This repository has been archived by the owner on Oct 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 62
/
security.pb.go
480 lines (424 loc) · 19.6 KB
/
security.pb.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: flyteidl/core/security.proto
package core
import (
fmt "fmt"
proto "github.com/golang/protobuf/proto"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type Secret_MountType int32
const (
// Default case, indicates the client can tolerate either mounting options.
Secret_ANY Secret_MountType = 0
// ENV_VAR indicates the secret needs to be mounted as an environment variable.
Secret_ENV_VAR Secret_MountType = 1
// FILE indicates the secret needs to be mounted as a file.
Secret_FILE Secret_MountType = 2
)
var Secret_MountType_name = map[int32]string{
0: "ANY",
1: "ENV_VAR",
2: "FILE",
}
var Secret_MountType_value = map[string]int32{
"ANY": 0,
"ENV_VAR": 1,
"FILE": 2,
}
func (x Secret_MountType) String() string {
return proto.EnumName(Secret_MountType_name, int32(x))
}
func (Secret_MountType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_0996009b6d39c02f, []int{0, 0}
}
// Type of the token requested.
type OAuth2TokenRequest_Type int32
const (
// CLIENT_CREDENTIALS indicates a 2-legged OAuth token requested using client credentials.
OAuth2TokenRequest_CLIENT_CREDENTIALS OAuth2TokenRequest_Type = 0
)
var OAuth2TokenRequest_Type_name = map[int32]string{
0: "CLIENT_CREDENTIALS",
}
var OAuth2TokenRequest_Type_value = map[string]int32{
"CLIENT_CREDENTIALS": 0,
}
func (x OAuth2TokenRequest_Type) String() string {
return proto.EnumName(OAuth2TokenRequest_Type_name, int32(x))
}
func (OAuth2TokenRequest_Type) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_0996009b6d39c02f, []int{3, 0}
}
// Secret encapsulates information about the secret a task needs to proceed. An environment variable
// FLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if
// secrets are passed through environment variables.
// FLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets
// are passed through file mounts.
type Secret struct {
// The name of the secret group where to find the key referenced below. For K8s secrets, this should be the name of
// the v1/secret object. For Confidant, this should be the Credential name. For Vault, this should be the secret name.
// For AWS Secret Manager, this should be the name of the secret.
// +required
Group string `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"`
// The group version to fetch. This is not supported in all secret management systems. It'll be ignored for the ones
// that do not support it.
// +optional
GroupVersion string `protobuf:"bytes,2,opt,name=group_version,json=groupVersion,proto3" json:"group_version,omitempty"`
// The name of the secret to mount. This has to match an existing secret in the system. It's up to the implementation
// of the secret management system to require case sensitivity. For K8s secrets, Confidant and Vault, this should
// match one of the keys inside the secret. For AWS Secret Manager, it's ignored.
// +optional
Key string `protobuf:"bytes,3,opt,name=key,proto3" json:"key,omitempty"`
// mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail
// if the underlying key management system cannot satisfy that requirement. If not provided, the default location
// will depend on the key management system.
// +optional
MountRequirement Secret_MountType `protobuf:"varint,4,opt,name=mount_requirement,json=mountRequirement,proto3,enum=flyteidl.core.Secret_MountType" json:"mount_requirement,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Secret) Reset() { *m = Secret{} }
func (m *Secret) String() string { return proto.CompactTextString(m) }
func (*Secret) ProtoMessage() {}
func (*Secret) Descriptor() ([]byte, []int) {
return fileDescriptor_0996009b6d39c02f, []int{0}
}
func (m *Secret) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Secret.Unmarshal(m, b)
}
func (m *Secret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Secret.Marshal(b, m, deterministic)
}
func (m *Secret) XXX_Merge(src proto.Message) {
xxx_messageInfo_Secret.Merge(m, src)
}
func (m *Secret) XXX_Size() int {
return xxx_messageInfo_Secret.Size(m)
}
func (m *Secret) XXX_DiscardUnknown() {
xxx_messageInfo_Secret.DiscardUnknown(m)
}
var xxx_messageInfo_Secret proto.InternalMessageInfo
func (m *Secret) GetGroup() string {
if m != nil {
return m.Group
}
return ""
}
func (m *Secret) GetGroupVersion() string {
if m != nil {
return m.GroupVersion
}
return ""
}
func (m *Secret) GetKey() string {
if m != nil {
return m.Key
}
return ""
}
func (m *Secret) GetMountRequirement() Secret_MountType {
if m != nil {
return m.MountRequirement
}
return Secret_ANY
}
// OAuth2Client encapsulates OAuth2 Client Credentials to be used when making calls on behalf of that task.
type OAuth2Client struct {
// client_id is the public id for the client to use. The system will not perform any pre-auth validation that the
// secret requested matches the client_id indicated here.
// +required
ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
// client_secret is a reference to the secret used to authenticate the OAuth2 client.
// +required
ClientSecret *Secret `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OAuth2Client) Reset() { *m = OAuth2Client{} }
func (m *OAuth2Client) String() string { return proto.CompactTextString(m) }
func (*OAuth2Client) ProtoMessage() {}
func (*OAuth2Client) Descriptor() ([]byte, []int) {
return fileDescriptor_0996009b6d39c02f, []int{1}
}
func (m *OAuth2Client) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_OAuth2Client.Unmarshal(m, b)
}
func (m *OAuth2Client) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_OAuth2Client.Marshal(b, m, deterministic)
}
func (m *OAuth2Client) XXX_Merge(src proto.Message) {
xxx_messageInfo_OAuth2Client.Merge(m, src)
}
func (m *OAuth2Client) XXX_Size() int {
return xxx_messageInfo_OAuth2Client.Size(m)
}
func (m *OAuth2Client) XXX_DiscardUnknown() {
xxx_messageInfo_OAuth2Client.DiscardUnknown(m)
}
var xxx_messageInfo_OAuth2Client proto.InternalMessageInfo
func (m *OAuth2Client) GetClientId() string {
if m != nil {
return m.ClientId
}
return ""
}
func (m *OAuth2Client) GetClientSecret() *Secret {
if m != nil {
return m.ClientSecret
}
return nil
}
// Identity encapsulates the various security identities a task can run as. It's up to the underlying plugin to pick the
// right identity for the execution environment.
type Identity struct {
// iam_role references the fully qualified name of Identity & Access Management role to impersonate.
IamRole string `protobuf:"bytes,1,opt,name=iam_role,json=iamRole,proto3" json:"iam_role,omitempty"`
// k8s_service_account references a kubernetes service account to impersonate.
K8SServiceAccount string `protobuf:"bytes,2,opt,name=k8s_service_account,json=k8sServiceAccount,proto3" json:"k8s_service_account,omitempty"`
// oauth2_client references an oauth2 client. Backend plugins can use this information to impersonate the client when
// making external calls.
Oauth2Client *OAuth2Client `protobuf:"bytes,3,opt,name=oauth2_client,json=oauth2Client,proto3" json:"oauth2_client,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Identity) Reset() { *m = Identity{} }
func (m *Identity) String() string { return proto.CompactTextString(m) }
func (*Identity) ProtoMessage() {}
func (*Identity) Descriptor() ([]byte, []int) {
return fileDescriptor_0996009b6d39c02f, []int{2}
}
func (m *Identity) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Identity.Unmarshal(m, b)
}
func (m *Identity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Identity.Marshal(b, m, deterministic)
}
func (m *Identity) XXX_Merge(src proto.Message) {
xxx_messageInfo_Identity.Merge(m, src)
}
func (m *Identity) XXX_Size() int {
return xxx_messageInfo_Identity.Size(m)
}
func (m *Identity) XXX_DiscardUnknown() {
xxx_messageInfo_Identity.DiscardUnknown(m)
}
var xxx_messageInfo_Identity proto.InternalMessageInfo
func (m *Identity) GetIamRole() string {
if m != nil {
return m.IamRole
}
return ""
}
func (m *Identity) GetK8SServiceAccount() string {
if m != nil {
return m.K8SServiceAccount
}
return ""
}
func (m *Identity) GetOauth2Client() *OAuth2Client {
if m != nil {
return m.Oauth2Client
}
return nil
}
// OAuth2TokenRequest encapsulates information needed to request an OAuth2 token.
// FLYTE_TOKENS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if
// tokens are passed through environment variables.
// FLYTE_TOKENS_PATH_PREFIX will be passed to indicate the prefix of the path where secrets will be mounted if tokens
// are passed through file mounts.
type OAuth2TokenRequest struct {
// name indicates a unique id for the token request within this task token requests. It'll be used as a suffix for
// environment variables and as a filename for mounting tokens as files.
// +required
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// type indicates the type of the request to make. Defaults to CLIENT_CREDENTIALS.
// +required
Type OAuth2TokenRequest_Type `protobuf:"varint,2,opt,name=type,proto3,enum=flyteidl.core.OAuth2TokenRequest_Type" json:"type,omitempty"`
// client references the client_id/secret to use to request the OAuth2 token.
// +required
Client *OAuth2Client `protobuf:"bytes,3,opt,name=client,proto3" json:"client,omitempty"`
// idp_discovery_endpoint references the discovery endpoint used to retrieve token endpoint and other related
// information.
// +optional
IdpDiscoveryEndpoint string `protobuf:"bytes,4,opt,name=idp_discovery_endpoint,json=idpDiscoveryEndpoint,proto3" json:"idp_discovery_endpoint,omitempty"`
// token_endpoint references the token issuance endpoint. If idp_discovery_endpoint is not provided, this parameter is
// mandatory.
// +optional
TokenEndpoint string `protobuf:"bytes,5,opt,name=token_endpoint,json=tokenEndpoint,proto3" json:"token_endpoint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OAuth2TokenRequest) Reset() { *m = OAuth2TokenRequest{} }
func (m *OAuth2TokenRequest) String() string { return proto.CompactTextString(m) }
func (*OAuth2TokenRequest) ProtoMessage() {}
func (*OAuth2TokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_0996009b6d39c02f, []int{3}
}
func (m *OAuth2TokenRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_OAuth2TokenRequest.Unmarshal(m, b)
}
func (m *OAuth2TokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_OAuth2TokenRequest.Marshal(b, m, deterministic)
}
func (m *OAuth2TokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_OAuth2TokenRequest.Merge(m, src)
}
func (m *OAuth2TokenRequest) XXX_Size() int {
return xxx_messageInfo_OAuth2TokenRequest.Size(m)
}
func (m *OAuth2TokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_OAuth2TokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_OAuth2TokenRequest proto.InternalMessageInfo
func (m *OAuth2TokenRequest) GetName() string {
if m != nil {
return m.Name
}
return ""
}
func (m *OAuth2TokenRequest) GetType() OAuth2TokenRequest_Type {
if m != nil {
return m.Type
}
return OAuth2TokenRequest_CLIENT_CREDENTIALS
}
func (m *OAuth2TokenRequest) GetClient() *OAuth2Client {
if m != nil {
return m.Client
}
return nil
}
func (m *OAuth2TokenRequest) GetIdpDiscoveryEndpoint() string {
if m != nil {
return m.IdpDiscoveryEndpoint
}
return ""
}
func (m *OAuth2TokenRequest) GetTokenEndpoint() string {
if m != nil {
return m.TokenEndpoint
}
return ""
}
// SecurityContext holds security attributes that apply to tasks.
type SecurityContext struct {
// run_as encapsulates the identity a pod should run as. If the task fills in multiple fields here, it'll be up to the
// backend plugin to choose the appropriate identity for the execution engine the task will run on.
RunAs *Identity `protobuf:"bytes,1,opt,name=run_as,json=runAs,proto3" json:"run_as,omitempty"`
// secrets indicate the list of secrets the task needs in order to proceed. Secrets will be mounted/passed to the
// pod as it starts. If the plugin responsible for kicking of the task will not run it on a flyte cluster (e.g. AWS
// Batch), it's the responsibility of the plugin to fetch the secret (which means propeller identity will need access
// to the secret) and to pass it to the remote execution engine.
Secrets []*Secret `protobuf:"bytes,2,rep,name=secrets,proto3" json:"secrets,omitempty"`
// tokens indicate the list of token requests the task needs in order to proceed. Tokens will be mounted/passed to the
// pod as it starts. If the plugin responsible for kicking of the task will not run it on a flyte cluster (e.g. AWS
// Batch), it's the responsibility of the plugin to fetch the secret (which means propeller identity will need access
// to the secret) and to pass it to the remote execution engine.
Tokens []*OAuth2TokenRequest `protobuf:"bytes,3,rep,name=tokens,proto3" json:"tokens,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SecurityContext) Reset() { *m = SecurityContext{} }
func (m *SecurityContext) String() string { return proto.CompactTextString(m) }
func (*SecurityContext) ProtoMessage() {}
func (*SecurityContext) Descriptor() ([]byte, []int) {
return fileDescriptor_0996009b6d39c02f, []int{4}
}
func (m *SecurityContext) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SecurityContext.Unmarshal(m, b)
}
func (m *SecurityContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_SecurityContext.Marshal(b, m, deterministic)
}
func (m *SecurityContext) XXX_Merge(src proto.Message) {
xxx_messageInfo_SecurityContext.Merge(m, src)
}
func (m *SecurityContext) XXX_Size() int {
return xxx_messageInfo_SecurityContext.Size(m)
}
func (m *SecurityContext) XXX_DiscardUnknown() {
xxx_messageInfo_SecurityContext.DiscardUnknown(m)
}
var xxx_messageInfo_SecurityContext proto.InternalMessageInfo
func (m *SecurityContext) GetRunAs() *Identity {
if m != nil {
return m.RunAs
}
return nil
}
func (m *SecurityContext) GetSecrets() []*Secret {
if m != nil {
return m.Secrets
}
return nil
}
func (m *SecurityContext) GetTokens() []*OAuth2TokenRequest {
if m != nil {
return m.Tokens
}
return nil
}
func init() {
proto.RegisterEnum("flyteidl.core.Secret_MountType", Secret_MountType_name, Secret_MountType_value)
proto.RegisterEnum("flyteidl.core.OAuth2TokenRequest_Type", OAuth2TokenRequest_Type_name, OAuth2TokenRequest_Type_value)
proto.RegisterType((*Secret)(nil), "flyteidl.core.Secret")
proto.RegisterType((*OAuth2Client)(nil), "flyteidl.core.OAuth2Client")
proto.RegisterType((*Identity)(nil), "flyteidl.core.Identity")
proto.RegisterType((*OAuth2TokenRequest)(nil), "flyteidl.core.OAuth2TokenRequest")
proto.RegisterType((*SecurityContext)(nil), "flyteidl.core.SecurityContext")
}
func init() { proto.RegisterFile("flyteidl/core/security.proto", fileDescriptor_0996009b6d39c02f) }
var fileDescriptor_0996009b6d39c02f = []byte{
// 574 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x53, 0xdb, 0x6e, 0xd3, 0x40,
0x10, 0xad, 0x93, 0x34, 0x97, 0x49, 0x52, 0xd2, 0xa1, 0x94, 0xa0, 0x22, 0x28, 0x46, 0xa0, 0x4a,
0x08, 0x5b, 0x4a, 0x2b, 0x54, 0xfa, 0x44, 0x48, 0x83, 0x14, 0x29, 0x04, 0xc9, 0x89, 0x2a, 0xc1,
0x8b, 0x95, 0xda, 0x43, 0xba, 0x4a, 0xe2, 0x35, 0xbb, 0xeb, 0x08, 0xff, 0x08, 0x7c, 0x05, 0xff,
0xc2, 0x27, 0x21, 0xef, 0x3a, 0xbd, 0xa9, 0x08, 0xde, 0x66, 0xe7, 0x9c, 0xf1, 0x9c, 0x33, 0x9e,
0x81, 0xc7, 0x5f, 0x17, 0xa9, 0x22, 0x16, 0x2e, 0xdc, 0x80, 0x0b, 0x72, 0x25, 0x05, 0x89, 0x60,
0x2a, 0x75, 0x62, 0xc1, 0x15, 0xc7, 0xe6, 0x1a, 0x75, 0x32, 0xd4, 0xfe, 0x6d, 0x41, 0x79, 0x4c,
0x81, 0x20, 0x85, 0x3b, 0xb0, 0x39, 0x13, 0x3c, 0x89, 0xdb, 0xd6, 0xbe, 0x75, 0x50, 0xf3, 0xcc,
0x03, 0x9f, 0x43, 0x53, 0x07, 0xfe, 0x8a, 0x84, 0x64, 0x3c, 0x6a, 0x17, 0x34, 0xda, 0xd0, 0xc9,
0x33, 0x93, 0xc3, 0x16, 0x14, 0xe7, 0x94, 0xb6, 0x8b, 0x1a, 0xca, 0x42, 0x1c, 0xc2, 0xf6, 0x92,
0x27, 0x91, 0xf2, 0x05, 0x7d, 0x4b, 0x98, 0xa0, 0x25, 0x45, 0xaa, 0x5d, 0xda, 0xb7, 0x0e, 0xb6,
0x3a, 0x4f, 0x9d, 0x1b, 0x12, 0x1c, 0xd3, 0xde, 0xf9, 0x98, 0xd1, 0x27, 0x69, 0x4c, 0x5e, 0x4b,
0x57, 0x7a, 0x57, 0x85, 0xf6, 0x2b, 0xa8, 0x5d, 0xc2, 0x58, 0x81, 0x62, 0x77, 0xf4, 0xb9, 0xb5,
0x81, 0x75, 0xa8, 0xf4, 0x47, 0x67, 0xfe, 0x59, 0xd7, 0x6b, 0x59, 0x58, 0x85, 0xd2, 0x87, 0xc1,
0xb0, 0xdf, 0x2a, 0xd8, 0x33, 0x68, 0x7c, 0xea, 0x26, 0xea, 0xa2, 0xd3, 0x5b, 0x30, 0x8a, 0x14,
0xee, 0x41, 0x2d, 0xd0, 0x91, 0xcf, 0xc2, 0xdc, 0x5b, 0xd5, 0x24, 0x06, 0x21, 0x9e, 0x40, 0x33,
0x07, 0xa5, 0x96, 0xa1, 0xed, 0xd5, 0x3b, 0x0f, 0xee, 0xd4, 0xe8, 0x35, 0x0c, 0xd7, 0xbc, 0xec,
0x9f, 0x16, 0x54, 0x07, 0x21, 0x45, 0x8a, 0xa9, 0x14, 0x1f, 0x41, 0x95, 0x4d, 0x97, 0xbe, 0xe0,
0x0b, 0xca, 0x9b, 0x54, 0xd8, 0x74, 0xe9, 0xf1, 0x05, 0xa1, 0x03, 0xf7, 0xe7, 0xc7, 0xd2, 0x97,
0x24, 0x56, 0x2c, 0x20, 0x7f, 0x1a, 0x04, 0x99, 0x97, 0x7c, 0x90, 0xdb, 0xf3, 0x63, 0x39, 0x36,
0x48, 0xd7, 0x00, 0xf8, 0x0e, 0x9a, 0x7c, 0x9a, 0x19, 0xf0, 0x4d, 0x3b, 0x3d, 0xd7, 0x7a, 0x67,
0xef, 0x96, 0xa6, 0xeb, 0x26, 0xbd, 0x86, 0xa9, 0x30, 0x2f, 0xfb, 0x47, 0x01, 0xd0, 0xc0, 0x13,
0x3e, 0xa7, 0x28, 0x1b, 0x25, 0x49, 0x85, 0x08, 0xa5, 0x68, 0xba, 0x5c, 0xeb, 0xd3, 0x31, 0x9e,
0x40, 0x49, 0xa5, 0x31, 0x69, 0x35, 0x5b, 0x9d, 0x97, 0x77, 0xf6, 0xb8, 0xfe, 0x11, 0x47, 0xff,
0x22, 0x5d, 0x83, 0x87, 0x50, 0xfe, 0x7f, 0x85, 0x39, 0x15, 0x8f, 0x60, 0x97, 0x85, 0xb1, 0x1f,
0x32, 0x19, 0xf0, 0x15, 0x89, 0xd4, 0xa7, 0x28, 0x8c, 0x39, 0xcb, 0xd7, 0xa3, 0xe6, 0xed, 0xb0,
0x30, 0x3e, 0x5d, 0x83, 0xfd, 0x1c, 0xc3, 0x17, 0xb0, 0xa5, 0x32, 0x15, 0x57, 0xec, 0x4d, 0xcd,
0x6e, 0xea, 0xec, 0x9a, 0x66, 0x3f, 0x81, 0x92, 0xde, 0x91, 0x5d, 0xc0, 0xde, 0x70, 0xd0, 0x1f,
0x4d, 0xfc, 0x9e, 0xd7, 0x3f, 0xed, 0x8f, 0x26, 0x83, 0xee, 0x70, 0xdc, 0xda, 0xb0, 0x7f, 0x59,
0x70, 0x6f, 0x9c, 0x1f, 0x44, 0x8f, 0x47, 0x8a, 0xbe, 0x2b, 0x74, 0xa0, 0x2c, 0x92, 0xc8, 0x9f,
0x4a, 0x3d, 0x97, 0x7a, 0xe7, 0xe1, 0x2d, 0x17, 0xeb, 0x5f, 0xec, 0x6d, 0x8a, 0x24, 0xea, 0x4a,
0x74, 0xa1, 0x62, 0x76, 0x45, 0xb6, 0x0b, 0xfb, 0xc5, 0xbf, 0x2f, 0xcb, 0x9a, 0x85, 0x6f, 0xa1,
0xac, 0x55, 0xca, 0x76, 0x51, 0xf3, 0x9f, 0xfd, 0x73, 0xc8, 0x5e, 0x5e, 0xf0, 0xfe, 0xcd, 0x97,
0xa3, 0x19, 0x53, 0x17, 0xc9, 0xb9, 0x13, 0xf0, 0xa5, 0xab, 0xcb, 0xb8, 0x98, 0xb9, 0x97, 0x17,
0x3e, 0xa3, 0xc8, 0x8d, 0xcf, 0x5f, 0xcf, 0xb8, 0x7b, 0xe3, 0xe8, 0xcf, 0xcb, 0xfa, 0xd8, 0x0f,
0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x2f, 0xe2, 0xb8, 0x68, 0x0c, 0x04, 0x00, 0x00,
}