string[]; notPassedConditions: string[]} => { + // if pod does not have readiness gates then return empty status if (!pod.spec?.readinessGates?.length) { return { nonExistingConditions: [], - failedConditions: [] + notPassedConditions: [] }; } @@ -989,7 +990,7 @@ export const getPodReadinessGatesState = (pod: appModels.State): {nonExistingCon return { nonExistingConditions, - failedConditions + notPassedConditions: failedConditions }; }; diff --git a/ui/src/app/shared/components/button.tsx b/ui/src/app/shared/components/button.tsx index 9acf2beeab524..33b9b30da48da 100644 --- a/ui/src/app/shared/components/button.tsx +++ b/ui/src/app/shared/components/button.tsx @@ -11,7 +11,8 @@ export const Button = ({ icon, className, style, - disabled + disabled, + beat }: { onClick?: MouseEventHandler; children?: ReactNode; @@ -21,13 +22,14 @@ export const Button = ({ className?: string; style?: CSSProperties; disabled?: boolean; + beat?: boolean; }) => ( ); diff --git a/ui/src/app/shared/components/deep-links.tsx b/ui/src/app/shared/components/deep-links.tsx index f7881bff537d9..6d9f614ea9661 100644 --- a/ui/src/app/shared/components/deep-links.tsx +++ b/ui/src/app/shared/components/deep-links.tsx @@ -1,4 +1,5 @@ -import * as React from 'react'; +import React from 'react'; +import {Link} from 'react-router-dom'; import {LinkInfo} from '../models'; export const DeepLinks = (props: {links: LinkInfo[]}) => { @@ -7,10 +8,17 @@ export const DeepLinks = (props: {links: LinkInfo[]}) => {
                                                                                                                                                                                          {(links || []).map((link: LinkInfo) => (
                                                                                                                                                                                          - - -
                                                                                                                                                                                          {link.title}
                                                                                                                                                                                          -                                                                                                                                                                                           + {link.url.startsWith('http') ? ( + + +
                                                                                                                                                                                          {link.title}
                                                                                                                                                                                          +                                                                                                                                                                                           + ) : ( + + +
                                                                                                                                                                                          {link.title}
                                                                                                                                                                                          + + )} {link.description && <>({link.description})}
                                                                                                                                                                                          ))} diff --git a/ui/src/app/shared/components/monaco-editor.tsx b/ui/src/app/shared/components/monaco-editor.tsx index 533f24e20295b..817e4c8ae6bcb 100644 --- a/ui/src/app/shared/components/monaco-editor.tsx +++ b/ui/src/app/shared/components/monaco-editor.tsx @@ -1,7 +1,6 @@ import * as React from 'react'; import * as monacoEditor from 'monaco-editor'; -import {configure, LanguageSettings} from 'monaco-kubernetes'; export interface EditorInput { text: string; @@ -12,7 +11,7 @@ export interface MonacoProps { minHeight?: number; vScrollBar: boolean; editor?: { - options?: monacoEditor.editor.IEditorOptions & {settings?: LanguageSettings}; + options?: monacoEditor.editor.IEditorOptions; input: EditorInput; getApi?: (api: monacoEditor.editor.IEditor) => any; }; @@ -26,13 +25,9 @@ const DEFAULT_LINE_HEIGHT = 18; const MonacoEditorLazy = React.lazy(() => import('monaco-editor').then(monaco => { - const component = (props: MonacoProps) => { + const Component = (props: MonacoProps) => { const [height, setHeight] = React.useState(0); - React.useEffect(() => { - configure(props.editor.options.settings); - }, [props.editor.options.settings]); - return (
                                                                                                                                                                                          const editor = monaco.editor.create(el, { ...props.editor.options, scrollBeyondLastLine: props.vScrollBar, - renderValidationDecorations: 'on', scrollbar: { handleMouseWheel: false, vertical: props.vScrollBar ? 'visible' : 'hidden' @@ -81,7 +75,7 @@ const MonacoEditorLazy = React.lazy(() => }; return { - default: component + default: Component }; }) ); diff --git a/ui/src/app/shared/components/page/page.scss b/ui/src/app/shared/components/page/page.scss index 1031a121bedb4..4194f2b00693f 100644 --- a/ui/src/app/shared/components/page/page.scss +++ b/ui/src/app/shared/components/page/page.scss @@ -75,10 +75,10 @@ } .sb-page-wrapper { - padding-left: $sidebar-width; + padding-left: $sidebar-width - 60px; &__sidebar-collapsed { - padding-left: $collapsed-sidebar-width; + padding-left: $collapsed-sidebar-width - 60px; .flex-top-bar { left: $collapsed-sidebar-width; } diff --git a/ui/src/app/shared/components/toggle-button.tsx b/ui/src/app/shared/components/toggle-button.tsx index 4a7177cdb1ac5..af2b7a4c54275 100644 --- a/ui/src/app/shared/components/toggle-button.tsx +++ b/ui/src/app/shared/components/toggle-button.tsx @@ -9,10 +9,12 @@ export const ToggleButton = ({ children, onToggle, toggled, + beat, disabled, icon }: { toggled: boolean; + beat?: boolean; onToggle: () => void; children?: ReactNode; title: string; @@ -24,6 +26,7 @@ export const ToggleButton = ({ onClick={onToggle} icon={icon} disabled={disabled} + beat={beat} style={{ // these are the argo-button color swapped backgroundColor: toggled && ARGO_WARNING_COLOR, diff --git a/ui/src/app/shared/components/urls.test.ts b/ui/src/app/shared/components/urls.test.ts index 9459dfecd7af1..17101fe175418 100644 --- a/ui/src/app/shared/components/urls.test.ts +++ b/ui/src/app/shared/components/urls.test.ts @@ -35,7 +35,7 @@ test('gitlab.com', () => { 'git@gitlab.com:alex_collins/private-repo.git', 'b1fe9426ead684d7af16958920968342ee295c1f', 'https://gitlab.com/alex_collins/private-repo', - 'https://gitlab.com/alex_collins/private-repo/commit/b1fe9426ead684d7af16958920968342ee295c1f'); + 'https://gitlab.com/alex_collins/private-repo/-/commit/b1fe9426ead684d7af16958920968342ee295c1f'); }); test('bitbucket.org', () => { diff --git a/ui/src/app/shared/components/urls.ts b/ui/src/app/shared/components/urls.ts index 9303d43d7da11..ab68e6424ba86 100644 --- a/ui/src/app/shared/components/urls.ts +++ b/ui/src/app/shared/components/urls.ts @@ -39,6 +39,12 @@ export function revisionUrl(url: string, revision: string, forPath: boolean): st urlSubPath = isSHA(revision) && !forPath ? 'commits' : 'src'; } + // Gitlab changed the way urls to commit look like + // Ref: https://docs.gitlab.com/ee/update/deprecations.html#legacy-urls-replaced-or-removed + if (parsed.source === 'gitlab.com') { + urlSubPath = '-/' + urlSubPath; + } + if (!supportedSource(parsed)) { return null; } diff --git a/ui/src/app/shared/components/yaml-editor/yaml-config.ts b/ui/src/app/shared/components/yaml-editor/yaml-config.ts deleted file mode 100644 index 985cbd3ab736e..0000000000000 --- a/ui/src/app/shared/components/yaml-editor/yaml-config.ts +++ /dev/null @@ -1,54 +0,0 @@ -import {LanguageSettings} from 'monaco-kubernetes'; - -/** - * The configuration of the editor. - */ -export type EditorConfig = { - /** - * Whether to use monaco-kubernetes in the editor. - * - * Enhancements - * - * - Schema validation for both well-known resources - * (e.g. Deployment, Ingress, etc) and Argo CRDs. This - * includes autocomplete and other common IntelliSense. - * - Adds semantical validation which includes the most - * prevalent Kubernetes hardening guidelines and additional - * rules to prevent misconfigurations in Argo CD CRDs. - * - * @remark All heavy lifting is done in a web worker which - * leaves the main thread free for rendering the UI. - */ - useKubernetesEditor: boolean; - - /** - * Configuration of monaco-kubernetes. - */ - - settings?: LanguageSettings; -}; - -export const DEFAULT_EDITOR_CONFIG: EditorConfig = { - useKubernetesEditor: true, - settings: { - // @see https://github.com/kubeshop/monokle-core/blob/main/packages/validation/docs/configuration.md - validation: { - plugins: { - 'yaml-syntax': true, - 'kubernetes-schema': true, - 'open-policy-agent': true, - 'argo': true - }, - rules: { - // @see https://github.com/kubeshop/monokle-core/blob/main/packages/validation/docs/core-plugins.md#open-policy-agent - 'open-policy-agent/no-latest-image': 'warn', - 'open-policy-agent/no-low-user-id': 'warn', - 'open-policy-agent/no-low-group-id': 'warn', - 'open-policy-agent/no-elevated-process': 'err', - 'open-policy-agent/no-sys-admin': 'err', - 'open-policy-agent/no-host-mounted-path': 'err', - 'open-policy-agent/no-host-port-access': 'err' - } - } - } -}; diff --git a/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx b/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx index 31c6943b6101c..d60e13e570200 100644 --- a/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx +++ b/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx @@ -5,7 +5,6 @@ import * as React from 'react'; import {Consumer} from '../../context'; import {MonacoEditor} from '../monaco-editor'; -import {DEFAULT_EDITOR_CONFIG, EditorConfig} from './yaml-config'; const jsonMergePatch = require('json-merge-patch'); require('./yaml-editor.scss'); @@ -19,7 +18,6 @@ export class YamlEditor extends React.Component< onSave?: (patch: string, patchType: string) => Promise; onCancel?: () => any; minHeight?: number; - config?: EditorConfig; }, { editing: boolean; @@ -35,7 +33,6 @@ export class YamlEditor extends React.Component< public render() { const props = this.props; const yaml = props.input ? jsYaml.safeDump(props.input) : ''; - const config = props.config ?? DEFAULT_EDITOR_CONFIG; return (
                                                                                                                                                                                          @@ -100,8 +97,8 @@ export class YamlEditor extends React.Component< minHeight={props.minHeight} vScrollBar={props.vScrollbar} editor={{ - input: {text: yaml, language: config.useKubernetesEditor ? 'kubernetes' : 'yaml'}, - options: {readOnly: !this.state.editing, minimap: {enabled: false}, settings: config.settings}, + input: {text: yaml, language: 'yaml'}, + options: {readOnly: !this.state.editing, minimap: {enabled: false}}, getApi: api => { this.model = api.getModel() as monacoEditor.editor.ITextModel; } diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts index 38aa9dee65d61..fb53a7a09c4ee 100644 --- a/ui/src/app/shared/services/applications-service.ts +++ b/ui/src/app/shared/services/applications-service.ts @@ -108,13 +108,14 @@ export class ApplicationsService { public getManifest(name: string, appNamespace: string, revision: string): Promise { return requests .get(`/applications/${name}/manifests`) - .query({name, revision}) + .query({name, revision, appNamespace}) .then(res => res.body as models.ManifestResponse); } public updateSpec(appName: string, appNamespace: string, spec: models.ApplicationSpec): Promise { return requests .put(`/applications/${appName}/spec`) + .query({appNamespace}) .send(spec) .then(res => res.body as models.ApplicationSpec); } @@ -331,11 +332,12 @@ export class ApplicationsService { .then(res => (res.body.actions as models.ResourceAction[]) || []); } - public patchResource(name: string, appNamspace: string, resource: models.ResourceNode, patch: string, patchType: string): Promise { + public patchResource(name: string, appNamespace: string, resource: models.ResourceNode, patch: string, patchType: string): Promise { return requests .post(`/applications/${name}/resource`) .query({ name: resource.name, + appNamespace, namespace: resource.namespace, resourceName: resource.name, version: resource.version, @@ -403,9 +405,10 @@ export class ApplicationsService { .then(() => true); } - public getLinks(applicationName: string): Promise { + public getLinks(applicationName: string, namespace: string): Promise { return requests .get(`/applications/${applicationName}/links`) + .query({namespace}) .send() .then(res => res.body as models.LinksResponse); } diff --git a/ui/src/app/sidebar/sidebar.tsx b/ui/src/app/sidebar/sidebar.tsx index 4d0d5d6cd6b74..c690565d01cb5 100644 --- a/ui/src/app/sidebar/sidebar.tsx +++ b/ui/src/app/sidebar/sidebar.tsx @@ -1,4 +1,5 @@ import {Tooltip} from 'argo-ui'; +import {Boundary, Placement} from 'popper.js'; import {useData} from 'argo-ui/v2'; import * as React from 'react'; import {Context} from '../shared/context'; @@ -34,11 +35,11 @@ export const Sidebar = (props: SidebarProps) => { const locationPath = context.history.location.pathname; const tooltipProps = { - placement: 'right', + placement: 'right' as Placement, popperOptions: { modifiers: { preventOverflow: { - boundariesElement: 'window' + boundariesElement: 'window' as Boundary } } } diff --git a/ui/src/app/webpack.config.js b/ui/src/app/webpack.config.js index b01967df22730..9bfcaa1f85d97 100644 --- a/ui/src/app/webpack.config.js +++ b/ui/src/app/webpack.config.js @@ -93,17 +93,7 @@ const config = { }), new MonacoWebpackPlugin({ // https://github.com/microsoft/monaco-editor-webpack-plugin#options - languages: ['yaml'], - customLanguages: [ - { - label: 'kubernetes', - entry: 'monaco-kubernetes', - worker: { - id: 'monaco-kubernetes/kubernetesWorker', - entry: 'monaco-kubernetes/worker' - } - } - ] + languages: ['yaml'] }) ], devServer: { diff --git a/ui/yarn.lock b/ui/yarn.lock index 37d3a0ccb9320..7a1c55b970860 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -9,39 +9,52 @@ dependencies: "@jridgewell/trace-mapping" "^0.3.0" -"@ant-design/colors@^6.0.0": - version "6.0.0" - resolved "https://registry.yarnpkg.com/@ant-design/colors/-/colors-6.0.0.tgz#9b9366257cffcc47db42b9d0203bb592c13c0298" - integrity sha512-qAZRvPzfdWHtfameEGP2Qvuf838NhergR35o+EuVyB5XvSA98xod5r4utvi4TJ3ywmevm290g9nsCG5MryrdWQ== +"@ant-design/colors@^7.0.0": + version "7.0.0" + resolved "https://registry.yarnpkg.com/@ant-design/colors/-/colors-7.0.0.tgz#eb7eecead124c3533aea05d61254f0a17f2b61b3" + integrity sha512-iVm/9PfGCbC0dSMBrz7oiEXZaaGH7ceU40OJEfKmyuzR9R5CRimJYPlRiFtMQGQcbNMea/ePcoIebi4ASGYXtg== dependencies: "@ctrl/tinycolor" "^3.4.0" +"@ant-design/cssinjs@^1.10.1": + version "1.10.1" + resolved "https://registry.yarnpkg.com/@ant-design/cssinjs/-/cssinjs-1.10.1.tgz#c9173f38e3d61f0883ca3c17d7cf1e30784e0dd7" + integrity sha512-PSoJS8RMzn95ZRg007dJGr6AU0Zim/O+tTN0xmXmh9CkIl4y3wuOr2Zhehaj7s130wPSYDVvahf3DKT50w/Zhw== + dependencies: + "@babel/runtime" "^7.11.1" + "@emotion/hash" "^0.8.0" + "@emotion/unitless" "^0.7.5" + classnames "^2.3.1" + csstype "^3.0.10" + rc-util "^5.27.0" + stylis "^4.0.13" + "@ant-design/icons-svg@^4.2.1": version "4.2.1" resolved "https://registry.yarnpkg.com/@ant-design/icons-svg/-/icons-svg-4.2.1.tgz#8630da8eb4471a4aabdaed7d1ff6a97dcb2cf05a" integrity sha512-EB0iwlKDGpG93hW8f85CTJTs4SvMX7tt5ceupvhALp1IF44SeUFOMhKUOYqpsoYWQKAOuTRDMqn75rEaKDp0Xw== -"@ant-design/icons@^4.7.0": - version "4.7.0" - resolved "https://registry.yarnpkg.com/@ant-design/icons/-/icons-4.7.0.tgz#8c3cbe0a556ba92af5dc7d1e70c0b25b5179af0f" - integrity sha512-aoB4Z7JA431rt6d4u+8xcNPPCrdufSRMUOpxa1ab6mz1JCQZOEVolj2WVs/tDFmN62zzK30mNelEsprLYsSF3g== +"@ant-design/icons@^5.1.0": + version "5.1.4" + resolved "https://registry.yarnpkg.com/@ant-design/icons/-/icons-5.1.4.tgz#614e29e26d092c2c1c1a2acbc0d84434d8d1474e" + integrity sha512-YHKL7Jx3bM12OxvtiYDon04BsBT/6LGitYEqar3GljzWaAyMOAD8i/uF1Rsi5Us/YNdWWXBGSvZV2OZWMpJlcA== dependencies: - "@ant-design/colors" "^6.0.0" + "@ant-design/colors" "^7.0.0" "@ant-design/icons-svg" "^4.2.1" "@babel/runtime" "^7.11.2" classnames "^2.2.6" - rc-util "^5.9.4" + rc-util "^5.31.1" -"@ant-design/react-slick@~0.29.1": - version "0.29.2" - resolved "https://registry.yarnpkg.com/@ant-design/react-slick/-/react-slick-0.29.2.tgz#53e6a7920ea3562eebb304c15a7fc2d7e619d29c" - integrity sha512-kgjtKmkGHa19FW21lHnAfyyH9AAoh35pBdcJ53rHmQ3O+cfFHGHnUbj/HFrRNJ5vIts09FKJVAD8RpaC+RaWfA== +"@ant-design/react-slick@~1.0.0": + version "1.0.1" + resolved "https://registry.yarnpkg.com/@ant-design/react-slick/-/react-slick-1.0.1.tgz#af10e67ef9a233df5610c36313a5c804ccc2ae6b" + integrity sha512-ARM0TmpGdDuUVE10NwUCENQlJSInNKo5NiBjL5szu5BxWNEHNwQMcDrlVCqFbkvFLy+2CvywW8Y59QJtC0YDag== dependencies: "@babel/runtime" "^7.10.4" classnames "^2.2.5" json2mq "^0.2.0" - lodash "^4.17.21" resize-observer-polyfill "^1.5.1" + throttle-debounce "^5.0.0" "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.5.5": version "7.5.5" @@ -989,7 +1002,7 @@ dependencies: regenerator-runtime "^0.13.4" -"@babel/runtime@^7.10.1", "@babel/runtime@^7.10.2", "@babel/runtime@^7.10.4", "@babel/runtime@^7.11.1", "@babel/runtime@^7.11.2": +"@babel/runtime@^7.10.1", "@babel/runtime@^7.10.4", "@babel/runtime@^7.11.1", "@babel/runtime@^7.11.2": version "7.16.7" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.16.7.tgz#03ff99f64106588c9c403c6ecb8c3bafbbdff1fa" integrity sha512-9E9FJowqAsytyOY6LG+1KuueckRL+aQW+mKvXRXnuFGyRAyepJPmEo9vgMfXUA6O9u3IeEdv9MAkppFcaQwogQ== @@ -1010,6 +1023,20 @@ dependencies: regenerator-runtime "^0.13.4" +"@babel/runtime@^7.20.0", "@babel/runtime@^7.20.7": + version "7.22.5" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.22.5.tgz#8564dd588182ce0047d55d7a75e93921107b57ec" + integrity sha512-ecjvYlnAaZ/KVneE/OdKYBYfgXV3Ptu6zQWmgEF7vwKhQnvVS6bjMD2XYgj+SNvQ1GfK/pjgokfPkC/2CO8CuA== + dependencies: + regenerator-runtime "^0.13.11" + +"@babel/runtime@^7.21.0": + version "7.21.5" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.21.5.tgz#8492dddda9644ae3bda3b45eabe87382caee7200" + integrity sha512-8jI69toZqqcsnqGGqwGS4Qb1VwLOEp4hz+CXPywcvjs60u3B4Pom/U/7rm4W8tMOYEB+E9wgD0mW1l3r8qlI9Q== + dependencies: + regenerator-runtime "^0.13.11" + "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.7": version "7.20.13" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.20.13.tgz#7055ab8a7cff2b8f6058bf6ae45ff84ad2aded4b" @@ -1104,28 +1131,38 @@ exec-sh "^0.3.2" minimist "^1.2.0" -"@cspotcode/source-map-consumer@0.8.0": - version "0.8.0" - resolved "https://registry.yarnpkg.com/@cspotcode/source-map-consumer/-/source-map-consumer-0.8.0.tgz#33bf4b7b39c178821606f669bbc447a6a629786b" - integrity sha512-41qniHzTU8yAGbCp04ohlmSrZf8bkf/iJsl3V0dRGsQN/5GFfx+LbCSsCpp2gqrqjTVg/K6O8ycoV35JIwAzAg== - -"@cspotcode/source-map-support@0.7.0": - version "0.7.0" - resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.7.0.tgz#4789840aa859e46d2f3173727ab707c66bf344f5" - integrity sha512-X4xqRHqN8ACt2aHVe51OxeA2HjbcL4MqFqXkrmQszJ1NOUuUu5u6Vqx/0lZSVNku7velL5FC/s5uEAj1lsBMhA== +"@cspotcode/source-map-support@^0.8.0": + version "0.8.1" + resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" + integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== dependencies: - "@cspotcode/source-map-consumer" "0.8.0" + "@jridgewell/trace-mapping" "0.3.9" "@ctrl/tinycolor@^3.4.0": version "3.4.0" resolved "https://registry.yarnpkg.com/@ctrl/tinycolor/-/tinycolor-3.4.0.tgz#c3c5ae543c897caa9c2a68630bed355be5f9990f" integrity sha512-JZButFdZ1+/xAfpguQHoabIXkcqRRKpMrWKBkpEZZyxfY9C1DpADFB8PEqGSTeFr135SaTRfKqGKx5xSCLI7ZQ== +"@ctrl/tinycolor@^3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@ctrl/tinycolor/-/tinycolor-3.6.0.tgz#53fa5fe9c34faee89469e48f91d51a3766108bc8" + integrity sha512-/Z3l6pXthq0JvMYdUFyX9j0MaCltlIn6mfh9jLyQwg5aPKxkyNa0PTHtU1AlFXLNk55ZuAeJRcpvq+tmLfKmaQ== + "@discoveryjs/json-ext@^0.5.0": version "0.5.7" resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70" integrity sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw== +"@emotion/hash@^0.8.0": + version "0.8.0" + resolved "https://registry.yarnpkg.com/@emotion/hash/-/hash-0.8.0.tgz#bbbff68978fefdbe68ccb533bc8cbe1d1afb5413" + integrity sha512-kBJtf7PH6aWwZ6fka3zQ0p6SBYzx4fl1LoZXE2RrnYST9Xljm7WfKJrU4g/Xr3Beg72MLrp1AWNUmuYJTL7Cow== + +"@emotion/unitless@^0.7.5": + version "0.7.5" + resolved "https://registry.yarnpkg.com/@emotion/unitless/-/unitless-0.7.5.tgz#77211291c1900a700b8a78cfafda3160d76949ed" + integrity sha512-OWORNpfjMsSSUBVrRBVGECkhWcULOAJz9ZW8uK9qgxD+87M7jHRcvh/A96XXNhXTLmKcoYSQtBEX7lHMO7YRwg== + "@esbuild-kit/cjs-loader@^2.0.0": version "2.0.0" resolved "https://registry.yarnpkg.com/@esbuild-kit/cjs-loader/-/cjs-loader-2.0.0.tgz#f385aed0ba482cb9de28880e7401259311cacbd7" @@ -1155,10 +1192,10 @@ resolved "https://registry.yarnpkg.com/@exodus/schemasafe/-/schemasafe-1.0.0-rc.3.tgz#dda2fbf3dafa5ad8c63dadff7e01d3fdf4736025" integrity sha512-GoXw0U2Qaa33m3eUcxuHnHpNvHjNlLo0gtV091XBpaRINaB4X6FGCG5XKxSFNFiPpugUDqNruHzaqpTdDm4AOg== -"@fortawesome/fontawesome-free@^6.1.1": - version "6.2.0" - resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.2.0.tgz#ba3510825b332816fe7190f28827f8cb33a298b5" - integrity sha512-CNR7qRIfCwWHNN7FnKUniva94edPdyQzil/zCwk3v6k4R6rR2Fr8i4s3PM7n/lyfPA6Zfko9z5WDzFxG9SW1uQ== +"@fortawesome/fontawesome-free@^6.2.1", "@fortawesome/fontawesome-free@^6.4.0": + version "6.4.0" + resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.4.0.tgz#1ee0c174e472c84b23cb46c995154dc383e3b4fe" + integrity sha512-0NyytTlPJwB/BF5LtRV8rrABDbe3TdTXqNB3PdZ+UUUZAEIrdOJdmABqKjt4AXwIoJNaRVVZEXxpNrqvE1GAYQ== "@istanbuljs/load-nyc-config@^1.0.0": version "1.1.0" @@ -1395,7 +1432,7 @@ "@jridgewell/sourcemap-codec" "^1.4.10" "@jridgewell/trace-mapping" "^0.3.9" -"@jridgewell/resolve-uri@^3.0.3": +"@jridgewell/resolve-uri@3.1.0", "@jridgewell/resolve-uri@^3.0.3": version "3.1.0" resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78" integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w== @@ -1413,11 +1450,19 @@ "@jridgewell/gen-mapping" "^0.3.0" "@jridgewell/trace-mapping" "^0.3.9" -"@jridgewell/sourcemap-codec@^1.4.10": +"@jridgewell/sourcemap-codec@1.4.14", "@jridgewell/sourcemap-codec@^1.4.10": version "1.4.14" resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24" integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw== +"@jridgewell/trace-mapping@0.3.9": + version "0.3.9" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" + integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== + dependencies: + "@jridgewell/resolve-uri" "^3.0.3" + "@jridgewell/sourcemap-codec" "^1.4.10" + "@jridgewell/trace-mapping@^0.3.0": version "0.3.4" resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.4.tgz#f6a0832dffd5b8a6aaa633b7d9f8e8e94c83a0c3" @@ -1426,6 +1471,14 @@ "@jridgewell/resolve-uri" "^3.0.3" "@jridgewell/sourcemap-codec" "^1.4.10" +"@jridgewell/trace-mapping@^0.3.17": + version "0.3.18" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.18.tgz#25783b2086daf6ff1dcb53c9249ae480e4dd4cd6" + integrity sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA== + dependencies: + "@jridgewell/resolve-uri" "3.1.0" + "@jridgewell/sourcemap-codec" "1.4.14" + "@jridgewell/trace-mapping@^0.3.9": version "0.3.14" resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz#b231a081d8f66796e475ad588a1ef473112701ed" @@ -1434,23 +1487,6 @@ "@jridgewell/resolve-uri" "^3.0.3" "@jridgewell/sourcemap-codec" "^1.4.10" -"@monokle/validation@^0.15.1": - version "0.15.1" - resolved "https://registry.yarnpkg.com/@monokle/validation/-/validation-0.15.1.tgz#ec4e494665048c19c341add5d9a9aa6d66682bec" - integrity sha512-fJVKTgJ0+NiZ5Niu6aUQwtbUrLDV48jCh1/yQNQpLFYtIr7iRabbD6AJknHMjwHxR3XABUzgwcuvYYxHlNvajg== - dependencies: - "@open-policy-agent/opa-wasm" "1.8.0" - "@rollup/plugin-virtual" "3.0.1" - ajv "6.12.6" - change-case "4.1.2" - isomorphic-fetch "3.0.0" - lodash "4.17.21" - node-fetch "3.3.0" - require-from-string "2.0.2" - rollup "3.18.0" - yaml "2.1.1" - zod "3.19.1" - "@nodelib/fs.scandir@2.1.5": version "2.1.5" resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" @@ -1480,13 +1516,72 @@ mkdirp "^1.0.4" rimraf "^3.0.2" -"@open-policy-agent/opa-wasm@1.8.0": +"@rc-component/color-picker@~1.2.0": + version "1.2.0" + resolved "https://registry.yarnpkg.com/@rc-component/color-picker/-/color-picker-1.2.0.tgz#964c86e85f0791703c7f1ec842e7476bcb41954d" + integrity sha512-IitJ6RWGHs7btI1AqzGPrehr5bueWLGDUyMKwDwvFunfSDo/o8g/95kUG55vC5EYLM0ZJ3SDfw45OrW5KAx3oA== + dependencies: + "@babel/runtime" "^7.10.1" + "@ctrl/tinycolor" "^3.6.0" + classnames "^2.2.6" + rc-util "^5.30.0" + +"@rc-component/context@^1.3.0": + version "1.3.0" + resolved "https://registry.yarnpkg.com/@rc-component/context/-/context-1.3.0.tgz#608ccf0abcbec9406751b17a4b35db08e481c110" + integrity sha512-6QdaCJ7Wn5UZLJs15IEfqy4Ru3OaL5ctqpQYWd5rlfV9wwzrzdt6+kgAQZV/qdB0MUPN4nhyBfRembQCIvBf+w== + dependencies: + "@babel/runtime" "^7.10.1" + rc-util "^5.27.0" + +"@rc-component/mini-decimal@^1.0.1": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@rc-component/mini-decimal/-/mini-decimal-1.1.0.tgz#7b7a362b14a0a54cb5bc6fd2b82731f29f11d9b0" + integrity sha512-jS4E7T9Li2GuYwI6PyiVXmxTiM6b07rlD9Ge8uGZSCz3WlzcG5ZK7g5bbuKNeZ9pgUuPK/5guV781ujdVpm4HQ== + dependencies: + "@babel/runtime" "^7.18.0" + +"@rc-component/mutate-observer@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@rc-component/mutate-observer/-/mutate-observer-1.0.0.tgz#ce99af3239ed9c74ee3e7302f1c67098de920b46" + integrity sha512-okqRJSfNisXdI6CUeOLZC5ukBW/8kir2Ii4PJiKpUt+3+uS7dxwJUMxsUZquxA1rQuL8YcEmKVp/TCnR+yUdZA== + dependencies: + "@babel/runtime" "^7.18.0" + classnames "^2.3.2" + rc-util "^5.24.4" + +"@rc-component/portal@^1.0.0-8", "@rc-component/portal@^1.0.0-9", "@rc-component/portal@^1.0.2", "@rc-component/portal@^1.1.0", "@rc-component/portal@^1.1.1": + version "1.1.1" + resolved "https://registry.yarnpkg.com/@rc-component/portal/-/portal-1.1.1.tgz#1a30ffe51c240b54360cba8e8bfc5d1f559325c4" + integrity sha512-m8w3dFXX0H6UkJ4wtfrSwhe2/6M08uz24HHrF8pWfAXPwA9hwCuTE5per/C86KwNLouRpwFGcr7LfpHaa1F38g== + dependencies: + "@babel/runtime" "^7.18.0" + classnames "^2.3.2" + rc-util "^5.24.4" + +"@rc-component/tour@~1.8.0": version "1.8.0" - resolved "https://registry.yarnpkg.com/@open-policy-agent/opa-wasm/-/opa-wasm-1.8.0.tgz#a4bcd4ccc4de10bf3ca1a3fddf7b7a7f7dfae536" - integrity sha512-IFXh52ndKH5iWsB5ysWpjDxLtA5nUCMgalV7gbzW9VfjyDvu7Iq3G3wz3cXYtK1VWa94EeYi8oIrTrzzg33szQ== + resolved "https://registry.yarnpkg.com/@rc-component/tour/-/tour-1.8.0.tgz#fda8b533e36db1d4254e3ffbcefe3395c346eb1c" + integrity sha512-rrRGioHTLQlGca27G2+lw7QpRb3uuMYCUIJjj31/B44VCJS0P2tqYhOgtzvWQmaLMlWH3ZlpzotkKX13NT4XEA== dependencies: - sprintf-js "^1.1.2" - yaml "^1.10.2" + "@babel/runtime" "^7.18.0" + "@rc-component/portal" "^1.0.0-9" + "@rc-component/trigger" "^1.3.6" + classnames "^2.3.2" + rc-util "^5.24.4" + +"@rc-component/trigger@^1.0.4", "@rc-component/trigger@^1.13.0", "@rc-component/trigger@^1.3.6", "@rc-component/trigger@^1.5.0", "@rc-component/trigger@^1.6.2", "@rc-component/trigger@^1.7.0": + version "1.13.6" + resolved "https://registry.yarnpkg.com/@rc-component/trigger/-/trigger-1.13.6.tgz#1375303018d16ccdf88e31c6bcd131421e1fa3e7" + integrity sha512-13aF9SrR5XAd+tyV/zja0A2pbrA/zdTCXRBNIsoLp8OmhVOnqiwjP7XZYPulLsH0ioEfvtXR1yI0anJD0/J7PQ== + dependencies: + "@babel/runtime" "^7.18.3" + "@rc-component/portal" "^1.1.0" + classnames "^2.3.2" + rc-align "^4.0.0" + rc-motion "^2.0.0" + rc-resize-observer "^1.3.1" + rc-util "^5.33.0" "@redocly/ajv@^8.6.4": version "8.6.4" @@ -1519,11 +1614,6 @@ resolved "https://registry.yarnpkg.com/@redocly/react-dropdown-aria/-/react-dropdown-aria-2.0.12.tgz#2e3af2b1b8e9123487109400d6117f0d4a8445a6" integrity sha512-feQEZlyBvQsbT/fvpJ4jJ5OLGaUPpnskHYDsY8DGpPymN+HUeDQrqkBEbbKRwMKidFTI2cxk2kJNNTnvdS9jyw== -"@rollup/plugin-virtual@3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@rollup/plugin-virtual/-/plugin-virtual-3.0.1.tgz#cea7e489481cc0ca91516c047f8c53c1cfb1adf6" - integrity sha512-fK8O0IL5+q+GrsMLuACVNk2x21g3yaw+sG2qn16SnUd3IlBsQyvWxLMGHmCmXRMecPjGRSZ/1LmZB4rjQm68og== - "@sinonjs/commons@^1.7.0": version "1.8.3" resolved "https://registry.yarnpkg.com/@sinonjs/commons/-/commons-1.8.3.tgz#3802ddd21a50a949b6721ddd72da36e67e7f1b2d" @@ -1538,13 +1628,13 @@ dependencies: "@sinonjs/commons" "^1.7.0" -"@tippy.js/react@^2.2.3": - version "2.2.3" - resolved "https://registry.yarnpkg.com/@tippy.js/react/-/react-2.2.3.tgz#2ffb0af6693055be7db4b329b2d3cc7f2356f68e" - integrity sha512-5XYvbQujzDj9r00JYEz/cBtm6DutjOdv2azdco53B+eWF7FDBCQfkLVn87wimfEpmGK0vqRQv/cwFxFcoOP98Q== +"@tippy.js/react@^3.1.1": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@tippy.js/react/-/react-3.1.1.tgz#027e4595e55f31430741fe8e0d92aaddfbe47efd" + integrity sha512-KF45vW/jKh/nBXk/2zzTFslv/T46zOMkIoDJ56ymZ+M00yHttk58J5wZ29oqGqDIUnobWSZD+cFpbR4u/UUvgw== dependencies: prop-types "^15.6.2" - tippy.js "^4.3.4" + tippy.js "^5.1.1" "@tootallnate/once@1": version "1.1.2" @@ -1677,10 +1767,10 @@ "@types/estree" "*" "@types/json-schema" "*" -"@types/estree@*", "@types/estree@^0.0.51": - version "0.0.51" - resolved "https://registry.yarnpkg.com/@types/estree/-/estree-0.0.51.tgz#cfd70924a25a3fd32b218e5e420e6897e1ac4f40" - integrity sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ== +"@types/estree@*", "@types/estree@^1.0.0": + version "1.0.1" + resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.1.tgz#aa22750962f3bf0e79d753d3cc067f010c95f194" + integrity sha512-LG4opVs2ANWZ1TJoKc937iMmNstM/d0ae1vNbnBvBhqCSezgVUOzcLCqbI5elV8Vy6WKwKjaqR+zO9VKirBBCA== "@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.18": version "4.17.28" @@ -1781,7 +1871,7 @@ resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-3.12.1.tgz#5c6f4a1eabca84792fbd916f0cb40847f123c656" integrity sha512-SGGAhXLHDx+PK4YLNcNGa6goPf9XRWQNAUUbffkwVGGXIxmDKWyGGL4inzq2sPmExu431Ekb9aEMn9BkPqEYFA== -"@types/json-schema@*", "@types/json-schema@^7.0.0", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": +"@types/json-schema@*", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": version "7.0.11" resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.11.tgz#d421b6c527a3037f7c84433fd2c4229e016863d3" integrity sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ== @@ -1818,10 +1908,10 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-16.3.1.tgz#24691fa2b0c3ec8c0d34bfcfd495edac5593ebb4" integrity sha512-N87VuQi7HEeRJkhzovao/JviiqKjDKMVKxKMfUvSKw+MbkbW8R0nA3fi/MQhhlxV2fQ+2ReM+/Nt4efdrJx3zA== -"@types/node@18.15.3": - version "18.15.3" - resolved "https://registry.yarnpkg.com/@types/node/-/node-18.15.3.tgz#f0b991c32cfc6a4e7f3399d6cb4b8cf9a0315014" - integrity sha512-p6ua9zBxz5otCmbpb5D3U4B5Nanw6Pk3PPyX05xnxbB/fRv71N7CPmORg7uAD5P70T0xmx1pzAx/FUfa5X+3cw== +"@types/node@20.3.1": + version "20.3.1" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.3.1.tgz#e8a83f1aa8b649377bb1fb5d7bac5cb90e784dfe" + integrity sha512-EhcH/wvidPy1WeML3TtYFGR83UzjxeWRen9V402T8aUGYsCHOmfoisV3ZSg03gAFIbLq8TnWOJ0f4cALtnSEUg== "@types/node@^14.11.8": version "14.18.12" @@ -1976,6 +2066,11 @@ "@types/cookiejar" "*" "@types/node" "*" +"@types/uuid@^9.0.1": + version "9.0.1" + resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-9.0.1.tgz#98586dc36aee8dacc98cc396dbca8d0429647aa6" + integrity sha512-rFT3ak0/2trgvp4yYZo5iKFEPsET7vKydKF+VRCxlQ9bpheehyAJH89dAkaLEq/j/RZXJIqcgsmPJKUP1Z28HA== + "@types/ws@^8.2.2": version "8.5.3" resolved "https://registry.yarnpkg.com/@types/ws/-/ws-8.5.3.tgz#7d25a1ffbecd3c4f2d35068d0b283c037003274d" @@ -2009,125 +2104,125 @@ dependencies: "@types/yargs-parser" "*" -"@webassemblyjs/ast@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.11.1.tgz#2bfd767eae1a6996f432ff7e8d7fc75679c0b6a7" - integrity sha512-ukBh14qFLjxTQNTXocdyksN5QdM28S1CxHt2rdskFyL+xFV7VremuBLVbmCePj+URalXBENx/9Lm7lnhihtCSw== +"@webassemblyjs/ast@1.11.6", "@webassemblyjs/ast@^1.11.5": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.11.6.tgz#db046555d3c413f8966ca50a95176a0e2c642e24" + integrity sha512-IN1xI7PwOvLPgjcf180gC1bqn3q/QaOCwYUahIOhbYUu8KA/3tw2RT/T0Gidi1l7Hhj5D/INhJxiICObqpMu4Q== dependencies: - "@webassemblyjs/helper-numbers" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" + "@webassemblyjs/helper-numbers" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" -"@webassemblyjs/floating-point-hex-parser@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.1.tgz#f6c61a705f0fd7a6aecaa4e8198f23d9dc179e4f" - integrity sha512-iGRfyc5Bq+NnNuX8b5hwBrRjzf0ocrJPI6GWFodBFzmFnyvrQ83SHKhmilCU/8Jv67i4GJZBMhEzltxzcNagtQ== +"@webassemblyjs/floating-point-hex-parser@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz#dacbcb95aff135c8260f77fa3b4c5fea600a6431" + integrity sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw== -"@webassemblyjs/helper-api-error@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.1.tgz#1a63192d8788e5c012800ba6a7a46c705288fd16" - integrity sha512-RlhS8CBCXfRUR/cwo2ho9bkheSXG0+NwooXcc3PAILALf2QLdFyj7KGsKRbVc95hZnhnERon4kW/D3SZpp6Tcg== +"@webassemblyjs/helper-api-error@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz#6132f68c4acd59dcd141c44b18cbebbd9f2fa768" + integrity sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q== -"@webassemblyjs/helper-buffer@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.1.tgz#832a900eb444884cde9a7cad467f81500f5e5ab5" - integrity sha512-gwikF65aDNeeXa8JxXa2BAk+REjSyhrNC9ZwdT0f8jc4dQQeDQ7G4m0f2QCLPJiMTTO6wfDmRmj/pW0PsUvIcA== +"@webassemblyjs/helper-buffer@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.6.tgz#b66d73c43e296fd5e88006f18524feb0f2c7c093" + integrity sha512-z3nFzdcp1mb8nEOFFk8DrYLpHvhKC3grJD2ardfKOzmbmJvEf/tPIqCY+sNcwZIY8ZD7IkB2l7/pqhUhqm7hLA== -"@webassemblyjs/helper-numbers@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.1.tgz#64d81da219fbbba1e3bd1bfc74f6e8c4e10a62ae" - integrity sha512-vDkbxiB8zfnPdNK9Rajcey5C0w+QJugEglN0of+kmO8l7lDb77AnlKYQF7aarZuCrv+l0UvqL+68gSDr3k9LPQ== +"@webassemblyjs/helper-numbers@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz#cbce5e7e0c1bd32cf4905ae444ef64cea919f1b5" + integrity sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g== dependencies: - "@webassemblyjs/floating-point-hex-parser" "1.11.1" - "@webassemblyjs/helper-api-error" "1.11.1" + "@webassemblyjs/floating-point-hex-parser" "1.11.6" + "@webassemblyjs/helper-api-error" "1.11.6" "@xtuc/long" "4.2.2" -"@webassemblyjs/helper-wasm-bytecode@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.1.tgz#f328241e41e7b199d0b20c18e88429c4433295e1" - integrity sha512-PvpoOGiJwXeTrSf/qfudJhwlvDQxFgelbMqtq52WWiXC6Xgg1IREdngmPN3bs4RoO83PnL/nFrxucXj1+BX62Q== +"@webassemblyjs/helper-wasm-bytecode@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz#bb2ebdb3b83aa26d9baad4c46d4315283acd51e9" + integrity sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA== -"@webassemblyjs/helper-wasm-section@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.1.tgz#21ee065a7b635f319e738f0dd73bfbda281c097a" - integrity sha512-10P9No29rYX1j7F3EVPX3JvGPQPae+AomuSTPiF9eBQeChHI6iqjMIwR9JmOJXwpnn/oVGDk7I5IlskuMwU/pg== +"@webassemblyjs/helper-wasm-section@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.6.tgz#ff97f3863c55ee7f580fd5c41a381e9def4aa577" + integrity sha512-LPpZbSOwTpEC2cgn4hTydySy1Ke+XEu+ETXuoyvuyezHO3Kjdu90KK95Sh9xTbmjrCsUwvWwCOQQNta37VrS9g== dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-buffer" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/wasm-gen" "1.11.1" + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-buffer" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/wasm-gen" "1.11.6" -"@webassemblyjs/ieee754@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.1.tgz#963929e9bbd05709e7e12243a099180812992614" - integrity sha512-hJ87QIPtAMKbFq6CGTkZYJivEwZDbQUgYd3qKSadTNOhVY7p+gfP6Sr0lLRVTaG1JjFj+r3YchoqRYxNH3M0GQ== +"@webassemblyjs/ieee754@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz#bb665c91d0b14fffceb0e38298c329af043c6e3a" + integrity sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg== dependencies: "@xtuc/ieee754" "^1.2.0" -"@webassemblyjs/leb128@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.1.tgz#ce814b45574e93d76bae1fb2644ab9cdd9527aa5" - integrity sha512-BJ2P0hNZ0u+Th1YZXJpzW6miwqQUGcIHT1G/sf72gLVD9DZ5AdYTqPNbHZh6K1M5VmKvFXwGSWZADz+qBWxeRw== +"@webassemblyjs/leb128@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.6.tgz#70e60e5e82f9ac81118bc25381a0b283893240d7" + integrity sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ== dependencies: "@xtuc/long" "4.2.2" -"@webassemblyjs/utf8@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.1.tgz#d1f8b764369e7c6e6bae350e854dec9a59f0a3ff" - integrity sha512-9kqcxAEdMhiwQkHpkNiorZzqpGrodQQ2IGrHHxCy+Ozng0ofyMA0lTqiLkVs1uzTRejX+/O0EOT7KxqVPuXosQ== - -"@webassemblyjs/wasm-edit@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.1.tgz#ad206ebf4bf95a058ce9880a8c092c5dec8193d6" - integrity sha512-g+RsupUC1aTHfR8CDgnsVRVZFJqdkFHpsHMfJuWQzWU3tvnLC07UqHICfP+4XyL2tnr1amvl1Sdp06TnYCmVkA== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-buffer" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/helper-wasm-section" "1.11.1" - "@webassemblyjs/wasm-gen" "1.11.1" - "@webassemblyjs/wasm-opt" "1.11.1" - "@webassemblyjs/wasm-parser" "1.11.1" - "@webassemblyjs/wast-printer" "1.11.1" - -"@webassemblyjs/wasm-gen@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.1.tgz#86c5ea304849759b7d88c47a32f4f039ae3c8f76" - integrity sha512-F7QqKXwwNlMmsulj6+O7r4mmtAlCWfO/0HdgOxSklZfQcDu0TpLiD1mRt/zF25Bk59FIjEuGAIyn5ei4yMfLhA== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/ieee754" "1.11.1" - "@webassemblyjs/leb128" "1.11.1" - "@webassemblyjs/utf8" "1.11.1" - -"@webassemblyjs/wasm-opt@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.1.tgz#657b4c2202f4cf3b345f8a4c6461c8c2418985f2" - integrity sha512-VqnkNqnZlU5EB64pp1l7hdm3hmQw7Vgqa0KF/KCNO9sIpI6Fk6brDEiX+iCOYrvMuBWDws0NkTOxYEb85XQHHw== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-buffer" "1.11.1" - "@webassemblyjs/wasm-gen" "1.11.1" - "@webassemblyjs/wasm-parser" "1.11.1" - -"@webassemblyjs/wasm-parser@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.1.tgz#86ca734534f417e9bd3c67c7a1c75d8be41fb199" - integrity sha512-rrBujw+dJu32gYB7/Lup6UhdkPx9S9SnobZzRVL7VcBH9Bt9bCBLEuX/YXOOtBsOZ4NQrRykKhffRWHvigQvOA== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-api-error" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/ieee754" "1.11.1" - "@webassemblyjs/leb128" "1.11.1" - "@webassemblyjs/utf8" "1.11.1" - -"@webassemblyjs/wast-printer@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.11.1.tgz#d0c73beda8eec5426f10ae8ef55cee5e7084c2f0" - integrity sha512-IQboUWM4eKzWW+N/jij2sRatKMh99QEelo3Eb2q0qXkvPRISAj8Qxtmw5itwqK+TTkBuUIE45AxYPToqPtL5gg== - dependencies: - "@webassemblyjs/ast" "1.11.1" +"@webassemblyjs/utf8@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a" + integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA== + +"@webassemblyjs/wasm-edit@^1.11.5": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.6.tgz#c72fa8220524c9b416249f3d94c2958dfe70ceab" + integrity sha512-Ybn2I6fnfIGuCR+Faaz7YcvtBKxvoLV3Lebn1tM4o/IAJzmi9AWYIPWpyBfU8cC+JxAO57bk4+zdsTjJR+VTOw== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-buffer" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/helper-wasm-section" "1.11.6" + "@webassemblyjs/wasm-gen" "1.11.6" + "@webassemblyjs/wasm-opt" "1.11.6" + "@webassemblyjs/wasm-parser" "1.11.6" + "@webassemblyjs/wast-printer" "1.11.6" + +"@webassemblyjs/wasm-gen@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.6.tgz#fb5283e0e8b4551cc4e9c3c0d7184a65faf7c268" + integrity sha512-3XOqkZP/y6B4F0PBAXvI1/bky7GryoogUtfwExeP/v7Nzwo1QLcq5oQmpKlftZLbT+ERUOAZVQjuNVak6UXjPA== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/ieee754" "1.11.6" + "@webassemblyjs/leb128" "1.11.6" + "@webassemblyjs/utf8" "1.11.6" + +"@webassemblyjs/wasm-opt@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.6.tgz#d9a22d651248422ca498b09aa3232a81041487c2" + integrity sha512-cOrKuLRE7PCe6AsOVl7WasYf3wbSo4CeOk6PkrjS7g57MFfVUF9u6ysQBBODX0LdgSvQqRiGz3CXvIDKcPNy4g== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-buffer" "1.11.6" + "@webassemblyjs/wasm-gen" "1.11.6" + "@webassemblyjs/wasm-parser" "1.11.6" + +"@webassemblyjs/wasm-parser@1.11.6", "@webassemblyjs/wasm-parser@^1.11.5": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz#bb85378c527df824004812bbdb784eea539174a1" + integrity sha512-6ZwPeGzMJM3Dqp3hCsLgESxBGtT/OeCvCZ4TA1JUPYgmhAx38tTPR9JaKy0S5H3evQpO/h2uWs2j6Yc/fjkpTQ== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-api-error" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/ieee754" "1.11.6" + "@webassemblyjs/leb128" "1.11.6" + "@webassemblyjs/utf8" "1.11.6" + +"@webassemblyjs/wast-printer@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.11.6.tgz#a7bf8dd7e362aeb1668ff43f35cb849f188eff20" + integrity sha512-JM7AhRcE+yW2GWYaKeHL5vt4xqee5N2WcezptmgyhNS+ScggqcT1OtXykhAb13Sn5Yas0j2uv9tHgrjwvzAP4A== + dependencies: + "@webassemblyjs/ast" "1.11.6" "@xtuc/long" "4.2.2" "@webpack-cli/configtest@^1.1.1": @@ -2178,10 +2273,10 @@ acorn-globals@^6.0.0: acorn "^7.1.1" acorn-walk "^7.1.1" -acorn-import-assertions@^1.7.6: - version "1.8.0" - resolved "https://registry.yarnpkg.com/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz#ba2b5939ce62c238db6d93d81c9b111b29b855e9" - integrity sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw== +acorn-import-assertions@^1.9.0: + version "1.9.0" + resolved "https://registry.yarnpkg.com/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz#507276249d684797c84e0734ef84860334cfb1ac" + integrity sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA== acorn-walk@^7.1.1: version "7.2.0" @@ -2198,21 +2293,16 @@ acorn@^7.1.1: resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa" integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A== -acorn@^8.2.4, acorn@^8.4.1, acorn@^8.5.0: - version "8.7.1" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.7.1.tgz#0197122c843d1bf6d0a5e83220a788f278f63c30" - integrity sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A== +acorn@^8.2.4, acorn@^8.4.1, acorn@^8.5.0, acorn@^8.7.1: + version "8.8.2" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a" + integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw== add@^2.0.6: version "2.0.6" resolved "https://registry.yarnpkg.com/add/-/add-2.0.6.tgz#248f0a9f6e5a528ef2295dbeec30532130ae2235" integrity sha1-JI8Kn25aUo7yKV2+7DBTITCuIjU= -agent-base@5: - version "5.1.1" - resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-5.1.1.tgz#e8fb3f242959db44d63be665db7a8e739537a32c" - integrity sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g== - agent-base@6: version "6.0.2" resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77" @@ -2247,7 +2337,7 @@ ajv-keywords@^5.0.0: dependencies: fast-deep-equal "^3.1.3" -ajv@6.12.6, ajv@^6.1.0, ajv@^6.12.4, ajv@^6.12.5: +ajv@^6.1.0, ajv@^6.12.4, ajv@^6.12.5: version "6.12.6" resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4" integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== @@ -2346,55 +2436,59 @@ ansi-to-react@^6.1.6: anser "^1.4.1" escape-carriage "^1.3.0" -antd@^4.21.3: - version "4.23.0" - resolved "https://registry.yarnpkg.com/antd/-/antd-4.23.0.tgz#e336bf17816b66a38c85707b0b2d62a652680929" - integrity sha512-a0voELfS5lDy6NCcDNbDUMv2OZ+IfeX/kYxaRnRJj0/R4tPJWAqs0bqFVpdk5y8JsPl6B396bTVzKZo49e+uvA== +antd@^5.6.1: + version "5.6.2" + resolved "https://registry.yarnpkg.com/antd/-/antd-5.6.2.tgz#97c8b7e37747d7b8fca1bdaf15525332906a998c" + integrity sha512-h67gKgJRs07Qrf27AiKcJSEI3nCAmaCxxvEz6DSdRl1mHc03O8zAemRA6jPQQMPS5q4k7FxIphN+2ZnzdXlU2Q== dependencies: - "@ant-design/colors" "^6.0.0" - "@ant-design/icons" "^4.7.0" - "@ant-design/react-slick" "~0.29.1" + "@ant-design/colors" "^7.0.0" + "@ant-design/cssinjs" "^1.10.1" + "@ant-design/icons" "^5.1.0" + "@ant-design/react-slick" "~1.0.0" "@babel/runtime" "^7.18.3" - "@ctrl/tinycolor" "^3.4.0" + "@ctrl/tinycolor" "^3.6.0" + "@rc-component/color-picker" "~1.2.0" + "@rc-component/mutate-observer" "^1.0.0" + "@rc-component/tour" "~1.8.0" + "@rc-component/trigger" "^1.13.0" classnames "^2.2.6" copy-to-clipboard "^3.2.0" - lodash "^4.17.21" - memoize-one "^6.0.0" - moment "^2.29.2" - rc-cascader "~3.6.0" - rc-checkbox "~2.3.0" - rc-collapse "~3.3.0" - rc-dialog "~8.9.0" - rc-drawer "~5.1.0" - rc-dropdown "~4.0.0" - rc-field-form "~1.27.0" - rc-image "~5.7.0" - rc-input "~0.1.2" - rc-input-number "~7.3.5" - rc-mentions "~1.9.1" - rc-menu "~9.6.3" - rc-motion "^2.6.1" - rc-notification "~4.6.0" - rc-pagination "~3.1.17" - rc-picker "~2.6.10" - rc-progress "~3.3.2" - rc-rate "~2.9.0" + dayjs "^1.11.1" + qrcode.react "^3.1.0" + rc-cascader "~3.12.0" + rc-checkbox "~3.1.0" + rc-collapse "~3.7.0" + rc-dialog "~9.1.0" + rc-drawer "~6.2.0" + rc-dropdown "~4.1.0" + rc-field-form "~1.32.0" + rc-image "~5.17.1" + rc-input "~1.0.4" + rc-input-number "~7.4.0" + rc-mentions "~2.3.0" + rc-menu "~9.9.2" + rc-motion "^2.7.3" + rc-notification "~5.0.4" + rc-pagination "~3.5.0" + rc-picker "~3.8.2" + rc-progress "~3.4.1" + rc-rate "~2.12.0" rc-resize-observer "^1.2.0" - rc-segmented "~2.1.0" - rc-select "~14.1.1" - rc-slider "~10.0.0" - rc-steps "~4.1.0" - rc-switch "~3.2.0" - rc-table "~7.26.0" - rc-tabs "~12.1.0-alpha.1" - rc-textarea "~0.3.0" - rc-tooltip "~5.2.0" - rc-tree "~5.6.5" - rc-tree-select "~5.4.0" - rc-trigger "^5.2.10" + rc-segmented "~2.2.0" + rc-select "~14.5.0" + rc-slider "~10.1.0" + rc-steps "~6.0.0" + rc-switch "~4.1.0" + rc-table "~7.32.1" + rc-tabs "~12.7.0" + rc-textarea "~1.2.2" + rc-tooltip "~6.0.0" + rc-tree "~5.7.4" + rc-tree-select "~5.9.0" rc-upload "~4.3.0" - rc-util "^5.22.5" - scroll-into-view-if-needed "^2.2.25" + rc-util "^5.32.0" + scroll-into-view-if-needed "^3.0.3" + throttle-debounce "^5.0.0" anymatch@^2.0.0: version "2.0.0" @@ -2419,26 +2513,27 @@ arg@^4.1.0: "argo-ui@git+https://github.com/argoproj/argo-ui.git": version "1.0.0" - resolved "git+https://github.com/argoproj/argo-ui.git#6107e270e7090cf9af37bf43d017dbd17d3d9130" + resolved "git+https://github.com/argoproj/argo-ui.git#13cea62a4a0e4a14a2dd6908490e1e907709aa86" dependencies: - "@fortawesome/fontawesome-free" "^6.1.1" - "@tippy.js/react" "^2.2.3" - antd "^4.21.3" + "@fortawesome/fontawesome-free" "^6.2.1" + "@tippy.js/react" "^3.1.1" + antd "^5.6.1" classnames "^2.2.6" - core-js "^3.22.0" + core-js "^3.30.2" foundation-sites "^6.4.3" history "^4.10.1" - moment "^2.29.2" + moment "^2.29.4" moment-timezone "^0.5.34" prop-types "^15.8.1" react-autocomplete "1.8.1" react-form "^2.16.0" react-helmet "^6.1.0" react-router-dom "^4.2.2" - react-toastify "^9.0.8" - rxjs "^7.5.5" + react-toastify "9.0.8" + rxjs "^7.5.6" typescript "^4.8.3" - xterm "^4.18.0" + uuid "^9.0.0" + xterm "^4.19.0" xterm-addon-fit "^0.5.0" argparse@^1.0.7: @@ -2760,7 +2855,7 @@ browser-process-hrtime@^1.0.0: resolved "https://registry.yarnpkg.com/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz#3c9b4b7d782c8121e56f10106d84c0d0ffc94626" integrity sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow== -browserslist@^4.14.5, browserslist@^4.17.5: +browserslist@^4.14.5, browserslist@^4.16.6, browserslist@^4.17.5, browserslist@^4.6.0: version "4.20.2" resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.20.2.tgz#567b41508757ecd904dab4d1c646c612cd3d4f88" integrity sha512-CQOBCqp/9pDvDbx3xfMi+86pr4KXIf2FDkTTdeuYw8OxS9t898LA1Khq57gtufFILXpfgsSx5woNgsBgvGjpsA== @@ -2771,17 +2866,6 @@ browserslist@^4.14.5, browserslist@^4.17.5: node-releases "^2.0.2" picocolors "^1.0.0" -browserslist@^4.16.6, browserslist@^4.6.0: - version "4.16.6" - resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.6.tgz#d7901277a5a88e554ed305b183ec9b0c08f66fa2" - integrity sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ== - dependencies: - caniuse-lite "^1.0.30001219" - colorette "^1.2.2" - electron-to-chromium "^1.3.723" - escalade "^3.1.1" - node-releases "^1.1.71" - bs-logger@0.x: version "0.2.6" resolved "https://registry.yarnpkg.com/bs-logger/-/bs-logger-0.2.6.tgz#eb7d365307a72cf974cc6cda76b68354ad336bd8" @@ -2903,25 +2987,11 @@ camelcase@^6.2.0: resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.3.0.tgz#5685b95eb209ac9c0c177467778c9c84df58ba9a" integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== -caniuse-lite@^1.0.30001219: - version "1.0.30001243" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001243.tgz#d9250155c91e872186671c523f3ae50cfc94a3aa" - integrity sha512-vNxw9mkTBtkmLFnJRv/2rhs1yufpDfCkBZexG3Y0xdOH2Z/eE/85E4Dl5j1YUN34nZVsSp6vVRFQRrez9wJMRA== - caniuse-lite@^1.0.30001317: version "1.0.30001319" resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001319.tgz#eb4da4eb3ecdd409f7ba1907820061d56096e88f" integrity sha512-xjlIAFHucBRSMUo1kb5D4LYgcN1M45qdKP++lhqowDpwJwGkpIRTt5qQqnhxjj1vHcI7nrJxWhCC1ATrCEBTcw== -capital-case@^1.0.4: - version "1.0.4" - resolved "https://registry.yarnpkg.com/capital-case/-/capital-case-1.0.4.tgz#9d130292353c9249f6b00fa5852bee38a717e669" - integrity sha512-ds37W8CytHgwnhGGTi88pcPyR15qoNkOpYwmMMfnWqqWgESapLqvDx6huFjQ5vqWSn2Z06173XNA7LtMOeUh1A== - dependencies: - no-case "^3.0.4" - tslib "^2.0.3" - upper-case-first "^2.0.2" - capture-exit@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/capture-exit/-/capture-exit-2.0.0.tgz#fb953bfaebeb781f62898239dabb426d08a509a4" @@ -2957,24 +3027,6 @@ chalk@^4.0.0: ansi-styles "^4.1.0" supports-color "^7.1.0" -change-case@4.1.2: - version "4.1.2" - resolved "https://registry.yarnpkg.com/change-case/-/change-case-4.1.2.tgz#fedfc5f136045e2398c0410ee441f95704641e12" - integrity sha512-bSxY2ws9OtviILG1EiY5K7NNxkqg/JnRnFxLtKQ96JaviiIxi7djMrSd0ECT9AC+lttClmYwKw53BWpOMblo7A== - dependencies: - camel-case "^4.1.2" - capital-case "^1.0.4" - constant-case "^3.0.4" - dot-case "^3.0.4" - header-case "^2.0.4" - no-case "^3.0.4" - param-case "^3.0.4" - pascal-case "^3.1.2" - path-case "^3.0.4" - sentence-case "^3.0.4" - snake-case "^3.0.4" - tslib "^2.0.3" - char-regex@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/char-regex/-/char-regex-1.0.2.tgz#d744358226217f981ed58f479b1d6bcc29545dcf" @@ -3045,6 +3097,11 @@ classnames@^2.2.5, classnames@^2.2.6: resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.2.6.tgz#43935bffdd291f326dad0a205309b38d00f650ce" integrity sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q== +classnames@^2.3.2: + version "2.3.2" + resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.3.2.tgz#351d813bf0137fcc6a76a16b88208d2560a0d924" + integrity sha512-CSbhY4cFEJRe6/GQzIk5qXZ4Jeg5pcsP7b5peFSDpffpe1cqjASH/n9UTjBwOp6XpMSTwQ8Za2K5V02ueA7Tmw== + clean-css@^5.2.2: version "5.2.4" resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-5.2.4.tgz#982b058f8581adb2ae062520808fb2429bd487a4" @@ -3090,16 +3147,16 @@ co@^4.6.0: resolved "https://registry.yarnpkg.com/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184" integrity sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ= -codecov@^3.7.2: - version "3.7.2" - resolved "https://registry.yarnpkg.com/codecov/-/codecov-3.7.2.tgz#998e68c8c1ef4b55cfcf11cd456866d35e13d693" - integrity sha512-fmCjAkTese29DUX3GMIi4EaKGflHa4K51EoMc29g8fBHawdk/+KEq5CWOeXLdd9+AT7o1wO4DIpp/Z1KCqCz1g== +codecov@^3.8.3: + version "3.8.3" + resolved "https://registry.yarnpkg.com/codecov/-/codecov-3.8.3.tgz#9c3e364b8a700c597346ae98418d09880a3fdbe7" + integrity sha512-Y8Hw+V3HgR7V71xWH2vQ9lyS358CbGCldWlJFR0JirqoGtOoas3R3/OclRTvgUYFK29mmJICDPauVKmpqbwhOA== dependencies: argv "0.0.2" - ignore-walk "3.0.3" - js-yaml "3.13.1" - teeny-request "6.0.1" - urlgrey "0.4.4" + ignore-walk "3.0.4" + js-yaml "3.14.1" + teeny-request "7.1.1" + urlgrey "1.0.0" collect-v8-coverage@^1.0.0: version "1.0.1" @@ -3226,10 +3283,10 @@ compression@^1.7.4: safe-buffer "5.1.2" vary "~1.1.2" -compute-scroll-into-view@^1.0.17: - version "1.0.17" - resolved "https://registry.yarnpkg.com/compute-scroll-into-view/-/compute-scroll-into-view-1.0.17.tgz#6a88f18acd9d42e9cf4baa6bec7e0522607ab7ab" - integrity sha512-j4dx+Fb0URmzbwwMUrhqWM2BEWHdFGx+qZ9qqASHRPqvTYdqvWnHg0H1hIbcyLnvgnoNAVMlwkepyqM3DaIFUg== +compute-scroll-into-view@^3.0.2: + version "3.0.3" + resolved "https://registry.yarnpkg.com/compute-scroll-into-view/-/compute-scroll-into-view-3.0.3.tgz#c418900a5c56e2b04b885b54995df164535962b1" + integrity sha512-nadqwNxghAGTamwIqQSG433W6OADZx2vCo3UXHNrzTRHK/htu+7+L0zhjEoaeaQVNAi3YgqWDv8+tzf0hRfR+A== concat-map@0.0.1: version "0.0.1" @@ -3241,15 +3298,6 @@ connect-history-api-fallback@^1.6.0: resolved "https://registry.yarnpkg.com/connect-history-api-fallback/-/connect-history-api-fallback-1.6.0.tgz#8b32089359308d111115d81cad3fceab888f97bc" integrity sha512-e54B99q/OUoH64zYYRf3HBP5z24G38h5D3qXu23JGRoigpX5Ss4r9ZnDk3g0Z8uQC2x2lPaJ+UlWBc1ZWBWdLg== -constant-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/constant-case/-/constant-case-3.0.4.tgz#3b84a9aeaf4cf31ec45e6bf5de91bdfb0589faf1" - integrity sha512-I2hSBi7Vvs7BEuJDr5dDHfzb/Ruj3FyvFyh7KLilAjNQw3Be+xgqUBA2W6scVEcL0hL1dwPRtIqEPVUCKkSsyQ== - dependencies: - no-case "^3.0.4" - tslib "^2.0.3" - upper-case "^2.0.2" - content-disposition@0.5.4: version "0.5.4" resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.4.tgz#8b82b4efac82512a02bb0b1dcec9d2c5e8eb5bfe" @@ -3326,10 +3374,10 @@ core-js@^2.4.0: resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.6.12.tgz#d9333dfa7b065e347cc5682219d6f690859cc2ec" integrity sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ== -core-js@^3.22.0: - version "3.25.0" - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.25.0.tgz#be71d9e0dd648ffd70c44a7ec2319d039357eceb" - integrity sha512-CVU1xvJEfJGhyCpBrzzzU1kjCfgsGUxhEvwUV2e/cOedYWHdmluamx+knDnmhqALddMG16fZvIqvs9aijsHHaA== +core-js@^3.30.2: + version "3.30.2" + resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.30.2.tgz#6528abfda65e5ad728143ea23f7a14f0dcf503fc" + integrity sha512-uBJiDmwqsbJCWHAwjrx3cvjbMXP7xD72Dmsn5LOJpiRmE3WbBbN5rCqQ2Qh6Ek6/eOrjlWngEynBWo4VxerQhg== core-util-is@~1.0.0: version "1.0.2" @@ -3438,6 +3486,11 @@ cssstyle@^2.3.0: dependencies: cssom "~0.3.6" +csstype@^3.0.10: + version "3.1.2" + resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.2.tgz#1d4bf9d572f11c14031f0436e1c10bc1f571f50b" + integrity sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ== + csstype@^3.0.2: version "3.0.8" resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.0.8.tgz#d2266a792729fb227cd216fb572f43728e1ad340" @@ -3451,11 +3504,6 @@ dagre@^0.8.5: graphlib "^2.1.8" lodash "^4.17.15" -data-uri-to-buffer@^4.0.0: - version "4.0.1" - resolved "https://registry.yarnpkg.com/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz#d8feb2b2881e6a4f58c2e08acfd0e2834e26222e" - integrity sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A== - data-urls@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-2.0.0.tgz#156485a72963a970f5d5821aaf642bef2bf2db9b" @@ -3465,15 +3513,17 @@ data-urls@^2.0.0: whatwg-mimetype "^2.3.0" whatwg-url "^8.0.0" -date-fns@2.x: - version "2.28.0" - resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.28.0.tgz#9570d656f5fc13143e50c975a3b6bbeb46cd08b2" - integrity sha512-8d35hViGYx/QH0icHYCeLmsLmMUheMmTyV9Fcm6gvNwdw31yXXH+O85sOBJ+OLnLQMKZowvpKb6FgMIQjcpvQw== +date-fns@^2.30.0: + version "2.30.0" + resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.30.0.tgz#f367e644839ff57894ec6ac480de40cae4b0f4d0" + integrity sha512-fnULvOpxnC5/Vg3NCiWelDsLiUc9bRwAPs/+LfTLNvetFCtCTN+yQz15C/fs4AwX1R9K5GLtLfn8QW+dWisaAw== + dependencies: + "@babel/runtime" "^7.21.0" -dayjs@1.x: - version "1.10.7" - resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.10.7.tgz#2cf5f91add28116748440866a0a1d26f3a6ce468" - integrity sha512-P6twpd70BcPK34K26uJ1KT3wlhpuOAPoMwJzpsIWUxHZ7wpmbdZL/hQqBDfz7hGurYSa5PhzdhDHtt319hL3ig== +dayjs@^1.11.1: + version "1.11.8" + resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.11.8.tgz#4282f139c8c19dd6d0c7bd571e30c2d0ba7698ea" + integrity sha512-LcgxzFoWMEPO7ggRv1Y2N31hUf2R0Vj7fuy/m+Bg1K8rr+KAs1AEy4y9jd5DXe8pbHgX+srkHNS7TH6Q6ZhYeQ== debug@2.6.9, debug@^2.2.0, debug@^2.3.3: version "2.6.9" @@ -3773,11 +3823,6 @@ ee-first@1.1.1: resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== -electron-to-chromium@^1.3.723: - version "1.3.772" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.772.tgz#fd1ed39f9f3149f62f581734e4f026e600369479" - integrity sha512-X/6VRCXWALzdX+RjCtBU6cyg8WZgoxm9YA02COmDOiNJEZ59WkQggDbWZ4t/giHi/3GS+cvdrP6gbLISANAGYA== - electron-to-chromium@^1.4.84: version "1.4.89" resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.89.tgz#33c06592812a17a7131873f4596579084ce33ff8" @@ -3815,10 +3860,10 @@ end-of-stream@^1.1.0: dependencies: once "^1.4.0" -enhanced-resolve@^5.9.2: - version "5.9.2" - resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.9.2.tgz#0224dcd6a43389ebfb2d55efee517e5466772dd9" - integrity sha512-GIm3fQfwLJ8YZx2smuHpBKkXC1yOk+OBEmKckVyL0i/ea8mqDEykK3ld5dgH1QYPNyT/lIllxV2LULnxCHaHkA== +enhanced-resolve@^5.14.1: + version "5.14.1" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.14.1.tgz#de684b6803724477a4af5d74ccae5de52c25f6b3" + integrity sha512-Vklwq2vDKtl0y/vtwjSesgJ5MYS7Etuk5txS8VdKL4AOS1aUlD96zqIfsOSLQsdv3xgMRbtkWM8eG9XDfKUPow== dependencies: graceful-fs "^4.2.4" tapable "^2.2.0" @@ -3852,10 +3897,10 @@ es-module-lexer@^0.10.5: resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-0.10.5.tgz#06f76d51fa53b1f78e3bd8bb36dd275eda2fdd53" integrity sha512-+7IwY/kiGAacQfY+YBhKMvEmyAJnw5grTUgjG85Pe7vcUI/6b7pZjZG8nQ7+48YhzEAEqrEgD2dCz/JIK+AYvw== -es-module-lexer@^0.9.0: - version "0.9.3" - resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-0.9.3.tgz#6f13db00cc38417137daf74366f535c8eb438f19" - integrity sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ== +es-module-lexer@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.2.1.tgz#ba303831f63e6a394983fde2f97ad77b22324527" + integrity sha512-9978wrXM50Y4rTMmW5kXIC09ZdXQZqkE4mxhwkd8VbzsGkXGPgV4zWuqQJgCEzYngdo2dYDa0l8xhX4fkSwJSg== es6-promise@^3.2.1: version "3.3.1" @@ -4388,6 +4433,13 @@ fast-safe-stringify@^2.1.1: resolved "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz#c406a83b6e70d9e35ce3b30a81141df30aeba884" integrity sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA== +fast-url-parser@^1.1.3: + version "1.1.3" + resolved "https://registry.yarnpkg.com/fast-url-parser/-/fast-url-parser-1.1.3.tgz#f4af3ea9f34d8a271cf58ad2b3759f431f0b318d" + integrity sha512-5jOCVXADYNuRkKFzNJ0dCCewsZiYo0dz8QNYljkOpFC6r2U4OBmKtvm/Tsuh4w1YYdDqDb31a8TVhBJ2OJKdqQ== + dependencies: + punycode "^1.3.2" + fastest-levenshtein@^1.0.12: version "1.0.12" resolved "https://registry.yarnpkg.com/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz#9990f7d3a88cc5a9ffd1f1745745251700d497e2" @@ -4419,14 +4471,6 @@ fb-watchman@^2.0.0: dependencies: bser "2.1.1" -fetch-blob@^3.1.2, fetch-blob@^3.1.4: - version "3.2.0" - resolved "https://registry.yarnpkg.com/fetch-blob/-/fetch-blob-3.2.0.tgz#f09b8d4bbd45adc6f0c20b7e787e793e309dcce9" - integrity sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ== - dependencies: - node-domexception "^1.0.0" - web-streams-polyfill "^3.0.3" - fill-range@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-4.0.0.tgz#d544811d428f98eb06a63dc402d2403c328c38f7" @@ -4523,13 +4567,6 @@ form-data@^4.0.0: combined-stream "^1.0.8" mime-types "^2.1.12" -formdata-polyfill@^4.0.10: - version "4.0.10" - resolved "https://registry.yarnpkg.com/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz#24807c31c9d402e002ab3d8c720144ceb8848423" - integrity sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g== - dependencies: - fetch-blob "^3.1.2" - formidable@^2.1.2: version "2.1.2" resolved "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz#fa973a2bec150e4ce7cac15589d7a25fc30ebd89" @@ -4545,15 +4582,10 @@ forwarded@0.2.0: resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811" integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== -foundation-sites@^6.4.3: - version "6.5.3" - resolved "https://registry.yarnpkg.com/foundation-sites/-/foundation-sites-6.5.3.tgz#85373aaed72233ca0d16fdfcb034e976cc6943c9" - integrity sha512-ZwI0idjHHjezh6jRjpPxkczvmtUuJ1uGatZHpyloX0MvsFHfM0BFoxrqdXryXugGPdmb+yJi3JYMnz6+5t3K1A== - -foundation-sites@^6.7.4: - version "6.7.4" - resolved "https://registry.yarnpkg.com/foundation-sites/-/foundation-sites-6.7.4.tgz#495ddb3b7014ae33df3bf7cc1f9fe74b2cfd572e" - integrity sha512-2QPaZJ0Od0DyklhQyKC3zPbr8AAUXSkr1scZJrQTgj/KTLresuCgUBfi7ft32NlOWhuqVXisjOgTE8N5EPS3cg== +foundation-sites@^6.4.3, foundation-sites@^6.7.5: + version "6.7.5" + resolved "https://registry.yarnpkg.com/foundation-sites/-/foundation-sites-6.7.5.tgz#6bc2bdd06819e6ed4d7fd8e3090246a0b6ac81c0" + integrity sha512-MEjAENdF/IV2XQvlQmg20o+iDTyyWu0N/j440e8fKbEylbKxARzgg5S7vcnxtjukC1Lqg+rRm7ZDSSyGhVVoUQ== fragment-cache@^0.2.1: version "0.2.1" @@ -4808,14 +4840,6 @@ he@^1.2.0: resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== -header-case@^2.0.4: - version "2.0.4" - resolved "https://registry.yarnpkg.com/header-case/-/header-case-2.0.4.tgz#5a42e63b55177349cf405beb8d775acabb92c063" - integrity sha512-H/vuk5TEEVZwrR0lp2zed9OCo1uAILMlx0JEMgC26rzyJJ3N1v6XkwHHXJQdR2doSjcGPM6OKPYoJgf0plJ11Q== - dependencies: - capital-case "^1.0.4" - tslib "^2.0.3" - hexoid@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18" @@ -4971,14 +4995,6 @@ http2-client@^1.2.5: resolved "https://registry.yarnpkg.com/http2-client/-/http2-client-1.3.3.tgz#90fc15d646cca86956b156d07c83947d57d659a9" integrity sha512-nUxLymWQ9pzkzTmir24p2RtsgruLmhje7lH3hLX1IpwvyTg77fW+1brenPPP3USAR+rQ36p5sTA/x7sjCJVkAA== -https-proxy-agent@^4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-4.0.0.tgz#702b71fb5520a132a66de1f67541d9e62154d82b" - integrity sha512-zoDhWrkR3of1l9QAL8/scJZyLu8j/gBkcwcaQOZh7Gyh/+uJQzGVETdgT30akuwkpL8HTRfssqI3BZuV18teDg== - dependencies: - agent-base "5" - debug "4" - https-proxy-agent@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.0.tgz#e2a90542abb68a762e0a0850f6c9edadfd8506b2" @@ -5016,10 +5032,10 @@ ieee754@^1.2.1: resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== -ignore-walk@3.0.3: - version "3.0.3" - resolved "https://registry.yarnpkg.com/ignore-walk/-/ignore-walk-3.0.3.tgz#017e2447184bfeade7c238e4aefdd1e8f95b1e37" - integrity sha512-m7o6xuOaT1aqheYHKf8W6J5pYH85ZI9w077erOzLje3JsB1gkafkAhHHY19dqjulgIZHFm32Cp5uNZgcQqdJKw== +ignore-walk@3.0.4: + version "3.0.4" + resolved "https://registry.yarnpkg.com/ignore-walk/-/ignore-walk-3.0.4.tgz#c9a09f69b7c7b479a5d74ac1a3c0d4236d2a6335" + integrity sha512-PY6Ii8o1jMRA1z4F2hRkH/xN59ox43DavKvD3oDpfurRlOJyAHpifIwpbdv1n4jt4ov0jSpw3kQ4GhJnpBL6WQ== dependencies: minimatch "^3.0.4" @@ -5361,14 +5377,6 @@ isobject@^3.0.0, isobject@^3.0.1: resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df" integrity sha1-TkMekrEalzFjaqH5yNHMvP2reN8= -isomorphic-fetch@3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/isomorphic-fetch/-/isomorphic-fetch-3.0.0.tgz#0267b005049046d2421207215d45d6a262b8b8b4" - integrity sha512-qvUtwJ3j6qwsF3jLxkZ72qCgjMysPzDfeV240JHiGZsANBYd+EEuu35v7dfrJ9Up0Ak07D7GGSkGhCHTqg/5wA== - dependencies: - node-fetch "^2.6.1" - whatwg-fetch "^3.4.1" - istanbul-lib-coverage@^3.0.0, istanbul-lib-coverage@^3.2.0: version "3.2.0" resolved "https://registry.yarnpkg.com/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz#189e7909d0a39fa5a3dfad5b03f71947770191d3" @@ -5945,15 +5953,7 @@ js-levenshtein@^1.1.3, js-levenshtein@^1.1.6: resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== -js-yaml@3.13.1, js-yaml@^3.13.1, js-yaml@^3.9.0: - version "3.13.1" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.13.1.tgz#aff151b30bfdfa8e49e05da22e7415e9dfa37847" - integrity sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw== - dependencies: - argparse "^1.0.7" - esprima "^4.0.0" - -js-yaml@^3.14.1: +js-yaml@3.14.1, js-yaml@^3.13.1, js-yaml@^3.14.1, js-yaml@^3.9.0: version "3.14.1" resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537" integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g== @@ -6018,12 +6018,12 @@ json-merge-patch@^0.2.3: dependencies: deep-equal "^1.0.0" -json-parse-better-errors@^1.0.1, json-parse-better-errors@^1.0.2: +json-parse-better-errors@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz#bb867cfb3450e69107c131d1c514bab3dc8bcaa9" integrity sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw== -json-parse-even-better-errors@^2.3.0: +json-parse-even-better-errors@^2.3.0, json-parse-even-better-errors@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d" integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== @@ -6069,11 +6069,6 @@ json5@^1.0.1: dependencies: minimist "^1.2.0" -jsonc-parser@^3.0.0: - version "3.2.0" - resolved "https://registry.yarnpkg.com/jsonc-parser/-/jsonc-parser-3.2.0.tgz#31ff3f4c2b9793f89c67212627c51c6394f88e76" - integrity sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w== - kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0: version "3.2.2" resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64" @@ -6194,7 +6189,7 @@ lodash.memoize@4.x: resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe" integrity sha1-vMbEmkKihA7Zl/Mj6tpezRguC/4= -lodash@4.17.21, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.2.1, lodash@^4.6.1, lodash@^4.7.0: +lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.2.1, lodash@^4.6.1, lodash@^4.7.0: version "4.17.21" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== @@ -6286,11 +6281,6 @@ memfs@^3.4.1: dependencies: fs-monkey "1.0.3" -memoize-one@^6.0.0: - version "6.0.0" - resolved "https://registry.yarnpkg.com/memoize-one/-/memoize-one-6.0.0.tgz#b2591b871ed82948aee4727dc6abceeeac8c1045" - integrity sha512-rkpe71W0N0c0Xz6QD0eJETuWAJGnJ9afsl1srmwPrI+yBCkge5EycXXbYRyvL29zZVUWQCY7InPRCv3GDXuZNw== - merge-descriptors@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61" @@ -6346,24 +6336,17 @@ micromatch@^4.0.4: braces "^3.0.1" picomatch "^2.2.3" -mime-db@1.48.0, "mime-db@>= 1.43.0 < 2": - version "1.48.0" - resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.48.0.tgz#e35b31045dd7eada3aaad537ed88a33afbef2d1d" - integrity sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ== - mime-db@1.52.0: version "1.52.0" resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== -mime-types@^2.1.12, mime-types@~2.1.17: - version "2.1.31" - resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.31.tgz#a00d76b74317c61f9c2db2218b8e9f8e9c5c9e6b" - integrity sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg== - dependencies: - mime-db "1.48.0" +"mime-db@>= 1.43.0 < 2": + version "1.48.0" + resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.48.0.tgz#e35b31045dd7eada3aaad537ed88a33afbef2d1d" + integrity sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ== -mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.24, mime-types@~2.1.34: +mime-types@^2.1.12, mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.17, mime-types@~2.1.24, mime-types@~2.1.34: version "2.1.35" resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a" integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== @@ -6484,7 +6467,7 @@ moment-timezone@^0.5.34: dependencies: moment ">= 2.9.0" -"moment@>= 2.9.0", moment@^2.24.0, moment@^2.29.2, moment@^2.29.4: +"moment@>= 2.9.0", moment@^2.29.4: version "2.29.4" resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108" integrity sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w== @@ -6501,34 +6484,6 @@ monaco-editor@^0.33.0: resolved "https://registry.yarnpkg.com/monaco-editor/-/monaco-editor-0.33.0.tgz#842e244f3750a2482f8a29c676b5684e75ff34af" integrity sha512-VcRWPSLIUEgQJQIE0pVT8FcGBIgFoxz7jtqctE+IiCxWugD0DwgyQBcZBhdSrdMC84eumoqMZsGl2GTreOzwqw== -monaco-kubernetes@0.2.2: - version "0.2.2" - resolved "https://registry.yarnpkg.com/monaco-kubernetes/-/monaco-kubernetes-0.2.2.tgz#d6ae0fc4e7c8f43640f47131cd15b56f9bd7aceb" - integrity sha512-nw7QfoIIRkSDPW2VyX6ub1vd/HmP9KPy0ZNqEMLavrXLGdZmPD9C8eLZqNruF3edkXUqkk69ZNQmxXeJS7ZIvg== - dependencies: - "@monokle/validation" "^0.15.1" - "@types/json-schema" "^7.0.0" - jsonc-parser "^3.0.0" - monaco-marker-data-provider "^1.0.0" - monaco-worker-manager "^2.0.0" - nanoid "4.0.0" - path-browserify "^1.0.0" - prettier "^2.0.0" - vscode-languageserver-textdocument "^1.0.0" - vscode-languageserver-types "^3.0.0" - vscode-uri "^3.0.0" - yaml "^2.0.0" - -monaco-marker-data-provider@^1.0.0: - version "1.1.1" - resolved "https://registry.yarnpkg.com/monaco-marker-data-provider/-/monaco-marker-data-provider-1.1.1.tgz#0ca69f367152f5aa12cec2bda95f32b7403e876f" - integrity sha512-PGB7TJSZE5tmHzkxv/OEwK2RGNC2A7dcq4JRJnnj31CUAsfmw0Gl+1QTrH0W0deKhcQmQM0YVPaqgQ+0wCt8Mg== - -monaco-worker-manager@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/monaco-worker-manager/-/monaco-worker-manager-2.0.1.tgz#f67c54dfca34ed4b225d5de84e77b24b4e36de8a" - integrity sha512-kdPL0yvg5qjhKPNVjJoym331PY/5JC11aPJXtCZNwWRvBr6jhkIamvYAyiY5P1AWFmNOy0aRDRoMdZfa71h8kg== - ms@2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" @@ -6557,11 +6512,6 @@ multicast-dns@^6.0.1: dns-packet "^1.3.1" thunky "^1.0.2" -nanoid@4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-4.0.0.tgz#6e144dee117609232c3f415c34b0e550e64999a5" - integrity sha512-IgBP8piMxe/gf73RTQx7hmnhwz0aaEXYakvqZyE302IXW3HyVNhdNGC+O2MwMAVhLEnvXlvKtGbtJf6wvHihCg== - nanoid@^3.1.22: version "3.2.0" resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.2.0.tgz#62667522da6673971cca916a6d3eff3f415ff80c" @@ -6612,11 +6562,6 @@ no-case@^3.0.4: lower-case "^2.0.2" tslib "^2.0.3" -node-domexception@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/node-domexception/-/node-domexception-1.0.0.tgz#6888db46a1f71c0b76b3f7555016b63fe64766e5" - integrity sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ== - node-fetch-h2@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/node-fetch-h2/-/node-fetch-h2-2.3.0.tgz#c6188325f9bd3d834020bf0f2d6dc17ced2241ac" @@ -6624,16 +6569,7 @@ node-fetch-h2@^2.3.0: dependencies: http2-client "^1.2.5" -node-fetch@3.3.0: - version "3.3.0" - resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-3.3.0.tgz#37e71db4ecc257057af828d523a7243d651d91e4" - integrity sha512-BKwRP/O0UvoMKp7GNdwPlObhYGB5DQqwhEDQlNKuoqwVYSxkSZCSbHjnFFmUEtwSKRPU4kNK8PbDYYitwaE3QA== - dependencies: - data-uri-to-buffer "^4.0.0" - fetch-blob "^3.1.4" - formdata-polyfill "^4.0.10" - -node-fetch@^2.2.0, node-fetch@^2.6.1: +node-fetch@^2.6.1: version "2.6.7" resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad" integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ== @@ -6662,11 +6598,6 @@ node-readfiles@^0.2.0: dependencies: es6-promise "^3.2.1" -node-releases@^1.1.71: - version "1.1.73" - resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.73.tgz#dd4e81ddd5277ff846b80b52bb40c49edf7a7b20" - integrity sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg== - node-releases@^2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.2.tgz#7139fe71e2f4f11b47d4d2986aaf8c48699e0c01" @@ -6993,19 +6924,11 @@ pascalcase@^0.1.1: resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14" integrity sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ= -path-browserify@^1.0.0, path-browserify@^1.0.1: +path-browserify@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-1.0.1.tgz#d98454a9c3753d5790860f16f68867b9e46be1fd" integrity sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g== -path-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/path-case/-/path-case-3.0.4.tgz#9168645334eb942658375c56f80b4c0cb5f82c6f" - integrity sha512-qO4qCFjXqVTrcbPt/hQfhTQ+VhFsqNKOPtytgNKkKxSoEp3XPUQ8ObFuePylOIok5gjn69ry8XiULxCwot3Wfg== - dependencies: - dot-case "^3.0.4" - tslib "^2.0.3" - path-exists@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-3.0.0.tgz#ce0ebeaa5f78cb18925ea7d810d7b59b010fd515" @@ -7124,7 +7047,7 @@ polished@^4.1.3: dependencies: "@babel/runtime" "^7.16.7" -popper.js@^1.14.7: +popper.js@^1.16.0: version "1.16.1" resolved "https://registry.yarnpkg.com/popper.js/-/popper.js-1.16.1.tgz#2a223cb3dc7b6213d740e40372be40de43e65b1b" integrity sha512-Wb4p1J4zyFTbM+u6WuO4XstYx4Ky9Cewe4DWrel7B0w6VVICvPwdOpotjzcf6eD8TsckVnIMNONQyPIUFOUbCQ== @@ -7239,11 +7162,6 @@ prettier@1.19: resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.19.1.tgz#f7d7f5ff8a9cd872a7be4ca142095956a60797cb" integrity sha512-s7PoyDv/II1ObgQunCbB9PdLmUcBZcnWOcxDh7O0N/UwDEsHyqkW+Qh28jW+mVuCdx7gLB0BotYI1Y6uI9iyew== -prettier@^2.0.0: - version "2.8.4" - resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.8.4.tgz#34dd2595629bfbb79d344ac4a91ff948694463c3" - integrity sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw== - pretty-error@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/pretty-error/-/pretty-error-4.0.0.tgz#90a703f46dd7234adb46d0f84823e9d1cb8f10d6" @@ -7349,11 +7267,21 @@ punycode@1.3.2: resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.3.2.tgz#9653a036fb7c1ee42342f2325cceefea3926c48d" integrity sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0= +punycode@^1.3.2: + version "1.4.1" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.4.1.tgz#c0d5a63b2718800ad8e1eb0fa5269c84dd41845e" + integrity sha512-jmYNElW7yvO7TV33CjSmvSiE2yco3bV2czu/OzDKdMNVZQWfxCblURLhf+47syQRBntjfLdd/H0egrzIG+oaFQ== + punycode@^2.1.0, punycode@^2.1.1: version "2.1.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec" integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A== +qrcode.react@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/qrcode.react/-/qrcode.react-3.1.0.tgz#5c91ddc0340f768316fbdb8fff2765134c2aecd8" + integrity sha512-oyF+Urr3oAMUG/OiOuONL3HXM+53wvuH3mtIWQrYmsXoAq0DkvZp2RYUWFSMFtbdOpuS++9v+WAkzNVkMlNW6Q== + qs@6.9.7: version "6.9.7" resolved "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe" @@ -7415,130 +7343,135 @@ rc-align@^4.0.0: rc-util "^5.3.0" resize-observer-polyfill "^1.5.1" -rc-cascader@~3.6.0: - version "3.6.2" - resolved "https://registry.yarnpkg.com/rc-cascader/-/rc-cascader-3.6.2.tgz#2b5c108807234898cd9a0366d0626f786b7b5622" - integrity sha512-sf2otpazlROTzkD3nZVfIzXmfBLiEOBTXA5wxozGXBpS902McDpvF0bdcYBu5hN+rviEAm6Mh9cLXNQ1Ty8wKQ== +rc-cascader@~3.12.0: + version "3.12.0" + resolved "https://registry.yarnpkg.com/rc-cascader/-/rc-cascader-3.12.0.tgz#709fdbede6c36f7e62d0daea76ba76b825cc7182" + integrity sha512-QTeGPTNYX33alozNy9lYg7YKpvYVwquai/mrFRR8mHlHnK7QlqJyMqbs2p7rc5eeKARKMRTUeoN5CfO+Gr9UBw== dependencies: "@babel/runtime" "^7.12.5" array-tree-filter "^2.1.0" classnames "^2.3.1" - rc-select "~14.1.0" - rc-tree "~5.6.3" + rc-select "~14.5.0" + rc-tree "~5.7.0" rc-util "^5.6.1" -rc-checkbox@~2.3.0: - version "2.3.2" - resolved "https://registry.yarnpkg.com/rc-checkbox/-/rc-checkbox-2.3.2.tgz#f91b3678c7edb2baa8121c9483c664fa6f0aefc1" - integrity sha512-afVi1FYiGv1U0JlpNH/UaEXdh6WUJjcWokj/nUN2TgG80bfG+MDdbfHKlLcNNba94mbjy2/SXJ1HDgrOkXGAjg== +rc-checkbox@~3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/rc-checkbox/-/rc-checkbox-3.1.0.tgz#6be0d9d8de2cc96fb5e37f9036a1c3e360d0a42d" + integrity sha512-PAwpJFnBa3Ei+5pyqMMXdcKYKNBMS+TvSDiLdDnARnMJHC8ESxwPfm4Ao1gJiKtWLdmGfigascnCpwrHFgoOBQ== dependencies: "@babel/runtime" "^7.10.1" - classnames "^2.2.1" + classnames "^2.3.2" + rc-util "^5.25.2" -rc-collapse@~3.3.0: - version "3.3.1" - resolved "https://registry.yarnpkg.com/rc-collapse/-/rc-collapse-3.3.1.tgz#fc66d4c9cfeaf41e932b2de6da2d454874aee55a" - integrity sha512-cOJfcSe3R8vocrF8T+PgaHDrgeA1tX+lwfhwSj60NX9QVRidsILIbRNDLD6nAzmcvVC5PWiIRiR4S1OobxdhCg== +rc-collapse@~3.7.0: + version "3.7.0" + resolved "https://registry.yarnpkg.com/rc-collapse/-/rc-collapse-3.7.0.tgz#75116b7142371940ff9fdce61a9e48561b53bbfc" + integrity sha512-Cir1c89cENiK5wryd9ut+XltrIfx/+KH1/63uJIVjuXkgfrIvIy6W1fYGgEYtttbHW2fEfxg1s31W+Vm98fSRw== dependencies: "@babel/runtime" "^7.10.1" classnames "2.x" rc-motion "^2.3.4" - rc-util "^5.2.1" - shallowequal "^1.1.0" + rc-util "^5.27.0" -rc-dialog@~8.9.0: - version "8.9.0" - resolved "https://registry.yarnpkg.com/rc-dialog/-/rc-dialog-8.9.0.tgz#04dc39522f0321ed2e06018d4a7e02a4c32bd3ea" - integrity sha512-Cp0tbJnrvPchJfnwIvOMWmJ4yjX3HWFatO6oBFD1jx8QkgsQCR0p8nUWAKdd3seLJhEC39/v56kZaEjwp9muoQ== +rc-dialog@~9.1.0: + version "9.1.0" + resolved "https://registry.yarnpkg.com/rc-dialog/-/rc-dialog-9.1.0.tgz#6bf6fcc0453503b7643e54a5a445e835e3850649" + integrity sha512-5ry+JABAWEbaKyYsmITtrJbZbJys8CtMyzV8Xn4LYuXMeUx5XVHNyJRoqLFE4AzBuXXzOWeaC49cg+XkxK6kHA== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/portal" "^1.0.0-8" classnames "^2.2.6" rc-motion "^2.3.0" rc-util "^5.21.0" -rc-drawer@~5.1.0: - version "5.1.0" - resolved "https://registry.yarnpkg.com/rc-drawer/-/rc-drawer-5.1.0.tgz#c1b8a46e5c064ba46a16233fbcfb1ccec6a73c10" - integrity sha512-pU3Tsn99pxGdYowXehzZbdDVE+4lDXSGb7p8vA9mSmr569oc2Izh4Zw5vLKSe/Xxn2p5MSNbLVqD4tz+pK6SOw== +rc-drawer@~6.2.0: + version "6.2.0" + resolved "https://registry.yarnpkg.com/rc-drawer/-/rc-drawer-6.2.0.tgz#fddf4825b0fa9d60e317b996f70278d594d1f668" + integrity sha512-spPkZ3WvP0U0vy5dyzSwlUJ/+vLFtjP/cTwSwejhQRoDBaexSZHsBhELoCZcEggI7LQ7typmtG30lAue2HEhvA== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/portal" "^1.1.1" classnames "^2.2.6" rc-motion "^2.6.1" rc-util "^5.21.2" -rc-dropdown@~4.0.0: - version "4.0.1" - resolved "https://registry.yarnpkg.com/rc-dropdown/-/rc-dropdown-4.0.1.tgz#f65d9d3d89750241057db59d5a75e43cd4576b68" - integrity sha512-OdpXuOcme1rm45cR0Jzgfl1otzmU4vuBVb+etXM8vcaULGokAKVpKlw8p6xzspG7jGd/XxShvq+N3VNEfk/l5g== +rc-dropdown@~4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/rc-dropdown/-/rc-dropdown-4.1.0.tgz#418a68939631520de80d0865d02b440eeeb4168e" + integrity sha512-VZjMunpBdlVzYpEdJSaV7WM7O0jf8uyDjirxXLZRNZ+tAC+NzD3PXPEtliFwGzVwBBdCmGuSqiS9DWcOLxQ9tw== dependencies: "@babel/runtime" "^7.18.3" + "@rc-component/trigger" "^1.7.0" classnames "^2.2.6" - rc-trigger "^5.3.1" rc-util "^5.17.0" -rc-field-form@~1.27.0: - version "1.27.1" - resolved "https://registry.yarnpkg.com/rc-field-form/-/rc-field-form-1.27.1.tgz#11d61ccb43679e71fdbbff0d821326202554df84" - integrity sha512-RShegnwFu6TH8tl2olCxn+B4Wyh5EiQH8c/7wucbkLNyue05YiH5gomUAg1vbZjp71yFKwegClctsEG5CNBWAA== +rc-field-form@~1.32.0: + version "1.32.2" + resolved "https://registry.yarnpkg.com/rc-field-form/-/rc-field-form-1.32.2.tgz#9d0cb20af265d5ed31e3bb9384096736c4a2fbc3" + integrity sha512-SzqG1YGyD2P42ztZJ7qoPQp6FV9bD51RUdKGG/5xwybU1wbFdgWTqiMXkS8UR9L4GwXVMKh5PaF2I4EBXd/Rng== dependencies: "@babel/runtime" "^7.18.0" async-validator "^4.1.0" - rc-util "^5.8.0" + rc-util "^5.32.2" -rc-image@~5.7.0: - version "5.7.1" - resolved "https://registry.yarnpkg.com/rc-image/-/rc-image-5.7.1.tgz#678dc014845954c30237808c00c7b12e5f2a0b07" - integrity sha512-QyMfdhoUfb5W14plqXSisaYwpdstcLYnB0MjX5ccIK2rydQM9sDPuekQWu500DDGR2dBaIF5vx9XbWkNFK17Fg== +rc-image@~5.17.1: + version "5.17.1" + resolved "https://registry.yarnpkg.com/rc-image/-/rc-image-5.17.1.tgz#71835b12c30fcef533de0dbbbaf13caa86454612" + integrity sha512-oR4eviLyQxd/5A7pn843w2/Z1wuBA27L2lS4agq0sjl2z97ssNIVEzRzgwgB0ZxVZG/qSu9Glit2Zgzb/n+blQ== dependencies: "@babel/runtime" "^7.11.2" + "@rc-component/portal" "^1.0.2" classnames "^2.2.6" - rc-dialog "~8.9.0" + rc-dialog "~9.1.0" + rc-motion "^2.6.2" rc-util "^5.0.6" -rc-input-number@~7.3.5: - version "7.3.7" - resolved "https://registry.yarnpkg.com/rc-input-number/-/rc-input-number-7.3.7.tgz#a5463770f06641388675d32b4ae88958b5ededf9" - integrity sha512-W9jDwfhJyNjg0iZX401r0GctTGX4ETURzF6SisC42GR0AkJxtaPD89eGwbTdAudUjEx0Pkn2rGmfvVGGdQACKA== +rc-input-number@~7.4.0: + version "7.4.2" + resolved "https://registry.yarnpkg.com/rc-input-number/-/rc-input-number-7.4.2.tgz#7c52d26b986461aa16e486d469dc0476d97c6ea3" + integrity sha512-yGturTw7WGP+M1GbJ+UTAO7L4buxeW6oilhL9Sq3DezsRS8/9qec4UiXUbeoiX9bzvRXH11JvgskBtxSp4YSNg== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/mini-decimal" "^1.0.1" classnames "^2.2.5" - rc-util "^5.23.0" + rc-util "^5.28.0" -rc-input@~0.1.2: - version "0.1.2" - resolved "https://registry.yarnpkg.com/rc-input/-/rc-input-0.1.2.tgz#7d6a0858a5f1fd89f78020cf6f13d672778481b1" - integrity sha512-ZPmwcFspgfYpUfbSx3KnLk9gImBcLOrlQCr4oTJ4jBoIXgJLTfm26yelzRgBJewhkvD8uJbgX0sQ/yOzuOHnJg== +rc-input@~1.0.0, rc-input@~1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/rc-input/-/rc-input-1.0.4.tgz#2f2c73c884f41e80685bb2eb7b9d5533e8540a77" + integrity sha512-clY4oneVHRtKHYf/HCxT/MO+4BGzCIywSNLosXWOm7fcQAS0jQW7n0an8Raa8JMB8kpxc8m28p7SNwFZmlMj6g== dependencies: "@babel/runtime" "^7.11.1" classnames "^2.2.1" rc-util "^5.18.1" -rc-mentions@~1.9.1: - version "1.9.2" - resolved "https://registry.yarnpkg.com/rc-mentions/-/rc-mentions-1.9.2.tgz#f264ebc4ec734dad9edc8e078b65ab3586d94a7b" - integrity sha512-uxb/lzNnEGmvraKWNGE6KXMVXvt8RQv9XW8R0Dqi3hYsyPiAZeHRCHQKdLARuk5YBhFhZ6ga55D/8XuY367g3g== +rc-mentions@~2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/rc-mentions/-/rc-mentions-2.3.0.tgz#bb457c9664093be82baf33628b145f7c2bd49577" + integrity sha512-gNpsSKsBHSXvyAA1ZowVTqXSWUIw7+OI9wmjL87KcYURvtm9nDo8R0KtOc2f1PT7q9McUpFzhm6AvQdIly0aRA== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/trigger" "^1.5.0" classnames "^2.2.6" - rc-menu "~9.6.0" - rc-textarea "^0.3.0" - rc-trigger "^5.0.4" + rc-input "~1.0.0" + rc-menu "~9.9.0" + rc-textarea "~1.2.0" rc-util "^5.22.5" -rc-menu@~9.6.0, rc-menu@~9.6.3: - version "9.6.3" - resolved "https://registry.yarnpkg.com/rc-menu/-/rc-menu-9.6.3.tgz#f0373d0391a97db94147106cddffe87b1e4f4e36" - integrity sha512-KY9QilKWgkJZ0JSpOBgIpQF2wMRRodRxpIMYyIJ3Nd5N6xfVLOxXCxevHcBplt+Ez7MhUF+I03MuAKqWQJLZgw== +rc-menu@~9.9.0, rc-menu@~9.9.2: + version "9.9.2" + resolved "https://registry.yarnpkg.com/rc-menu/-/rc-menu-9.9.2.tgz#733aa5b794bd801577726e448b6cfeda0436e1e5" + integrity sha512-kVJwaQn5VUu6DIddxd/jz3QupTPg0tNYq+mpFP8wYsRF5JgzPA9fPVw+CfwlTPwA1w7gzEY42S8pj6M3uev5CQ== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/trigger" "^1.6.2" classnames "2.x" rc-motion "^2.4.3" - rc-overflow "^1.2.0" - rc-trigger "^5.1.2" - rc-util "^5.12.0" - shallowequal "^1.1.0" + rc-overflow "^1.2.8" + rc-util "^5.27.0" -rc-motion@^2.0.0, rc-motion@^2.0.1, rc-motion@^2.2.0, rc-motion@^2.3.0, rc-motion@^2.3.4, rc-motion@^2.4.3, rc-motion@^2.4.4: +rc-motion@^2.0.0, rc-motion@^2.0.1, rc-motion@^2.3.0, rc-motion@^2.3.4, rc-motion@^2.4.3, rc-motion@^2.4.4: version "2.4.4" resolved "https://registry.yarnpkg.com/rc-motion/-/rc-motion-2.4.4.tgz#e995d5fa24fc93065c24f714857cf2677d655bb0" integrity sha512-ms7n1+/TZQBS0Ydd2Q5P4+wJTSOrhIrwNxLXCZpR7Fa3/oac7Yi803HDALc2hLAKaCTQtw9LmQeB58zcwOsqlQ== @@ -7547,6 +7480,15 @@ rc-motion@^2.0.0, rc-motion@^2.0.1, rc-motion@^2.2.0, rc-motion@^2.3.0, rc-motio classnames "^2.2.1" rc-util "^5.2.1" +rc-motion@^2.6.0, rc-motion@^2.7.3: + version "2.7.3" + resolved "https://registry.yarnpkg.com/rc-motion/-/rc-motion-2.7.3.tgz#126155bb3e687174fb3b92fddade2835c963b04d" + integrity sha512-2xUvo8yGHdOHeQbdI8BtBsCIrWKchEmFEIskf0nmHtJsou+meLd/JE+vnvSX2JxcBrJtXY2LuBpxAOxrbY/wMQ== + dependencies: + "@babel/runtime" "^7.11.1" + classnames "^2.2.1" + rc-util "^5.21.0" + rc-motion@^2.6.1, rc-motion@^2.6.2: version "2.6.2" resolved "https://registry.yarnpkg.com/rc-motion/-/rc-motion-2.6.2.tgz#3d31f97e41fb8e4f91a4a4189b6a98ac63342869" @@ -7556,17 +7498,17 @@ rc-motion@^2.6.1, rc-motion@^2.6.2: classnames "^2.2.1" rc-util "^5.21.0" -rc-notification@~4.6.0: - version "4.6.0" - resolved "https://registry.yarnpkg.com/rc-notification/-/rc-notification-4.6.0.tgz#4e76fc2d0568f03cc93ac18c9e20763ebe29fa46" - integrity sha512-xF3MKgIoynzjQAO4lqsoraiFo3UXNYlBfpHs0VWvwF+4pimen9/H1DYLN2mfRWhHovW6gRpla73m2nmyIqAMZQ== +rc-notification@~5.0.4: + version "5.0.4" + resolved "https://registry.yarnpkg.com/rc-notification/-/rc-notification-5.0.4.tgz#4ad33d4aa291528fee9095b0be80ae41f1728a38" + integrity sha512-3535oellIRlt1LspERfK8yvCqb8Gio3R02rULciaSc1xe3H7ArTU/khlUTv1ddGzua4HhmF4D4Rwz/+mBxETvg== dependencies: "@babel/runtime" "^7.10.1" classnames "2.x" - rc-motion "^2.2.0" + rc-motion "^2.6.0" rc-util "^5.20.1" -rc-overflow@^1.0.0, rc-overflow@^1.2.0: +rc-overflow@^1.0.0: version "1.2.2" resolved "https://registry.yarnpkg.com/rc-overflow/-/rc-overflow-1.2.2.tgz#95b0222016c0cdbdc0db85f569c262e7706a5f22" integrity sha512-X5kj9LDU1ue5wHkqvCprJWLKC+ZLs3p4He/oxjZ1Q4NKaqKBaYf5OdSzRSgh3WH8kSdrfU8LjvlbWnHgJOEkNQ== @@ -7576,41 +7518,48 @@ rc-overflow@^1.0.0, rc-overflow@^1.2.0: rc-resize-observer "^1.0.0" rc-util "^5.5.1" -rc-pagination@~3.1.17: - version "3.1.17" - resolved "https://registry.yarnpkg.com/rc-pagination/-/rc-pagination-3.1.17.tgz#91e690aa894806e344cea88ea4a16d244194a1bd" - integrity sha512-/BQ5UxcBnW28vFAcP2hfh+Xg15W0QZn8TWYwdCApchMH1H0CxiaUUcULP8uXcFM1TygcdKWdt3JqsL9cTAfdkQ== +rc-overflow@^1.2.8: + version "1.3.1" + resolved "https://registry.yarnpkg.com/rc-overflow/-/rc-overflow-1.3.1.tgz#03224cf90c66aa570eb0deeb4eff6cc96401e979" + integrity sha512-RY0nVBlfP9CkxrpgaLlGzkSoh9JhjJLu6Icqs9E7CW6Ewh9s0peF9OHIex4OhfoPsR92LR0fN6BlCY9Z4VoUtA== + dependencies: + "@babel/runtime" "^7.11.1" + classnames "^2.2.1" + rc-resize-observer "^1.0.0" + rc-util "^5.19.2" + +rc-pagination@~3.5.0: + version "3.5.0" + resolved "https://registry.yarnpkg.com/rc-pagination/-/rc-pagination-3.5.0.tgz#8692a62f3c24d8bfe58f1b3059bc5262ddce5d87" + integrity sha512-lUBVtVVUn7gGsq4mTyVpcZQr+AMcljbMiL/HcCmSdFrcsK0iZVKwwbXDxhz2IV0JXUs9Hzepr5sQFaF+9ad/pQ== dependencies: "@babel/runtime" "^7.10.1" classnames "^2.2.1" + rc-util "^5.32.2" -rc-picker@~2.6.10: - version "2.6.10" - resolved "https://registry.yarnpkg.com/rc-picker/-/rc-picker-2.6.10.tgz#8d0a473c079388bdb2d7358a2a54c7d5095893b4" - integrity sha512-9wYtw0DFWs9FO92Qh2D76P0iojUr8ZhLOtScUeOit6ks/F+TBLrOC1uze3IOu+u9gbDAjmosNWLKbBzx/Yuv2w== +rc-picker@~3.8.2: + version "3.8.2" + resolved "https://registry.yarnpkg.com/rc-picker/-/rc-picker-3.8.2.tgz#1dc377a628cd94416e03974483daa36940a411b0" + integrity sha512-q6jnMwBoOi6tFA4xohrKIhzq80Fc3dH0Kiw5VRx6Tf1db7y27PBFCLwu6f66niXidZKD8F4R0M9VIui/jkL4cg== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/trigger" "^1.5.0" classnames "^2.2.1" - date-fns "2.x" - dayjs "1.x" - moment "^2.24.0" - rc-trigger "^5.0.4" - rc-util "^5.4.0" - shallowequal "^1.1.0" + rc-util "^5.30.0" -rc-progress@~3.3.2: - version "3.3.3" - resolved "https://registry.yarnpkg.com/rc-progress/-/rc-progress-3.3.3.tgz#eb9bffbacab1534f2542f9f6861ce772254362b1" - integrity sha512-MDVNVHzGanYtRy2KKraEaWeZLri2ZHWIRyaE1a9MQ2MuJ09m+Wxj5cfcaoaR6z5iRpHpA59YeUxAlpML8N4PJw== +rc-progress@~3.4.1: + version "3.4.2" + resolved "https://registry.yarnpkg.com/rc-progress/-/rc-progress-3.4.2.tgz#f8df9ee95e790490171ab6b31bf07303cdc79980" + integrity sha512-iAGhwWU+tsayP+Jkl9T4+6rHeQTG9kDz8JAHZk4XtQOcYN5fj9H34NXNEdRdZx94VUDHMqCb1yOIvi8eJRh67w== dependencies: "@babel/runtime" "^7.10.1" classnames "^2.2.6" rc-util "^5.16.1" -rc-rate@~2.9.0: - version "2.9.1" - resolved "https://registry.yarnpkg.com/rc-rate/-/rc-rate-2.9.1.tgz#e43cb95c4eb90a2c1e0b16ec6614d8c43530a731" - integrity sha512-MmIU7FT8W4LYRRHJD1sgG366qKtSaKb67D0/vVvJYR0lrCuRrCiVQ5qhfT5ghVO4wuVIORGpZs7ZKaYu+KMUzA== +rc-rate@~2.12.0: + version "2.12.0" + resolved "https://registry.yarnpkg.com/rc-rate/-/rc-rate-2.12.0.tgz#0182deffed3b009cdcc61660da8746c39ed91ed5" + integrity sha512-g092v5iZCdVzbjdn28FzvWebK2IutoVoiTeqoLTj9WM7SjA/gOJIw5/JFZMRyJYYVe1jLAU2UhAfstIpCNRozg== dependencies: "@babel/runtime" "^7.10.1" classnames "^2.2.5" @@ -7636,144 +7585,131 @@ rc-resize-observer@^1.2.0: rc-util "^5.15.0" resize-observer-polyfill "^1.5.1" -rc-segmented@~2.1.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/rc-segmented/-/rc-segmented-2.1.0.tgz#0e0afe646c1a0e44a0e18785f518c42633ec8efc" - integrity sha512-hUlonro+pYoZcwrH6Vm56B2ftLfQh046hrwif/VwLIw1j3zGt52p5mREBwmeVzXnSwgnagpOpfafspzs1asjGw== +rc-resize-observer@^1.3.1: + version "1.3.1" + resolved "https://registry.yarnpkg.com/rc-resize-observer/-/rc-resize-observer-1.3.1.tgz#b61b9f27048001243617b81f95e53d7d7d7a6a3d" + integrity sha512-iFUdt3NNhflbY3mwySv5CA1TC06zdJ+pfo0oc27xpf4PIOvfZwZGtD9Kz41wGYqC4SLio93RVAirSSpYlV/uYg== + dependencies: + "@babel/runtime" "^7.20.7" + classnames "^2.2.1" + rc-util "^5.27.0" + resize-observer-polyfill "^1.5.1" + +rc-segmented@~2.2.0: + version "2.2.2" + resolved "https://registry.yarnpkg.com/rc-segmented/-/rc-segmented-2.2.2.tgz#a34f12ce6c0975fc3042ae7656bcd18e1744798e" + integrity sha512-Mq52M96QdHMsNdE/042ibT5vkcGcD5jxKp7HgPC2SRofpia99P5fkfHy1pEaajLMF/kj0+2Lkq1UZRvqzo9mSA== dependencies: "@babel/runtime" "^7.11.1" classnames "^2.2.1" rc-motion "^2.4.4" rc-util "^5.17.0" -rc-select@~14.1.0, rc-select@~14.1.1: - version "14.1.11" - resolved "https://registry.yarnpkg.com/rc-select/-/rc-select-14.1.11.tgz#7f1227c14fe47c0f6e880a57e428c3318ac9bffe" - integrity sha512-3UI781eaTg/V4BEc8rLk1i2BQmO+n0sOsi3RKcV2EkHu2ErjTlg/1SOixllnWTWcH02oizvdvALZ1nvZulin9A== +rc-select@~14.5.0: + version "14.5.2" + resolved "https://registry.yarnpkg.com/rc-select/-/rc-select-14.5.2.tgz#1ac1ab58c874696cfa01cb15e1fc9a7bba81b29e" + integrity sha512-Np/lDHvxCnVhVsheQjSV1I/OMJTWJf1n10wq8q1AGy3ytyYLfjNpi6uaz/pmjsbbiSddSWzJnNZCli9LmgBZsA== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/trigger" "^1.5.0" classnames "2.x" rc-motion "^2.0.1" rc-overflow "^1.0.0" - rc-trigger "^5.0.4" rc-util "^5.16.1" - rc-virtual-list "^3.2.0" + rc-virtual-list "^3.5.2" -rc-slider@~10.0.0: - version "10.0.1" - resolved "https://registry.yarnpkg.com/rc-slider/-/rc-slider-10.0.1.tgz#7058c68ff1e1aa4e7c3536e5e10128bdbccb87f9" - integrity sha512-igTKF3zBet7oS/3yNiIlmU8KnZ45npmrmHlUUio8PNbIhzMcsh+oE/r2UD42Y6YD2D/s+kzCQkzQrPD6RY435Q== +rc-slider@~10.1.0: + version "10.1.1" + resolved "https://registry.yarnpkg.com/rc-slider/-/rc-slider-10.1.1.tgz#5e82036e60b61021aba3ea0e353744dd7c74e104" + integrity sha512-gn8oXazZISEhnmRinI89Z/JD/joAaM35jp+gDtIVSTD/JJMCCBqThqLk1SVJmvtfeiEF/kKaFY0+qt4SDHFUDw== dependencies: "@babel/runtime" "^7.10.1" classnames "^2.2.5" - rc-util "^5.18.1" - shallowequal "^1.1.0" + rc-util "^5.27.0" -rc-steps@~4.1.0: - version "4.1.4" - resolved "https://registry.yarnpkg.com/rc-steps/-/rc-steps-4.1.4.tgz#0ba82db202d59ca52d0693dc9880dd145b19dc23" - integrity sha512-qoCqKZWSpkh/b03ASGx1WhpKnuZcRWmvuW+ZUu4mvMdfvFzVxblTwUM+9aBd0mlEUFmt6GW8FXhMpHkK3Uzp3w== +rc-steps@~6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/rc-steps/-/rc-steps-6.0.0.tgz#f7148f8097d5d135f19b96c1b4f4b50ad6093753" + integrity sha512-+KfMZIty40mYCQSDvYbZ1jwnuObLauTiIskT1hL4FFOBHP6ZOr8LK0m143yD3kEN5XKHSEX1DIwCj3AYZpoeNQ== dependencies: - "@babel/runtime" "^7.10.2" + "@babel/runtime" "^7.16.7" classnames "^2.2.3" - rc-util "^5.0.1" + rc-util "^5.16.1" -rc-switch@~3.2.0: - version "3.2.2" - resolved "https://registry.yarnpkg.com/rc-switch/-/rc-switch-3.2.2.tgz#d001f77f12664d52595b4f6fb425dd9e66fba8e8" - integrity sha512-+gUJClsZZzvAHGy1vZfnwySxj+MjLlGRyXKXScrtCTcmiYNPzxDFOxdQ/3pK1Kt/0POvwJ/6ALOR8gwdXGhs+A== +rc-switch@~4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/rc-switch/-/rc-switch-4.1.0.tgz#f37d81b4e0c5afd1274fd85367b17306bf25e7d7" + integrity sha512-TI8ufP2Az9oEbvyCeVE4+90PDSljGyuwix3fV58p7HV2o4wBnVToEyomJRVyTaZeqNPAp+vqeo4Wnj5u0ZZQBg== dependencies: - "@babel/runtime" "^7.10.1" + "@babel/runtime" "^7.21.0" classnames "^2.2.1" - rc-util "^5.0.1" + rc-util "^5.30.0" -rc-table@~7.26.0: - version "7.26.0" - resolved "https://registry.yarnpkg.com/rc-table/-/rc-table-7.26.0.tgz#9d517e7fa512e7571fdcc453eb1bf19edfac6fbc" - integrity sha512-0cD8e6S+DTGAt5nBZQIPFYEaIukn17sfa5uFL98faHlH/whZzD8ii3dbFL4wmUDEL4BLybhYop+QUfZJ4CPvNQ== +rc-table@~7.32.1: + version "7.32.1" + resolved "https://registry.yarnpkg.com/rc-table/-/rc-table-7.32.1.tgz#7130a94727ac3870a6ddb9778b6f8496e388bce0" + integrity sha512-fHMQteKMocUC9I9Vex3eBLH7QsiaMR/qtzh3B1Ty2PoNGwVTwVdDFyRL05zch+JU3KnNNczgQeVvtf/p//gdrQ== dependencies: "@babel/runtime" "^7.10.1" + "@rc-component/context" "^1.3.0" classnames "^2.2.5" rc-resize-observer "^1.1.0" - rc-util "^5.22.5" - shallowequal "^1.1.0" + rc-util "^5.27.1" -rc-tabs@~12.1.0-alpha.1: - version "12.1.0-alpha.1" - resolved "https://registry.yarnpkg.com/rc-tabs/-/rc-tabs-12.1.0-alpha.1.tgz#00f45b9dffa9bc6aff8ce2aff4a1a0764caada54" - integrity sha512-M+B88WEnGSuE+mR54fpgPbZLAakzxa/H6FmEetLBl5WG4I3AcwSk9amuIPC/tu0KXBl+H6Bg5ZwrrEUOBUvgzg== +rc-tabs@~12.7.0: + version "12.7.1" + resolved "https://registry.yarnpkg.com/rc-tabs/-/rc-tabs-12.7.1.tgz#6bfd11cc7b2bec08600eb0aba41966b230c38906" + integrity sha512-NrltXEYIyiDP5JFu85NQwc9eR+7e50r/6MNXYDyG1EMIFNc7BgDppzdpnD3nW4NHYWw5wLIThCURGib48OCTBg== dependencies: "@babel/runtime" "^7.11.2" classnames "2.x" - rc-dropdown "~4.0.0" - rc-menu "~9.6.0" + rc-dropdown "~4.1.0" + rc-menu "~9.9.0" rc-motion "^2.6.2" rc-resize-observer "^1.0.0" - rc-util "^5.5.0" + rc-util "^5.16.0" -rc-textarea@^0.3.0, rc-textarea@~0.3.0: - version "0.3.7" - resolved "https://registry.yarnpkg.com/rc-textarea/-/rc-textarea-0.3.7.tgz#987142891efdedb774883c07e2f51b318fde5a11" - integrity sha512-yCdZ6binKmAQB13hc/oehh0E/QRwoPP1pjF21aHBxlgXO3RzPF6dUu4LG2R4FZ1zx/fQd2L1faktulrXOM/2rw== +rc-textarea@~1.2.0, rc-textarea@~1.2.2: + version "1.2.3" + resolved "https://registry.yarnpkg.com/rc-textarea/-/rc-textarea-1.2.3.tgz#bdaea2931ad2571583e9e27e627b8a9b5dbe7de7" + integrity sha512-YvN8IskIVBRRzcS4deT0VAMim31+T3IoVX4yoCJ+b/iVCvw7yf0usR7x8OaHiUOUoURKcn/3lfGjmtzplcy99g== dependencies: "@babel/runtime" "^7.10.1" classnames "^2.2.1" + rc-input "~1.0.4" rc-resize-observer "^1.0.0" - rc-util "^5.7.0" - shallowequal "^1.1.0" + rc-util "^5.27.0" -rc-tooltip@~5.2.0: - version "5.2.2" - resolved "https://registry.yarnpkg.com/rc-tooltip/-/rc-tooltip-5.2.2.tgz#e5cafa8ecebf78108936a0bcb93c150fa81ac93b" - integrity sha512-jtQzU/18S6EI3lhSGoDYhPqNpWajMtS5VV/ld1LwyfrDByQpYmw/LW6U7oFXXLukjfDHQ7Ju705A82PRNFWYhg== +rc-tooltip@~6.0.0: + version "6.0.1" + resolved "https://registry.yarnpkg.com/rc-tooltip/-/rc-tooltip-6.0.1.tgz#6a5e33bd6c3f6afe8851ea90e7af43e5c26b3cc6" + integrity sha512-MdvPlsD1fDSxKp9+HjXrc/CxLmA/s11QYIh1R7aExxfodKP7CZA++DG1AjrW80F8IUdHYcR43HAm0Y2BYPelHA== dependencies: "@babel/runtime" "^7.11.2" + "@rc-component/trigger" "^1.0.4" classnames "^2.3.1" - rc-trigger "^5.0.0" -rc-tree-select@~5.4.0: - version "5.4.1" - resolved "https://registry.yarnpkg.com/rc-tree-select/-/rc-tree-select-5.4.1.tgz#b97b9c6adcabc7415d25cfd40d18058b0c57bec2" - integrity sha512-xhXnKP8Stu2Q7wTcjJaSzSOLd4wmFtUZOwmy1cioaWyPbpiKlYdnALXA/9U49HOaV3KFXdRHE9Yi0KYED7yOAQ== +rc-tree-select@~5.9.0: + version "5.9.0" + resolved "https://registry.yarnpkg.com/rc-tree-select/-/rc-tree-select-5.9.0.tgz#e8af859ff7751d22b6f4d98941cf13f775686475" + integrity sha512-oh3blESzLfLCBPSiVDtZ2irzrWWZUMeHvnSwRvFo79br8Z+K/1OhXhXBZmROvfKwaH8YUugAQy8B2j5EGQbdyA== dependencies: "@babel/runtime" "^7.10.1" classnames "2.x" - rc-select "~14.1.0" - rc-tree "~5.6.1" + rc-select "~14.5.0" + rc-tree "~5.7.0" rc-util "^5.16.1" -rc-tree@~5.6.1, rc-tree@~5.6.3, rc-tree@~5.6.5: - version "5.6.7" - resolved "https://registry.yarnpkg.com/rc-tree/-/rc-tree-5.6.7.tgz#832ef5a239c8143afe9dda33c39b87832b1a7e49" - integrity sha512-LcvI8YciaBcPpsroi3qUR0hU3qMWAwtD/5SQuT4HcmMbVYM4281Xptav0Bq+7KUf2t1WhrqLhhtzrIlft+4tvw== +rc-tree@~5.7.0, rc-tree@~5.7.4: + version "5.7.6" + resolved "https://registry.yarnpkg.com/rc-tree/-/rc-tree-5.7.6.tgz#0d0bea9351517a18f5065cf3106cfc06bb740bd1" + integrity sha512-Dzam4VFcohXfcw+K4syq177RKqdqYun1XRc6etAEpRvsTruo4udhcsPrsEfOrRkrhnmkO58Q9F1/lgvm2dznVQ== dependencies: "@babel/runtime" "^7.10.1" classnames "2.x" rc-motion "^2.0.1" rc-util "^5.16.1" - rc-virtual-list "^3.4.8" - -rc-trigger@^5.0.0, rc-trigger@^5.0.4, rc-trigger@^5.1.2, rc-trigger@^5.2.10: - version "5.2.10" - resolved "https://registry.yarnpkg.com/rc-trigger/-/rc-trigger-5.2.10.tgz#8a0057a940b1b9027eaa33beec8a6ecd85cce2b1" - integrity sha512-FkUf4H9BOFDaIwu42fvRycXMAvkttph9AlbCZXssZDVzz2L+QZ0ERvfB/4nX3ZFPh1Zd+uVGr1DEDeXxq4J1TA== - dependencies: - "@babel/runtime" "^7.11.2" - classnames "^2.2.6" - rc-align "^4.0.0" - rc-motion "^2.0.0" - rc-util "^5.5.0" - -rc-trigger@^5.3.1: - version "5.3.1" - resolved "https://registry.yarnpkg.com/rc-trigger/-/rc-trigger-5.3.1.tgz#acafadf3eaf384e7f466c303bfa0f34c8137d7b8" - integrity sha512-5gaFbDkYSefZ14j2AdzucXzlWgU2ri5uEjkHvsf1ynRhdJbKxNOnw4PBZ9+FVULNGFiDzzlVF8RJnR9P/xrnKQ== - dependencies: - "@babel/runtime" "^7.18.3" - classnames "^2.2.6" - rc-align "^4.0.0" - rc-motion "^2.0.0" - rc-util "^5.19.2" + rc-virtual-list "^3.5.1" rc-upload@~4.3.0: version "4.3.3" @@ -7784,7 +7720,7 @@ rc-upload@~4.3.0: classnames "^2.2.5" rc-util "^5.2.0" -rc-util@^5.0.1, rc-util@^5.0.6, rc-util@^5.0.7, rc-util@^5.12.0, rc-util@^5.15.0, rc-util@^5.16.1, rc-util@^5.2.0, rc-util@^5.2.1, rc-util@^5.3.0, rc-util@^5.4.0, rc-util@^5.5.0, rc-util@^5.5.1, rc-util@^5.6.1, rc-util@^5.7.0, rc-util@^5.8.0, rc-util@^5.9.4: +rc-util@^5.0.1, rc-util@^5.0.6, rc-util@^5.15.0, rc-util@^5.16.1, rc-util@^5.2.0, rc-util@^5.2.1, rc-util@^5.3.0, rc-util@^5.5.1, rc-util@^5.6.1: version "5.16.1" resolved "https://registry.yarnpkg.com/rc-util/-/rc-util-5.16.1.tgz#374db7cb735512f05165ddc3d6b2c61c21b8b4e3" integrity sha512-kSCyytvdb3aRxQacS/71ta6c+kBWvM1v8/2h9d/HaNWauc3qB8pLnF20PJ8NajkNN8gb+rR1l0eWO+D4Pz+LLQ== @@ -7793,6 +7729,14 @@ rc-util@^5.0.1, rc-util@^5.0.6, rc-util@^5.0.7, rc-util@^5.12.0, rc-util@^5.15.0 react-is "^16.12.0" shallowequal "^1.1.0" +rc-util@^5.16.0, rc-util@^5.24.4, rc-util@^5.25.2, rc-util@^5.27.0, rc-util@^5.27.1, rc-util@^5.28.0, rc-util@^5.30.0, rc-util@^5.31.1, rc-util@^5.32.0, rc-util@^5.32.2, rc-util@^5.33.0: + version "5.34.0" + resolved "https://registry.yarnpkg.com/rc-util/-/rc-util-5.34.0.tgz#3bec84f98c1dbf5305d89cda124aa8a0c9615f97" + integrity sha512-+zCDJ1gq+KwqbaZPAk7PGlNAssoTcnZSnTsr5KMYDBhzdPNFxyuglnewWMP5PyP/kAC6uW4r9Ejc08M+Lei04A== + dependencies: + "@babel/runtime" "^7.18.3" + react-is "^16.12.0" + rc-util@^5.17.0, rc-util@^5.18.1: version "5.20.1" resolved "https://registry.yarnpkg.com/rc-util/-/rc-util-5.20.1.tgz#323590df56175f60b1a67d2ba76f04c3c2cb84cd" @@ -7802,7 +7746,7 @@ rc-util@^5.17.0, rc-util@^5.18.1: react-is "^16.12.0" shallowequal "^1.1.0" -rc-util@^5.19.2, rc-util@^5.20.1, rc-util@^5.21.0, rc-util@^5.21.2, rc-util@^5.22.5, rc-util@^5.23.0: +rc-util@^5.19.2, rc-util@^5.20.1, rc-util@^5.21.0, rc-util@^5.21.2, rc-util@^5.22.5: version "5.24.2" resolved "https://registry.yarnpkg.com/rc-util/-/rc-util-5.24.2.tgz#b90057dd880e1ba2bea63028ef1892101a48bc0c" integrity sha512-MWd0ZEV7xSwN4HM9jz9BwpnMzwCPjYJ7K90lePsrdgAkrmm8U7b4BOTIsv/84BQsaF7N3ejNkcrZ3AfEwc9HXA== @@ -7811,20 +7755,12 @@ rc-util@^5.19.2, rc-util@^5.20.1, rc-util@^5.21.0, rc-util@^5.21.2, rc-util@^5.2 react-is "^16.12.0" shallowequal "^1.1.0" -rc-virtual-list@^3.2.0: - version "3.4.2" - resolved "https://registry.yarnpkg.com/rc-virtual-list/-/rc-virtual-list-3.4.2.tgz#1078327aa7230b5e456d679ed2ce99f3c036ebd1" - integrity sha512-OyVrrPvvFcHvV0ssz5EDZ+7Rf5qLat/+mmujjchNw5FfbJWNDwkpQ99EcVE6+FtNRmX9wFa1LGNpZLUTvp/4GQ== - dependencies: - classnames "^2.2.6" - rc-resize-observer "^1.0.0" - rc-util "^5.0.7" - -rc-virtual-list@^3.4.8: - version "3.4.8" - resolved "https://registry.yarnpkg.com/rc-virtual-list/-/rc-virtual-list-3.4.8.tgz#c24c10c6940546b7e2a5e9809402c6716adfd26c" - integrity sha512-qSN+Rv4i/E7RCTvTMr1uZo7f3crJJg/5DekoCagydo9zsXrxj07zsFSxqizqW+ldGA16lwa8So/bIbV9Ofjddg== +rc-virtual-list@^3.5.1, rc-virtual-list@^3.5.2: + version "3.5.2" + resolved "https://registry.yarnpkg.com/rc-virtual-list/-/rc-virtual-list-3.5.2.tgz#5e1028869bae900eacbae6788d4eca7210736006" + integrity sha512-sE2G9hTPjVmatQni8OP2Kx33+Oth6DMKm67OblBBmgMBJDJQOOFpSGH7KZ6Pm85rrI2IGxDRXZCr0QhYOH2pfQ== dependencies: + "@babel/runtime" "^7.20.0" classnames "^2.2.6" rc-resize-observer "^1.0.0" rc-util "^5.15.0" @@ -8048,7 +7984,7 @@ react-test-renderer@16.8.3: react-is "^16.8.3" scheduler "^0.13.3" -react-toastify@^9.0.8: +react-toastify@9.0.8: version "9.0.8" resolved "https://registry.yarnpkg.com/react-toastify/-/react-toastify-9.0.8.tgz#3876c89fc6211a29027b3075010b5ec39ebe4f7e" integrity sha512-EwM+teWt49HSHx+67qI08yLAW1zAsBxCXLCsUfxHYv1W7/R3ZLhrqKalh7j+kjgPna1h5LQMSMwns4tB4ww2yQ== @@ -8288,7 +8224,7 @@ require-directory@^2.1.1: resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42" integrity sha1-jGStX9MNqxyXbiNE/+f3kqam30I= -require-from-string@2.0.2, require-from-string@^2.0.1, require-from-string@^2.0.2: +require-from-string@^2.0.1, require-from-string@^2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== @@ -8373,13 +8309,6 @@ rimraf@^3.0.0, rimraf@^3.0.2: dependencies: glob "^7.1.3" -rollup@3.18.0: - version "3.18.0" - resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.18.0.tgz#2354ba63ba66d6a09c652c3ea0dbcd9dad72bbde" - integrity sha512-J8C6VfEBjkvYPESMQYxKHxNOh4A5a3FlP+0BETGo34HEcE4eTlgCrO2+eWzlu2a/sHs2QUkZco+wscH7jhhgWg== - optionalDependencies: - fsevents "~2.3.2" - rsvp@^4.8.4: version "4.8.5" resolved "https://registry.yarnpkg.com/rsvp/-/rsvp-4.8.5.tgz#c8f155311d167f68f21e168df71ec5b083113734" @@ -8392,7 +8321,7 @@ run-parallel@^1.1.9: dependencies: queue-microtask "^1.2.2" -rxjs@6.6.7, rxjs@^6.6.6, rxjs@^7.5.5: +rxjs@6.6.7, rxjs@^6.6.6, rxjs@^7.5.6: version "6.6.7" resolved "https://registry.yarnpkg.com/rxjs/-/rxjs-6.6.7.tgz#90ac018acabf491bf65044235d5863c4dab804c9" integrity sha512-hTdwr+7yYNIT5n4AMYp85KA6yw2Va0FLa3Rguvbpa4W3I5xynaBZo41cM3XM+4Q6fRMj3sBYIR1VAmZMXYJvRQ== @@ -8493,10 +8422,10 @@ schema-utils@^2.7.1: ajv "^6.12.4" ajv-keywords "^3.5.2" -schema-utils@^3.1.0, schema-utils@^3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.1.tgz#bc74c4b6b6995c1d88f76a8b77bea7219e0c8281" - integrity sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw== +schema-utils@^3.1.1, schema-utils@^3.1.2: + version "3.1.2" + resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.2.tgz#36c10abca6f7577aeae136c804b0c741edeadc99" + integrity sha512-pvjEHOgWc9OWA/f/DE3ohBWTD6EleVLf7iFUkoSwAxttdBhB9QUebQgxER2kWueOvRJXPHNnyrvvh9eZINB8Eg== dependencies: "@types/json-schema" "^7.0.8" ajv "^6.12.5" @@ -8512,12 +8441,12 @@ schema-utils@^4.0.0: ajv-formats "^2.1.1" ajv-keywords "^5.0.0" -scroll-into-view-if-needed@^2.2.25: - version "2.2.28" - resolved "https://registry.yarnpkg.com/scroll-into-view-if-needed/-/scroll-into-view-if-needed-2.2.28.tgz#5a15b2f58a52642c88c8eca584644e01703d645a" - integrity sha512-8LuxJSuFVc92+0AdNv4QOxRL4Abeo1DgLnGNkn1XlaujPH/3cCFz3QI60r2VNu4obJJROzgnIUw5TKQkZvZI1w== +scroll-into-view-if-needed@^3.0.3: + version "3.0.10" + resolved "https://registry.yarnpkg.com/scroll-into-view-if-needed/-/scroll-into-view-if-needed-3.0.10.tgz#38fbfe770d490baff0fb2ba34ae3539f6ec44e13" + integrity sha512-t44QCeDKAPf1mtQH3fYpWz8IM/DyvHLjs8wUvvwMYxk5moOqCzrMSxK6HQVD0QVmVjXFavoFIPRVrMuJPKAvtg== dependencies: - compute-scroll-into-view "^1.0.17" + compute-scroll-into-view "^3.0.2" select-hose@^2.0.0: version "2.0.0" @@ -8579,15 +8508,6 @@ send@0.17.2: range-parser "~1.2.1" statuses "~1.5.0" -sentence-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/sentence-case/-/sentence-case-3.0.4.tgz#3645a7b8c117c787fde8702056225bb62a45131f" - integrity sha512-8LS0JInaQMCRoQ7YUytAo/xUu5W2XnQxV2HI/6uM6U7CITS1RqPElr30V6uIqyMKM9lJGRVFy5/4CuzcixNYSg== - dependencies: - no-case "^3.0.4" - tslib "^2.0.3" - upper-case-first "^2.0.2" - serialize-javascript@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-5.0.1.tgz#7886ec848049a462467a97d3d918ebb2aaf934f4" @@ -8595,10 +8515,10 @@ serialize-javascript@^5.0.1: dependencies: randombytes "^2.1.0" -serialize-javascript@^6.0.0: - version "6.0.0" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.0.tgz#efae5d88f45d7924141da8b5c3a7a7e663fefeb8" - integrity sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag== +serialize-javascript@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.1.tgz#b206efb27c3da0b0ab6b52f48d170b7996458e5c" + integrity sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w== dependencies: randombytes "^2.1.0" @@ -8771,14 +8691,6 @@ slugify@~1.4.7: resolved "https://registry.yarnpkg.com/slugify/-/slugify-1.4.7.tgz#e42359d505afd84a44513280868e31202a79a628" integrity sha512-tf+h5W1IrjNm/9rKKj0JU2MDMruiopx0jjVA5zCdBtcGjfp0+c5rHw/zADLC3IeKlGHtVbHtpfzvYA0OYT+HKg== -snake-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/snake-case/-/snake-case-3.0.4.tgz#4f2bbd568e9935abdfd593f34c691dadb49c452c" - integrity sha512-LAOh4z89bGQvl9pFfNF8V146i7o7/CqFPbqzYgP+yYzDIDeS9HaNFtXABamRW+AQzEVODcvE79ljJ+8a9YSdMg== - dependencies: - dot-case "^3.0.4" - tslib "^2.0.3" - snapdragon-node@^2.0.1: version "2.1.1" resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b" @@ -8917,11 +8829,6 @@ split-string@^3.0.1, split-string@^3.0.2: dependencies: extend-shallow "^3.0.0" -sprintf-js@^1.1.2: - version "1.1.2" - resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.2.tgz#da1765262bf8c0f571749f2ad6c26300207ae673" - integrity sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug== - sprintf-js@~1.0.2: version "1.0.3" resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" @@ -9083,6 +8990,11 @@ style-loader@^3.3.1: resolved "https://registry.yarnpkg.com/style-loader/-/style-loader-3.3.1.tgz#057dfa6b3d4d7c7064462830f9113ed417d38575" integrity sha512-GPcQ+LDJbrcxHORTRes6Jy2sfvK2kS6hpSfI/fXhPt+spVzxF6LJ1dHLN9zIGmVaaP044YKaIatFaufENRiDoQ== +stylis@^4.0.13: + version "4.2.0" + resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.2.0.tgz#79daee0208964c8fe695a42fcffcac633a211a51" + integrity sha512-Orov6g6BB1sDfYgzWfTHDOxamtX1bE/zo104Dh9e6fqJ3PooipYyfJ0pUmrZO2wAvO8YbEyeFrkV91XTsGMSrw== + superagent@^8.0.9: version "8.0.9" resolved "https://registry.npmjs.org/superagent/-/superagent-8.0.9.tgz#2c6fda6fadb40516515f93e9098c0eb1602e0535" @@ -9196,16 +9108,16 @@ tar@^6.0.2: mkdirp "^1.0.3" yallist "^4.0.0" -teeny-request@6.0.1: - version "6.0.1" - resolved "https://registry.yarnpkg.com/teeny-request/-/teeny-request-6.0.1.tgz#9b1f512cef152945827ba7e34f62523a4ce2c5b0" - integrity sha512-TAK0c9a00ELOqLrZ49cFxvPVogMUFaWY8dUsQc/0CuQPGF+BOxOQzXfE413BAk2kLomwNplvdtMpeaeGWmoc2g== +teeny-request@7.1.1: + version "7.1.1" + resolved "https://registry.yarnpkg.com/teeny-request/-/teeny-request-7.1.1.tgz#2b0d156f4a8ad81de44303302ba8d7f1f05e20e6" + integrity sha512-iwY6rkW5DDGq8hE2YgNQlKbptYpY5Nn2xecjQiNjOXWbKzPGUfmeUBCSQbbr306d7Z7U2N0TPl+/SwYRfua1Dg== dependencies: http-proxy-agent "^4.0.0" - https-proxy-agent "^4.0.0" - node-fetch "^2.2.0" + https-proxy-agent "^5.0.0" + node-fetch "^2.6.1" stream-events "^1.0.5" - uuid "^3.3.2" + uuid "^8.0.0" terminal-link@^2.0.0: version "2.1.1" @@ -9215,18 +9127,18 @@ terminal-link@^2.0.0: ansi-escapes "^4.2.1" supports-hyperlinks "^2.0.0" -terser-webpack-plugin@^5.1.3: - version "5.3.1" - resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz#0320dcc270ad5372c1e8993fabbd927929773e54" - integrity sha512-GvlZdT6wPQKbDNW/GDQzZFg/j4vKU96yl2q6mcUkzKOgW4gwf1Z8cZToUCrz31XHlPWH8MVb1r2tFtdDtTGJ7g== +terser-webpack-plugin@^5.3.7: + version "5.3.9" + resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.9.tgz#832536999c51b46d468067f9e37662a3b96adfe1" + integrity sha512-ZuXsqE07EcggTWQjXUj+Aot/OMcD0bMKGgF63f7UxYcu5/AJF53aIpK1YoP5xR9l6s/Hy2b+t1AM0bLNPRuhwA== dependencies: + "@jridgewell/trace-mapping" "^0.3.17" jest-worker "^27.4.5" schema-utils "^3.1.1" - serialize-javascript "^6.0.0" - source-map "^0.6.1" - terser "^5.7.2" + serialize-javascript "^6.0.1" + terser "^5.16.8" -terser@^5.10.0, terser@^5.7.2: +terser@^5.10.0: version "5.14.2" resolved "https://registry.yarnpkg.com/terser/-/terser-5.14.2.tgz#9ac9f22b06994d736174f4091aa368db896f1c10" integrity sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA== @@ -9236,6 +9148,16 @@ terser@^5.10.0, terser@^5.7.2: commander "^2.20.0" source-map-support "~0.5.20" +terser@^5.16.8: + version "5.17.6" + resolved "https://registry.yarnpkg.com/terser/-/terser-5.17.6.tgz#d810e75e1bb3350c799cd90ebefe19c9412c12de" + integrity sha512-V8QHcs8YuyLkLHsJO5ucyff1ykrLVsR4dNnS//L5Y3NiSXpbK1J+WMVUs67eI0KTxs9JtHhgEQpXQVHlHI92DQ== + dependencies: + "@jridgewell/source-map" "^0.3.2" + acorn "^8.5.0" + commander "^2.20.0" + source-map-support "~0.5.20" + test-exclude@^6.0.0: version "6.0.0" resolved "https://registry.yarnpkg.com/test-exclude/-/test-exclude-6.0.0.tgz#04a8698661d805ea6fa293b6cb9e63ac044ef15e" @@ -9250,6 +9172,11 @@ throat@^6.0.1: resolved "https://registry.yarnpkg.com/throat/-/throat-6.0.1.tgz#d514fedad95740c12c2d7fc70ea863eb51ade375" integrity sha512-8hmiGIJMDlwjg7dlJ4yKGLK8EsYqKgPWbG3b4wjJddKNwc7N7Dpn08Df4szr/sZdMVeOstrdYSsqzX6BYbcB+w== +throttle-debounce@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/throttle-debounce/-/throttle-debounce-5.0.0.tgz#a17a4039e82a2ed38a5e7268e4132d6960d41933" + integrity sha512-2iQTSgkkc1Zyk0MeVrt/3BvuOXYPl/R8Z0U2xxo9rjwNciaHDG3R+Lm6dh4EeUci49DanvBnuqI6jshoQQRGEg== + thunky@^1.0.2: version "1.1.0" resolved "https://registry.yarnpkg.com/thunky/-/thunky-1.1.0.tgz#5abaf714a9405db0504732bbccd2cedd9ef9537d" @@ -9270,12 +9197,12 @@ tiny-warning@^1.0.0: resolved "https://registry.yarnpkg.com/tiny-warning/-/tiny-warning-1.0.3.tgz#94a30db453df4c643d0fd566060d60a875d84754" integrity sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA== -tippy.js@^4.3.4: - version "4.3.5" - resolved "https://registry.yarnpkg.com/tippy.js/-/tippy.js-4.3.5.tgz#882bff8d92f09bb0546d2826d5668c0560006f54" - integrity sha512-NDq3efte8nGK6BOJ1dDN1/WelAwfmh3UtIYXXck6+SxLzbIQNZE/cmRSnwScZ/FyiKdIcvFHvYUgqmoGx8CcyA== +tippy.js@^5.1.1: + version "5.2.1" + resolved "https://registry.yarnpkg.com/tippy.js/-/tippy.js-5.2.1.tgz#e08d7332c103a15e427124d710d881fca82365d6" + integrity sha512-66UT6JRVn3dXNCORE+0UvUK3JZqV/VhLlU6HTDm3FmrweUUFUxUGvT8tUQ7ycMp+uhuLAwQw6dBabyC+iKf/MA== dependencies: - popper.js "^1.14.7" + popper.js "^1.16.0" tmpl@1.0.x: version "1.0.5" @@ -9364,12 +9291,12 @@ ts-jest@^27.1.3: semver "7.x" yargs-parser "20.x" -ts-node@^10.7.0: - version "10.7.0" - resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.7.0.tgz#35d503d0fab3e2baa672a0e94f4b40653c2463f5" - integrity sha512-TbIGS4xgJoX2i3do417KSaep1uRAW/Lu+WAL2doDHC0D6ummjirVOXU5/7aiZotbQ5p1Zp9tP7U6cYhA0O7M8A== +ts-node@10.9.1: + version "10.9.1" + resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b" + integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== dependencies: - "@cspotcode/source-map-support" "0.7.0" + "@cspotcode/source-map-support" "^0.8.0" "@tsconfig/node10" "^1.0.7" "@tsconfig/node12" "^1.0.7" "@tsconfig/node14" "^1.0.0" @@ -9380,7 +9307,7 @@ ts-node@^10.7.0: create-require "^1.1.0" diff "^4.0.1" make-error "^1.1.1" - v8-compile-cache-lib "^3.0.0" + v8-compile-cache-lib "^3.0.1" yn "3.1.1" tslib@^1.13.0: @@ -9577,20 +9504,6 @@ unset-value@^1.0.0: has-value "^0.3.1" isobject "^3.0.0" -upper-case-first@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/upper-case-first/-/upper-case-first-2.0.2.tgz#992c3273f882abd19d1e02894cc147117f844324" - integrity sha512-514ppYHBaKwfJRK/pNC6c/OxfGa0obSnAl106u97Ed0I625Nin96KAjttZF6ZL3e1XLtphxnqrOi9iWgm+u+bg== - dependencies: - tslib "^2.0.3" - -upper-case@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/upper-case/-/upper-case-2.0.2.tgz#d89810823faab1df1549b7d97a76f8662bae6f7a" - integrity sha512-KgdgDGJt2TpuwBUIjgG6lzw2GWFRCW9Qkfkiv0DxqHHLYJHmtmdUIKcZd8rHgFSjopVTlw6ggzCm1b8MFQwikg== - dependencies: - tslib "^2.0.3" - uri-js@^4.2.2: version "4.2.2" resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.2.2.tgz#94c540e1ff772956e2299507c010aea6c8838eb0" @@ -9616,10 +9529,12 @@ url@^0.11.0: punycode "1.3.2" querystring "0.2.0" -urlgrey@0.4.4: - version "0.4.4" - resolved "https://registry.yarnpkg.com/urlgrey/-/urlgrey-0.4.4.tgz#892fe95960805e85519f1cd4389f2cb4cbb7652f" - integrity sha1-iS/pWWCAXoVRnxzUOJ8stMu3ZS8= +urlgrey@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/urlgrey/-/urlgrey-1.0.0.tgz#72d2f904482d0b602e3c7fa599343d699bbe1017" + integrity sha512-hJfIzMPJmI9IlLkby8QrsCykQ+SXDeO2W5Q9QTW3QpqZVTx4a/K7p8/5q+/isD8vsbVaFgql/gvAoQCRQ2Cb5w== + dependencies: + fast-url-parser "^1.1.3" use@^3.1.0: version "3.1.1" @@ -9648,20 +9563,20 @@ utils-merge@1.0.1: resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713" integrity sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA== -uuid@^3.3.2: - version "3.3.3" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.3.3.tgz#4568f0216e78760ee1dbf3a4d2cf53e224112866" - integrity sha512-pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ== - -uuid@^8.3.2: +uuid@^8.0.0, uuid@^8.3.2: version "8.3.2" resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== -v8-compile-cache-lib@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.0.tgz#0582bcb1c74f3a2ee46487ceecf372e46bce53e8" - integrity sha512-mpSYqfsFvASnSn5qMiwrr4VKfumbPyONLCOPmsR3A6pTY/r0+tSaVbgPWSAIuzbk3lCTa+FForeTiO+wBQGkjA== +uuid@^9.0.0: + version "9.0.0" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-9.0.0.tgz#592f550650024a38ceb0c562f2f6aa435761efb5" + integrity sha512-MXcSTerfPa4uqyzStbRoTgt5XIe3x5+42+q1sDuy3R5MDk66URdLMOZe5aPX/SQd+kuYAh0FdP/pO28IkQyTeg== + +v8-compile-cache-lib@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" + integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== v8-to-istanbul@^8.1.0: version "8.1.1" @@ -9682,21 +9597,6 @@ vary@~1.1.2: resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== -vscode-languageserver-textdocument@^1.0.0: - version "1.0.8" - resolved "https://registry.yarnpkg.com/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.8.tgz#9eae94509cbd945ea44bca8dcfe4bb0c15bb3ac0" - integrity sha512-1bonkGqQs5/fxGT5UchTgjGVnfysL0O8v1AYMBjqTbWQTFn721zaPGDYFkOKtfDgFiSgXM3KwaG3FMGfW4Ed9Q== - -vscode-languageserver-types@^3.0.0: - version "3.17.3" - resolved "https://registry.yarnpkg.com/vscode-languageserver-types/-/vscode-languageserver-types-3.17.3.tgz#72d05e47b73be93acb84d6e311b5786390f13f64" - integrity sha512-SYU4z1dL0PyIMd4Vj8YOqFvHu7Hz/enbWtpfnVbJHU4Nd1YNYx8u0ennumc6h48GQNeOLxmwySmnADouT/AuZA== - -vscode-uri@^3.0.0: - version "3.0.7" - resolved "https://registry.yarnpkg.com/vscode-uri/-/vscode-uri-3.0.7.tgz#6d19fef387ee6b46c479e5fb00870e15e58c1eb8" - integrity sha512-eOpPHogvorZRobNqJGhapa0JdwaxpjVvyBp0QIUMRMSf8ZAlqOdEquKuRmw9Qwu0qXtJIWqFtMkmvJjUZmMjVA== - w3c-hr-time@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz#0a89cdf5cc15822df9c360543676963e0cc308cd" @@ -9725,10 +9625,10 @@ warning@^4.0.1, warning@^4.0.2: dependencies: loose-envify "^1.0.0" -watchpack@^2.3.1: - version "2.3.1" - resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.3.1.tgz#4200d9447b401156eeca7767ee610f8809bc9d25" - integrity sha512-x0t0JuydIo8qCNctdDrn1OzH/qDzk2+rdCOC3YzumZ42fiMqmQ7T3xQurykYMhYfHaPHTp4ZxAx2NfUo1K6QaA== +watchpack@^2.4.0: + version "2.4.0" + resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.0.tgz#fa33032374962c78113f93c7f2fb4c54c9862a5d" + integrity sha512-Lcvm7MGST/4fup+ifyKi2hjyIAwcdI4HRgtvTpIUxBRhB+RFtUh8XtDOxUfctVCnhVi+QQj49i91OyvzkJl6cg== dependencies: glob-to-regexp "^0.4.1" graceful-fs "^4.1.2" @@ -9740,11 +9640,6 @@ wbuf@^1.1.0, wbuf@^1.7.3: dependencies: minimalistic-assert "^1.0.0" -web-streams-polyfill@^3.0.3: - version "3.2.1" - resolved "https://registry.yarnpkg.com/web-streams-polyfill/-/web-streams-polyfill-3.2.1.tgz#71c2718c52b45fd49dbeee88634b3a60ceab42a6" - integrity sha512-e0MO3wdXWKrLbL0DgGnUV7WHVuw9OUvL4hjgnPkIeEvESk74gAITi5G606JtZPp39cd8HA9VQzCIvA49LpPN5Q== - webidl-conversions@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" @@ -9854,34 +9749,34 @@ webpack-sources@^3.2.3: resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde" integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== -webpack@^5.70.0: - version "5.70.0" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.70.0.tgz#3461e6287a72b5e6e2f4872700bc8de0d7500e6d" - integrity sha512-ZMWWy8CeuTTjCxbeaQI21xSswseF2oNOwc70QSKNePvmxE7XW36i7vpBMYZFAUHPwQiEbNGCEYIOOlyRbdGmxw== +webpack@^5.84.1: + version "5.84.1" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.84.1.tgz#d4493acdeca46b26ffc99d86d784cabfeb925a15" + integrity sha512-ZP4qaZ7vVn/K8WN/p990SGATmrL1qg4heP/MrVneczYtpDGJWlrgZv55vxaV2ul885Kz+25MP2kSXkPe3LZfmg== dependencies: "@types/eslint-scope" "^3.7.3" - "@types/estree" "^0.0.51" - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/wasm-edit" "1.11.1" - "@webassemblyjs/wasm-parser" "1.11.1" - acorn "^8.4.1" - acorn-import-assertions "^1.7.6" + "@types/estree" "^1.0.0" + "@webassemblyjs/ast" "^1.11.5" + "@webassemblyjs/wasm-edit" "^1.11.5" + "@webassemblyjs/wasm-parser" "^1.11.5" + acorn "^8.7.1" + acorn-import-assertions "^1.9.0" browserslist "^4.14.5" chrome-trace-event "^1.0.2" - enhanced-resolve "^5.9.2" - es-module-lexer "^0.9.0" + enhanced-resolve "^5.14.1" + es-module-lexer "^1.2.1" eslint-scope "5.1.1" events "^3.2.0" glob-to-regexp "^0.4.1" graceful-fs "^4.2.9" - json-parse-better-errors "^1.0.2" + json-parse-even-better-errors "^2.3.1" loader-runner "^4.2.0" mime-types "^2.1.27" neo-async "^2.6.2" - schema-utils "^3.1.0" + schema-utils "^3.1.2" tapable "^2.1.1" - terser-webpack-plugin "^5.1.3" - watchpack "^2.3.1" + terser-webpack-plugin "^5.3.7" + watchpack "^2.4.0" webpack-sources "^3.2.3" websocket-driver@>=0.5.1: @@ -9912,11 +9807,6 @@ whatwg-encoding@^1.0.5: dependencies: iconv-lite "0.4.24" -whatwg-fetch@^3.4.1: - version "3.6.2" - resolved "https://registry.yarnpkg.com/whatwg-fetch/-/whatwg-fetch-3.6.2.tgz#dced24f37f2624ed0281725d51d0e2e3fe677f8c" - integrity sha512-bJlen0FcuU/0EMLrdbJ7zOnW6ITZLrZMIarMUVmdKtsGvZna8vxKYaexICWPfZ8qwf9fzNq+UEIZrnSaApt6RA== - whatwg-mimetype@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf" @@ -10017,10 +9907,10 @@ xterm-addon-fit@^0.5.0: resolved "https://registry.yarnpkg.com/xterm-addon-fit/-/xterm-addon-fit-0.5.0.tgz#2d51b983b786a97dcd6cde805e700c7f913bc596" integrity sha512-DsS9fqhXHacEmsPxBJZvfj2la30Iz9xk+UKjhQgnYNkrUIN5CYLbw7WEfz117c7+S86S/tpHPfvNxJsF5/G8wQ== -xterm@^4.18.0: - version "4.18.0" - resolved "https://registry.yarnpkg.com/xterm/-/xterm-4.18.0.tgz#a1f6ab2c330c3918fb094ae5f4c2562987398ea1" - integrity sha512-JQoc1S0dti6SQfI0bK1AZvGnAxH4MVw45ZPFSO6FHTInAiau3Ix77fSxNx3mX4eh9OL4AYa8+4C8f5UvnSfppQ== +xterm@^4.19.0: + version "4.19.0" + resolved "https://registry.yarnpkg.com/xterm/-/xterm-4.19.0.tgz#c0f9d09cd61de1d658f43ca75f992197add9ef6d" + integrity sha512-c3Cp4eOVsYY5Q839dR5IejghRPpxciGmLWWaP9g+ppfMeBChMeLa1DCA+pmX/jyDZ+zxFOmlJL/82qVdayVoGQ== y18n@^5.0.5: version "5.0.8" @@ -10037,21 +9927,11 @@ yaml-ast-parser@0.0.43: resolved "https://registry.yarnpkg.com/yaml-ast-parser/-/yaml-ast-parser-0.0.43.tgz#e8a23e6fb4c38076ab92995c5dca33f3d3d7c9bb" integrity sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A== -yaml@2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.1.1.tgz#1e06fb4ca46e60d9da07e4f786ea370ed3c3cfec" - integrity sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw== - -yaml@^1.10.0, yaml@^1.10.2: +yaml@^1.10.0: version "1.10.2" resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b" integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg== -yaml@^2.0.0: - version "2.2.1" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.2.1.tgz#3014bf0482dcd15147aa8e56109ce8632cd60ce4" - integrity sha512-e0WHiYql7+9wr4cWMx3TVQrNwejKaEe7/rHNmQmqRjazfOP5W8PB6Jpebb5o6fIapbz9o9+2ipcaTM2ZwDI6lw== - yargs-parser@20.x, yargs-parser@^20.2.2: version "20.2.9" resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee" @@ -10097,8 +9977,3 @@ yocto-queue@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b" integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== - -zod@3.19.1: - version "3.19.1" - resolved "https://registry.yarnpkg.com/zod/-/zod-3.19.1.tgz#112f074a97b50bfc4772d4ad1576814bd8ac4473" - integrity sha512-LYjZsEDhCdYET9ikFu6dVPGp2YH9DegXjdJToSzD9rO6fy4qiRYFoyEYwps88OseJlPyl2NOe2iJuhEhL7IpEA== diff --git a/util/app/discovery/discovery.go b/util/app/discovery/discovery.go index 7710ffbabebf7..21fbe5fd4bf36 100644 --- a/util/app/discovery/discovery.go +++ b/util/app/discovery/discovery.go @@ -93,7 +93,7 @@ func DetectConfigManagementPlugin(ctx context.Context, appPath, repoPath, plugin pluginSockFilePath := common.GetPluginSockFilePath() log.WithFields(log.Fields{ common.SecurityField: common.SecurityLow, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Debugf("pluginSockFilePath is: %s", pluginSockFilePath) if pluginName != "" { @@ -160,7 +160,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error dialing to cmp-server for plugin %s, %v", fileName, err) return nil, nil, false } @@ -169,7 +169,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("repository %s is not the match because %v", repoPath, err) io.Close(conn) return nil, nil, false @@ -182,7 +182,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil } log.WithFields(log.Fields{ common.SecurityField: common.SecurityLow, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Debugf("Reponse from socket file %s does not support %v", fileName, repoPath) io.Close(conn) return nil, nil, false diff --git a/util/argo/argo.go b/util/argo/argo.go index a9d5a0bc9ba9d..5319fb6fbb277 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -272,12 +272,13 @@ func TestRepoWithKnownType(ctx context.Context, repoClient apiclient.RepoServerS // * the repository is accessible // * the path contains valid manifests // * there are parameters of only one app source type +// +// The plugins parameter is no longer used. It is kept for compatibility with the old signature until Argo CD v3.0. func ValidateRepo( ctx context.Context, app *argoappv1.Application, repoClientset apiclient.Clientset, db db.ArgoDB, - plugins []*argoappv1.ConfigManagementPlugin, kubectl kube.Kubectl, proj *argoappv1.AppProject, settingsMgr *settings.SettingsManager, @@ -343,7 +344,6 @@ func ValidateRepo( db, app.Spec.GetSources(), repoClient, - plugins, permittedHelmRepos, helmOptions, cluster, @@ -365,7 +365,6 @@ func validateRepo(ctx context.Context, db db.ArgoDB, sources []argoappv1.ApplicationSource, repoClient apiclient.RepoServerServiceClient, - plugins []*argoappv1.ConfigManagementPlugin, permittedHelmRepos []*argoappv1.Repository, helmOptions *argoappv1.HelmOptions, cluster *argoappv1.Cluster, @@ -420,9 +419,9 @@ func validateRepo(ctx context.Context, helmOptions, app.Name, app.Spec.Destination, + proj, sources, repoClient, - plugins, cluster.ServerVersion, APIResourcesToStrings(apiGroups, true), permittedHelmCredentials, @@ -705,9 +704,9 @@ func verifyGenerateManifests( helmOptions *argoappv1.HelmOptions, name string, dest argoappv1.ApplicationDestination, + proj *argoappv1.AppProject, sources []argoappv1.ApplicationSource, repoClient apiclient.RepoServerServiceClient, - plugins []*argoappv1.ConfigManagementPlugin, kubeVersion string, apiVersions []string, repositoryCredentials []*argoappv1.RepoCreds, @@ -762,7 +761,6 @@ func verifyGenerateManifests( AppName: name, Namespace: dest.Namespace, ApplicationSource: &source, - Plugins: plugins, KustomizeOptions: kustomizeOptions, KubeVersion: kubeVersion, ApiVersions: apiVersions, @@ -773,6 +771,8 @@ func verifyGenerateManifests( NoRevisionCache: true, HasMultipleSources: hasMultipleSources, RefSources: refSources, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, } req.Repo.CopyCredentialsFromRepo(repoRes) req.Repo.CopySettingsFrom(repoRes) @@ -1014,8 +1014,8 @@ func GetDifferentPathsBetweenStructs(a, b interface{}) ([]string, error) { return difference, nil } -// parseAppName will -func parseAppName(appName string, defaultNs string, delim string) (string, string) { +// parseName will +func parseName(appName string, defaultNs string, delim string) (string, string) { var ns string var name string t := strings.SplitN(appName, delim, 2) @@ -1032,15 +1032,15 @@ func parseAppName(appName string, defaultNs string, delim string) (string, strin // ParseAppNamespacedName parses a namespaced name in the format namespace/name // and returns the components. If name wasn't namespaced, defaultNs will be // returned as namespace component. -func ParseAppQualifiedName(appName string, defaultNs string) (string, string) { - return parseAppName(appName, defaultNs, "/") +func ParseFromQualifiedName(appName string, defaultNs string) (string, string) { + return parseName(appName, defaultNs, "/") } -// ParseAppInstanceName parses a namespaced name in the format namespace_name +// ParseInstanceName parses a namespaced name in the format namespace_name // and returns the components. If name wasn't namespaced, defaultNs will be // returned as namespace component. -func ParseAppInstanceName(appName string, defaultNs string) (string, string) { - return parseAppName(appName, defaultNs, "_") +func ParseInstanceName(appName string, defaultNs string) (string, string) { + return parseName(appName, defaultNs, "_") } // AppInstanceName returns the value to be used for app instance labels from @@ -1053,9 +1053,9 @@ func AppInstanceName(appName, appNs, defaultNs string) string { } } -// AppInstanceNameFromQualified returns the value to be used for app -func AppInstanceNameFromQualified(name string, defaultNs string) string { - appName, appNs := ParseAppQualifiedName(name, defaultNs) +// InstanceNameFromQualified returns the value to be used for app +func InstanceNameFromQualified(name string, defaultNs string) string { + appName, appNs := ParseFromQualifiedName(name, defaultNs) return AppInstanceName(appName, appNs, defaultNs) } diff --git a/util/argo/argo_test.go b/util/argo/argo_test.go index a096f2c58de32..021e161b6e0dd 100644 --- a/util/argo/argo_test.go +++ b/util/argo/argo_test.go @@ -414,7 +414,7 @@ func TestValidateRepo(t *testing.T) { kubeClient := fake.NewSimpleClientset(&cm) settingsMgr := settings.NewSettingsManager(context.Background(), kubeClient, test.FakeArgoCDNamespace) - conditions, err := ValidateRepo(context.Background(), app, repoClientSet, db, nil, &kubetest.MockKubectlCmd{Version: kubeVersion, APIResources: apiResources}, proj, settingsMgr) + conditions, err := ValidateRepo(context.Background(), app, repoClientSet, db, &kubetest.MockKubectlCmd{Version: kubeVersion, APIResources: apiResources}, proj, settingsMgr) assert.NoError(t, err) assert.Empty(t, conditions) @@ -1183,7 +1183,7 @@ func Test_ParseAppQualifiedName(t *testing.T) { for _, tt := range testcases { t.Run(tt.name, func(t *testing.T) { - appName, appNs := ParseAppQualifiedName(tt.input, tt.implicitNs) + appName, appNs := ParseFromQualifiedName(tt.input, tt.implicitNs) assert.Equal(t, tt.appName, appName) assert.Equal(t, tt.appNs, appNs) }) @@ -1207,7 +1207,7 @@ func Test_ParseAppInstanceName(t *testing.T) { for _, tt := range testcases { t.Run(tt.name, func(t *testing.T) { - appName, appNs := ParseAppInstanceName(tt.input, tt.implicitNs) + appName, appNs := ParseInstanceName(tt.input, tt.implicitNs) assert.Equal(t, tt.appName, appName) assert.Equal(t, tt.appNs, appNs) }) @@ -1251,7 +1251,7 @@ func Test_AppInstanceNameFromQualified(t *testing.T) { for _, tt := range testcases { t.Run(tt.name, func(t *testing.T) { - result := AppInstanceNameFromQualified(tt.appName, tt.defaultNs) + result := InstanceNameFromQualified(tt.appName, tt.defaultNs) assert.Equal(t, tt.result, result) }) } diff --git a/util/argo/normalizers/diff_normalizer.go b/util/argo/normalizers/diff_normalizer.go index 5347944ecc198..6eae329d186d8 100644 --- a/util/argo/normalizers/diff_normalizer.go +++ b/util/argo/normalizers/diff_normalizer.go @@ -3,6 +3,7 @@ package normalizers import ( "encoding/json" "fmt" + "strings" "github.com/argoproj/gitops-engine/pkg/diff" jsonpatch "github.com/evanphx/json-patch" @@ -179,7 +180,9 @@ func (n *ignoreNormalizer) Normalize(un *unstructured.Unstructured) error { for _, patch := range matched { patchedDocData, err := patch.Apply(docData) if err != nil { - log.Debugf("Failed to apply normalization: %v", err) + if shouldLogError(err) { + log.Debugf("Failed to apply normalization: %v", err) + } continue } docData = patchedDocData @@ -191,3 +194,13 @@ func (n *ignoreNormalizer) Normalize(un *unstructured.Unstructured) error { } return nil } + +func shouldLogError(e error) bool { + if strings.Contains(e.Error(), "Unable to remove nonexistent key") { + return false + } + if strings.Contains(e.Error(), "remove operation does not apply: doc is missing path") { + return false + } + return true +} diff --git a/util/argo/normalizers/diff_normalizer_test.go b/util/argo/normalizers/diff_normalizer_test.go index 1938fd23e6a31..99f0ec3ff9db3 100644 --- a/util/argo/normalizers/diff_normalizer_test.go +++ b/util/argo/normalizers/diff_normalizer_test.go @@ -1,6 +1,8 @@ package normalizers import ( + "encoding/json" + "fmt" "testing" "github.com/stretchr/testify/assert" @@ -219,3 +221,34 @@ func TestNormalizeJQPathExpressionWithError(t *testing.T) { assert.Nil(t, err) assert.Equal(t, originalDeployment, normalizedDeployment) } + +func TestNormalizeExpectedErrorAreSilenced(t *testing.T) { + normalizer, err := NewIgnoreNormalizer([]v1alpha1.ResourceIgnoreDifferences{}, map[string]v1alpha1.ResourceOverride{ + "*/*": { + IgnoreDifferences: v1alpha1.OverrideIgnoreDiff{ + JSONPointers: []string{"/invalid", "/invalid/json/path"}, + }, + }, + }) + assert.Nil(t, err) + + ignoreNormalizer := normalizer.(*ignoreNormalizer) + assert.Len(t, ignoreNormalizer.patches, 2) + jsonPatch := ignoreNormalizer.patches[0] + jqPatch := ignoreNormalizer.patches[1] + + deployment := test.NewDeployment() + deploymentData, err := json.Marshal(deployment) + assert.Nil(t, err) + + // Error: "error in remove for path: '/invalid': Unable to remove nonexistent key: invalid: missing value" + _, err = jsonPatch.Apply(deploymentData) + assert.False(t, shouldLogError(err)) + + // Error: "remove operation does not apply: doc is missing path: \"/invalid/json/path\": missing value" + _, err = jqPatch.Apply(deploymentData) + assert.False(t, shouldLogError(err)) + + assert.True(t, shouldLogError(fmt.Errorf("An error that should not be ignored"))) + +} diff --git a/util/argo/resource_tracking.go b/util/argo/resource_tracking.go index 53659115e8b10..92f3f69d6c1ea 100644 --- a/util/argo/resource_tracking.go +++ b/util/argo/resource_tracking.go @@ -61,7 +61,10 @@ func IsOldTrackingMethod(trackingMethod string) bool { } func (rt *resourceTracking) getAppInstanceValue(un *unstructured.Unstructured, key string, trackingMethod v1alpha1.TrackingMethod) *AppInstanceValue { - appInstanceAnnotation := argokube.GetAppInstanceAnnotation(un, common.AnnotationKeyAppInstance) + appInstanceAnnotation, err := argokube.GetAppInstanceAnnotation(un, common.AnnotationKeyAppInstance) + if err != nil { + return nil + } value, err := rt.ParseAppInstanceValue(appInstanceAnnotation) if err != nil { return nil @@ -80,13 +83,21 @@ func (rt *resourceTracking) GetAppName(un *unstructured.Unstructured, key string } switch trackingMethod { case TrackingMethodLabel: - return argokube.GetAppInstanceLabel(un, key) + label, err := argokube.GetAppInstanceLabel(un, key) + if err != nil { + return "" + } + return label case TrackingMethodAnnotationAndLabel: return retrieveAppInstanceValue() case TrackingMethodAnnotation: return retrieveAppInstanceValue() default: - return argokube.GetAppInstanceLabel(un, key) + label, err := argokube.GetAppInstanceLabel(un, key) + if err != nil { + return "" + } + return label } } @@ -185,19 +196,32 @@ func (rt *resourceTracking) Normalize(config, live *unstructured.Unstructured, l return nil } - label := kube.GetAppInstanceLabel(live, labelKey) + label, err := kube.GetAppInstanceLabel(live, labelKey) + if err != nil { + return err + } if label == "" { return nil } - annotation := argokube.GetAppInstanceAnnotation(config, common.AnnotationKeyAppInstance) - err := argokube.SetAppInstanceAnnotation(live, common.AnnotationKeyAppInstance, annotation) + annotation, err := argokube.GetAppInstanceAnnotation(config, common.AnnotationKeyAppInstance) + if err != nil { + return err + } + err = argokube.SetAppInstanceAnnotation(live, common.AnnotationKeyAppInstance, annotation) if err != nil { return err } - if argokube.GetAppInstanceLabel(config, labelKey) == "" { - argokube.RemoveLabel(live, labelKey) + label, err = argokube.GetAppInstanceLabel(config, labelKey) + if err != nil { + return err + } + if label == "" { + err = argokube.RemoveLabel(live, labelKey) + if err != nil { + return err + } } return nil diff --git a/util/argo/resource_tracking_test.go b/util/argo/resource_tracking_test.go index e737e831fb255..36f94747ffd78 100644 --- a/util/argo/resource_tracking_test.go +++ b/util/argo/resource_tracking_test.go @@ -136,7 +136,8 @@ func TestResourceIdNormalizer_Normalize(t *testing.T) { _ = rt.Normalize(configObj, liveObj, common.LabelKeyAppInstance, string(TrackingMethodAnnotation)) // the normalization should affect add the new style annotation and drop old tracking label from live object - annotation := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + annotation, err := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + assert.Nil(t, err) assert.Equal(t, liveObj.GetAnnotations()[common.AnnotationKeyAppInstance], annotation) _, hasOldLabel := liveObj.GetLabels()[common.LabelKeyAppInstance] assert.False(t, hasOldLabel) @@ -160,7 +161,8 @@ func TestResourceIdNormalizer_Normalize_ConfigHasOldLabel(t *testing.T) { _ = rt.Normalize(configObj, liveObj, common.LabelKeyAppInstance, string(TrackingMethodAnnotation)) // the normalization should affect add the new style annotation and drop old tracking label from live object - annotation := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + annotation, err := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + assert.Nil(t, err) assert.Equal(t, liveObj.GetAnnotations()[common.AnnotationKeyAppInstance], annotation) _, hasOldLabel := liveObj.GetLabels()[common.LabelKeyAppInstance] assert.True(t, hasOldLabel) diff --git a/util/cert/cert.go b/util/cert/cert.go index c7ac284c20314..3826c72b7d6e7 100644 --- a/util/cert/cert.go +++ b/util/cert/cert.go @@ -135,7 +135,7 @@ func ParseTLSCertificatesFromPath(sourceFile string) ([]string, error) { if err = fileHandle.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", fileHandle.Name(), err) } }() @@ -199,7 +199,7 @@ func ParseSSHKnownHostsFromPath(sourceFile string) ([]string, error) { if err = fileHandle.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", fileHandle.Name(), err) } }() diff --git a/util/dex/config.go b/util/dex/config.go index 02f83c16c55cc..6f09eb2c46080 100644 --- a/util/dex/config.go +++ b/util/dex/config.go @@ -9,20 +9,20 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" ) -func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ([]byte, error) { - if !settings.IsDexConfigured() { +func GenerateDexConfigYAML(argocdSettings *settings.ArgoCDSettings, disableTls bool) ([]byte, error) { + if !argocdSettings.IsDexConfigured() { return nil, nil } - redirectURL, err := settings.RedirectURL() + redirectURL, err := argocdSettings.RedirectURL() if err != nil { return nil, fmt.Errorf("failed to infer redirect url from config: %v", err) } var dexCfg map[string]interface{} - err = yaml.Unmarshal([]byte(settings.DexConfig), &dexCfg) + err = yaml.Unmarshal([]byte(argocdSettings.DexConfig), &dexCfg) if err != nil { return nil, fmt.Errorf("failed to unmarshal dex.config from configmap: %v", err) } - dexCfg["issuer"] = settings.IssuerURL() + dexCfg["issuer"] = argocdSettings.IssuerURL() dexCfg["storage"] = map[string]interface{}{ "type": "memory", } @@ -58,7 +58,7 @@ func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ( argoCDStaticClient := map[string]interface{}{ "id": common.ArgoCDClientAppID, "name": common.ArgoCDClientAppName, - "secret": settings.DexOAuth2ClientSecret(), + "secret": argocdSettings.DexOAuth2ClientSecret(), "redirectURIs": []string{ redirectURL, }, @@ -80,7 +80,7 @@ func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ( dexCfg["staticClients"] = []interface{}{argoCDStaticClient, argoCDCLIStaticClient} } - dexRedirectURL, err := settings.DexRedirectURL() + dexRedirectURL, err := argocdSettings.DexRedirectURL() if err != nil { return nil, err } @@ -106,46 +106,10 @@ func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ( connectors[i] = connector } dexCfg["connectors"] = connectors - dexCfg = replaceMapSecrets(dexCfg, settings.Secrets) + dexCfg = settings.ReplaceMapSecrets(dexCfg, argocdSettings.Secrets) return yaml.Marshal(dexCfg) } -// replaceMapSecrets takes a json object and recursively looks for any secret key references in the -// object and replaces the value with the secret value -func replaceMapSecrets(obj map[string]interface{}, secretValues map[string]string) map[string]interface{} { - newObj := make(map[string]interface{}) - for k, v := range obj { - switch val := v.(type) { - case map[string]interface{}: - newObj[k] = replaceMapSecrets(val, secretValues) - case []interface{}: - newObj[k] = replaceListSecrets(val, secretValues) - case string: - newObj[k] = settings.ReplaceStringSecret(val, secretValues) - default: - newObj[k] = val - } - } - return newObj -} - -func replaceListSecrets(obj []interface{}, secretValues map[string]string) []interface{} { - newObj := make([]interface{}, len(obj)) - for i, v := range obj { - switch val := v.(type) { - case map[string]interface{}: - newObj[i] = replaceMapSecrets(val, secretValues) - case []interface{}: - newObj[i] = replaceListSecrets(val, secretValues) - case string: - newObj[i] = settings.ReplaceStringSecret(val, secretValues) - default: - newObj[i] = val - } - } - return newObj -} - // needsRedirectURI returns whether or not the given connector type needs a redirectURI // Update this list as necessary, as new connectors are added // https://dexidp.io/docs/connectors/ diff --git a/util/env/env.go b/util/env/env.go index dc1549082db10..1b49a0c322065 100644 --- a/util/env/env.go +++ b/util/env/env.go @@ -1,6 +1,7 @@ package env import ( + "math" "os" "strconv" "strings" @@ -21,20 +22,24 @@ func ParseNumFromEnv(env string, defaultValue, min, max int) int { if str == "" { return defaultValue } - num, err := strconv.Atoi(str) + num, err := strconv.ParseInt(str, 10, 0) if err != nil { log.Warnf("Could not parse '%s' as a number from environment %s", str, env) return defaultValue } - if num < min { + if num > math.MaxInt || num < math.MinInt { + log.Warnf("Value in %s is %d is outside of the min and max %d allowed values. Using default %d", env, num, min, defaultValue) + return defaultValue + } + if int(num) < min { log.Warnf("Value in %s is %d, which is less than minimum %d allowed", env, num, min) return defaultValue } - if num > max { + if int(num) > max { log.Warnf("Value in %s is %d, which is greater than maximum %d allowed", env, num, max) return defaultValue } - return num + return int(num) } // Helper function to parse a int64 from an environment variable. Returns a diff --git a/util/exec/exec.go b/util/exec/exec.go index 5d4f292fc2f48..03ab0c4724838 100644 --- a/util/exec/exec.go +++ b/util/exec/exec.go @@ -19,6 +19,10 @@ type ExecRunOpts struct { Redactor func(text string) string // TimeoutBehavior configures what to do in case of timeout TimeoutBehavior argoexec.TimeoutBehavior + // SkipErrorLogging determines whether to skip logging of execution errors (rc > 0) + SkipErrorLogging bool + // CaptureStderr determines whether to capture stderr in addition to stdout + CaptureStderr bool } func init() { @@ -43,7 +47,7 @@ func RunWithRedactor(cmd *exec.Cmd, redactor func(text string) string) (string, } func RunWithExecRunOpts(cmd *exec.Cmd, opts ExecRunOpts) (string, error) { - cmdOpts := argoexec.CmdOpts{Timeout: timeout, Redactor: opts.Redactor, TimeoutBehavior: opts.TimeoutBehavior} + cmdOpts := argoexec.CmdOpts{Timeout: timeout, Redactor: opts.Redactor, TimeoutBehavior: opts.TimeoutBehavior, SkipErrorLogging: opts.SkipErrorLogging} span := tracing.NewLoggingTracer(log.NewLogrusLogger(log.NewWithCurrentConfig())).StartSpan(fmt.Sprintf("exec %v", cmd.Args[0])) span.SetBaggageItem("dir", fmt.Sprintf("%v", cmd.Dir)) if cmdOpts.Redactor != nil { diff --git a/util/git/client.go b/util/git/client.go index 51e98df746d86..6b8587c0b3660 100644 --- a/util/git/client.go +++ b/util/git/client.go @@ -17,6 +17,7 @@ import ( "time" argoexec "github.com/argoproj/pkg/exec" + "github.com/bmatcuk/doublestar/v4" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/plumbing" @@ -66,11 +67,12 @@ type Client interface { Checkout(revision string, submoduleEnabled bool) error LsRefs() (*Refs, error) LsRemote(revision string) (string, error) - LsFiles(path string) ([]string, error) + LsFiles(path string, enableNewGitFileGlobbing bool) ([]string, error) LsLargeFiles() ([]string, error) CommitSHA() (string, error) RevisionMetadata(revision string) (*RevisionMetadata, error) VerifyCommitSignature(string) (string, error) + IsAnnotatedTag(string) bool } type EventHandlers struct { @@ -100,6 +102,11 @@ type nativeGitClient struct { proxy string } +type runOpts struct { + SkipErrorLogging bool + CaptureStderr bool +} + var ( maxAttemptsCount = 1 maxRetryDuration time.Duration @@ -334,9 +341,9 @@ func (m *nativeGitClient) IsLFSEnabled() bool { func (m *nativeGitClient) fetch(revision string) error { var err error if revision != "" { - err = m.runCredentialedCmd("git", "fetch", "origin", revision, "--tags", "--force", "--prune") + err = m.runCredentialedCmd("fetch", "origin", revision, "--tags", "--force", "--prune") } else { - err = m.runCredentialedCmd("git", "fetch", "origin", "--tags", "--force", "--prune") + err = m.runCredentialedCmd("fetch", "origin", "--tags", "--force", "--prune") } return err } @@ -354,7 +361,7 @@ func (m *nativeGitClient) Fetch(revision string) error { if err == nil && m.IsLFSEnabled() { largeFiles, err := m.LsLargeFiles() if err == nil && len(largeFiles) > 0 { - err = m.runCredentialedCmd("git", "lfs", "fetch", "--all") + err = m.runCredentialedCmd("lfs", "fetch", "--all") if err != nil { return err } @@ -365,14 +372,44 @@ func (m *nativeGitClient) Fetch(revision string) error { } // LsFiles lists the local working tree, including only files that are under source control -func (m *nativeGitClient) LsFiles(path string) ([]string, error) { - out, err := m.runCmd("ls-files", "--full-name", "-z", "--", path) - if err != nil { - return nil, err +func (m *nativeGitClient) LsFiles(path string, enableNewGitFileGlobbing bool) ([]string, error) { + if enableNewGitFileGlobbing { + // This is the new way with safer globbing + err := os.Chdir(m.root) + if err != nil { + return nil, err + } + all_files, err := doublestar.FilepathGlob(path) + if err != nil { + return nil, err + } + var files []string + for _, file := range all_files { + link, err := filepath.EvalSymlinks(file) + if err != nil { + return nil, err + } + absPath, err := filepath.Abs(link) + if err != nil { + return nil, err + } + if strings.HasPrefix(absPath, m.root) { + files = append(files, file) + } else { + log.Warnf("Absolute path for %s is outside of repository, removing it", file) + } + } + return files, nil + } else { + // This is the old and default way + out, err := m.runCmd("ls-files", "--full-name", "-z", "--", path) + if err != nil { + return nil, err + } + // remove last element, which is blank regardless of whether we're using nullbyte or newline + ss := strings.Split(out, "\000") + return ss[:len(ss)-1], nil } - // remove last element, which is blank regardless of whether we're using nullbyte or newline - ss := strings.Split(out, "\000") - return ss[:len(ss)-1], nil } // LsLargeFiles lists all files that have references to LFS storage @@ -387,10 +424,10 @@ func (m *nativeGitClient) LsLargeFiles() ([]string, error) { // Submodule embed other repositories into this repository func (m *nativeGitClient) Submodule() error { - if err := m.runCredentialedCmd("git", "submodule", "sync", "--recursive"); err != nil { + if err := m.runCredentialedCmd("submodule", "sync", "--recursive"); err != nil { return err } - if err := m.runCredentialedCmd("git", "submodule", "update", "--init", "--recursive"); err != nil { + if err := m.runCredentialedCmd("submodule", "update", "--init", "--recursive"); err != nil { return err } return nil @@ -424,7 +461,12 @@ func (m *nativeGitClient) Checkout(revision string, submoduleEnabled bool) error } } } - if _, err := m.runCmd("clean", "-fdx"); err != nil { + // NOTE + // The double “f” in the arguments is not a typo: the first “f” tells + // `git clean` to delete untracked files and directories, and the second “f” + // tells it to clean untractked nested Git repositories (for example a + // submodule which has since been removed). + if _, err := m.runCmd("clean", "-ffdx"); err != nil { return err } return nil @@ -617,22 +659,33 @@ func (m *nativeGitClient) VerifyCommitSignature(revision string) (string, error) return out, nil } +// IsAnnotatedTag returns true if the revision points to an annotated tag +func (m *nativeGitClient) IsAnnotatedTag(revision string) bool { + cmd := exec.Command("git", "describe", "--exact-match", revision) + out, err := m.runCmdOutput(cmd, runOpts{SkipErrorLogging: true}) + if out != "" && err == nil { + return true + } else { + return false + } +} + // runWrapper runs a custom command with all the semantics of running the Git client func (m *nativeGitClient) runGnuPGWrapper(wrapper string, args ...string) (string, error) { cmd := exec.Command(wrapper, args...) cmd.Env = append(cmd.Env, fmt.Sprintf("GNUPGHOME=%s", common.GetGnuPGHomePath()), "LANG=C") - return m.runCmdOutput(cmd) + return m.runCmdOutput(cmd, runOpts{}) } // runCmd is a convenience function to run a command in a given directory and return its output func (m *nativeGitClient) runCmd(args ...string) (string, error) { cmd := exec.Command("git", args...) - return m.runCmdOutput(cmd) + return m.runCmdOutput(cmd, runOpts{}) } // runCredentialedCmd is a convenience function to run a git command with username/password credentials // nolint:unparam -func (m *nativeGitClient) runCredentialedCmd(command string, args ...string) error { +func (m *nativeGitClient) runCredentialedCmd(args ...string) error { closer, environ, err := m.creds.Environ() if err != nil { return err @@ -647,13 +700,13 @@ func (m *nativeGitClient) runCredentialedCmd(command string, args ...string) err } } - cmd := exec.Command(command, args...) + cmd := exec.Command("git", args...) cmd.Env = append(cmd.Env, environ...) - _, err = m.runCmdOutput(cmd) + _, err = m.runCmdOutput(cmd, runOpts{}) return err } -func (m *nativeGitClient) runCmdOutput(cmd *exec.Cmd) (string, error) { +func (m *nativeGitClient) runCmdOutput(cmd *exec.Cmd, ropts runOpts) (string, error) { cmd.Dir = m.root cmd.Env = append(os.Environ(), cmd.Env...) // Set $HOME to nowhere, so we can be execute Git regardless of any external @@ -691,6 +744,8 @@ func (m *nativeGitClient) runCmdOutput(cmd *exec.Cmd) (string, error) { Signal: syscall.SIGTERM, ShouldWait: true, }, + SkipErrorLogging: ropts.SkipErrorLogging, + CaptureStderr: ropts.CaptureStderr, } return executil.RunWithExecRunOpts(cmd, opts) } diff --git a/util/git/client_test.go b/util/git/client_test.go index d8de29379953c..d5509edc2b55c 100644 --- a/util/git/client_test.go +++ b/util/git/client_test.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "os/exec" + "path" "path/filepath" "testing" @@ -70,6 +71,50 @@ func Test_nativeGitClient_Fetch_Prune(t *testing.T) { assert.NoError(t, err) } +func Test_IsAnnotatedTag(t *testing.T) { + tempDir := t.TempDir() + client, err := NewClient(fmt.Sprintf("file://%s", tempDir), NopCreds{}, true, false, "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + p := path.Join(client.Root(), "README") + f, err := os.Create(p) + require.NoError(t, err) + _, err = f.WriteString("Hello.") + require.NoError(t, err) + err = f.Close() + require.NoError(t, err) + + err = runCmd(client.Root(), "git", "add", "README") + require.NoError(t, err) + + err = runCmd(client.Root(), "git", "commit", "-m", "Initial commit", "-a") + require.NoError(t, err) + + atag := client.IsAnnotatedTag("master") + assert.False(t, atag) + + err = runCmd(client.Root(), "git", "tag", "some-tag", "-a", "-m", "Create annotated tag") + require.NoError(t, err) + atag = client.IsAnnotatedTag("some-tag") + assert.True(t, atag) + + // Tag effectually points to HEAD, so it's considered the same + atag = client.IsAnnotatedTag("HEAD") + assert.True(t, atag) + + err = runCmd(client.Root(), "git", "rm", "README") + assert.NoError(t, err) + err = runCmd(client.Root(), "git", "commit", "-m", "remove README", "-a") + assert.NoError(t, err) + + // We moved on, so tag doesn't point to HEAD anymore + atag = client.IsAnnotatedTag("HEAD") + assert.False(t, atag) +} + func Test_nativeGitClient_Submodule(t *testing.T) { tempDir, err := os.MkdirTemp("", "") require.NoError(t, err) diff --git a/util/git/creds.go b/util/git/creds.go index 76655de34913c..c3d09574eeb84 100644 --- a/util/git/creds.go +++ b/util/git/creds.go @@ -279,7 +279,7 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { if err = file.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", file.Name(), err) } }() diff --git a/util/git/git.go b/util/git/git.go index b925789453b20..d5a8652f7ce90 100644 --- a/util/git/git.go +++ b/util/git/git.go @@ -14,14 +14,6 @@ func ensurePrefix(s, prefix string) string { return s } -// removeSuffix idempotently removes a given suffix -func removeSuffix(s, suffix string) string { - if strings.HasSuffix(s, suffix) { - return s[0 : len(s)-len(suffix)] - } - return s -} - var ( commitSHARegex = regexp.MustCompile("^[0-9A-Fa-f]{40}$") sshURLRegex = regexp.MustCompile("^(ssh://)?([^/:]*?)@[^@]+$") @@ -62,7 +54,7 @@ func NormalizeGitURL(repo string) string { repo = ensurePrefix(repo, "ssh://") } } - repo = removeSuffix(repo, ".git") + repo = strings.TrimSuffix(repo, ".git") repoURL, err := url.Parse(repo) if err != nil { return "" diff --git a/util/git/git_test.go b/util/git/git_test.go index 3dc87b718ac47..5cc13a9fdc74c 100644 --- a/util/git/git_test.go +++ b/util/git/git_test.go @@ -45,18 +45,6 @@ func TestEnsurePrefix(t *testing.T) { } } -func TestRemoveSuffix(t *testing.T) { - data := [][]string{ - {"hello.git", ".git", "hello"}, - {"hello", ".git", "hello"}, - {".git", ".git", ""}, - } - for _, table := range data { - result := removeSuffix(table[0], table[1]) - assert.Equal(t, table[2], result) - } -} - func TestIsSSHURL(t *testing.T) { data := map[string]bool{ "git://github.com/argoproj/test.git": false, @@ -411,3 +399,54 @@ func TestListRevisions(t *testing.T) { assert.NotContains(t, lsResult.Branches, testTag) assert.NotContains(t, lsResult.Tags, testBranch) } + +func TestLsFiles(t *testing.T) { + tmpDir1 := t.TempDir() + tmpDir2 := t.TempDir() + + client, err := NewClientExt("", tmpDir1, NopCreds{}, false, false, "") + assert.NoError(t, err) + + err = runCmd(tmpDir1, "git", "init") + assert.NoError(t, err) + + // Prepare files + a, err := os.Create(filepath.Join(tmpDir1, "a.yaml")) + assert.NoError(t, err) + a.Close() + err = os.MkdirAll(filepath.Join(tmpDir1, "subdir"), 0755) + assert.NoError(t, err) + b, err := os.Create(filepath.Join(tmpDir1, "subdir", "b.yaml")) + assert.NoError(t, err) + b.Close() + err = os.MkdirAll(filepath.Join(tmpDir2, "subdir"), 0755) + assert.NoError(t, err) + c, err := os.Create(filepath.Join(tmpDir2, "c.yaml")) + assert.NoError(t, err) + c.Close() + err = os.Symlink(filepath.Join(tmpDir2, "c.yaml"), filepath.Join(tmpDir1, "link.yaml")) + assert.NoError(t, err) + + err = runCmd(tmpDir1, "git", "add", ".") + assert.NoError(t, err) + err = runCmd(tmpDir1, "git", "commit", "-m", "Initial commit") + assert.NoError(t, err) + + // Old and default globbing + expectedResult := []string{"a.yaml", "link.yaml", "subdir/b.yaml"} + lsResult, err := client.LsFiles("*.yaml", false) + assert.NoError(t, err) + assert.Equal(t, lsResult, expectedResult) + + // New and safer globbing, do not return symlinks resolving outside of the repo + expectedResult = []string{"a.yaml"} + lsResult, err = client.LsFiles("*.yaml", true) + assert.NoError(t, err) + assert.Equal(t, lsResult, expectedResult) + + // New globbing, do not return files outside of the repo + var nilResult []string + lsResult, err = client.LsFiles(filepath.Join(tmpDir2, "*.yaml"), true) + assert.NoError(t, err) + assert.Equal(t, lsResult, nilResult) +} diff --git a/util/git/mocks/Client.go b/util/git/mocks/Client.go index 3d4471b1f23c1..1d32c9bc9c5d2 100644 --- a/util/git/mocks/Client.go +++ b/util/git/mocks/Client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.10.0. DO NOT EDIT. +// Code generated by mockery v2.30.1. DO NOT EDIT. package mocks @@ -31,13 +31,16 @@ func (_m *Client) CommitSHA() (string, error) { ret := _m.Called() var r0 string + var r1 error + if rf, ok := ret.Get(0).(func() (string, error)); ok { + return rf() + } if rf, ok := ret.Get(0).(func() string); ok { r0 = rf() } else { r0 = ret.Get(0).(string) } - var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -75,22 +78,39 @@ func (_m *Client) Init() error { return r0 } -// LsFiles provides a mock function with given fields: path -func (_m *Client) LsFiles(path string) ([]string, error) { - ret := _m.Called(path) +// IsAnnotatedTag provides a mock function with given fields: _a0 +func (_m *Client) IsAnnotatedTag(_a0 string) bool { + ret := _m.Called(_a0) + + var r0 bool + if rf, ok := ret.Get(0).(func(string) bool); ok { + r0 = rf(_a0) + } else { + r0 = ret.Get(0).(bool) + } + + return r0 +} + +// LsFiles provides a mock function with given fields: path, enableNewGitFileGlobbing +func (_m *Client) LsFiles(path string, enableNewGitFileGlobbing bool) ([]string, error) { + ret := _m.Called(path, enableNewGitFileGlobbing) var r0 []string - if rf, ok := ret.Get(0).(func(string) []string); ok { - r0 = rf(path) + var r1 error + if rf, ok := ret.Get(0).(func(string, bool) ([]string, error)); ok { + return rf(path, enableNewGitFileGlobbing) + } + if rf, ok := ret.Get(0).(func(string, bool) []string); ok { + r0 = rf(path, enableNewGitFileGlobbing) } else { if ret.Get(0) != nil { r0 = ret.Get(0).([]string) } } - var r1 error - if rf, ok := ret.Get(1).(func(string) error); ok { - r1 = rf(path) + if rf, ok := ret.Get(1).(func(string, bool) error); ok { + r1 = rf(path, enableNewGitFileGlobbing) } else { r1 = ret.Error(1) } @@ -103,6 +123,10 @@ func (_m *Client) LsLargeFiles() ([]string, error) { ret := _m.Called() var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func() ([]string, error)); ok { + return rf() + } if rf, ok := ret.Get(0).(func() []string); ok { r0 = rf() } else { @@ -111,7 +135,6 @@ func (_m *Client) LsLargeFiles() ([]string, error) { } } - var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -126,6 +149,10 @@ func (_m *Client) LsRefs() (*git.Refs, error) { ret := _m.Called() var r0 *git.Refs + var r1 error + if rf, ok := ret.Get(0).(func() (*git.Refs, error)); ok { + return rf() + } if rf, ok := ret.Get(0).(func() *git.Refs); ok { r0 = rf() } else { @@ -134,7 +161,6 @@ func (_m *Client) LsRefs() (*git.Refs, error) { } } - var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -149,13 +175,16 @@ func (_m *Client) LsRemote(revision string) (string, error) { ret := _m.Called(revision) var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string) (string, error)); ok { + return rf(revision) + } if rf, ok := ret.Get(0).(func(string) string); ok { r0 = rf(revision) } else { r0 = ret.Get(0).(string) } - var r1 error if rf, ok := ret.Get(1).(func(string) error); ok { r1 = rf(revision) } else { @@ -170,6 +199,10 @@ func (_m *Client) RevisionMetadata(revision string) (*git.RevisionMetadata, erro ret := _m.Called(revision) var r0 *git.RevisionMetadata + var r1 error + if rf, ok := ret.Get(0).(func(string) (*git.RevisionMetadata, error)); ok { + return rf(revision) + } if rf, ok := ret.Get(0).(func(string) *git.RevisionMetadata); ok { r0 = rf(revision) } else { @@ -178,7 +211,6 @@ func (_m *Client) RevisionMetadata(revision string) (*git.RevisionMetadata, erro } } - var r1 error if rf, ok := ret.Get(1).(func(string) error); ok { r1 = rf(revision) } else { @@ -221,13 +253,16 @@ func (_m *Client) VerifyCommitSignature(_a0 string) (string, error) { ret := _m.Called(_a0) var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string) (string, error)); ok { + return rf(_a0) + } if rf, ok := ret.Get(0).(func(string) string); ok { r0 = rf(_a0) } else { r0 = ret.Get(0).(string) } - var r1 error if rf, ok := ret.Get(1).(func(string) error); ok { r1 = rf(_a0) } else { @@ -236,3 +271,17 @@ func (_m *Client) VerifyCommitSignature(_a0 string) (string, error) { return r0, r1 } + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/util/gpg/gpg.go b/util/gpg/gpg.go index 140fe4932336e..681c22d310e23 100644 --- a/util/gpg/gpg.go +++ b/util/gpg/gpg.go @@ -170,7 +170,7 @@ func writeKeyToFile(keyData string) (string, error) { if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() @@ -275,7 +275,7 @@ func InitializeGnuPG() error { if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() @@ -302,7 +302,7 @@ func ImportPGPKeysFromString(keyData string) ([]*appsv1.GnuPGPublicKey, error) { if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() @@ -430,7 +430,7 @@ func SetPGPTrustLevel(pgpKeys []*appsv1.GnuPGPublicKey, trustLevel string) error if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() diff --git a/util/helm/client.go b/util/helm/client.go index edd5900f6e884..8fa3f6c0d24d8 100644 --- a/util/helm/client.go +++ b/util/helm/client.go @@ -304,6 +304,7 @@ func (c *nativeHelmChart) loadRepoIndex() ([]byte, error) { tr := &http.Transport{ Proxy: proxy.GetCallback(c.proxy), TLSClientConfig: tlsConf, + DisableKeepAlives: true, } client := http.Client{Transport: tr} resp, err := client.Do(req) @@ -412,6 +413,7 @@ func (c *nativeHelmChart) GetTags(chart string, noCache bool) (*TagsList, error) client := &http.Client{Transport: &http.Transport{ Proxy: proxy.GetCallback(c.proxy), TLSClientConfig: tlsConf, + DisableKeepAlives: true, }} repo.Client = &auth.Client{ Client: client, diff --git a/util/helm/cmd.go b/util/helm/cmd.go index d4904dadb6fbf..4714d0fbe8807 100644 --- a/util/helm/cmd.go +++ b/util/helm/cmd.go @@ -176,7 +176,7 @@ func writeToTmp(data []byte) (string, argoio.Closer, error) { if err = file.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", file.Name(), err) } }() @@ -233,6 +233,9 @@ func (c *Cmd) PullOCI(repo string, chart string, version string, destination str version, "--destination", destination} + if creds.CAPath != "" { + args = append(args, "--ca-file", creds.CAPath) + } if creds.InsecureSkipVerify && c.insecureSkipVerifySupported { args = append(args, "--insecure-skip-tls-verify") } diff --git a/util/helm/index_test.go b/util/helm/index_test.go index 152fceae02c6d..dd7fc0b8bfa06 100644 --- a/util/helm/index_test.go +++ b/util/helm/index_test.go @@ -9,7 +9,7 @@ import ( var index = Index{ Entries: map[string]Entries{ - "argo-cd": { + "argo-cd": { {Version: "~0.7.3"}, {Version: "0.7.2"}, {Version: "0.7.1"}, @@ -57,4 +57,28 @@ func TestEntries_MaxVersion(t *testing.T) { assert.NoError(t, err) assert.Equal(t, semver.MustParse("0.7.2"), version) }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint("> 0.0.0") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.7.2"), version) + }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint(">0.5.0,<0.7.0") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.5.4"), version) + }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint("0.7.*") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.7.2"), version) + }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint("*") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.7.2"), version) + }) } diff --git a/util/kube/kube.go b/util/kube/kube.go index 0df9a36d813ca..ad3dd47e804eb 100644 --- a/util/kube/kube.go +++ b/util/kube/kube.go @@ -20,7 +20,11 @@ func IsValidResourceName(name string) bool { // SetAppInstanceLabel the recommended app.kubernetes.io/instance label against an unstructured object // Uses the legacy labeling if environment variable is set func SetAppInstanceLabel(target *unstructured.Unstructured, key, val string) error { - labels := target.GetLabels() + // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 + labels, _, err := unstructured.NestedStringMap(target.Object, "metadata", "labels") + if err != nil { + return err + } if labels == nil { labels = make(map[string]string) } @@ -96,7 +100,11 @@ func SetAppInstanceLabel(target *unstructured.Unstructured, key, val string) err // SetAppInstanceAnnotation the recommended app.kubernetes.io/instance annotation against an unstructured object // Uses the legacy labeling if environment variable is set func SetAppInstanceAnnotation(target *unstructured.Unstructured, key, val string) error { - annotations := target.GetAnnotations() + // Do not use target.GetAnnotations(), https://github.com/argoproj/argo-cd/issues/13730 + annotations, _, err := unstructured.NestedStringMap(target.Object, "metadata", "annotations") + if err != nil { + return err + } if annotations == nil { annotations = make(map[string]string) } @@ -106,26 +114,40 @@ func SetAppInstanceAnnotation(target *unstructured.Unstructured, key, val string } // GetAppInstanceAnnotation returns the application instance name from annotation -func GetAppInstanceAnnotation(un *unstructured.Unstructured, key string) string { - if annotations := un.GetAnnotations(); annotations != nil { - return annotations[key] +func GetAppInstanceAnnotation(un *unstructured.Unstructured, key string) (string, error) { + // Do not use target.GetAnnotations(), https://github.com/argoproj/argo-cd/issues/13730 + annotations, _, err := unstructured.NestedStringMap(un.Object, "metadata", "annotations") + if err != nil { + return "", err } - return "" + if annotations != nil { + return annotations[key], nil + } + return "", nil } // GetAppInstanceLabel returns the application instance name from labels -func GetAppInstanceLabel(un *unstructured.Unstructured, key string) string { - if labels := un.GetLabels(); labels != nil { - return labels[key] +func GetAppInstanceLabel(un *unstructured.Unstructured, key string) (string, error) { + // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 + labels, _, err := unstructured.NestedStringMap(un.Object, "metadata", "labels") + if err != nil { + return "", err + } + if labels != nil { + return labels[key], nil } - return "" + return "", nil } // RemoveLabel removes label with the specified name -func RemoveLabel(un *unstructured.Unstructured, key string) { - labels := un.GetLabels() +func RemoveLabel(un *unstructured.Unstructured, key string) error { + // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 + labels, _, err := unstructured.NestedStringMap(un.Object, "metadata", "labels") + if err != nil { + return err + } if labels == nil { - return + return nil } for k := range labels { @@ -139,4 +161,5 @@ func RemoveLabel(un *unstructured.Unstructured, key string) { break } } + return nil } diff --git a/util/kube/kube_test.go b/util/kube/kube_test.go index 247f4124fac4c..f7fc1607aaa39 100644 --- a/util/kube/kube_test.go +++ b/util/kube/kube_test.go @@ -184,6 +184,17 @@ func TestSetAppInstanceAnnotation(t *testing.T) { assert.Equal(t, "my-app", s.ObjectMeta.Annotations[common.LabelKeyAppInstance]) } +func TestSetAppInstanceAnnotationWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + err = SetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance, "my-app") + assert.Error(t, err) + assert.Equal(t, ".metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) +} + func TestGetAppInstanceAnnotation(t *testing.T) { yamlBytes, err := os.ReadFile("testdata/svc.yaml") assert.Nil(t, err) @@ -193,7 +204,21 @@ func TestGetAppInstanceAnnotation(t *testing.T) { err = SetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance, "my-app") assert.Nil(t, err) - assert.Equal(t, "my-app", GetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance)) + annotation, err := GetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance) + assert.Nil(t, err) + assert.Equal(t, "my-app", annotation) +} + +func TestGetAppInstanceAnnotationWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + + _, err = GetAppInstanceAnnotation(&obj, "valid-annotation") + assert.Error(t, err) + assert.Equal(t, ".metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) } func TestGetAppInstanceLabel(t *testing.T) { @@ -204,7 +229,20 @@ func TestGetAppInstanceLabel(t *testing.T) { assert.Nil(t, err) err = SetAppInstanceLabel(&obj, common.LabelKeyAppInstance, "my-app") assert.Nil(t, err) - assert.Equal(t, "my-app", GetAppInstanceLabel(&obj, common.LabelKeyAppInstance)) + label, err := GetAppInstanceLabel(&obj, common.LabelKeyAppInstance) + assert.Nil(t, err) + assert.Equal(t, "my-app", label) +} + +func TestGetAppInstanceLabelWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + _, err = GetAppInstanceLabel(&obj, "valid-label") + assert.Error(t, err) + assert.Equal(t, ".metadata.labels accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) } func TestRemoveLabel(t *testing.T) { @@ -215,7 +253,20 @@ func TestRemoveLabel(t *testing.T) { assert.Nil(t, err) obj.SetLabels(map[string]string{"test": "value"}) - RemoveLabel(&obj, "test") + err = RemoveLabel(&obj, "test") + assert.Nil(t, err) assert.Nil(t, obj.GetLabels()) } + +func TestRemoveLabelWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + + err = RemoveLabel(&obj, "valid-label") + assert.Error(t, err) + assert.Equal(t, ".metadata.labels accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) +} diff --git a/util/kube/testdata/svc-with-invalid-data.yaml b/util/kube/testdata/svc-with-invalid-data.yaml new file mode 100644 index 0000000000000..bdae0d671131a --- /dev/null +++ b/util/kube/testdata/svc-with-invalid-data.yaml @@ -0,0 +1,17 @@ +kind: Service +apiVersion: v1 +metadata: + name: my-service + annotations: + valid-annotation: existing-value + invalid-annotation: null + labels: + valid-label: existing-value + invalid-label: null +spec: + selector: + app: MyApp + ports: + - protocol: TCP + port: 80 + targetPort: 9376 diff --git a/util/kustomize/kustomize.go b/util/kustomize/kustomize.go index 0c2bd50683105..78765cb2ff35d 100644 --- a/util/kustomize/kustomize.go +++ b/util/kustomize/kustomize.go @@ -108,7 +108,9 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize, kustomizeOp // set image node:8.15.0 mysql=mariadb alpine@sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3 args := []string{"edit", "set", "image"} for _, image := range opts.Images { - args = append(args, string(image)) + // this allows using ${ARGOCD_APP_REVISION} + envSubstitutedImage := envVars.Envsubst(string(image)) + args = append(args, envSubstitutedImage) } cmd := exec.Command(k.getBinaryPath(), args...) cmd.Dir = k.path diff --git a/util/lua/custom_actions_test.go b/util/lua/custom_actions_test.go index 8312338ba6132..8f7d0e7495513 100644 --- a/util/lua/custom_actions_test.go +++ b/util/lua/custom_actions_test.go @@ -1,19 +1,22 @@ package lua import ( + "bytes" "fmt" "os" "path/filepath" "strings" "testing" - "github.com/argoproj/gitops-engine/pkg/diff" "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "sigs.k8s.io/yaml" + "github.com/argoproj/gitops-engine/pkg/diff" + appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/cli" + "github.com/argoproj/argo-cd/v2/util/errors" ) type testNormalizer struct{} @@ -23,28 +26,53 @@ func (t testNormalizer) Normalize(un *unstructured.Unstructured) error { return nil } switch un.GetKind() { + case "Job": + err := unstructured.SetNestedField(un.Object, map[string]interface{}{"name": "not sure why this works"}, "metadata") + if err != nil { + return fmt.Errorf("failed to normalize Job: %w", err) + } + } + switch un.GetKind() { case "DaemonSet", "Deployment", "StatefulSet": err := unstructured.SetNestedStringMap(un.Object, map[string]string{"kubectl.kubernetes.io/restartedAt": "0001-01-01T00:00:00Z"}, "spec", "template", "metadata", "annotations") if err != nil { - return fmt.Errorf("failed to normalize DaemonSet: %w", err) + return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err) } } switch un.GetKind() { case "Deployment": err := unstructured.SetNestedField(un.Object, nil, "status") if err != nil { - return fmt.Errorf("failed to normalize DaemonSet: %w", err) + return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err) } err = unstructured.SetNestedField(un.Object, nil, "metadata", "creationTimestamp") if err != nil { - return fmt.Errorf("failed to normalize DaemonSet: %w", err) + return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err) } err = unstructured.SetNestedField(un.Object, nil, "metadata", "generation") if err != nil { - return fmt.Errorf("failed to normalize DaemonSet: %w", err) + return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err) } case "Rollout": err := unstructured.SetNestedField(un.Object, nil, "spec", "restartAt") + if err != nil { + return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err) + } + case "ExternalSecret": + err := unstructured.SetNestedStringMap(un.Object, map[string]string{"force-sync": "0001-01-01T00:00:00Z"}, "metadata", "annotations") + if err != nil { + return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err) + } + case "Workflow": + err := unstructured.SetNestedField(un.Object, nil, "metadata", "resourceVersion") + if err != nil { + return fmt.Errorf("failed to normalize Rollout: %w", err) + } + err = unstructured.SetNestedField(un.Object, nil, "metadata", "uid") + if err != nil { + return fmt.Errorf("failed to normalize Rollout: %w", err) + } + err = unstructured.SetNestedField(un.Object, nil, "metadata", "annotations", "workflows.argoproj.io/scheduled-time") if err != nil { return fmt.Errorf("failed to normalize Rollout: %w", err) } @@ -102,6 +130,7 @@ func TestLuaResourceActionsScript(t *testing.T) { for i := range resourceTest.ActionTests { test := resourceTest.ActionTests[i] testName := fmt.Sprintf("actions/%s/%s", test.Action, test.InputPath) + t.Run(testName, func(t *testing.T) { vm := VM{ // Uncomment the following line if you need to use lua libraries debugging @@ -109,22 +138,59 @@ func TestLuaResourceActionsScript(t *testing.T) { // privileges that API server has. //UseOpenLibs: true, } - obj := getObj(filepath.Join(dir, test.InputPath)) - action, err := vm.GetResourceAction(obj, test.Action) + sourceObj := getObj(filepath.Join(dir, test.InputPath)) + action, err := vm.GetResourceAction(sourceObj, test.Action) + assert.NoError(t, err) assert.NoError(t, err) - result, err := vm.ExecuteResourceAction(obj, action.ActionLua) + impactedResources, err := vm.ExecuteResourceAction(sourceObj, action.ActionLua) assert.NoError(t, err) - expectedObj := getObj(filepath.Join(dir, test.ExpectedOutputPath)) - // Ideally, we would use a assert.Equal to detect the difference, but the Lua VM returns a object with float64 instead of the original int32. As a result, the assert.Equal is never true despite that the change has been applied. - diffResult, err := diff.Diff(expectedObj, result, diff.WithNormalizer(testNormalizer{})) - assert.NoError(t, err) - if diffResult.Modified { - t.Error("Output does not match input:") - err = cli.PrintDiff(test.Action, expectedObj, result) + // Treat the Lua expected output as a list + expectedObjects := getExpectedObjectList(t, filepath.Join(dir, test.ExpectedOutputPath)) + + for _, impactedResource := range impactedResources { + result := impactedResource.UnstructuredObj + + // The expected output is a list of objects + // Find the actual impacted resource in the expected output + expectedObj := findFirstMatchingItem(expectedObjects.Items, func(u unstructured.Unstructured) bool { + // Some resources' name is derived from the source object name, so the returned name is not actually equal to the testdata output name + // Considering the resource found in the testdata output if its name starts with source object name + // TODO: maybe this should use a normalizer function instead of hard-coding the resource specifics here + if (result.GetKind() == "Job" && sourceObj.GetKind() == "CronJob") || (result.GetKind() == "Workflow" && (sourceObj.GetKind() == "CronWorkflow" || sourceObj.GetKind() == "WorkflowTemplate")) { + return u.GroupVersionKind() == result.GroupVersionKind() && strings.HasPrefix(u.GetName(), sourceObj.GetName()) && u.GetNamespace() == result.GetNamespace() + } else { + return u.GroupVersionKind() == result.GroupVersionKind() && u.GetName() == result.GetName() && u.GetNamespace() == result.GetNamespace() + } + }) + + assert.NotNil(t, expectedObj) + + switch impactedResource.K8SOperation { + // No default case since a not supported operation would have failed upon unmarshaling earlier + case PatchOperation: + // Patching is only allowed for the source resource, so the GVK + name + ns must be the same as the impacted resource + assert.EqualValues(t, sourceObj.GroupVersionKind(), result.GroupVersionKind()) + assert.EqualValues(t, sourceObj.GetName(), result.GetName()) + assert.EqualValues(t, sourceObj.GetNamespace(), result.GetNamespace()) + case CreateOperation: + switch result.GetKind() { + case "Job": + case "Workflow": + // The name of the created resource is derived from the source object name, so the returned name is not actually equal to the testdata output name + result.SetName(expectedObj.GetName()) + } + } + // Ideally, we would use a assert.Equal to detect the difference, but the Lua VM returns a object with float64 instead of the original int32. As a result, the assert.Equal is never true despite that the change has been applied. + diffResult, err := diff.Diff(expectedObj, result, diff.WithNormalizer(testNormalizer{})) assert.NoError(t, err) + if diffResult.Modified { + t.Error("Output does not match input:") + err = cli.PrintDiff(test.Action, expectedObj, result) + assert.NoError(t, err) + } } }) } @@ -133,3 +199,46 @@ func TestLuaResourceActionsScript(t *testing.T) { }) assert.Nil(t, err) } + +// Handling backward compatibility. +// The old-style actions return a single object in the expected output from testdata, so will wrap them in a list +func getExpectedObjectList(t *testing.T, path string) *unstructured.UnstructuredList { + yamlBytes, err := os.ReadFile(path) + errors.CheckError(err) + unstructuredList := &unstructured.UnstructuredList{} + yamlString := bytes.NewBuffer(yamlBytes).String() + if yamlString[0] == '-' { + // The string represents a new-style action array output, where each member is a wrapper around a k8s unstructured resource + objList := make([]map[string]interface{}, 5) + err = yaml.Unmarshal(yamlBytes, &objList) + errors.CheckError(err) + unstructuredList.Items = make([]unstructured.Unstructured, len(objList)) + // Append each map in objList to the Items field of the new object + for i, obj := range objList { + unstructuredObj, ok := obj["unstructuredObj"].(map[string]interface{}) + if !ok { + t.Error("Wrong type of unstructuredObj") + } + unstructuredList.Items[i] = unstructured.Unstructured{Object: unstructuredObj} + } + } else { + // The string represents an old-style action object output, which is a k8s unstructured resource + obj := make(map[string]interface{}) + err = yaml.Unmarshal(yamlBytes, &obj) + errors.CheckError(err) + unstructuredList.Items = make([]unstructured.Unstructured, 1) + unstructuredList.Items[0] = unstructured.Unstructured{Object: obj} + } + return unstructuredList +} + +func findFirstMatchingItem(items []unstructured.Unstructured, f func(unstructured.Unstructured) bool) *unstructured.Unstructured { + var matching *unstructured.Unstructured = nil + for _, item := range items { + if f(item) { + matching = &item + break + } + } + return matching +} diff --git a/util/lua/health_test.go b/util/lua/health_test.go index 7016c46506438..d4fa537bc2964 100644 --- a/util/lua/health_test.go +++ b/util/lua/health_test.go @@ -29,6 +29,7 @@ func getObj(path string) *unstructured.Unstructured { obj := make(map[string]interface{}) err = yaml.Unmarshal(yamlBytes, &obj) errors.CheckError(err) + return &unstructured.Unstructured{Object: obj} } diff --git a/util/lua/impacted_resource.go b/util/lua/impacted_resource.go new file mode 100644 index 0000000000000..de6ab5933372d --- /dev/null +++ b/util/lua/impacted_resource.go @@ -0,0 +1,50 @@ +package lua + +import ( + "fmt" + + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +// This struct represents a wrapper, that is returned from Lua custom action script, around the unstructured k8s resource + a k8s operation +// that will need to be performed on this returned resource. +// Currently only "create" and "patch" operations are supported for custom actions. +// This replaces the traditional architecture of "Lua action returns the source resource for ArgoCD to patch". +// This enables ArgoCD to create NEW resources upon custom action. +// Note that the Lua code in the custom action is coupled to this type, since Lua json output is then unmarshalled to this struct. +// Avoided using iota, since need the mapping of the string value the end users will write in Lua code ("create" and "patch"). +// TODO: maybe there is a nicer general way to marshal and unmarshal, instead of explicit iteration over the enum values. +type K8SOperation string + +const ( + CreateOperation K8SOperation = "create" + PatchOperation K8SOperation = "patch" +) + +type ImpactedResource struct { + UnstructuredObj *unstructured.Unstructured `json:"resource"` + K8SOperation K8SOperation `json:"operation"` +} + +func (op *K8SOperation) UnmarshalJSON(data []byte) error { + switch string(data) { + case `"create"`: + *op = CreateOperation + case `"patch"`: + *op = PatchOperation + default: + return fmt.Errorf("unsupported operation: %s", data) + } + return nil +} + +func (op K8SOperation) MarshalJSON() ([]byte, error) { + switch op { + case CreateOperation: + return []byte(`"create"`), nil + case PatchOperation: + return []byte(`"patch"`), nil + default: + return nil, fmt.Errorf("unsupported operation: %s", op) + } +} diff --git a/util/lua/lua.go b/util/lua/lua.go index 8f1daba22406c..d9849708e8c95 100644 --- a/util/lua/lua.go +++ b/util/lua/lua.go @@ -1,6 +1,7 @@ package lua import ( + "bytes" "context" "encoding/json" "fmt" @@ -21,6 +22,7 @@ import ( const ( incorrectReturnType = "expect %s output from Lua script, not %s" + incorrectInnerType = "expect %s inner type from Lua script, not %s" invalidHealthStatus = "Lua returned an invalid health status" healthScriptFile = "health.lua" actionScriptFile = "action.lua" @@ -100,6 +102,7 @@ func (vm VM) ExecuteHealthLua(obj *unstructured.Unstructured, script string) (*h } returnValue := l.Get(-1) if returnValue.Type() == lua.LTTable { + jsonBytes, err := luajson.Encode(returnValue) if err != nil { return nil, err @@ -146,7 +149,7 @@ func (vm VM) GetHealthScript(obj *unstructured.Unstructured) (string, bool, erro return builtInScript, true, err } -func (vm VM) ExecuteResourceAction(obj *unstructured.Unstructured, script string) (*unstructured.Unstructured, error) { +func (vm VM) ExecuteResourceAction(obj *unstructured.Unstructured, script string) ([]ImpactedResource, error) { l, err := vm.runLua(obj, script) if err != nil { return nil, err @@ -154,20 +157,63 @@ func (vm VM) ExecuteResourceAction(obj *unstructured.Unstructured, script string returnValue := l.Get(-1) if returnValue.Type() == lua.LTTable { jsonBytes, err := luajson.Encode(returnValue) + if err != nil { return nil, err } - newObj, err := appv1.UnmarshalToUnstructured(string(jsonBytes)) - if err != nil { - return nil, err + + var impactedResources []ImpactedResource + + jsonString := bytes.NewBuffer(jsonBytes).String() + if len(jsonString) < 2 { + return nil, fmt.Errorf("Lua output was not a valid json object or array") + } + // The output from Lua is either an object (old-style action output) or an array (new-style action output). + // Check whether the string starts with an opening square bracket and ends with a closing square bracket, + // avoiding programming by exception. + if jsonString[0] == '[' && jsonString[len(jsonString)-1] == ']' { + // The string represents a new-style action array output + impactedResources, err = UnmarshalToImpactedResources(string(jsonBytes)) + if err != nil { + return nil, err + } + } else { + // The string represents an old-style action object output + newObj, err := appv1.UnmarshalToUnstructured(string(jsonBytes)) + if err != nil { + return nil, err + } + // Wrap the old-style action output with a single-member array. + // The default definition of the old-style action is a "patch" one. + impactedResources = append(impactedResources, ImpactedResource{newObj, PatchOperation}) } - cleanedNewObj := cleanReturnedObj(newObj.Object, obj.Object) - newObj.Object = cleanedNewObj - return newObj, nil + + for _, impactedResource := range impactedResources { + // Cleaning the resource is only relevant to "patch" + if impactedResource.K8SOperation == PatchOperation { + impactedResource.UnstructuredObj.Object = cleanReturnedObj(impactedResource.UnstructuredObj.Object, obj.Object) + } + + } + return impactedResources, nil } return nil, fmt.Errorf(incorrectReturnType, "table", returnValue.Type().String()) } +// UnmarshalToImpactedResources unmarshals an ImpactedResource array representation in JSON to ImpactedResource array +func UnmarshalToImpactedResources(resources string) ([]ImpactedResource, error) { + if resources == "" || resources == "null" { + return nil, nil + } + + var impactedResources []ImpactedResource + err := json.Unmarshal([]byte(resources), &impactedResources) + if err != nil { + return nil, err + } + return impactedResources, nil +} + // cleanReturnedObj Lua cannot distinguish an empty table as an array or map, and the library we are using choose to // decoded an empty table into an empty array. This function prevents the lua scripts from unintentionally changing an // empty struct into empty arrays diff --git a/util/lua/lua_test.go b/util/lua/lua_test.go index 9ff648ebf44db..1beb3d261e617 100644 --- a/util/lua/lua_test.go +++ b/util/lua/lua_test.go @@ -1,6 +1,7 @@ package lua import ( + "bytes" "fmt" "testing" @@ -24,6 +25,7 @@ metadata: namespace: default resourceVersion: "123" ` + const objWithNoScriptJSON = ` apiVersion: not-an-endpoint.io/v1alpha1 kind: Test @@ -370,7 +372,7 @@ obj.metadata.labels["test"] = "test" return obj ` -const expectedUpdatedObj = ` +const expectedLuaUpdatedResult = ` apiVersion: argoproj.io/v1alpha1 kind: Rollout metadata: @@ -382,13 +384,220 @@ metadata: resourceVersion: "123" ` -func TestExecuteResourceAction(t *testing.T) { +// Test an action that returns a single k8s resource json +func TestExecuteOldStyleResourceAction(t *testing.T) { testObj := StrToUnstructured(objJSON) - expectedObj := StrToUnstructured(expectedUpdatedObj) + expectedLuaUpdatedObj := StrToUnstructured(expectedLuaUpdatedResult) + vm := VM{} + newObjects, err := vm.ExecuteResourceAction(testObj, validActionLua) + assert.Nil(t, err) + assert.Equal(t, len(newObjects), 1) + assert.Equal(t, newObjects[0].K8SOperation, K8SOperation("patch")) + assert.Equal(t, expectedLuaUpdatedObj, newObjects[0].UnstructuredObj) +} + +const cronJobObjYaml = ` +apiVersion: batch/v1 +kind: CronJob +metadata: + name: hello + namespace: test-ns +` + +const expectedCreatedJobObjList = ` +- operation: create + resource: + apiVersion: batch/v1 + kind: Job + metadata: + name: hello-1 + namespace: test-ns +` + +const expectedCreatedMultipleJobsObjList = ` +- operation: create + resource: + apiVersion: batch/v1 + kind: Job + metadata: + name: hello-1 + namespace: test-ns +- operation: create + resource: + apiVersion: batch/v1 + kind: Job + metadata: + name: hello-2 + namespace: test-ns +` + +const expectedActionMixedOperationObjList = ` +- operation: create + resource: + apiVersion: batch/v1 + kind: Job + metadata: + name: hello-1 + namespace: test-ns +- operation: patch + resource: + apiVersion: batch/v1 + kind: CronJob + metadata: + name: hello + namespace: test-ns + labels: + test: test +` + +const createJobActionLua = ` +job = {} +job.apiVersion = "batch/v1" +job.kind = "Job" + +job.metadata = {} +job.metadata.name = "hello-1" +job.metadata.namespace = "test-ns" + +impactedResource = {} +impactedResource.operation = "create" +impactedResource.resource = job +result = {} +result[1] = impactedResource + +return result +` + +const createMultipleJobsActionLua = ` +job1 = {} +job1.apiVersion = "batch/v1" +job1.kind = "Job" + +job1.metadata = {} +job1.metadata.name = "hello-1" +job1.metadata.namespace = "test-ns" + +impactedResource1 = {} +impactedResource1.operation = "create" +impactedResource1.resource = job1 +result = {} +result[1] = impactedResource1 + +job2 = {} +job2.apiVersion = "batch/v1" +job2.kind = "Job" + +job2.metadata = {} +job2.metadata.name = "hello-2" +job2.metadata.namespace = "test-ns" + +impactedResource2 = {} +impactedResource2.operation = "create" +impactedResource2.resource = job2 + +result[2] = impactedResource2 + +return result +` +const mixedOperationActionLuaOk = ` +job1 = {} +job1.apiVersion = "batch/v1" +job1.kind = "Job" + +job1.metadata = {} +job1.metadata.name = "hello-1" +job1.metadata.namespace = obj.metadata.namespace + +impactedResource1 = {} +impactedResource1.operation = "create" +impactedResource1.resource = job1 +result = {} +result[1] = impactedResource1 + +obj.metadata.labels = {} +obj.metadata.labels["test"] = "test" + +impactedResource2 = {} +impactedResource2.operation = "patch" +impactedResource2.resource = obj + +result[2] = impactedResource2 + +return result +` + +const createMixedOperationActionLuaFailing = ` +job1 = {} +job1.apiVersion = "batch/v1" +job1.kind = "Job" + +job1.metadata = {} +job1.metadata.name = "hello-1" +job1.metadata.namespace = obj.metadata.namespace + +impactedResource1 = {} +impactedResource1.operation = "create" +impactedResource1.resource = job1 +result = {} +result[1] = impactedResource1 + +obj.metadata.labels = {} +obj.metadata.labels["test"] = "test" + +impactedResource2 = {} +impactedResource2.operation = "thisShouldFail" +impactedResource2.resource = obj + +result[2] = impactedResource2 + +return result +` + +func TestExecuteNewStyleCreateActionSingleResource(t *testing.T) { + testObj := StrToUnstructured(cronJobObjYaml) + jsonBytes, err := yaml.YAMLToJSON([]byte(expectedCreatedJobObjList)) + assert.Nil(t, err) + t.Log(bytes.NewBuffer(jsonBytes).String()) + expectedObjects, err := UnmarshalToImpactedResources(bytes.NewBuffer(jsonBytes).String()) + assert.Nil(t, err) + vm := VM{} + newObjects, err := vm.ExecuteResourceAction(testObj, createJobActionLua) + assert.Nil(t, err) + assert.Equal(t, expectedObjects, newObjects) +} + +func TestExecuteNewStyleCreateActionMultipleResources(t *testing.T) { + testObj := StrToUnstructured(cronJobObjYaml) + jsonBytes, err := yaml.YAMLToJSON([]byte(expectedCreatedMultipleJobsObjList)) + assert.Nil(t, err) + // t.Log(bytes.NewBuffer(jsonBytes).String()) + expectedObjects, err := UnmarshalToImpactedResources(bytes.NewBuffer(jsonBytes).String()) + assert.Nil(t, err) vm := VM{} - newObj, err := vm.ExecuteResourceAction(testObj, validActionLua) + newObjects, err := vm.ExecuteResourceAction(testObj, createMultipleJobsActionLua) assert.Nil(t, err) - assert.Equal(t, expectedObj, newObj) + assert.Equal(t, expectedObjects, newObjects) +} + +func TestExecuteNewStyleActionMixedOperationsOk(t *testing.T) { + testObj := StrToUnstructured(cronJobObjYaml) + jsonBytes, err := yaml.YAMLToJSON([]byte(expectedActionMixedOperationObjList)) + assert.Nil(t, err) + // t.Log(bytes.NewBuffer(jsonBytes).String()) + expectedObjects, err := UnmarshalToImpactedResources(bytes.NewBuffer(jsonBytes).String()) + assert.Nil(t, err) + vm := VM{} + newObjects, err := vm.ExecuteResourceAction(testObj, mixedOperationActionLuaOk) + assert.Nil(t, err) + assert.Equal(t, expectedObjects, newObjects) +} + +func TestExecuteNewStyleActionMixedOperationsFailure(t *testing.T) { + testObj := StrToUnstructured(cronJobObjYaml) + vm := VM{} + _, err := vm.ExecuteResourceAction(testObj, createMixedOperationActionLuaFailing) + assert.NotNil(t, err) + assert.Contains(t, err.Error(), "unsupported operation") } func TestExecuteResourceActionNonTableReturn(t *testing.T) { @@ -461,10 +670,11 @@ func TestCleanPatch(t *testing.T) { testObj := StrToUnstructured(objWithEmptyStruct) expectedObj := StrToUnstructured(expectedUpdatedObjWithEmptyStruct) vm := VM{} - newObj, err := vm.ExecuteResourceAction(testObj, pausedToFalseLua) + newObjects, err := vm.ExecuteResourceAction(testObj, pausedToFalseLua) assert.Nil(t, err) - assert.Equal(t, expectedObj, newObj) - + assert.Equal(t, len(newObjects), 1) + assert.Equal(t, newObjects[0].K8SOperation, K8SOperation("patch")) + assert.Equal(t, expectedObj, newObjects[0].UnstructuredObj) } func TestGetResourceHealth(t *testing.T) { diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index b6a7080ba6a25..d0c4ca65630cf 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -5,6 +5,7 @@ import ( "encoding/csv" "errors" "fmt" + "sort" "strings" "sync" "time" @@ -394,14 +395,43 @@ func (e *Enforcer) runInformer(ctx context.Context, onUpdated func(cm *apiv1.Con log.Info("rbac configmap informer cancelled") } +// PolicyCSV will generate the final policy csv to be used +// by Argo CD RBAC. It will find entries in the given data +// that matches the policy key name convention: +// +// policy[.overlay].csv +func PolicyCSV(data map[string]string) string { + var strBuilder strings.Builder + // add the main policy first + if p, ok := data[ConfigMapPolicyCSVKey]; ok { + strBuilder.WriteString(p) + } + + keys := make([]string, 0, len(data)) + for k := range data { + keys = append(keys, k) + } + sort.Strings(keys) + + // append additional policies at the end of the csv + for _, key := range keys { + value := data[key] + if strings.HasPrefix(key, "policy.") && + strings.HasSuffix(key, ".csv") && + key != ConfigMapPolicyCSVKey { + + strBuilder.WriteString("\n") + strBuilder.WriteString(value) + } + } + return strBuilder.String() +} + // syncUpdate updates the enforcer func (e *Enforcer) syncUpdate(cm *apiv1.ConfigMap, onUpdated func(cm *apiv1.ConfigMap) error) error { e.SetDefaultRole(cm.Data[ConfigMapPolicyDefaultKey]) e.SetMatchMode(cm.Data[ConfigMapMatchModeKey]) - policyCSV, ok := cm.Data[ConfigMapPolicyCSVKey] - if !ok { - policyCSV = "" - } + policyCSV := PolicyCSV(cm.Data) if err := onUpdated(cm); err != nil { return err } @@ -468,7 +498,12 @@ func loadPolicyLine(line string, model model.Model) error { return err } - if len(tokens) < 2 || len(tokens[0]) < 1 { + tokenLen := len(tokens) + + if tokenLen < 1 || + tokens[0] == "" || + (tokens[0] == "g" && tokenLen != 3) || + (tokens[0] == "p" && tokenLen != 6) { return fmt.Errorf("invalid RBAC policy: %s", line) } diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index cdad170857202..04d833ce85871 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -3,6 +3,7 @@ package rbac import ( "context" "fmt" + "strings" "testing" "time" @@ -43,6 +44,69 @@ func fakeConfigMap() *apiv1.ConfigMap { return &cm } +func TestPolicyCSV(t *testing.T) { + t.Run("will return empty string if data has no csv entries", func(t *testing.T) { + // given + data := make(map[string]string) + + // when + policy := PolicyCSV(data) + + // then + assert.Equal(t, "", policy) + }) + t.Run("will return just policy defined with default key", func(t *testing.T) { + // given + data := make(map[string]string) + expectedPolicy := "policy1\npolicy2" + data[ConfigMapPolicyCSVKey] = expectedPolicy + data["UnrelatedKey"] = "unrelated value" + + // when + policy := PolicyCSV(data) + + // then + assert.Equal(t, expectedPolicy, policy) + }) + t.Run("will return composed policy provided by multiple policy keys", func(t *testing.T) { + // given + data := make(map[string]string) + data[ConfigMapPolicyCSVKey] = "policy1" + data["UnrelatedKey"] = "unrelated value" + data["policy.overlay1.csv"] = "policy2" + data["policy.overlay2.csv"] = "policy3" + + // when + policy := PolicyCSV(data) + + // then + assert.Regexp(t, "^policy1", policy) + assert.Contains(t, policy, "policy2") + assert.Contains(t, policy, "policy3") + }) + t.Run("will return composed policy in a deterministic order", func(t *testing.T) { + // given + data := make(map[string]string) + data["UnrelatedKey"] = "unrelated value" + data["policy.B.csv"] = "policyb" + data["policy.A.csv"] = "policya" + data["policy.C.csv"] = "policyc" + data[ConfigMapPolicyCSVKey] = "policy1" + + // when + policy := PolicyCSV(data) + + // then + result := strings.Split(policy, "\n") + assert.Len(t, result, 4) + assert.Equal(t, "policy1", result[0]) + assert.Equal(t, "policya", result[1]) + assert.Equal(t, "policyb", result[2]) + assert.Equal(t, "policyc", result[3]) + }) + +} + // TestBuiltinPolicyEnforcer tests the builtin policy rules func TestBuiltinPolicyEnforcer(t *testing.T) { kubeclientset := fake.NewSimpleClientset() @@ -402,8 +466,14 @@ func TestGlobMatchFunc(t *testing.T) { } func TestLoadPolicyLine(t *testing.T) { - t.Run("Valid policy line", func(t *testing.T) { - policy := `p, foo, bar, baz` + t.Run("Valid permission line", func(t *testing.T) { + policy := `p, role:Myrole, applications, *, myproj/*, allow` + model := newBuiltInModel() + err := loadPolicyLine(policy, model) + require.NoError(t, err) + }) + t.Run("Valid grant line", func(t *testing.T) { + policy := `g, your-github-org:your-team, role:org-admin` model := newBuiltInModel() err := loadPolicyLine(policy, model) require.NoError(t, err) @@ -438,4 +508,16 @@ func TestLoadPolicyLine(t *testing.T) { err := loadPolicyLine(policy, model) require.Error(t, err) }) + t.Run("Invalid policy line missing comma", func(t *testing.T) { + policy := "p, role:Myrole, applications, *, myproj/* allow" + model := newBuiltInModel() + err := loadPolicyLine(policy, model) + require.Error(t, err) + }) + t.Run("Invalid policy line missing policy type", func(t *testing.T) { + policy := ", role:Myrole, applications, *, myproj/*, allow" + model := newBuiltInModel() + err := loadPolicyLine(policy, model) + require.Error(t, err) + }) } diff --git a/util/security/rbac.go b/util/security/rbac.go index ebfdde01c399e..d80cbbadb3817 100644 --- a/util/security/rbac.go +++ b/util/security/rbac.go @@ -4,8 +4,8 @@ import ( "fmt" ) -// AppRBACName constructs name of the app for use in RBAC checks. -func AppRBACName(defaultNS string, project string, namespace string, name string) string { +// RBACName constructs name of the app for use in RBAC checks. +func RBACName(defaultNS string, project string, namespace string, name string) string { if defaultNS != "" && namespace != defaultNS && namespace != "" { return fmt.Sprintf("%s/%s/%s", project, namespace, name) } else { diff --git a/util/security/rbac_test.go b/util/security/rbac_test.go index a3a447d4d5096..ca8e6dec77020 100644 --- a/util/security/rbac_test.go +++ b/util/security/rbac_test.go @@ -45,7 +45,7 @@ func Test_AppRBACName(t *testing.T) { tcc := tc t.Run(tcc.name, func(t *testing.T) { t.Parallel() - result := AppRBACName(tcc.defaultNS, tcc.project, tcc.namespace, tcc.appName) + result := RBACName(tcc.defaultNS, tcc.project, tcc.namespace, tcc.appName) assert.Equal(t, tcc.expectedResult, result) }) } diff --git a/util/settings/settings.go b/util/settings/settings.go index 2ecf28690cd84..c85ed3329361b 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -421,10 +421,10 @@ const ( resourceExclusionsKey = "resource.exclusions" // resourceInclusions is the key to the list of explicitly watched resources resourceInclusionsKey = "resource.inclusions" + // resourceIgnoreResourceUpdatesEnabledKey is the key to a boolean determining whether the resourceIgnoreUpdates feature is enabled + resourceIgnoreResourceUpdatesEnabledKey = "resource.ignoreResourceUpdatesEnabled" // resourceCustomLabelKey is the key to a custom label to show in node info, if present resourceCustomLabelsKey = "resource.customLabels" - // configManagementPluginsKey is the key to the list of config management plugins - configManagementPluginsKey = "configManagementPlugins" // kustomizeBuildOptionsKey is a string of kustomize build parameters kustomizeBuildOptionsKey = "kustomize.buildOptions" // kustomizeVersionKeyPrefix is a kustomize version key prefix @@ -530,6 +530,9 @@ type ArgoCDDiffOptions struct { // If set to true then differences caused by status are ignored. IgnoreResourceStatusField IgnoreStatus `json:"ignoreResourceStatusField,omitempty"` + + // If set to true then ignoreDifferences are applied to ignore application refresh on resource updates. + IgnoreDifferencesOnResourceUpdates bool `json:"ignoreDifferencesOnResourceUpdates,omitempty"` } func (e *incompleteSettingsError) Error() string { @@ -745,21 +748,6 @@ func (mgr *SettingsManager) GetServerRBACLogEnforceEnable() (bool, error) { return strconv.ParseBool(argoCDCM.Data[settingsServerRBACLogEnforceEnableKey]) } -func (mgr *SettingsManager) GetConfigManagementPlugins() ([]v1alpha1.ConfigManagementPlugin, error) { - argoCDCM, err := mgr.getConfigMap() - if err != nil { - return nil, err - } - plugins := make([]v1alpha1.ConfigManagementPlugin, 0) - if value, ok := argoCDCM.Data[configManagementPluginsKey]; ok { - err := yaml.Unmarshal([]byte(value), &plugins) - if err != nil { - return nil, err - } - } - return plugins, nil -} - func (mgr *SettingsManager) GetDeepLinks(deeplinkType string) ([]DeepLink, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { @@ -794,6 +782,54 @@ func (mgr *SettingsManager) GetEnabledSourceTypes() (map[string]bool, error) { return res, nil } +func (mgr *SettingsManager) GetIgnoreResourceUpdatesOverrides() (map[string]v1alpha1.ResourceOverride, error) { + compareOptions, err := mgr.GetResourceCompareOptions() + if err != nil { + return nil, fmt.Errorf("failed to get compare options: %w", err) + } + + resourceOverrides, err := mgr.GetResourceOverrides() + if err != nil { + return nil, fmt.Errorf("failed to get resource overrides: %w", err) + } + + for k, v := range resourceOverrides { + resourceUpdates := v.IgnoreResourceUpdates + if compareOptions.IgnoreDifferencesOnResourceUpdates { + resourceUpdates.JQPathExpressions = append(resourceUpdates.JQPathExpressions, v.IgnoreDifferences.JQPathExpressions...) + resourceUpdates.JSONPointers = append(resourceUpdates.JSONPointers, v.IgnoreDifferences.JSONPointers...) + resourceUpdates.ManagedFieldsManagers = append(resourceUpdates.ManagedFieldsManagers, v.IgnoreDifferences.ManagedFieldsManagers...) + } + // Set the IgnoreDifferences because these are the overrides used by Normalizers + v.IgnoreDifferences = resourceUpdates + v.IgnoreResourceUpdates = v1alpha1.OverrideIgnoreDiff{} + resourceOverrides[k] = v + } + + if compareOptions.IgnoreDifferencesOnResourceUpdates { + log.Info("Using diffing customizations to ignore resource updates") + } + + addIgnoreDiffItemOverrideToGK(resourceOverrides, "*/*", "/metadata/resourceVersion") + addIgnoreDiffItemOverrideToGK(resourceOverrides, "*/*", "/metadata/generation") + addIgnoreDiffItemOverrideToGK(resourceOverrides, "*/*", "/metadata/managedFields") + + return resourceOverrides, nil +} + +func (mgr *SettingsManager) GetIsIgnoreResourceUpdatesEnabled() (bool, error) { + argoCDCM, err := mgr.getConfigMap() + if err != nil { + return false, err + } + + if argoCDCM.Data[resourceIgnoreResourceUpdatesEnabledKey] == "" { + return false, nil + } + + return strconv.ParseBool(argoCDCM.Data[resourceIgnoreResourceUpdatesEnabledKey]) +} + // GetResourceOverrides loads Resource Overrides from argocd-cm ConfigMap func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error) { argoCDCM, err := mgr.getConfigMap() @@ -910,6 +946,13 @@ func (mgr *SettingsManager) appendResourceOverridesFromSplitKeys(cmData map[stri return err } overrideVal.IgnoreDifferences = overrideIgnoreDiff + case "ignoreResourceUpdates": + overrideIgnoreUpdate := v1alpha1.OverrideIgnoreDiff{} + err := yaml.Unmarshal([]byte(v), &overrideIgnoreUpdate) + if err != nil { + return err + } + overrideVal.IgnoreResourceUpdates = overrideIgnoreUpdate case "knownTypeFields": var knownTypeFields []v1alpha1.KnownTypeField err := yaml.Unmarshal([]byte(v), &knownTypeFields) @@ -939,7 +982,7 @@ func convertToOverrideKey(groupKind string) (string, error) { } func GetDefaultDiffOptions() ArgoCDDiffOptions { - return ArgoCDDiffOptions{IgnoreAggregatedRoles: false} + return ArgoCDDiffOptions{IgnoreAggregatedRoles: false, IgnoreDifferencesOnResourceUpdates: false} } // GetResourceCompareOptions loads the resource compare options settings from the ConfigMap @@ -1680,13 +1723,26 @@ func (a *ArgoCDSettings) oidcConfig() *oidcConfig { if a.OIDCConfigRAW == "" { return nil } - config, err := unmarshalOIDCConfig(a.OIDCConfigRAW) + configMap := map[string]interface{}{} + err := yaml.Unmarshal([]byte(a.OIDCConfigRAW), &configMap) + if err != nil { + log.Warnf("invalid oidc config: %v", err) + return nil + } + + configMap = ReplaceMapSecrets(configMap, a.Secrets) + data, err := yaml.Marshal(configMap) + if err != nil { + log.Warnf("invalid oidc config: %v", err) + return nil + } + + config, err := unmarshalOIDCConfig(string(data)) if err != nil { log.Warnf("invalid oidc config: %v", err) return nil } - config.ClientSecret = ReplaceStringSecret(config.ClientSecret, a.Secrets) - config.ClientID = ReplaceStringSecret(config.ClientID, a.Secrets) + return &config } @@ -1977,6 +2033,42 @@ func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoC return cdSettings, nil } +// ReplaceMapSecrets takes a json object and recursively looks for any secret key references in the +// object and replaces the value with the secret value +func ReplaceMapSecrets(obj map[string]interface{}, secretValues map[string]string) map[string]interface{} { + newObj := make(map[string]interface{}) + for k, v := range obj { + switch val := v.(type) { + case map[string]interface{}: + newObj[k] = ReplaceMapSecrets(val, secretValues) + case []interface{}: + newObj[k] = replaceListSecrets(val, secretValues) + case string: + newObj[k] = ReplaceStringSecret(val, secretValues) + default: + newObj[k] = val + } + } + return newObj +} + +func replaceListSecrets(obj []interface{}, secretValues map[string]string) []interface{} { + newObj := make([]interface{}, len(obj)) + for i, v := range obj { + switch val := v.(type) { + case map[string]interface{}: + newObj[i] = ReplaceMapSecrets(val, secretValues) + case []interface{}: + newObj[i] = replaceListSecrets(val, secretValues) + case string: + newObj[i] = ReplaceStringSecret(val, secretValues) + default: + newObj[i] = val + } + } + return newObj +} + // ReplaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map func ReplaceStringSecret(val string, secretValues map[string]string) string { if val == "" || !strings.HasPrefix(val, "$") { diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index 5326dca25c2ff..b8fe3569300f9 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -121,25 +121,6 @@ func TestGetResourceFilter(t *testing.T) { }, filter) } -func TestGetConfigManagementPlugins(t *testing.T) { - data := map[string]string{ - "configManagementPlugins": ` - - name: kasane - init: - command: [kasane, update] - generate: - command: [kasane, show]`, - } - _, settingsManager := fixtures(data) - plugins, err := settingsManager.GetConfigManagementPlugins() - assert.NoError(t, err) - assert.ElementsMatch(t, []v1alpha1.ConfigManagementPlugin{{ - Name: "kasane", - Init: &v1alpha1.Command{Command: []string{"kasane", "update"}}, - Generate: v1alpha1.Command{Command: []string{"kasane", "show"}}, - }}, plugins) -} - func TestInClusterServerAddressEnabled(t *testing.T) { _, settingsManager := fixtures(map[string]string{ "cluster.inClusterEnabled": "true", @@ -204,6 +185,22 @@ func TestGetServerRBACLogEnforceEnableKeyDefaultFalse(t *testing.T) { assert.Equal(t, false, serverRBACLogEnforceEnable) } +func TestGetIsIgnoreResourceUpdatesEnabled(t *testing.T) { + _, settingsManager := fixtures(map[string]string{ + "resource.ignoreResourceUpdatesEnabled": "true", + }) + ignoreResourceUpdatesEnabled, err := settingsManager.GetIsIgnoreResourceUpdatesEnabled() + assert.NoError(t, err) + assert.True(t, ignoreResourceUpdatesEnabled) +} + +func TestGetIsIgnoreResourceUpdatesEnabledDefaultFalse(t *testing.T) { + _, settingsManager := fixtures(nil) + ignoreResourceUpdatesEnabled, err := settingsManager.GetIsIgnoreResourceUpdatesEnabled() + assert.NoError(t, err) + assert.False(t, ignoreResourceUpdatesEnabled) +} + func TestGetServerRBACLogEnforceEnableKey(t *testing.T) { _, settingsManager := fixtures(map[string]string{ "server.rbac.log.enforce.enable": "true", @@ -229,7 +226,12 @@ func TestGetResourceOverrides(t *testing.T) { jsonPointers: - /webhooks/0/clientConfig/caBundle jqPathExpressions: - - .webhooks[0].clientConfig.caBundle`, + - .webhooks[0].clientConfig.caBundle + ignoreResourceUpdates: | + jsonPointers: + - /webhooks/1/clientConfig/caBundle + jqPathExpressions: + - .webhooks[1].clientConfig.caBundle`, }) overrides, err := settingsManager.GetResourceOverrides() assert.NoError(t, err) @@ -242,6 +244,10 @@ func TestGetResourceOverrides(t *testing.T) { JSONPointers: []string{"/webhooks/0/clientConfig/caBundle"}, JQPathExpressions: []string{".webhooks[0].clientConfig.caBundle"}, }, + IgnoreResourceUpdates: v1alpha1.OverrideIgnoreDiff{ + JSONPointers: []string{"/webhooks/1/clientConfig/caBundle"}, + JQPathExpressions: []string{".webhooks[1].clientConfig.caBundle"}, + }, }, webHookOverrides) // by default, crd status should be ignored @@ -343,6 +349,9 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { ignoreDifferences: | jsonPointers: - foo + ignoreResourceUpdates: | + jsonPointers: + - foo certmanager.k8s.io/Certificate: health.lua.useOpenLibs: true health.lua: | @@ -365,6 +374,8 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { assert.Equal(t, 2, len(overrides[crdGK].IgnoreDifferences.JSONPointers)) assert.Equal(t, 1, len(overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers)) assert.Equal(t, "foo", overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers[0]) + assert.Equal(t, 1, len(overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreResourceUpdates.JSONPointers)) + assert.Equal(t, "foo", overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreResourceUpdates.JSONPointers[0]) assert.Equal(t, "foo\n", overrides["certmanager.k8s.io/Certificate"].HealthLua) assert.Equal(t, true, overrides["certmanager.k8s.io/Certificate"].UseOpenLibs) assert.Equal(t, "foo\n", overrides["cert-manager.io/Certificate"].HealthLua) @@ -376,6 +387,8 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { newData := map[string]string{ "resource.customizations.health.admissionregistration.k8s.io_MutatingWebhookConfiguration": "bar", "resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration": `jsonPointers: + - bar`, + "resource.customizations.ignoreResourceUpdates.admissionregistration.k8s.io_MutatingWebhookConfiguration": `jsonPointers: - bar`, "resource.customizations.knownTypeFields.admissionregistration.k8s.io_MutatingWebhookConfiguration": ` - field: foo @@ -392,9 +405,13 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { - bar`, "resource.customizations.ignoreDifferences.apps_Deployment": `jqPathExpressions: - bar`, - "resource.customizations.ignoreDifferences.all": `managedFieldsManagers: + "resource.customizations.ignoreDifferences.all": `managedFieldsManagers: - kube-controller-manager - argo-rollouts`, + "resource.customizations.ignoreResourceUpdates.iam-manager.k8s.io_Iamrole": `jsonPointers: + - bar`, + "resource.customizations.ignoreResourceUpdates.apps_Deployment": `jqPathExpressions: + - bar`, } crdGK := "apiextensions.k8s.io/CustomResourceDefinition" @@ -408,6 +425,8 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { assert.Equal(t, "/spec/preserveUnknownFields", overrides[crdGK].IgnoreDifferences.JSONPointers[1]) assert.Equal(t, 1, len(overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers)) assert.Equal(t, "bar", overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers[0]) + assert.Equal(t, 1, len(overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreResourceUpdates.JSONPointers)) + assert.Equal(t, "bar", overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreResourceUpdates.JSONPointers[0]) assert.Equal(t, 1, len(overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].KnownTypeFields)) assert.Equal(t, "bar", overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].KnownTypeFields[0].Type) assert.Equal(t, "bar", overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].HealthLua) @@ -425,6 +444,9 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { assert.Equal(t, 2, len(overrides["*/*"].IgnoreDifferences.ManagedFieldsManagers)) assert.Equal(t, "kube-controller-manager", overrides["*/*"].IgnoreDifferences.ManagedFieldsManagers[0]) assert.Equal(t, "argo-rollouts", overrides["*/*"].IgnoreDifferences.ManagedFieldsManagers[1]) + assert.Equal(t, 1, len(overrides["iam-manager.k8s.io/Iamrole"].IgnoreResourceUpdates.JSONPointers)) + assert.Equal(t, 1, len(overrides["apps/Deployment"].IgnoreResourceUpdates.JQPathExpressions)) + assert.Equal(t, "bar", overrides["apps/Deployment"].IgnoreResourceUpdates.JQPathExpressions[0]) }) t.Run("SplitKeysCompareOptionsAll", func(t *testing.T) { @@ -470,6 +492,64 @@ func mergemaps(mapA map[string]string, mapB map[string]string) map[string]string return mapB } +func TestGetIgnoreResourceUpdatesOverrides(t *testing.T) { + allDefault := v1alpha1.ResourceOverride{IgnoreDifferences: v1alpha1.OverrideIgnoreDiff{ + JSONPointers: []string{"/metadata/resourceVersion", "/metadata/generation", "/metadata/managedFields"}, + }} + allGK := "*/*" + + testCustomizations := map[string]string{ + "resource.customizations": ` + admissionregistration.k8s.io/MutatingWebhookConfiguration: + ignoreDifferences: | + jsonPointers: + - /webhooks/0/clientConfig/caBundle + jqPathExpressions: + - .webhooks[0].clientConfig.caBundle + ignoreResourceUpdates: | + jsonPointers: + - /webhooks/1/clientConfig/caBundle + jqPathExpressions: + - .webhooks[1].clientConfig.caBundle`, + } + + _, settingsManager := fixtures(testCustomizations) + overrides, err := settingsManager.GetIgnoreResourceUpdatesOverrides() + assert.NoError(t, err) + + // default overrides should always be present + allOverrides := overrides[allGK] + assert.NotNil(t, allOverrides) + assert.Equal(t, allDefault, allOverrides) + + // without ignoreDifferencesOnResourceUpdates, only ignoreResourceUpdates should be added + assert.NotNil(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"]) + assert.Equal(t, v1alpha1.ResourceOverride{ + IgnoreDifferences: v1alpha1.OverrideIgnoreDiff{ + JSONPointers: []string{"/webhooks/1/clientConfig/caBundle"}, + JQPathExpressions: []string{".webhooks[1].clientConfig.caBundle"}, + }, + IgnoreResourceUpdates: v1alpha1.OverrideIgnoreDiff{}, + }, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"]) + + // with ignoreDifferencesOnResourceUpdates, ignoreDifferences should be added + _, settingsManager = fixtures(mergemaps(testCustomizations, map[string]string{ + "resource.compareoptions": ` + ignoreDifferencesOnResourceUpdates: true`, + })) + overrides, err = settingsManager.GetIgnoreResourceUpdatesOverrides() + assert.NoError(t, err) + + assert.NotNil(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"]) + assert.Equal(t, v1alpha1.ResourceOverride{ + IgnoreDifferences: v1alpha1.OverrideIgnoreDiff{ + JSONPointers: []string{"/webhooks/1/clientConfig/caBundle", "/webhooks/0/clientConfig/caBundle"}, + JQPathExpressions: []string{".webhooks[1].clientConfig.caBundle", ".webhooks[0].clientConfig.caBundle"}, + }, + IgnoreResourceUpdates: v1alpha1.OverrideIgnoreDiff{}, + }, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"]) +} + func TestConvertToOverrideKey(t *testing.T) { key, err := convertToOverrideKey("cert-manager.io_Certificate") assert.NoError(t, err) @@ -507,6 +587,26 @@ func TestGetResourceCompareOptions(t *testing.T) { assert.False(t, compareOptions.IgnoreAggregatedRoles) } + // ignoreDifferencesOnResourceUpdates is true + { + _, settingsManager := fixtures(map[string]string{ + "resource.compareoptions": "ignoreDifferencesOnResourceUpdates: true", + }) + compareOptions, err := settingsManager.GetResourceCompareOptions() + assert.NoError(t, err) + assert.True(t, compareOptions.IgnoreDifferencesOnResourceUpdates) + } + + // ignoreDifferencesOnResourceUpdates is false + { + _, settingsManager := fixtures(map[string]string{ + "resource.compareoptions": "ignoreDifferencesOnResourceUpdates: false", + }) + compareOptions, err := settingsManager.GetResourceCompareOptions() + assert.NoError(t, err) + assert.False(t, compareOptions.IgnoreDifferencesOnResourceUpdates) + } + // The empty resource.compareoptions should result in default being returned { _, settingsManager := fixtures(map[string]string{ @@ -516,6 +616,7 @@ func TestGetResourceCompareOptions(t *testing.T) { defaultOptions := GetDefaultDiffOptions() assert.NoError(t, err) assert.Equal(t, defaultOptions.IgnoreAggregatedRoles, compareOptions.IgnoreAggregatedRoles) + assert.Equal(t, defaultOptions.IgnoreDifferencesOnResourceUpdates, compareOptions.IgnoreDifferencesOnResourceUpdates) } // resource.compareoptions not defined - should result in default being returned @@ -525,6 +626,7 @@ func TestGetResourceCompareOptions(t *testing.T) { defaultOptions := GetDefaultDiffOptions() assert.NoError(t, err) assert.Equal(t, defaultOptions.IgnoreAggregatedRoles, compareOptions.IgnoreAggregatedRoles) + assert.Equal(t, defaultOptions.IgnoreDifferencesOnResourceUpdates, compareOptions.IgnoreDifferencesOnResourceUpdates) } } @@ -1139,7 +1241,7 @@ func TestDownloadArgoCDBinaryUrls(t *testing.T) { func TestSecretKeyRef(t *testing.T) { data := map[string]string{ "oidc.config": `name: Okta -issuer: https://dev-123456.oktapreview.com +issuer: $acme:issuerSecret clientID: aaaabbbbccccddddeee clientSecret: $acme:clientSecret # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] @@ -1176,6 +1278,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`, }, }, Data: map[string][]byte{ + "issuerSecret": []byte("https://dev-123456.oktapreview.com"), "clientSecret": []byte("deadbeef"), }, } @@ -1186,6 +1289,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`, assert.NoError(t, err) oidcConfig := settings.OIDCConfig() + assert.Equal(t, oidcConfig.Issuer, "https://dev-123456.oktapreview.com") assert.Equal(t, oidcConfig.ClientSecret, "deadbeef") } @@ -1444,3 +1548,18 @@ allowedAudiences: ["aud1", "aud2"]`}, }) } } + +func TestReplaceStringSecret(t *testing.T) { + secretValues := map[string]string{"my-secret-key": "my-secret-value"} + result := ReplaceStringSecret("$my-secret-key", secretValues) + assert.Equal(t, "my-secret-value", result) + + result = ReplaceStringSecret("$invalid-secret-key", secretValues) + assert.Equal(t, "$invalid-secret-key", result) + + result = ReplaceStringSecret("", secretValues) + assert.Equal(t, "", result) + + result = ReplaceStringSecret("my-value", secretValues) + assert.Equal(t, "my-value", result) +} diff --git a/util/webhook/webhook.go b/util/webhook/webhook.go index b5b14c3e7d646..c47323f2cdbbb 100644 --- a/util/webhook/webhook.go +++ b/util/webhook/webhook.go @@ -441,7 +441,7 @@ func (a *ArgoCDWebhookHandler) Handler(w http.ResponseWriter, r *http.Request) { log.WithField(common.SecurityField, common.SecurityHigh).Infof("GitHub webhook HMAC verification failed") } case r.Header.Get("X-Gitlab-Event") != "": - payload, err = a.gitlab.Parse(r, gitlab.PushEvents, gitlab.TagEvents) + payload, err = a.gitlab.Parse(r, gitlab.PushEvents, gitlab.TagEvents, gitlab.SystemHookEvents) if errors.Is(err, gitlab.ErrGitLabTokenVerificationFailed) { log.WithField(common.SecurityField, common.SecurityHigh).Infof("GitLab webhook token verification failed") } diff --git a/util/webhook/webhook_test.go b/util/webhook/webhook_test.go index efd68fe25b9b9..899c3ecb73203 100644 --- a/util/webhook/webhook_test.go +++ b/util/webhook/webhook_test.go @@ -336,6 +336,22 @@ func TestGitLabPushEvent(t *testing.T) { hook.Reset() } +func TestGitLabSystemEvent(t *testing.T) { + hook := test.NewGlobal() + h := NewMockHandler(nil, []string{}) + req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) + req.Header.Set("X-Gitlab-Event", "System Hook") + eventJSON, err := os.ReadFile("testdata/gitlab-event.json") + assert.NoError(t, err) + req.Body = io.NopCloser(bytes.NewReader(eventJSON)) + w := httptest.NewRecorder() + h.Handler(w, req) + assert.Equal(t, w.Code, http.StatusOK) + expectedLogResult := "Received push event repo: https://gitlab/group/name, revision: master, touchedHead: true" + assert.Equal(t, expectedLogResult, hook.LastEntry().Message) + hook.Reset() +} + func TestInvalidMethod(t *testing.T) { hook := test.NewGlobal() h := NewMockHandler(nil, []string{})