diff --git a/.docforge/manifest.yaml b/.docforge/manifest.yaml new file mode 100644 index 000000000..011232187 --- /dev/null +++ b/.docforge/manifest.yaml @@ -0,0 +1,13 @@ +{{- $vers := Split .versions "," -}} +{{ $defaultBranch := (index $vers 0) }} +structure: +- name: _index.md + source: https://github.com/gardener/gardener-extension-provider-azure/blob/{{$defaultBranch}}/README.md +- name: docs + nodes: + - nodesSelector: + path: https://github.com/gardener/gardener-extension-provider-azure/tree/{{$defaultBranch}}/docs +links: + downloads: + scope: + "gardener/gardener-extension-provider-azure/(blob|raw)/(.*)/docs": ~ diff --git a/.github/ISSUE_TEMPLATE/support.md b/.github/ISSUE_TEMPLATE/support.md index 16ba43be4..8051a0d36 100644 --- a/.github/ISSUE_TEMPLATE/support.md +++ b/.github/ISSUE_TEMPLATE/support.md @@ -10,5 +10,5 @@ STOP -- PLEASE READ! GitHub is not the right place for support requests. -If you're looking for help, please post your question on the [Kubernetes Slack](http://slack.k8s.io/) ([#gardener](https://kubernetes.slack.com/messages/gardener) channel) or join our [weekly meetings](https://github.com/gardener/documentation/blob/master/CONTRIBUTING.md#weekly-meeting). +If you're looking for help, please post your question on the [Kubernetes Slack](http://slack.k8s.io/) ([#gardener](https://kubernetes.slack.com/messages/gardener) channel) or join our [bi-weekly meetings](https://gardener.cloud/docs/contribute/#bi-weekly-meetings). --> diff --git a/.golangci.yaml b/.golangci.yaml index d54e53588..70faa5aba 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -5,3 +5,15 @@ run: linters: disable: - unused + enable: + - revive + +issues: + exclude-use-default: false + exclude: + # revive + - var-naming # ((var|const|struct field|func) .* should be .* + - dot-imports # should not use dot imports + - package-comments # package comment should be of the form + - indent-error-flow # if block ends with a return statement, so drop this else and outdent its block + - "exported: (type|func) name will be used as .* by other packages, and that stutters;" diff --git a/Makefile b/Makefile index 78786739d..9d3fb2f06 100644 --- a/Makefile +++ b/Makefile @@ -122,7 +122,7 @@ check: .PHONY: generate generate: - @$(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/generate.sh ./charts/... ./cmd/... ./pkg/... ./test/... + @$(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/generate.sh ./charts/... ./cmd/... ./pkg/... .PHONY: format format: @@ -130,11 +130,11 @@ format: .PHONY: test test: - @SKIP_FETCH_TOOLS=1 $(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/test.sh ./cmd/... ./pkg/... + @$(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/test.sh ./cmd/... ./pkg/... .PHONY: test-cov test-cov: - @SKIP_FETCH_TOOLS=1 $(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/test-cover.sh ./cmd/... ./pkg/... + @$(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/test-cover.sh ./cmd/... ./pkg/... .PHONY: test-clean test-clean: diff --git a/README.md b/README.md index e32746843..18fc90823 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ This extension controller supports the following Kubernetes versions: | Version | Support | Conformance test results | | --------------- | ----------- | ------------------------ | -| Kubernetes 1.22 | 1.22.0+ | N/A | +| Kubernetes 1.22 | 1.22.0+ | [![Gardener v1.22 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.22%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.22%20Azure) | | Kubernetes 1.21 | 1.21.0+ | [![Gardener v1.21 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.21%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.21%20Azure) | | Kubernetes 1.20 | 1.20.0+ | [![Gardener v1.20 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.20%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.20%20Azure) | | Kubernetes 1.19 | 1.19.0+ | [![Gardener v1.19 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.19%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.19%20Azure) | diff --git a/VERSION b/VERSION index fc0de3b84..e2caecc98 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v1.22.0-dev +v1.23.0-dev diff --git a/charts/gardener-extension-admission-azure/charts/application/templates/validatingwebhook-validator.yaml b/charts/gardener-extension-admission-azure/charts/application/templates/validatingwebhook-validator.yaml index 99b6e5d04..052728dcc 100644 --- a/charts/gardener-extension-admission-azure/charts/application/templates/validatingwebhook-validator.yaml +++ b/charts/gardener-extension-admission-azure/charts/application/templates/validatingwebhook-validator.yaml @@ -31,7 +31,7 @@ webhooks: name: {{ include "name" . }} path: /webhooks/validate {{- end }} - caBundle: {{ required ".Values.webhookConfig.caBundle is required" (b64enc .Values.global.webhookConfig.caBundle) }} + caBundle: {{ required ".Values.global.webhookConfig.caBundle is required" .Values.global.webhookConfig.caBundle | b64enc }} - name: secrets.validation.azure.provider.extensions.gardener.cloud rules: - apiGroups: @@ -58,4 +58,4 @@ webhooks: name: {{ include "name" . }} path: /webhooks/validate/secrets {{- end }} - caBundle: {{ required ".Values.webhookConfig.caBundle is required" (b64enc .Values.global.webhookConfig.caBundle) }} \ No newline at end of file + caBundle: {{ required ".Values.global.webhookConfig.caBundle is required" .Values.global.webhookConfig.caBundle | b64enc }} diff --git a/charts/gardener-extension-admission-azure/charts/runtime/templates/secret-cert.yaml b/charts/gardener-extension-admission-azure/charts/runtime/templates/secret-cert.yaml index 5f37e1532..78e875760 100644 --- a/charts/gardener-extension-admission-azure/charts/runtime/templates/secret-cert.yaml +++ b/charts/gardener-extension-admission-azure/charts/runtime/templates/secret-cert.yaml @@ -11,5 +11,5 @@ metadata: heritage: "{{ .Release.Service }}" type: Opaque data: - tls.crt: {{ required ".Values.global.webhookConfig.tls.crt is required" (b64enc .Values.global.webhookConfig.tls.crt) }} - tls.key: {{ required ".Values.global.webhookConfig.tls.key is required" (b64enc .Values.global.webhookConfig.tls.key) }} + tls.crt: {{ required ".Values.global.webhookConfig.tls.crt is required" .Values.global.webhookConfig.tls.crt | b64enc }} + tls.key: {{ required ".Values.global.webhookConfig.tls.key is required" .Values.global.webhookConfig.tls.key | b64enc }} diff --git a/charts/gardener-extension-provider-azure/templates/configmap-logging.yaml b/charts/gardener-extension-provider-azure/templates/configmap-logging.yaml index 4250b474e..64690ae44 100644 --- a/charts/gardener-extension-provider-azure/templates/configmap-logging.yaml +++ b/charts/gardener-extension-provider-azure/templates/configmap-logging.yaml @@ -29,13 +29,13 @@ data: Reserve_Data True [FILTER] - Name rewrite_tag + Name modify Match kubernetes.* - Rule $tag ^kubernetes\.var\.log\.containers\.(cloud-controller-manager-.+?_.+?_azure-cloud-controller-manager|csi-driver-controller-.+?_.+?_azure-csi) user-exposed.$TAG true - Emitter_Name re_emitted-provider-azure + Condition Key_value_matches tag ^kubernetes\.var\.log\.containers\.(cloud-controller-manager-.+?_.+?_azure-cloud-controller-manager|csi-driver-controller-.+?_.+?_azure-csi) + Add __gardener_multitenant_id__ operator;user [FILTER] - Name rewrite_tag + Name modify Match kubernetes.* - Rule $tag ^kubernetes\.var\.log\.containers\.machine-controller-manager-.+?_.+?_(machine-controller-manager-provider-azure|azure-machine-controller-manager) user-exposed.$TAG true - Emitter_Name re_emitted-provider-azure-mcm + Condition Key_value_matches tag ^kubernetes\.var\.log\.containers\.machine-controller-manager-.+?_.+?_(machine-controller-manager-provider-azure|azure-machine-controller-manager) + Add __gardener_multitenant_id__ operator;user diff --git a/charts/gardener-extension-provider-azure/templates/secret-serviceprincipal.yaml b/charts/gardener-extension-provider-azure/templates/secret-serviceprincipal.yaml new file mode 100644 index 000000000..8a3c6a164 --- /dev/null +++ b/charts/gardener-extension-provider-azure/templates/secret-serviceprincipal.yaml @@ -0,0 +1,15 @@ +{{- range .Values.servicePrincipals }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: service-principal-{{ print .tenantID .clientID .clientSecret | sha256sum | trunc 12 }} + namespace: {{ $.Release.Namespace }} + labels: + azure.provider.extensions.gardener.cloud/purpose: tenant-service-principal-secret +data: + tenantID: {{ .tenantID }} + clientID: {{ .clientID }} + clientSecret: {{ .clientSecret }} +type: Opaque +{{- end }} diff --git a/charts/gardener-extension-provider-azure/values.yaml b/charts/gardener-extension-provider-azure/values.yaml index bf4e1dc55..066770a98 100644 --- a/charts/gardener-extension-provider-azure/values.yaml +++ b/charts/gardener-extension-provider-azure/values.yaml @@ -76,3 +76,11 @@ config: gardener: seed: provider: azure + +# servicePrincipals: +# - tenantID: tenant-1 +# clientID: spn-1 +# clientSecret: secret-1 +# - tenantID: tenant-2 +# clientID: spn-2 +# clientSecret: secret-2 diff --git a/charts/images.yaml b/charts/images.yaml index f8a805723..127badb07 100644 --- a/charts/images.yaml +++ b/charts/images.yaml @@ -2,7 +2,7 @@ images: - name: terraformer sourceRepository: github.com/gardener/terraformer repository: eu.gcr.io/gardener-project/gardener/terraformer-azure - tag: "v2.9.0" + tag: "v2.13.0" - name: cloud-controller-manager sourceRepository: github.com/kubernetes/kubernetes @@ -26,22 +26,22 @@ images: - name: cloud-controller-manager sourceRepository: github.com/gardener/cloud-provider-azure repository: eu.gcr.io/gardener-project/kubernetes/cloud-provider-azure - tag: "v1.20.10" + tag: "v1.20.12" targetVersion: "1.20.x" - name: cloud-controller-manager sourceRepository: github.com/gardener/cloud-provider-azure repository: eu.gcr.io/gardener-project/kubernetes/cloud-provider-azure - tag: "v1.21.4" + tag: "v1.21.6" targetVersion: "1.21.x" - name: cloud-controller-manager sourceRepository: github.com/gardener/cloud-provider-azure repository: eu.gcr.io/gardener-project/kubernetes/cloud-provider-azure - tag: "v1.22.0" + tag: "v1.22.3" targetVersion: ">= 1.22" - name: machine-controller-manager sourceRepository: github.com/gardener/machine-controller-manager repository: eu.gcr.io/gardener-project/gardener/machine-controller-manager - tag: "v0.40.0" + tag: "v0.42.0" - name: machine-controller-manager-provider-azure sourceRepository: github.com/gardener/machine-controller-manager-provider-azure repository: eu.gcr.io/gardener-project/gardener/machine-controller-manager-provider-azure @@ -49,7 +49,7 @@ images: - name: csi-driver-disk sourceRepository: github.com/kubernetes-sigs/azuredisk-csi-driver repository: mcr.microsoft.com/k8s/csi/azuredisk-csi - tag: "v1.2.0" + tag: "v1.6.0" - name: csi-driver-file sourceRepository: github.com/kubernetes-sigs/azurefile-csi-driver repository: mcr.microsoft.com/k8s/csi/azurefile-csi @@ -86,4 +86,4 @@ images: - name: remedy-controller-azure sourceRepository: github.com/gardener/remedy-controller repository: eu.gcr.io/gardener-project/gardener/remedy-controller/remedy-controller-azure - tag: "v0.8.0" + tag: "v0.9.0" diff --git a/charts/internal/seed-controlplane/charts/csi-driver-controller/templates/_deployment.tpl b/charts/internal/seed-controlplane/charts/csi-driver-controller/templates/_deployment.tpl index ed579fc54..fe2ce0569 100644 --- a/charts/internal/seed-controlplane/charts/csi-driver-controller/templates/_deployment.tpl +++ b/charts/internal/seed-controlplane/charts/csi-driver-controller/templates/_deployment.tpl @@ -44,6 +44,11 @@ spec: - --endpoint=$(CSI_ENDPOINT) {{- if eq .role "disk" }} - --kubeconfig=/var/lib/csi-driver-controller-disk/kubeconfig + {{- if hasKey .Values "vmType" }} + {{- if eq .Values.vmType "vmss" }} + - --disable-avset-nodes=false + {{- end }} + {{- end }} {{- end }} {{- if eq .role "file" }} - --nodeid=dummy diff --git a/cmd/gardener-extension-provider-azure/app/app.go b/cmd/gardener-extension-provider-azure/app/app.go index 93b4863a5..a52a7a09e 100644 --- a/cmd/gardener-extension-provider-azure/app/app.go +++ b/cmd/gardener-extension-provider-azure/app/app.go @@ -191,7 +191,7 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command { reconcileOpts.Completed().Apply(&azureworker.DefaultAddOptions.IgnoreOperationAnnotation) workerCtrlOpts.Completed().Apply(&azureworker.DefaultAddOptions.Controller) - if _, _, err := webhookOptions.Completed().AddToManager(mgr); err != nil { + if _, _, err := webhookOptions.Completed().AddToManager(ctx, mgr); err != nil { controllercmd.LogErrAndExit(err, "Could not add webhooks to manager") } diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/_index.md b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/_index.md new file mode 100644 index 000000000..41b3534cf --- /dev/null +++ b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/_index.md @@ -0,0 +1,95 @@ +--- +title: Create a Kubernetes cluster on Azure with Gardener +level: beginner +category: Getting Started +scope: app-developer +--- + +### Overview + +Gardener allows you to create a Kubernetes cluster on different infrastructure providers. This tutorial will guide you through the process of creating a cluster on Azure. + +### Prerequisites + +- You have created an [Azure account](https://azure.microsoft.com/en-us/). +- You have access to the Gardener dashboard and have permissions to create projects. +- You have an Azure Service Principal assigned to your subscription. + +### Steps + +1. Go to the Gardener dashboard and create a *Project*. + + + + +1. Get the properties of your Azure AD tenant, Subscription and Service Principal. + ``` + Before you can provision and access a Kubernetes cluster on Azure, you need to add the Azure service principal, AD tenant and subscription credentials in Gardener. + Gardener needs the credentials to provision and operate the Azure infrastructure for your Kubernetes cluster. + + **Ensure that the Azure service principal has the `Contributor` role within your Subscription assigned.** + ``` + + + - Tenant ID + + To find your TenantID, follow this [guide](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant). + + - SubscriptionID + + To find your SubscriptionID, search for and select *Subscriptions*. + + + After that, copy the SubscriptionID from your subscription of choice. + + + - Service Principal (SPN) + + A service principal consist of a `ClientID` (also called `ApplicationID`) and a Client Secret. For more information, see [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals). You need to obtain the: + - Client ID + + Access the [Azure Portal](https://portal.azure.com) and navigate to the `Active Directory` service. + Within the service navigate to `App registrations` and select your service principal. Copy the ClientID you see there. + + + - Client Secret + + Secrets for the Azure Account/Service Principal can be generated/rotated via the Azure Portal. + After copying your ClientID, in the `Detail` view of your Service Principal navigate to `Certificates & secrets`. In the section, you can generate a new secret. + +1. Choose *Secrets*, then the plus icon and select *Azure*. + + + +1. Create your secret. + + 1. Type the name of your secret. + 1. Copy and paste the `TenantID`, `SubscriptionID` and the Service Principal credentials (`ClientID` and `ClientSecret`). + 3. Choose *Add secret*. + + + >After completing these steps, you should see your newly created secret in the *Infrastructure Secrets* section. + + + +1. To create a new cluster, choose *Clusters* and then the plus sign in the upper right corner. + + + +1. In the *Create Cluster* section: + 1. Select *Azure* in the *Infrastructure* tab. + 1. Type the name of your cluster in the *Cluster Details* tab. + 1. Choose the secret you created before in the *Infrastructure Details* tab. + 1. Choose *Create*. + + + +1. Wait for your cluster to get created. + + + +### Result + +After completing the steps in this tutorial, you will be able to see and download the kubeconfig of your cluster. + + \ No newline at end of file diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/add-azure-secret.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/add-azure-secret.png new file mode 100644 index 000000000..54a2d7199 Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/add-azure-secret.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/azure-choose-subscription.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/azure-choose-subscription.png new file mode 100644 index 000000000..8bd3aeab1 Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/azure-choose-subscription.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/azure-select-subscription.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/azure-select-subscription.png new file mode 100644 index 000000000..5982fba59 Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/azure-select-subscription.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/copy-kubeconfig.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/copy-kubeconfig.png new file mode 100644 index 000000000..be7f888ab Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/copy-kubeconfig.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/create-cluster.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/create-cluster.png new file mode 100644 index 000000000..9523495bc Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/create-cluster.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/create-secret-azure.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/create-secret-azure.png new file mode 100644 index 000000000..24bb50102 Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/create-secret-azure.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/new-cluster.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/new-cluster.png new file mode 100644 index 000000000..4b134cd1f Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/new-cluster.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/new-gardener-project.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/new-gardener-project.png new file mode 100644 index 000000000..44f51258d Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/new-gardener-project.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/plus-icon.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/plus-icon.png new file mode 100644 index 000000000..e82d92d18 Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/plus-icon.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/processing-cluster.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/processing-cluster.png new file mode 100644 index 000000000..072c5dd0d Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/processing-cluster.png differ diff --git a/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/secret-stored.png b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/secret-stored.png new file mode 100644 index 000000000..d9fbc7816 Binary files /dev/null and b/docs/tutorials/kubernetes-cluster-on-azure-with-gardener/images/secret-stored.png differ diff --git a/docs/usage-as-end-user.md b/docs/usage-as-end-user.md index bb99a6834..ffc8341c1 100644 --- a/docs/usage-as-end-user.md +++ b/docs/usage-as-end-user.md @@ -11,7 +11,7 @@ Every shoot cluster references a `SecretBinding` which itself references a `Secr The `SecretBinding` is configurable in the [Shoot cluster](https://github.com/gardener/gardener/blob/master/example/90-shoot.yaml) with the field `secretBindingName`. Create an [Azure Application and Service Principle](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) and obtain its credentials. -Please make sure the Azure application has the following IAM roles. +Please make sure the Azure application has the following IAM roles. - [Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) The example below demonstrates how the secret containing the client credentials of the Azure Application has to look like: @@ -33,6 +33,19 @@ data: ⚠️ Depending on your API usage it can be problematic to reuse the same Service Principal for different Shoot clusters due to rate limits. Please consider spreading your Shoots over Service Principals from different Azure subscriptions if you are hitting those limits. +### Managed Service Principals + +The operators of the Gardener Azure extension can provide managed service principals. +This eliminates the need for users to provide an own service principal for a Shoot. + +To make use of a managed service principal, the Azure secret of a Shoot cluster must contain only a `subscriptionID` and a `tenantID` field, but no `clientID` and `clientSecret`. +Removing those fields from the secret of an existing Shoot will also let it adopt the managed service principal. + +Based on the `tenantID` field, the Gardener extension will try to assign the managed service principal to the Shoot. +If no managed service principal can be assigned then the next operation on the Shoot will fail. + +⚠️ The managed service principal need to be assigned to the users Azure subscription with proper permissions before using it. + ## `InfrastructureConfig` The infrastructure configuration mainly describes how the network layout looks like in order to create the shoot worker nodes in a later step, thus, prepares everything relevant to create VMs, load balancers, volumes, etc. diff --git a/docs/usage-as-operator.md b/docs/usage-as-operator.md index 91a0b52bd..cccec223b 100644 --- a/docs/usage-as-operator.md +++ b/docs/usage-as-operator.md @@ -172,6 +172,46 @@ data: #### Permissions for Azure Blob storage -Please make sure the Azure application has the following IAM roles. +Please make sure the Azure application has the following IAM roles. - [Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) +## Miscellaneous + +### Gardener managed Service Principals + +The operators of the Gardener Azure extension can provide a list of managed service principals (technical users) that can be used for Azure Shoots. +This eliminates the need for users to provide own service principals for their clusters. + +The user would need to grant the managed service principal access to their subscription with proper permissions. + +As service principals are managed in an Azure Active Directory for each supported Active Directory, an own service principal needs to be provided. + +In case the user provides an own service principal in the Shoot secret, this one will be used instead of the managed one provided by the operator. + +Each managed service principal will be maintained in a `Secret` like that: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: service-principal-my-tenant + namespace: extension-provider-azure + labels: + azure.provider.extensions.gardener.cloud/purpose: tenant-service-principal-secret +data: + tenantID: base64(my-tenant) + clientID: base64(my-service-princiapl-id) + clientSecret: base64(my-service-princiapl-secret) +type: Opaque +``` + +The user needs to provide in its Shoot secret a `tenantID` and `subscriptionID`. + +The managed service principal will be assigned based on the `tenantID`. +In case there is a managed service principal secret with a matching `tenantID`, this one will be used for the Shoot. +If there is no matching managed service principal secret then the next Shoot operation will fail. + +One of the benefits of having managed service principals is that the operator controls the lifecycle of the service principal and can rotate its secrets. + +After the service principal secret has been rotated and the corresponding secret is updated, all Shoot clusters using it need to be reconciled or the last operation to be retried. + diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml index efff89c86..d0cebad96 100644 --- a/example/controller-registration.yaml +++ b/example/controller-registration.yaml @@ -5,10 +5,10 @@ metadata: name: provider-azure type: helm providerConfig: - chart: H4sIAAAAAAAAA+09a3PbtrL9rF+BUdtp0hNSlvw6R3d671VsNfU0cTSWm07n9FwPRUISa74KknbU5vz3u4sHCT4kio6jNDnCtBMLWCwWi93FYvHgwmIODSgz6NuEBrEbBkbEwjvXgSzrj5TR3hfvnQ4gnR4f838hlf/lf/cPj/qD48HJCeb3Tw4PD74gx+/fdHNK48RihHzBwjDZBNdU/ommReP4ny0tlpgry/ce2gYO8MnR0drxHxyXxn8AWYMvyMFjdnRd+g8ffyty31CG4z4kd/2OFUXaT3MwMA8Mh951HBrbzI0SXjAiP1DPJzYKBpmHjCRLSl5IQSIjlBoykUJEMrnqBJZPh6RR4Dp3dQR8bD59rqlZ/53QNhfh+7TRoP+D/slRyf6fHg1O9/q/i9TrkbMwWjF3sUzIE/spGRz0/0GmowmZjgmothXwH9Z87nqulVBih35kBSuTjDyP8GoxYTSm7I46JrleujEBUErgX8+1QaSoQ9IALQFaiVFk2fDPNJwn9xaYiZcC5Bm5M8kAbIVNo4RYMQnCBOqFUIXduzFgC3j1lxdn40sgDFvo9Hrwn8JQ00iGW1o0AraEPEGArizqPv0vRLEKU+JbK2yUpNBYknVCEgStY7eBAYFNyb2bLAU1AouJOH6ROMJZYgG4BRUi+DXXAYmVSKJ5WiZJNOz17u/vTYtTbIZs0ZNMi3uyrwZQLWv9FHg0Rm7/nroMejxbEbDXUMGaAa2edc8HbMEolCUhUn3P3MQNFs9ILBmOaBw3Tpg7S5MC0xSN0HUdANgGItAdTcnFtEuej6YX02eI5OeL6x9e/3RNfh5dXY0ury/GU/L6ipy9vjy/uL54fQm/viejy1/IjxeX588IdXEkgZ0Rwx4AmS6yEyQGcU0pLZCgppQ4orY7d23oWrBIrQUlixAmhwB6RCLKfDfGYY2BQAfReK7vJlbCsyr9MjsAsgiHCzR2KMem2YP/7mjghKy3APrSmQmD3FMGMf9jadm3PVXPsMMgYaHngX1kdIGc4k2a8ZIUDScxZRtvxldTYIn8Rd9a0HXaW4cHHS3yHJpMo+epfUuTocAmssZQaSVzzgSGCXCHyqzzy+kVtUPmiN+GA6y4CObMAvSpnUCWBPw5ZLeUiR/IGTIB9MhhManTAEUqJjrD4jSKQjnhy0wcCOQxtMionZC8T6TQp06kY9/P5X+h1Dz/JxTkFQQgfvBKsPX6b3BwODjZr/92kdqM/82SemB3YzOJWq0FG/y//uHhSWn8ByfHh3v/bxfpzz8N4tC5G4BXhAu0LjH+/e9O8yIN68HcyaE7OhLPmlEvBo8mMm/pSqDjP9IZTN0U5Mh0wx42VcCxBsWd5aWSpj//BI/G9lIno9QksuIGQqp1ywQiliFZAyHb5y1Ve+EGIDzgEvLq5hX1qAWexiUQV0tZRprrw2QoKCMES9w5WVrxhEH5W9KNl9bg+GQIzb7B5qEphDcTa0GyGhFzg2ROul/H//t1XIZkNApjNwnZahMK6COtQzh8MELorNbv8oA4NPLClU+DRK7wM+GIe3f99QMJlIXgx65sz4rjQtUYnGYn9cANMW//zkekhOdja9dfP7Wx/+Dezd2Fb0UGH/w7cPlCZqBLjusMujZG2BT/Ozo5LNn/0+OD/fp/J0lan4JWv+ED+1qNq7B9hTDhrRs4Q1yAgDy8sqKOTxPLsRJrCJZAhPnqrXW94MhKMawSakwpzxZGRhjmYY05R/TvIBNkOSFHCK3I4S3GN0UpHZJ3iGRjr4voNKP2sYfsUdPD9N8LFwu0utvtCjTo/2H/qKz/RycH+/j/TtJjKbaUCEPISFGjhYxp+ovRr0zeYlPJoGl7YepIMUtF7GBIJOZMoeeul4Bwap4YVkCNRrT//P7i5fX46l8dIhP3xkopslhMWQbyykrsZQlEQ/8tJ0sP/PhWAAaDfSuCLGuLswZ+pKubMh3Qrax8wumpEgCDwwOrbFIk+ErEW2/OgSUq75qltPPBWOBb9hKcsbVM+Jz6aseu4TAXSNG6q8Y6dv/SXWWUT1434Jdv3d+8/dSrIPwKPfz/y8F/hSUR+9WEbv6KeofBbjAfv5pP1mmBYf7tf27w/83K8q6W6+XKsfsUI/Q4W8GChDrmV9ejFyRBHimCx76bgH0oDAyjN5RnO+Vl7CfA2fWql3HnyQaYYoffCUauh39c/hq+7X9e/tLnlh7k/7U8DdK4/3tajv8d9k/28b+dpMfy/zLZ+KCLOdFKtoRD22MYBv9X7wgXXFPJsam5mhJByeO861tetLT6HFHGAmkZz3R3tFNaL0t8tucCrQAZwCISt5p5D4HeUv5QmlHLxn1lbAOKr1cRjTmrsp3dbgN+s4oAN25V/W4TfXX1JcmcySq3JVVazXbk6BUzOn6P2nIFarRrFytk7c1SFictW+R12rUpqhRDCtg8TWxHyUechAxm42E26/LY56VSwFITWNOUVcwMMu8YVMcDBm6yaq4tARV9VVHn4DO+GS2ASBL+gnvWG+AyZT75nEMpn2RqNf8z8O/SmefabmQ5Dh7l2MoT2Dz/9w9gti/N/8f9w5P9/L+LhNNnYeqMXG26zHdV5KwI3Ap9WKeGKbPpOW7QuHxa1P0EKwhCeQ5HGDBtlbGgAd9Dm6Wuh1MzIs/cjwPzxBxkjkZJ0sCyiGmdUZ86q9IU3sGzQtjagoVppDyAelDpoAy12X7C27qYjERbvMRz4+THutKXUMAhIg+8Aq+GUl4aL0OWXOYtGQjnRqLMDRapZ7FKXSiN7RAn3sxbQoIljzgmQ/Kn4LTgTphvqfkCEASjycWbw2khGzcgtWO8pW7BFIans8BM44kqeYxXkEcuJkQpfIYLzEREWeKq/knPJpclLbfU8jdInDyUJ3b5Yn6OSHYTJl7RH3F+ztVIE05YcSENQEBvOPsNJliTTHlkJUb2p56Dsgc/E8Bgh4vA/SPDHeMROWyU27akhNMFf4QFlkf4BvAzPGLGj/cxiq2QNNDw3Yl5j7wKGR5UnIdDfrQvHvbwXJnSITv0/RS0ZSVOfuHxupDFPYfeUa8XuwvDYrAmTyg/pdUDNhqc9IDrkek7XzKpdfE3BVoT7qbhgb1goRVwud4wAijZ6LdYsqroRc5odbTrajy9JqppPhhl7nO+a8KTDwEyDPjBD+LhiUoW+hwnTP5RCBwWZ8e4f1RCGqcz302EVwWDg2NlkjNuWMiMkjQCW4PHTS8CyPWpd4briw89AMjp2EDGbjcEuk0sAwuuaQXKfq0Zr5KuTgFa11d1WlLqgq67Jc7WaTKmem3G5Eay0XJBiURFHEoV0mMBI0GB8gbVadiKTangJbnEubI3ZgVoDddJ5ooX6TXyjmw1HmBq0rjFiHD4ypiI3A8wKvQtzEJNQzLmQOocLQzN/ZLyg7i1w5AxvWY8RHN4cBdUcN1YzMIQVvpl8zy3XI86ryPKdJ9gLc3fl8CFkcLJmLPR8yRCnOQUSGVK4DThhOIyLoQy3rmNWIEF8Gto3EylLJxRpFXSJ4Y7o7IGI9JoJXjyB4waDYiVoK+Np64tYsOw40HyIPVnMGCoOi44BFV6NwmJSBLtmtJSx0YSWGlxqX2el/WJ3Ft1yltoFifcEHjC6kjnPOCygxPuQtsL0RNlLGSvQEILS+INnRhrFYT88GkHc8Eqi+xsNoL1cnn6yVPeVRzVWoHRe1FjjTIAZF9i+dFWPbhW0GocsurKiiLZDdKFqYHsech8KxkSnE8NbOPB3UOArXomg0NFQcLq62ikIIPrUBvkBU3qvPc60DO0TtsCA943wnq8EsZjLeQVxVsYq62gG/hYP3WphpQi1xbqSlILkElQfSkQVmdE62dHvdBizFqVfYaaHhSdhXMlA66z1i94Ly9ALiM3k8HjZMrS4d/bkFLDpvbE8SALLnagCH2HJkonZXhFto6I+xulTtRQ+0gcXudnCV+h2cmqZIpLZMN8v1GFQbWcdJatg/JgKXfVyJ/7eGL71Db+Jz0q6VBttxHYEP/r90/65fNfp6f7/b+dpL9u/K8oaR8y+lczc+fBv2JhJfZXonJN5O/OL4X9itV2GfUr9qc26FdaNe1DfvuQX5H7+5DfDkJ+RUXdKuInFbfE2YoaY1ofNFiGcbKF6/yDBFN+qKqmvM8fs4NtJAgddam7IkuY1tqbBm5jAvGA9Zezes1+AgUFBHhxucnrr6uD/dDDYyX6a8hWPapEmSBLXnhH4WXYFEbO0ryxdhE05ZBdnG+zSOCAhdUBXoWHrPqBadGxR1gbKCkpZdeOYgkm58KjxG9L6rVt+PZRVOz9g7frApv70O0+dLsP3fK0D91u27196HYfus3Sg0K3DzDWHyZw+7iE7CBIW+9PYHqMLuxDtPu0ObWJ/+YPOLS7ANJ0/nNweFq+/3F4eryP/+4iFWO/4iUOERU9z0Z761sgne3ufvC3UPRHBxZByKiKKssT+ZUocmZUyrc3RPUh6aIJ6haP1be5ZKLiMYwKW/2Di8Zt9RKflRuSPi/hr+3FhWP0MvMsTINENBpDp/EtAUG3j5cEX25Hx4lEgA+n0cVKdjz08ImTn3gETFlU33r7U2DdgYvIAx46QcWi/BoA5E9TtqgA80wBpnRdUl6KZlWGBNOWD0gocHtJ7ds49bXHBMRNwdqXIQqC9oQ/UUO+Mq8lleZzEK2JlSxJd6u3SbpPOa/F8zpAg05X6TLGGlI3Xn56ALENZG0pvX9XNfSIono15yy/OdL8qpOcrWGSd206sm2U6cvNCs85lV1XVa0bTXZCJD5WRSj5NlIVbJJ63iQEVSveYhHvEEVZYWEEQ9+39KC4QXrbMgGBDQOsFxZwhUZQZYQML7Rvv9PIEIBjCWcquJcAplOEOMWlmBl/3NEA/UPxsVPGYCgN3GMIbNej8XfFmzpyAy029dpmXnO6Cuy4viWKb0Y+tCFeuakdIc8GPpn6XY8mdq9+2KXc97RbfGU02HqED1q2p1ev3UhwDEZ9IRawD2hJq93UkhPEjL/I2b6ZrGpTG0tqecmSm6v2rWiVm9pxCy+Jtm+qWL+xNT6tG1mgwcinn7UN8CpZaG+UVSjjvufPn7bvgajXRPk9nS3D8FapReYSfbfhNuza2tIYG/j2qk6WBBO3U00JNcEHWpvx4bMAjegoq8PmuDF6FdrLAQVmyeL89mwM09RvISxdu8+663DJtusQ/SyL1mChwZ1u3MWc83I8Oh9f3Yxfjs/wKeKby9Gr8XQyOhtr612+9fk9C0vRqblLPeeKzsvrfJ6Pk/cwc4rMbFgf6gopei9ejV6M3wCxr69uXr8ZX/18dXFdoXVIevzxXO0lq17t01abPBoc9LjKMCUhYtS1lrN5HSWhMOtuIy48fpKEdugNyfXZpHyflBX9fZG0yEH1Zmle4x0JpO/TP6i5Ssu5FnqpT1+hB1PT5eyZIpV8BBQj3DyDve+Ir3sFrY6YyqhrcLi1+DrwVsPiEx0VbuDr7bgNPtQkwRkFiTuqFOQxo/MUw0nT7InFC25cZfb4LbVT/Ua76B53TqeF5Y/WK1wIjcUT4HW7SQa5pau1L3Fmb3VWol9ihoD2yEU1mC5OalTjdsY2L37qFZIwCr1wsfoRaewW3wFVu5pdWUPIXsUZLgmPrV5Z0Knb+pEFlRw6t1IveRU6UO9ocCCLWknmdnLZnt4mOd9A+/6C+G5Sm/gfGA2YllnKo92z1FnQ7QKBTe9/Hh+V43/HeCV8H//bQZJ2YpGQJxivqAtqPSX98hOgEV9q9+76M/CGVMBwEjrnmXg85+Lx2JHDhwX0amJlcTpr7PB7B/I+BTvWSv/1h5hbbAE06f/hceX9z/5g//7nTpKu1bpM1z+6zVVVarseX6zR8y2+8yXWNX0lBgedhRfOLO9ceAVDMre8mBY/PdZVzYoXcapfH8taG5Y+x2J2Pzar/5Kpjf6zmWU/5EOATe//4mO/pe8/7PV/R6l8/4OPsZUmS9CyP0SEs3IJxAOeUXYVerTN/N5m5maph8snA+8WvMA7HfIOxNpHgzuF0AGC6nHyuJrTE0cStAKMdLu0JkcHtUXf5Q8t4lyTo9fLYrnlnzpQMT5am6eDi2Bk4e+8GEz2THIC/TC+OBd3VwAYHRn+V5T9Jc7XVzm+bte1ynDxgKiT5RaJ6H7brSK3Q2CBG+hiVsXL3cASNpvRWmrbIVT52VUdozRnlLd/6vl638jEbpf/g/vrUrxUjbXqJio48htnha9p6QA1t7WqHc4867j0szcHXnnuH0qKKN59EH/GFHicZFItwg4SSt7lkKKcHRNQFXkkuvDDEjuJBRUCNaGVjBkYATdYiPwcolL0WzgTf8CSNP+jJx5fBlFME/5xMhmlLDwoLtvkF9kUn5zsIts2UqsOe8dWxFWhludYsxkVjHwY25b2BZMqJrzLBCsTD3qowMV4NSLfeAtuK3rfa3J4Lkbsg80R0IQM1auOb6Cwkz3sqc1eDfTAIhEPvvGJSFSeFnbGH2dN+3Hn/zb+n9Tm1i5g0/rvtF+O/wxOjvfff9lJqn3/V4r5f9i5L3HYVdqHi0kh/rPdua1sf83gfzbsmJX2a4ubZXzLwWLgY7Tae2s9/g/Qfzmbb28GmvR/cFS5/z8YHO31fxdpk/6rae6jBnE/NoM+89RK/8VZ/7bh30b9Pzk+Lp//Pu3v4z87SXL/h/6eTS/ZLBtT6mSP6JMul4ZueSdIPRxeXgdMRf666HC7R8y39wkcMDgJNUCK3eAO1lWOIdbkmZfQzvhk93Yoa6RZg+VM8rzw/g0/CDB+G1kyJs3PaUQWg64l8risrC9nVeGETGDV5qb+zcur6QfeRWqj/3eR9ZDwb/P3f0/L338eQO5e/3eRSudEcIjFx9+dkqJ3q7EKuf876EqdfyMjFZPQGWWRiu0/IQJtb+lBKI+9hnhlGfTD4MW8/E0iebQN39/On+rJCsS592++VQ9/+G4wQp3Wb9PZUbrmgxFVWswcgQn16j8a0VxNO5bkUz9kqwcRIKo+hAZZs/zRX7VayQ5P1l0swvzK5aKmU0QAIGy4PnwiRxwc0uwykq4Dmzncp7Ihv+PUbP/lW0cPMfwyNe3/9Sv7fwf77//uKIkbONxIqk98DwlNzYXNH2fLxAOEAmOhWUYv33foVe7PJNZimD+yFWkXdy7ml2EyEW+sdDr6oRu8YVc+qMNz5J2144OvsYIKWuNVYtB2pFzOV9kh2DpzXzXe3HQfH/idoi09OXrlNlqcLk5v3U5HOwSPQPoGYzbL6BcFoMEMjF+s2QClbyVuAtPuomwAyzYcN8BoN0E2QBU3JDcAii3JTZjW3dZQJz861dsEQ/LPf3VKdwN4XimWmKH4ktQdfcWPh31J1Mehh/xvdQg2stJY3G/gbgAvAy+d473SlGThJst0BksBv5efBtb/nHnhrOdbGE3s8fcOexx17zwEAWF4WUri1lVP6V0YLjx6k1+sE3UNy3dOjmQ1rmXdQ/OgKzOylxT7Zr9vvv20e9Wv9Kr7399hzwaiwDTNTqcQCuWLqTyuOiRHR4cyS91ggJnm+KDTKV7WG2o2A+/rDdUOccfO8NZ/yK3uM274oAjYNATq/RbL510Kn1SrheAfO+sfiCPQ8ktk/UP8mX8XrPRVMLt6s1Osgo15/i5O/uWvw8MXrswsLGuLR9nFvjdo2G2no7AKxirTqay9fGZz70nt0z7t0z7t0z7t0z59Uun/AT1zBhMAoAAA + chart: H4sIAAAAAAAAA+09/XPbNrL9WX8FRr2bpn0h9WFbvqebvneK7baeJo7GctPpXO95KBKSWJMEyw87anP/+9vFl8APiZLjKE1PmHYiA4vFAthdLBYLcO4kHo1oYtG3GY1Sn0VWnLB734Ms57c8oZ3P3jt1IZ2enPB/IZX/5b97R8e9/kl/MMD83uDoqPsZOXn/pptTnmZOQshnCWPZJrim8k80zRvn/2zhJJm9dMLgsW3gBA+Oj9fOf/+kNP99yOp/RrpP2dF16T98/p3Yf0MTnPchue+1nDg2/rT7R3bX8uh9y6Opm/hxxgtG5DsahMRFxiAzlpBsQcm3kpHICLmGjCUTEc1XrcgJ6ZA0Mlzrvo6Ajz1Of9bULP8ec+05e582GuS/3xscl/T/6XH/9CD/+0idDjlj8TLx54uMPHO/JP1u77/JZDQmkwsCou1E/A9nNvMD38kocVkYO9HSJqMgILxaShKa0uSeeja5WfgpAVBK4N/Ad4GlqEfyCDUBaolR7Ljwz4TNsgcH1MRLAfKc3NukD7rCpXFGnJRELIN6DKokD34K2CJe/eXl2cUVEIYttDod+E9hqGlE45YajfTtLnmGAG1Z1P7y74hiyXISOktslOTQWKY7IQmC1rHbMACRS8mDny0ENQKLjTh+kjjYNHMA3IEKMfw1MwGJk0mieVpkWTzsdB4eHmyHU2yzZN6Rg5Z2ZF8toFrW+iEKaIqj/WvuJ9Dj6ZKAvoYKzhRoDZwHPmHzhEJZxpDqh8TP/Gj+nKRywBGN56dZ4k/zrDBoikbougkAwwYs0B5NyOWkTV6MJpeT54jkx8ub717/cEN+HF1fj65uLi8m5PU1OXt9dX55c/n6Cv76hoyufiLfX16dPyfUx5mE4YwT7AGQ6eNwAscgrgmlBRLUkpLG1PVnvgtdi+a5M6dkzmBxiKBHJKZJ6Kc4rSkQ6CGawA/9zMl4VqVfdgtA5mw4R2WHfGzbHfjvnkYeSzpzoC+f2jDJHaUQVz8WjnvXUfUsl0VZwoIA9GNC5zhSvEk7XZCi4iS2bOPNxfUEhkT+Rd860HXaWYcHDS3yAprM4xe5e0ezocAmsi6g0lLmnAkMYxgdKrPOrybX1GWJJ/62PBiKy2iWOIA+dzPIkoA/suSOJuIPHBkyBvQ4wmJRpxGyVErMAUvzOGZywZeZOBE4xtBiQt2MrPpECn1qxSb2w1r+B0rN639GgV+BAdJH7wR33v/1u0f9wWH/t4+0y/zfLmgAeje1s3invWCD/dc7OhqU5r8/ODk62H/7SL//bhGPzvwIrCLcoLWJ9e9/t5o3aVgP1k4O3TKRBM6UBilYNLF9R5cCHf8jn8LSTYGPbJ91sKkCjjUo7p0glzT9/jtYNG6Qe5pSm8iKGwip1i0TiFiGZA2EbJ+3VO2FHwHzgEnIq9vXNKAOWBpXQFwtZZo0P4TFUFBGCJb4M7Jw0nEC5W9JO104/ZPBEJp9g81DUwhvZ86c6Bpx4kfZjLT/mv7jr2kZMqExS/2MJctNKKCPtA7h8NEIobNGv8sT4tE4YMuQRpnc4WvmSDv3vfUTCZQxsGOXbuCkaaFqCkazlwdghth3f+MzUsLzsaXrj5920f9g3s38eejEFp/8ezD5WGKhSY77DLrWR9jk/zseHJX0/+lJ97D/30uS2qcg1W/4xL5W8yp0X8FNeOdH3hA3IMAPr5y4FdLM8ZzMGYImEG6+em1dzziyUgq7hBpVyrOFkhGKeVijzhH9O8gEXs7IMUIrcniL6W2RS4fkHSLZ2OsiOkOpfewpe9L0OPkP2HyOWne7U4EG+T/qnfRK8n886PYO8r+P9FSCLTnCEjxSlGjBY4b8ovdL81tqKx603YDlnmSzXPgOhkRi1gI984MMmNOwxLACSjSi/ec3ly9vLq7/1SIycWuslGInSWmiQV45mbsogRjov+JkmY6f0IlAYSRfCSfL2mLdwPd0eVumA7qly8ecnioBMDncsZqMiwRfC3/r7TkMicq7SXLa+mBDEDruAoyxtYPwZ+qrm/qWl/hAitFdNdep/4fuasg8f7bcuqsaECTe81HeDEDsHt//3IaIhqYErf3/W9X/GbZHyc82dPlnlEF0fIMq+dl+tk4iLPu//vcW/98sOO9qZ6BcOfW/1OSPPK88EuT2VumV2zAPMljSIyfKbn3v9pawGN2XLPl7juP/iQ3velnUQ/RsA0xxeX8nRnM9/FMN8sde6A6pNj3K/tsxGqTx/Pe07P876g0O/r+9pKey/zRvfNDNnGhFb+FQA1mWxf81O8IZ11Z8bBumpkRQsjjve04QL5weR6SHQCrCM9McbZX2yxKfG/hAK0BGsIlENc97CPSW8odSmTounitjG1B8s4xpyodKn+y2G/DbVQR4cKvqt5voq6svSeaDrHJ3pMqouRs5ZkVNx6/xrqMCNXZrFyvo9qZ5kmY7tsjr7NamqFJ0KWDzNHM9xR8pLJuw+A712st9n1dKAEtNYE1bVrE15KpjUB0DDPxs2VxbAir6qqzOwaf8MFoAkYz9hGfWG+C0MA/+zK6UTzLttP4nnhXn08B3/djxPAzl2MoS2Lz+97qw2pfW/5Pe0eCw/u8j4fJZWDpj31guV6cqclWE0WIh7FNZnrj0HA9o+LamYCc4UcRkHI5QYMamYk4jfoY2zf0Al2ZErs2Prj2w+9rQKHEaaBaxrCc0pN6ytIS3MFYIW5snLI+VBVAPKg2UobHaj3lbl+ORaIuXBH6afV9X+hIKOEQcgFUQ1FDKS9MFS7KrVUsWwvmxKPOjeR44SaUulKYuw4VXW0tIsBwjjsmS41MwWvAkLHTUegEIotH48s3RpJCNB5BGGG+pW7CEYXQWqGmMqJJhvII8cjkmSuA1LlATsMHLfNU/admseMnILbX8BRIng/LEKV/K44hkN2HhFf0R8XO+QZowwop7UAACetn0F1hgbTLhnpUUhz8PPOQ9+DMDDC6bR/5vGneKIXLYKNdtWQmnD/ZIEjkB4Tv05xhixsP7EoqtkDwy8N2LdY+8YgkGKs7YkIf2pcMOxpUpGXJZGOYgLUsR+YXhdSxJOx69p0En9eeWk8AWPKM8SqsDw2hx0iMuR3bofZ5IqUu/KNCacTMNA/aiuVHA+XrDDCBno93iyKqiF6uBVqFd1xeTG6Ka5pNRHn0+7gbzrKYABwzGgwfiYURlwkKOExb/mMEIi9gxbh+VkKb5NPQzYVXB5OBc2eSMKxYypSSPQddguOllBLkhDc5wf/GhJwBHOrVwYLebAlMnloHFqBkFSn+tma+SrE4A2pRXFS0pZcGU3dLI1kkypnppxuTHstFyQYlERRxyFdLjwECCAK0aVNGwFZ1SwUtWHOfL3tgVoDWjTrQpXqTXWnVkq/kAVZOnO8wIh6/Micj9ALNC38Iq1DQlFxxIxdHC1DwsKA/ErZ0GPeg18yGaw8BdEMF1czFlDHb6ZfU8c/yAeq+5M3BlE6yl+ZsSuFBSuBjzYQwCiVC6FzlIZUngNOGC4iecCaV7cxu2Ag0Q1tC4mUpZOKVIq6RPTLemsgYj0uhkGPkDSo1GxMnQ1saoa4e4MO0YSB7l4RQmDEXHB4OgSu8mJhFJol1TWurYSAIrKS61z/N0n8iDUye8hWZxwWUwJkkd6XwMOO/ggjs3zkLMRJOEJa+AQwtb4g2duDAqCP7hyw7mglYW2Xo1gv1yeflZpVVXcVZrGcbsRY020gA4fJkTxlv14EZBq3nQ1ZUWRbIbuAtTA9kzloRONiS4nlrYxqO7hwBb9Uw6h4qMhNXX0UiBB9ehtsi3NKuz3utAz1A7bQsMeN8I7fFKKI+1kNcUb2Est4JuGMf6pUs1pAS5ttAUkloAzUH1pUBYnRKtXx3NQidJnGWpzK/pQdFYOFc84Htr7YL3sgLkNnIzGdxPpjQd/t6GlJph2p047mTBzQ4Uoe3QROm4DK/INhFxe6PUiRpqn2iE19lZwlZoNrIqmeIS2ZBkeObNM6Qb1MjJp3oftHKWclON/H7wJ+6edvX/SYtKGlTbHQQ2+P96vUEl/uv09HD+t5f0x/X/FTntQ3r/albulfOvWFjx/ZWoXOP5uw9Lbr9itX16/Yr9qXX6lXZNB5ffweVXHP2Dy28PLr+ioG7l8ZOCWxrZihhjWu80WLA028J0/k6CKTtUVVPW5/c6jo1EzFOXuiu8hGmtvmkYbUzAHrD/8pavkx9AQAEBXlxusvrr6mA/TPdYif4aslWPKl4myJIX3pF5E2wKPWf5qrHdPGjKILs832aTwAELuwO8Cg9Z9ROzQ8eeYG+guKSUXTuLJZjVKDyJ/7YkXtu6b59ExN7febvOsXlw3R5ctwfXLU8H1+223Tu4bg+uW50e5bp9hLL+MI7bpyVkD07aensC01N04eCiPaTNaRf/7+oBh90ugDTFf/aPTsv3P45OTw7+332kou9XvMQhvKLnera3vgXS2u7uB38LxXx0YB6xhCqvsozIr3iRtVIp394Q1YekjSqoXQyr3+WSifLHJFTo6u98VG7Ll/is3JD0eAl/bS8thNHLzDOWR5loNIVO41sCgm5+u+/ldnQMJAJ8OI3Ol7LjLMAnTn7gHjClUUPn7Q+Rcw8mInd4mAQVi1bXACB/kifzCjDPFGBK1iXlJW9WZUowbfmAhAJ3F9S9S/PQeExA3ECsfRmiwGjP+BM15C/2jaTSfgGsNXayBWlv9TZJ+0s+1uJ5HaDBpKt0GWMNqRsvPz2C2AaytuTev6kapkdRvZpztro50vyqk1ytYZH3XTpyXeTpq80Cz0dK305VrVtNekIkPldFKPk2UhVsnAfBmIGoFW+xiHeIYl1YmEEWho7pFLdIZ9tBQGDLAu2FBVygEVQpIStg7t3XBhkC8ELC2QruJYCZFCFOcSlmyh93tED+kH3cPElgKi08Y4hcP6Dp18WbOvIALbXN2vaq5mQZuWl9SxTfjHxsQ7xyUzuCny18MvXrDs3cTv20S77vGLf4ymiw9RgftNydXrN2I8EpKPW52MA+oiWjdlNLXpQm/EXO3ZvRVZvaWFAnyBZcXe3eilG5qR2/8JLo7k0V6ze2xpd1SzsarNXys7YBXkW79ka6Qhn3A3/+dPceiHpNlD/Q6YKxOyUW2iT6esNt2LW1pTK28O1VkywJJm6n2hJqjA+0NuPDVwAa0dGkDpvnp2hVGA8FFAZLFq9uz6awTP3CYOvaft5eh0u2XYfoR1m0BguN7k3lLtaclxej84vr24uXF2f4FPHt1ejVxWQ8Orsw9rv86PObhJW8UzOfBt41nZX3+TwfF++hNopsPa2PNYUUvZevRt9evAFiX1/fvn5zcf3j9eVNhdYh6fDHc42XrDq1T1ttsmhw0tPqgCkOEbNutKzXdeSEwqq7Dbtw/0nGXBYMyc3ZuHyfNCna+yIZnoPqzdJVjXckkrZPr1tzlZaPGgvykL5CC6amy/qZIpVCBBQz3LyCve+Mr3sFrY6YyqwbcHi0+DoKlob3pXbm8fV2PAYfGpzgjaLMH1UKVj6j8xzdSRP9xOIlV64y++ItdXPzRrvoHjdOJ4Xtj9Er3AhdiCfA606TLHJHl2tf4tRvdVa8X+qdEZCkqjNdRGpU/XbWNi9+mhUyFrOAzZffI43t4jug6lSzLWsI3qsYwyXmcdUrCyZ1Wz+yoJJHZ04eZK+YB/WO+11ZtBNnbseXu9PbxOcbaD9cEN9P2sX/B0oDluUk597uae7N6XaOwKb3P0+Oy/6/E7wSfvD/7SFJPTHPyDP0V9Q5tb4kvfIToDHfanfue1OwhpTDcMy8c80eLzh7PLXn8HEOvRpfWZpPGzv83o68T0GP7ST/5kPMOxwBNMn/0Un5/V/4ffj+116SKdUmT9c/us1FVUq76V+skfMtvvMl9jU9xQbd1jxgUyc4F1bBkMycIKXFT4+1VbPiRZzq18d0a8PS51js9sce6j9k2kX+k6njPuZDgE3v/w66/fL3Hw7yv6dUvv/B59jJswVI2W/Cw1m5BBLAmNHkmgV0l/V9l5U7yQPcPll4t+BbvNMh70CsfTS4VXAdIKjpJ0+rOR0RkmAUoKfbpzU5Jqgr+i7/MDzONTlmPe3LLf9pAhX9o7V5JrhwRhZ+r4pBZU/lSKAdxjfn4u4KAKMhw3/F+peIr6+O+LpT1+qAi/dCPZ1bJKL9VbuK3GUwBH5kslkVLzcDS9jchNZSuxtCla+v6lilNaN8/FM/rg+Ng9hu83/wfF2yl6qxVtxEBU9+46zwNS0ToOa2VrXD2rJOS392ZjBWgf+b4iKKdx/Ez5TCGGeaq4XbQULJuxySlXWYgKrIPdGFPxxxklgQIRATWsmYghLwo7nIX0FUin5hU/EDtqSrHx3x+DKwYp7xj5NJL2XhQXHZJr/IpsbJ0xfZtuFaFeydOjEXhdoxx5rNqGDmWeo6xhdMqpjwLhPsTALooQIX89WIfOMtuK3ofa/F4YWYsQ+2RkAT0lWvOr6BwpZ+2NNYvRrogU0iBr7xhUhUnhROxp9mT/tx1/9d7D+hE9SJFAY44MNlQaNJ2LT/G1Tu/w66xwf7by8JfRSJE82p9oSoo0Q1vfx8pqwJtLxPOE/UyLg+t1R4MHhGBMXY4pXwy3MiX0dd/RLoCtEw7/BwI3JJr18nU39pchSh52b9e8ClULI4T2KWYjQrp9CqdkLIgH6QWPVEyLfuF6dA9U2U6Z4aZaK3ZrnsP8CI0NvXsfNrTj+gJ2k3+eejsfMWsEn+T3tl/29/cHL4/tNe0hqh5hP9Hxb3KSRO2geX44L/d7u4TX2+bvGfDSfmpXiN4mE5P3J0Ethj7HT2vvP8P0L+pTW/vRpokv/+ceX9j37/+CD/+0ib5F+ZuR/1EOdjD9CfPO0k/+Kuz67HP832/8lJ+f7Hae9g/+8lyfNf+qteXvQqm1LqaaOZtDk3tMsnwerDAWU/wETkrzsd2u0jBtvbBB4onIxawMV+dO8EvmcJn5y2EnZTPvreHk0aaTZg+SAFAXt4wwOBLt7GjjyT4nFasZNA1zIZLi/ry1VVGCHjhIZ+Ht6+vJ584FPkXeT/PnYec/zT/P3v0/L33/vdw/cf95NKcWI4xbCJnQbUKwl6u+qrlPEf/baU+TfSUzlm3kh7Krf/hBC0vaUFoSz2GuKVZjAvgxTzVm+SydBWfH9/9VSXLhD3Xr74Sj38E/rRCGXavE3rxvmaD8ZUabFXCGyoV//RmOZqRlhiSEOWLB9FgKj6GBpkzfJHv9VuRQdP110sxPzK5cKmKEIAEDrcnD6RIwIHDb2MpJvA9gruUwnI2XNq1v/yrbPHKH6Zms7/j6CsqP+7J72D/2cvSdzA40oyZqmfcYVCc3vu8scZNXsAU+BZiM7orJyoncr9ucyZD1eP7MXGxb3L2RXLxuKNpVbLDLrDG7blQD2eI++snnT/ihXUoRU+JQDSjpTL9UoHwdep+6ry5qr7pBu2irp0cPzKb9Q4bVze2q2WcQkGgcwAA73KmBeFoEENxi/WbYAyQwk2gRl30TaA6YCDDTDGTbANUMWAhA2AIiRhE6Z1t7VU5FereptoSP75r1bpbhDPK/kSNYrPSV3oO3488HOiPg4/5L9VEHzs5Km438TNAF4GVjrHe20IydzPFvkUtgJhZ3UbwPw5Ddi0EzroTezw9047HHXnnAGDJHhZUuI2RU/JHWPzgN6uLtaKupYTeoNjWY1LWfvI7rZlhn5JtWf3evbbT7tXvUqv2v/zNfasLwps2261Cq5Qvpla+VWH5Pj4SGapG0y9bv+k22oVL+sODZ2B93WHKkKk5Wq89R9yrPuMIz4oBDoNgTq/pPJ5p8InFWsh+McOe11xBUJ+ibB3hH+uvgtY+iqgW73ZLXbB1mz1Ltbqy39HR9/6MrOwrS1eZRFxLyBhd62WwioGVqlOpe3lM7soYpUjQ5Qoyzgck8dpPT5zq3OxNI4Keeo8TB409+qx9Guw9Ndj6R9svUM6pEM6pJr0/0qlxvQAoAAA values: image: - tag: v1.22.0-dev + tag: v1.23.0-dev --- apiVersion: core.gardener.cloud/v1beta1 kind: ControllerRegistration diff --git a/go.mod b/go.mod index 65a3e51c0..abacfa0aa 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/coreos/go-systemd/v22 v22.1.0 github.com/frankban/quicktest v1.9.0 // indirect github.com/gardener/etcd-druid v0.5.0 - github.com/gardener/gardener v1.30.1-0.20210831145107-5b4604745d8e + github.com/gardener/gardener v1.33.1 github.com/gardener/gardener-extension-networking-calico v1.7.1-0.20200522070525-f9aa28d3c83a github.com/gardener/machine-controller-manager v0.36.0 github.com/gardener/remedy-controller v0.6.0 @@ -38,8 +38,6 @@ require ( k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible k8s.io/code-generator v0.21.2 k8s.io/component-base v0.21.2 - k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 - k8s.io/klog v1.0.0 k8s.io/kubelet v0.21.2 k8s.io/utils v0.0.0-20210527160623-6fdb442a123b sigs.k8s.io/controller-runtime v0.9.1 diff --git a/go.sum b/go.sum index 8c15795aa..157136759 100644 --- a/go.sum +++ b/go.sum @@ -116,6 +116,7 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -126,6 +127,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cloudflare/cloudflare-go v0.11.4/go.mod h1:ZB+hp7VycxPLpp0aiozQQezat46npDXhzHi1DVtRCn4= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403 h1:cqQfy1jclcSy/FwLjemeg3SR1yaINm74aQyupQ0Bl8M= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/container-storage-interface/spec v1.1.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4= @@ -180,7 +182,9 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7-0.20200730005029-803dd64f0468/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad h1:EmNYJhPYy0pOFjCx2PrgtaBXmee0iUX9hLlxE1xHOJE= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.0.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -224,8 +228,8 @@ github.com/gardener/gardener v1.6.6/go.mod h1:w5IHIQDccvSxZJFOtBa8YConyyFgt07DBH github.com/gardener/gardener v1.11.3/go.mod h1:5DzqfOm+G8UftKu5zUbYJ+9Cnfd4XrvRNDabkM9AIp4= github.com/gardener/gardener v1.17.1/go.mod h1:uucRHq0xV46xd9MpJJjRswx/Slq3+ipbbJg09FVUtvM= github.com/gardener/gardener v1.27.1/go.mod h1:g+3Vx1Q8HSwcSkRwxn4G54WealBh4pcZSNOSkE6ygdQ= -github.com/gardener/gardener v1.30.1-0.20210831145107-5b4604745d8e h1:40KFDNiIhXzNSPpfnCB+5PSs9AOuEPp8GnJbHDGc+bs= -github.com/gardener/gardener v1.30.1-0.20210831145107-5b4604745d8e/go.mod h1:3VK2HoMK33jZmS4+PeVfHSBXI06t9ybvM+rj1QvYtc0= +github.com/gardener/gardener v1.33.1 h1:oEztGXqqU11MV84RsVJ6dO6wqgbBq2avGat8jKRTSP8= +github.com/gardener/gardener v1.33.1/go.mod h1:tmclsznh8ZMNaqDKf7QLvEeMkplYXFWNOCNRynWrcHU= github.com/gardener/gardener-extension-networking-calico v1.7.1-0.20200522070525-f9aa28d3c83a h1:jBvyEhkRzW11Nz2y9IIQAo9HUaCvCqxEko5Nf9NRYUI= github.com/gardener/gardener-extension-networking-calico v1.7.1-0.20200522070525-f9aa28d3c83a/go.mod h1:bmD89OLvEBbXLlznsHe90ZlgTU+OrKErwHb6NWlSTvY= github.com/gardener/gardener-resource-manager v0.10.0/go.mod h1:0pKTHOhvU91eQB0EYr/6Ymd7lXc/5Hi8P8tF/gpV0VQ= @@ -461,6 +465,7 @@ github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/joncalhoun/pipe v0.0.0-20170510025636-72505674a733/go.mod h1:2MNFZhLx2HMHTN4xKH6FhpoQWqmD8Ato8QOE2hp5hY4= +github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -564,6 +569,7 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= @@ -817,8 +823,9 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -1028,8 +1035,9 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1083,6 +1091,7 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -1095,6 +1104,7 @@ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.1/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.35.0 h1:TwIQcH3es+MojMVojxxfQ3l3OF2KzlRxML2xZq0kRo8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1174,6 +1184,7 @@ k8s.io/autoscaler v0.0.0-20190805135949-100e91ba756e h1:5AX59ZgftHpbmNupSWosdtW4 k8s.io/autoscaler v0.0.0-20190805135949-100e91ba756e/go.mod h1:QEXezc9uKPT91dwqhSJq3GNI3B1HxFRQHiku9kmrsSA= k8s.io/client-go v0.21.2 h1:Q1j4L/iMN4pTw6Y4DWppBoUxgKO8LbffEMVEV00MUp0= k8s.io/client-go v0.21.2/go.mod h1:HdJ9iknWpbl3vMGtib6T2PyI/VYxiZfq936WNVHBRrA= +k8s.io/cluster-bootstrap v0.21.2 h1:GXvCxl619A0edhAprX8U5gUZ5lQCUf7xhDa7SkXnlx0= k8s.io/cluster-bootstrap v0.21.2/go.mod h1:OEm/gajtWz/ohbS4NGxkyTp/6f1fW3TBThgCQ1ljhHo= k8s.io/code-generator v0.21.2 h1:EyHysEtLHTsNMoace0b3Yec9feD0qkV+5RZRoeSh+sc= k8s.io/code-generator v0.21.2/go.mod h1:8mXJDCB7HcRo1xiEQstcguZkbxZaqeUOrO9SsicWs3U= diff --git a/hack/api-reference/api.md b/hack/api-reference/api.md index 906167098..1ceb393a2 100644 --- a/hack/api-reference/api.md +++ b/hack/api-reference/api.md @@ -659,19 +659,6 @@ bool

Zoned indicates whether the cluster uses zones

- - -natGatewayPublicIpMigrated
- -bool - - - -(Optional) -

NatGatewayPublicIPMigrated is an indicator if the Gardener managed public ip address is already migrated. -TODO(natipmigration) This can be removed in future versions when the ip migration has been completed.

- -

MachineImage diff --git a/pkg/admission/validator/webhook.go b/pkg/admission/validator/webhook.go index fe2d5e131..72ecbff94 100644 --- a/pkg/admission/validator/webhook.go +++ b/pkg/admission/validator/webhook.go @@ -27,6 +27,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" ) +// SecretsValidatorName is the name of the secrets validator. const SecretsValidatorName = "secrets." + extensionswebhook.ValidatorName var logger = log.Log.WithName("azure-validator-webhook") diff --git a/pkg/apis/azure/types_infrastructure.go b/pkg/apis/azure/types_infrastructure.go index 39389a2f2..f70c05890 100644 --- a/pkg/apis/azure/types_infrastructure.go +++ b/pkg/apis/azure/types_infrastructure.go @@ -124,9 +124,6 @@ type InfrastructureStatus struct { Identity *IdentityStatus // Zoned indicates whether the cluster uses zones Zoned bool - // NatGatewayPublicIPMigrated is an indicator if the Gardener managed public ip address is already migrated. - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - NatGatewayPublicIPMigrated bool } // NetworkStatus is the current status of the infrastructure networks. diff --git a/pkg/apis/azure/v1alpha1/types_infrastructure.go b/pkg/apis/azure/v1alpha1/types_infrastructure.go index 50a256e9e..199e6af3b 100644 --- a/pkg/apis/azure/v1alpha1/types_infrastructure.go +++ b/pkg/apis/azure/v1alpha1/types_infrastructure.go @@ -140,10 +140,6 @@ type InfrastructureStatus struct { // Zoned indicates whether the cluster uses zones // +optional Zoned bool `json:"zoned,omitempty"` - // NatGatewayPublicIPMigrated is an indicator if the Gardener managed public ip address is already migrated. - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - // +optional - NatGatewayPublicIPMigrated bool `json:"natGatewayPublicIpMigrated,omitempty"` } // NetworkStatus is the current status of the infrastructure networks. diff --git a/pkg/apis/azure/v1alpha1/zz_generated.conversion.go b/pkg/apis/azure/v1alpha1/zz_generated.conversion.go index 525cd4611..dfd208c00 100644 --- a/pkg/apis/azure/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/azure/v1alpha1/zz_generated.conversion.go @@ -524,7 +524,6 @@ func autoConvert_v1alpha1_InfrastructureStatus_To_azure_InfrastructureStatus(in out.SecurityGroups = *(*[]azure.SecurityGroup)(unsafe.Pointer(&in.SecurityGroups)) out.Identity = (*azure.IdentityStatus)(unsafe.Pointer(in.Identity)) out.Zoned = in.Zoned - out.NatGatewayPublicIPMigrated = in.NatGatewayPublicIPMigrated return nil } @@ -545,7 +544,6 @@ func autoConvert_azure_InfrastructureStatus_To_v1alpha1_InfrastructureStatus(in out.SecurityGroups = *(*[]SecurityGroup)(unsafe.Pointer(&in.SecurityGroups)) out.Identity = (*IdentityStatus)(unsafe.Pointer(in.Identity)) out.Zoned = in.Zoned - out.NatGatewayPublicIPMigrated = in.NatGatewayPublicIPMigrated return nil } diff --git a/pkg/apis/azure/validation/secrets.go b/pkg/apis/azure/validation/secrets.go index 4e0cac8b3..5d0f0a047 100644 --- a/pkg/apis/azure/validation/secrets.go +++ b/pkg/apis/azure/validation/secrets.go @@ -34,7 +34,7 @@ var ( func ValidateCloudProviderSecret(secret, oldSecret *corev1.Secret) error { secretKey := fmt.Sprintf("%s/%s", secret.Namespace, secret.Name) - for _, key := range []string{azure.SubscriptionIDKey, azure.TenantIDKey, azure.ClientIDKey, azure.ClientSecretKey} { + for _, key := range []string{azure.SubscriptionIDKey, azure.TenantIDKey} { val, ok := secret.Data[key] if !ok { return fmt.Errorf("missing %q field in secret %s", key, secretKey) @@ -42,20 +42,40 @@ func ValidateCloudProviderSecret(secret, oldSecret *corev1.Secret) error { if len(val) == 0 { return fmt.Errorf("field %q in secret %s cannot be empty", key, secretKey) } - switch key { - case azure.SubscriptionIDKey, azure.TenantIDKey, azure.ClientIDKey: - // subscriptionID, tenantID, and clientID must be valid GUIDs, - // see https://docs.microsoft.com/en-us/rest/api/securitycenter/locations/get - if !guidRegex.Match(val) { - return fmt.Errorf("field %q in secret %s must be a valid GUID", key, secretKey) - } - case azure.ClientSecretKey: - // clientSecret must not contain leading or trailing new lines, as they are known to cause issues - // Other whitespace characters such as spaces are intentionally not checked for, - // since there is no documentation indicating that they would not be valid - if strings.Trim(string(val), "\n\r") != string(val) { - return fmt.Errorf("field %q in secret %s must not contain leading or traling new lines", key, secretKey) - } + + // subscriptionID and tenantID must be valid GUIDs, + // see https://docs.microsoft.com/en-us/rest/api/securitycenter/locations/get + if !guidRegex.Match(val) { + return fmt.Errorf("field %q in secret %s must be a valid GUID", key, secretKey) + } + } + + if clientID, ok := secret.Data[azure.ClientIDKey]; ok { + if _, ok := secret.Data[azure.ClientSecretKey]; !ok { + return fmt.Errorf("if field %q is passed also field %q must be provided", azure.ClientIDKey, azure.ClientSecretKey) + } + if len(clientID) == 0 { + return fmt.Errorf("if field %q in secret %s is set it cannot be empty", azure.ClientIDKey, secretKey) + } + // clientID must be a valid GUID, + // see https://docs.microsoft.com/en-us/rest/api/securitycenter/locations/get + if !guidRegex.Match(clientID) { + return fmt.Errorf("field %q in secret %s must be a valid GUID", azure.ClientIDKey, secretKey) + } + } + + if clientSecret, ok := secret.Data[azure.ClientSecretKey]; ok { + if _, ok := secret.Data[azure.ClientIDKey]; !ok { + return fmt.Errorf("if field %q is passed also field %q must be provided", azure.ClientSecretKey, azure.ClientIDKey) + } + if len(clientSecret) == 0 { + return fmt.Errorf("if field %q in secret %s is set it cannot be empty", azure.ClientSecretKey, secretKey) + } + // clientSecret must not contain leading or trailing new lines, as they are known to cause issues + // Other whitespace characters such as spaces are intentionally not checked for, + // since there is no documentation indicating that they would not be valid + if strings.Trim(string(clientSecret), "\n\r") != string(clientSecret) { + return fmt.Errorf("field %q in secret %s must not contain leading or traling new lines", azure.ClientSecretKey, secretKey) } } diff --git a/pkg/apis/azure/validation/secrets_test.go b/pkg/apis/azure/validation/secrets_test.go index 37c41248e..3cd7fd711 100644 --- a/pkg/apis/azure/validation/secrets_test.go +++ b/pkg/apis/azure/validation/secrets_test.go @@ -114,43 +114,52 @@ var _ = Describe("Secret validation", func() { HaveOccurred(), ), - Entry("should return error when the client ID field is missing", + Entry("should succeed when client ID and/or client Secret is not provided", map[string][]byte{ azure.SubscriptionIDKey: []byte(subscriptionID), azure.TenantIDKey: []byte(tenantID), - azure.ClientSecretKey: []byte(clientSecret), + }, + nil, + BeNil(), + ), + + Entry("should return error when clientID is provided but no clientSecret", + map[string][]byte{ + azure.SubscriptionIDKey: []byte(subscriptionID), + azure.TenantIDKey: []byte(tenantID), + azure.ClientIDKey: []byte(clientID), }, nil, HaveOccurred(), ), - Entry("should return error when the client ID is empty", + Entry("should return error when clientSecret is provided but no clientID", map[string][]byte{ azure.SubscriptionIDKey: []byte(subscriptionID), azure.TenantIDKey: []byte(tenantID), - azure.ClientIDKey: {}, azure.ClientSecretKey: []byte(clientSecret), }, nil, HaveOccurred(), ), - Entry("should return error when the client ID is not a valid GUID", + Entry("should return error when the client ID is empty", map[string][]byte{ azure.SubscriptionIDKey: []byte(subscriptionID), azure.TenantIDKey: []byte(tenantID), - azure.ClientIDKey: []byte("foo"), + azure.ClientIDKey: {}, azure.ClientSecretKey: []byte(clientSecret), }, nil, HaveOccurred(), ), - Entry("should return error when the client secret field is missing", + Entry("should return error when the client ID is not a valid GUID", map[string][]byte{ azure.SubscriptionIDKey: []byte(subscriptionID), azure.TenantIDKey: []byte(tenantID), - azure.ClientIDKey: []byte(clientID), + azure.ClientIDKey: []byte("foo"), + azure.ClientSecretKey: []byte(clientSecret), }, nil, HaveOccurred(), diff --git a/pkg/apis/config/loader/loader.go b/pkg/apis/config/loader/loader.go index 435b41904..65b2ce20f 100644 --- a/pkg/apis/config/loader/loader.go +++ b/pkg/apis/config/loader/loader.go @@ -27,16 +27,16 @@ import ( ) var ( - Codec runtime.Codec - Scheme *runtime.Scheme + codec runtime.Codec + scheme *runtime.Scheme ) func init() { - Scheme = runtime.NewScheme() - install.Install(Scheme) - yamlSerializer := json.NewYAMLSerializer(json.DefaultMetaFactory, Scheme, Scheme) - Codec = versioning.NewDefaultingCodecForScheme( - Scheme, + scheme = runtime.NewScheme() + install.Install(scheme) + yamlSerializer := json.NewYAMLSerializer(json.DefaultMetaFactory, scheme, scheme) + codec = versioning.NewDefaultingCodecForScheme( + scheme, yamlSerializer, yamlSerializer, schema.GroupVersion{Version: "v1alpha1"}, @@ -63,7 +63,7 @@ func Load(data []byte) (*config.ControllerConfiguration, error) { return cfg, nil } - decoded, _, err := Codec.Decode(data, &schema.GroupVersionKind{Version: "v1alpha1", Kind: "Config"}, cfg) + decoded, _, err := codec.Decode(data, &schema.GroupVersionKind{Version: "v1alpha1", Kind: "Config"}, cfg) if err != nil { return nil, err } diff --git a/pkg/azure/types.go b/pkg/azure/types.go index a2975d20c..4f1f0d218 100644 --- a/pkg/azure/types.go +++ b/pkg/azure/types.go @@ -142,6 +142,11 @@ const ( RemedyControllerName = "remedy-controller-azure" // DisableRemedyControllerAnnotation disables the Azure remedy controller (enabled by default) DisableRemedyControllerAnnotation = "azure.provider.extensions.gardener.cloud/disable-remedy-controller" + // ExtensionPurposeLabel is a label to define the purpose of a resource for the extension. + ExtensionPurposeLabel = "azure.provider.extensions.gardener.cloud/purpose" + // ExtensionPurposeServicePrincipalSecret is the label value for a Secret resource + // that hold service principal information to a corresponding AD tenant. + ExtensionPurposeServicePrincipalSecret = "tenant-service-principal-secret" ) var ( diff --git a/pkg/cmd/options.go b/pkg/cmd/options.go index 9ce8703c5..c8c613c15 100644 --- a/pkg/cmd/options.go +++ b/pkg/cmd/options.go @@ -23,6 +23,7 @@ import ( healthcheckcontroller "github.com/gardener/gardener-extension-provider-azure/pkg/controller/healthcheck" infrastructurecontroller "github.com/gardener/gardener-extension-provider-azure/pkg/controller/infrastructure" workercontroller "github.com/gardener/gardener-extension-provider-azure/pkg/controller/worker" + cloudproviderwebhook "github.com/gardener/gardener-extension-provider-azure/pkg/webhook/cloudprovider" controlplanewebhook "github.com/gardener/gardener-extension-provider-azure/pkg/webhook/controlplane" controlplaneexposurewebhook "github.com/gardener/gardener-extension-provider-azure/pkg/webhook/controlplaneexposure" infrastructurewebhook "github.com/gardener/gardener-extension-provider-azure/pkg/webhook/infrastructure" @@ -37,6 +38,7 @@ import ( extensionshealthcheckcontroller "github.com/gardener/gardener/extensions/pkg/controller/healthcheck" extensionsinfrastructurecontroller "github.com/gardener/gardener/extensions/pkg/controller/infrastructure" extensionsworkercontroller "github.com/gardener/gardener/extensions/pkg/controller/worker" + extensionscloudproviderwebhook "github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider" webhookcmd "github.com/gardener/gardener/extensions/pkg/webhook/cmd" extensionscontrolplanewebhook "github.com/gardener/gardener/extensions/pkg/webhook/controlplane" extensionsnetworkwebhook "github.com/gardener/gardener/extensions/pkg/webhook/network" @@ -63,5 +65,6 @@ func WebhookSwitchOptions() *webhookcmd.SwitchOptions { webhookcmd.Switch(infrastructurewebhook.WebhookName, infrastructurewebhook.AddToManager), webhookcmd.Switch(extensionscontrolplanewebhook.WebhookName, controlplanewebhook.AddToManager), webhookcmd.Switch(extensionscontrolplanewebhook.ExposureWebhookName, controlplaneexposurewebhook.AddToManager), + webhookcmd.Switch(extensionscloudproviderwebhook.WebhookName, cloudproviderwebhook.AddToManager), ) } diff --git a/pkg/controller/backupbucket/actuator.go b/pkg/controller/backupbucket/actuator.go index ec725232a..1a20aabcf 100644 --- a/pkg/controller/backupbucket/actuator.go +++ b/pkg/controller/backupbucket/actuator.go @@ -94,8 +94,5 @@ func (a *actuator) Delete(ctx context.Context, backupBucket *extensionsv1alpha1. } // Delete the generated backup secret in the garden namespace. - if err := a.deleteBackupBucketGeneratedSecret(ctx, backupBucket); err != nil { - return err - } - return nil + return a.deleteBackupBucketGeneratedSecret(ctx, backupBucket) } diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go index 26f77aae4..670bbe425 100644 --- a/pkg/controller/controlplane/valuesprovider.go +++ b/pkg/controller/controlplane/valuesprovider.go @@ -437,7 +437,12 @@ func (vp *valuesProvider) GetControlPlaneChartValues( } checksums[azure.CloudProviderConfigName] = utils.ComputeChecksum(cpConfigSecret.Data) - return getControlPlaneChartValues(cpConfig, cp, cluster, checksums, scaledDown) + infraStatus := &apisazure.InfrastructureStatus{} + if _, _, err := vp.Decoder().Decode(cp.Spec.InfrastructureProviderStatus.Raw, nil, infraStatus); err != nil { + return nil, fmt.Errorf("could not decode infrastructureProviderStatus of controlplane '%s': %w", kutil.ObjectName(cp), err) + } + + return getControlPlaneChartValues(cpConfig, cp, cluster, checksums, scaledDown, infraStatus) } // GetControlPlaneShootChartValues returns the values for the control plane shoot chart applied by the generic actuator. @@ -597,13 +602,14 @@ func getControlPlaneChartValues( cluster *extensionscontroller.Cluster, checksums map[string]string, scaledDown bool, + infraStatus *apisazure.InfrastructureStatus, ) (map[string]interface{}, error) { ccm, err := getCCMChartValues(cpConfig, cp, cluster, checksums, scaledDown) if err != nil { return nil, err } - csi, err := getCSIControllerChartValues(cluster, checksums, scaledDown) + csi, err := getCSIControllerChartValues(cluster, checksums, scaledDown, infraStatus) if err != nil { return nil, err } @@ -663,6 +669,7 @@ func getCSIControllerChartValues( cluster *extensionscontroller.Cluster, checksums map[string]string, scaledDown bool, + infraStatus *apisazure.InfrastructureStatus, ) (map[string]interface{}, error) { k8sVersionLessThan121, err := version.CompareVersions(cluster.Shoot.Spec.Kubernetes.Version, "<", "1.21") if err != nil { @@ -673,7 +680,7 @@ func getCSIControllerChartValues( return map[string]interface{}{"enabled": false}, nil } - return map[string]interface{}{ + values := map[string]interface{}{ "enabled": true, "replicas": extensionscontroller.GetControlPlaneReplicas(cluster, scaledDown, 1), "podAnnotations": map[string]interface{}{ @@ -691,7 +698,13 @@ func getCSIControllerChartValues( "checksum/secret-" + azure.CSISnapshotControllerName: checksums[azure.CSISnapshotControllerName], }, }, - }, nil + } + + if azureapihelper.IsVmoRequired(infraStatus) { + values["vmType"] = "vmss" + } + + return values, nil } // getRemedyControllerChartValues collects and returns the remedy controller chart values. diff --git a/pkg/controller/controlplane/valuesprovider_test.go b/pkg/controller/controlplane/valuesprovider_test.go index 2ec79f02f..7165a9126 100644 --- a/pkg/controller/controlplane/valuesprovider_test.go +++ b/pkg/controller/controlplane/valuesprovider_test.go @@ -378,8 +378,49 @@ var _ = Describe("ValuesProvider", func() { })) }) - It("should return correct control plane chart values (k8s >= 1.21)", func() { + It("should return correct control plane chart values (k8s >= 1.21) without zoned infrastructure", func() { cluster = generateCluster(cidr, k8sVersionHigherEqual121, true, nil) + infrastructureStatus.Zoned = false + cp := generateControlPlane(controlPlaneConfig, infrastructureStatus) + + values, err := vp.GetControlPlaneChartValues(ctx, cp, cluster, checksums, false) + Expect(err).NotTo(HaveOccurred()) + Expect(values).To(Equal(map[string]interface{}{ + azure.CloudControllerManagerName: utils.MergeMaps(ccmChartValues, map[string]interface{}{ + "kubernetesVersion": cluster.Shoot.Spec.Kubernetes.Version, + }), + azure.CSIControllerName: utils.MergeMaps(enabledTrue, map[string]interface{}{ + "replicas": 1, + "podAnnotations": map[string]interface{}{ + "checksum/secret-" + azure.CSIControllerDiskName: checksums[azure.CSIControllerDiskName], + "checksum/secret-" + azure.CSIControllerFileName: checksums[azure.CSIControllerFileName], + "checksum/secret-" + azure.CSIProvisionerName: checksums[azure.CSIProvisionerName], + "checksum/secret-" + azure.CSIAttacherName: checksums[azure.CSIAttacherName], + "checksum/secret-" + azure.CSISnapshotterName: checksums[azure.CSISnapshotterName], + "checksum/secret-" + azure.CSIResizerName: checksums[azure.CSIResizerName], + "checksum/secret-" + azure.CloudProviderConfigName: checksums[azure.CloudProviderConfigName], + }, + "csiSnapshotController": map[string]interface{}{ + "replicas": 1, + "podAnnotations": map[string]interface{}{ + "checksum/secret-" + azure.CSISnapshotControllerName: checksums[azure.CSISnapshotControllerName], + }, + }, + "vmType": "vmss", + }), + azure.RemedyControllerName: utils.MergeMaps(enabledTrue, map[string]interface{}{ + "replicas": 1, + "podAnnotations": map[string]interface{}{ + "checksum/secret-" + azure.RemedyControllerName: checksums[azure.RemedyControllerName], + "checksum/secret-" + azure.CloudProviderConfigName: checksums[azure.CloudProviderConfigName], + }, + }), + })) + }) + + It("should return correct control plane chart values (k8s >= 1.21) with zoned infrastructure", func() { + cluster = generateCluster(cidr, k8sVersionHigherEqual121, true, nil) + infrastructureStatus.Zoned = true cp := generateControlPlane(controlPlaneConfig, infrastructureStatus) values, err := vp.GetControlPlaneChartValues(ctx, cp, cluster, checksums, false) diff --git a/pkg/controller/dnsrecord/actuator.go b/pkg/controller/dnsrecord/actuator.go index d381c43ce..916d67016 100644 --- a/pkg/controller/dnsrecord/actuator.go +++ b/pkg/controller/dnsrecord/actuator.go @@ -46,6 +46,7 @@ type actuator struct { logger logr.Logger } +// NewActuator creates a new dnsrecord.Actuator. func NewActuator(client client.Client, azureClientFactory azureclient.Factory, logger logr.Logger) dnsrecord.Actuator { return &actuator{ client: client, diff --git a/pkg/controller/worker/machines.go b/pkg/controller/worker/machines.go index 8b52b0149..8ecb8d995 100644 --- a/pkg/controller/worker/machines.go +++ b/pkg/controller/worker/machines.go @@ -62,12 +62,6 @@ func (w *workerDelegate) DeployMachineClasses(ctx context.Context) error { } } - // Delete any older version of AzureMachineClass CRs. - // TODO: Remove this clean-up in future version. - if err := w.Client().DeleteAllOf(ctx, &machinev1alpha1.AzureMachineClass{}, client.InNamespace(w.worker.Namespace)); err != nil { - return fmt.Errorf("cleaning up older version of Azure machine class CRs failed: %w", err) - } - return w.seedChartApplier.Apply(ctx, filepath.Join(azure.InternalChartsPath, "machineclass"), w.worker.Namespace, "machineclass", kubernetes.Values(map[string]interface{}{"machineClasses": w.machineClasses})) } diff --git a/pkg/controller/worker/machines_test.go b/pkg/controller/worker/machines_test.go index 09a59b958..3393a97e0 100644 --- a/pkg/controller/worker/machines_test.go +++ b/pkg/controller/worker/machines_test.go @@ -44,7 +44,6 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - "sigs.k8s.io/controller-runtime/pkg/client" ) var _ = Describe("Machines", func() { @@ -414,19 +413,15 @@ var _ = Describe("Machines", func() { It("should return the expected machine deployments for profile image types", func() { workerDelegate := wrapNewWorkerDelegate(c, chartApplier, w, cluster, nil) - gomock.InOrder( - c.EXPECT(). - DeleteAllOf(context.TODO(), &machinev1alpha1.AzureMachineClass{}, client.InNamespace(namespace)), - chartApplier. - EXPECT(). - Apply( - ctx, - filepath.Join(azure.InternalChartsPath, "machineclass"), - namespace, - "machineclass", - kubernetes.Values(machineClasses), - ), - ) + chartApplier. + EXPECT(). + Apply( + ctx, + filepath.Join(azure.InternalChartsPath, "machineclass"), + namespace, + "machineclass", + kubernetes.Values(machineClasses), + ) // Test workerDelegate.DeployMachineClasses() err := workerDelegate.DeployMachineClasses(ctx) diff --git a/pkg/internal/infrastructure/templates/main.tpl.tf b/pkg/internal/infrastructure/templates/main.tpl.tf index a7f8b77a2..6ffdffbd1 100644 --- a/pkg/internal/infrastructure/templates/main.tpl.tf +++ b/pkg/internal/infrastructure/templates/main.tpl.tf @@ -123,10 +123,6 @@ resource "azurerm_nat_gateway" "{{ $natName }}" { {{- if hasKey $subnet.natGateway "zone" }} zones = [{{ $subnet.natGateway.zone | quote }}] {{- end }} -{{ if $subnet.natGateway.migrateNatGatewayToIPAssociation -}} -# TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. -public_ip_address_ids = [] -{{- end }} } resource "azurerm_subnet_nat_gateway_association" "{{ $natName }}-worker-subnet-association" { diff --git a/pkg/internal/infrastructure/terraform.go b/pkg/internal/infrastructure/terraform.go index 16b566ca0..41ca92af3 100644 --- a/pkg/internal/infrastructure/terraform.go +++ b/pkg/internal/infrastructure/terraform.go @@ -273,8 +273,6 @@ func computeNetworkConfigMultipleSubnetLayout(infra *extensionsv1alpha1.Infrastr func generateNatGatewayValues(infra *extensionsv1alpha1.Infrastructure, nat *api.NatGatewayConfig) (map[string]interface{}, error) { natGatewayConfig := map[string]interface{}{ "enabled": false, - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - "migrateNatGatewayToIPAssociation": false, } if nat == nil || !nat.Enabled { @@ -300,23 +298,12 @@ func generateNatGatewayValues(infra *extensionsv1alpha1.Infrastructure, nat *api } natGatewayConfig["ipAddresses"] = ipAddresses } - - // Checks if the Gardener managed NatGateway public ip needs to be migrated. - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - natGatewayIPMigrationRequired, err := isNatGatewayIPMigrationRequired(infra, nat) - if err != nil { - return nil, err - } - natGatewayConfig["migrateNatGatewayToIPAssociation"] = natGatewayIPMigrationRequired - return natGatewayConfig, nil } func generateZonedNatGatewayValues(nat *api.ZonedNatGatewayConfig, zone int32) map[string]interface{} { natGatewayConfig := map[string]interface{}{ "enabled": false, - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - "migrateNatGatewayToIPAssociation": false, } if nat == nil || !nat.Enabled { @@ -376,9 +363,6 @@ type TerraformState struct { IdentityID string // IdentityClientID is the client id of the identity. IdentityClientID string - // NatGatewayIPMigrated is the indicator if the nat gateway ip is migrated. - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - NatGatewayIPMigrated string } type terraformSubnet struct { @@ -451,11 +435,6 @@ func ExtractTerraformState(ctx context.Context, tf terraformer.Terraformer, infr } tfState.Subnets = computeInfrastructureSubnets(infra, vars) - - if config.Networks.NatGateway != nil && config.Networks.NatGateway.Enabled { - tfState.NatGatewayIPMigrated = "true" - } - return &tfState, nil } @@ -523,11 +502,6 @@ func StatusFromTerraformState(config *api.InfrastructureConfig, tfState *Terrafo }) } - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - if tfState.NatGatewayIPMigrated == "true" { - infraState.NatGatewayPublicIPMigrated = true - } - return &infraState } @@ -640,28 +614,6 @@ func isPrimaryAvailabilitySetRequired(infra *extensionsv1alpha1.Infrastructure, return false, nil } -// isNatGatewayIPMigrationRequired checks if the Gardener managed NatGateway public ip needs to be migrated. -// TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. -func isNatGatewayIPMigrationRequired(infra *extensionsv1alpha1.Infrastructure, nat *api.NatGatewayConfig) (bool, error) { - if nat == nil || !nat.Enabled { - return false, nil - } - - if infra.Status.ProviderStatus == nil { - return false, nil - } - - infrastructureStatus, err := helper.InfrastructureStatusFromInfrastructure(infra) - if err != nil { - return false, err - } - - if infrastructureStatus.NatGatewayPublicIPMigrated { - return false, nil - } - return true, nil -} - func computeSubnetOutputKeys(infra *extensionsv1alpha1.Infrastructure, config *api.InfrastructureConfig) []string { var subnetOutputKeys []string diff --git a/pkg/internal/infrastructure/terraform_test.go b/pkg/internal/infrastructure/terraform_test.go index 799dca161..54b0f3c7b 100644 --- a/pkg/internal/infrastructure/terraform_test.go +++ b/pkg/internal/infrastructure/terraform_test.go @@ -170,8 +170,7 @@ var _ = Describe("Terraform", func() { } expectedNatGatewayValues = map[string]interface{}{ - "enabled": false, - "migrateNatGatewayToIPAssociation": false, + "enabled": false, } expectedSubnetValues = map[string]interface{}{ @@ -521,9 +520,8 @@ var _ = Describe("Terraform", func() { { "cidr": TestCIDR, "natGateway": map[string]interface{}{ - "enabled": true, - "migrateNatGatewayToIPAssociation": false, - "zone": zone1, + "enabled": true, + "zone": zone1, }, "serviceEndpoints": []string{}, "name": zone1, @@ -532,9 +530,8 @@ var _ = Describe("Terraform", func() { { "cidr": TestCIDR2, "natGateway": map[string]interface{}{ - "enabled": true, - "migrateNatGatewayToIPAssociation": false, - "zone": zone2, + "enabled": true, + "zone": zone2, }, "serviceEndpoints": []string{}, "name": zone2, @@ -547,50 +544,6 @@ var _ = Describe("Terraform", func() { Expect(values).To(BeEquivalentTo(expectedValues)) }) }) - - // TODO(natipmigration) This can be removed in future versions when the ip migration has been completed. - Context("NatGateway Gardener managed IP migration", func() { - BeforeEach(func() { - config.Networks.NatGateway = &api.NatGatewayConfig{ - Enabled: true, - } - expectedNatGatewayValues["enabled"] = true - }) - - It("should migrate the NatGateway IP as it is not yet migrated", func() { - infrastructureStatus := api.InfrastructureStatus{ - NatGatewayPublicIPMigrated: false, - } - infrastructureStatusMarshalled, err := json.Marshal(infrastructureStatus) - Expect(err).NotTo(HaveOccurred()) - - infra.Status.ProviderStatus = &runtime.RawExtension{ - Raw: infrastructureStatusMarshalled, - } - - expectedNatGatewayValues["migrateNatGatewayToIPAssociation"] = true - values, err := ComputeTerraformerTemplateValues(infra, config, cluster) - Expect(err).To(Not(HaveOccurred())) - Expect(values).To(BeEquivalentTo(expectedValues)) - }) - - It("should not migrate the NatGateway IP as it is already migrated", func() { - infrastructureStatus := api.InfrastructureStatus{ - NatGatewayPublicIPMigrated: true, - } - infrastructureStatusMarshalled, err := json.Marshal(infrastructureStatus) - Expect(err).NotTo(HaveOccurred()) - - infra.Status.ProviderStatus = &runtime.RawExtension{ - Raw: infrastructureStatusMarshalled, - } - - expectedNatGatewayValues["migrateNatGatewayToIPAssociation"] = false - values, err := ComputeTerraformerTemplateValues(infra, config, cluster) - Expect(err).To(Not(HaveOccurred())) - Expect(values).To(BeEquivalentTo(expectedValues)) - }) - }) }) }) @@ -659,8 +612,7 @@ var _ = Describe("Terraform", func() { }, Layout: apiv1alpha1.NetworkLayoutSingleSubnet, }, - Zoned: true, - NatGatewayPublicIPMigrated: false, + Zoned: true, })) }) @@ -699,8 +651,7 @@ var _ = Describe("Terraform", func() { }, Layout: apiv1alpha1.NetworkLayoutSingleSubnet, }, - Zoned: false, - NatGatewayPublicIPMigrated: false, + Zoned: false, })) }) @@ -742,8 +693,7 @@ var _ = Describe("Terraform", func() { ClientID: identityClientID, ACRAccess: false, }, - Zoned: false, - NatGatewayPublicIPMigrated: false, + Zoned: false, })) }) @@ -808,8 +758,7 @@ var _ = Describe("Terraform", func() { }, Layout: apiv1alpha1.NetworkLayoutMultipleSubnet, }, - Zoned: true, - NatGatewayPublicIPMigrated: false, + Zoned: true, })) }) }) diff --git a/pkg/webhook/cloudprovider/add.go b/pkg/webhook/cloudprovider/add.go new file mode 100644 index 000000000..9e6b7a864 --- /dev/null +++ b/pkg/webhook/cloudprovider/add.go @@ -0,0 +1,36 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cloudprovider + +import ( + "github.com/gardener/gardener-extension-provider-azure/pkg/azure" + + extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook" + "github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/manager" +) + +var logger = log.Log.WithName("azure-cloudprovider-webhook") + +// AddToManager creates the cloudprovider webhook and adds it to the manager. +func AddToManager(mgr manager.Manager) (*extensionswebhook.Webhook, error) { + logger.Info("adding webhook to manager") + + return cloudprovider.New(mgr, cloudprovider.Args{ + Provider: azure.Type, + Mutator: cloudprovider.NewMutator(logger, NewEnsurer(logger)), + }) +} diff --git a/pkg/webhook/cloudprovider/ensurer.go b/pkg/webhook/cloudprovider/ensurer.go new file mode 100644 index 000000000..c62cc8ab2 --- /dev/null +++ b/pkg/webhook/cloudprovider/ensurer.go @@ -0,0 +1,117 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cloudprovider + +import ( + "context" + "fmt" + + "github.com/gardener/gardener-extension-provider-azure/pkg/azure" + + "github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider" + gcontext "github.com/gardener/gardener/extensions/pkg/webhook/context" + "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// NewEnsurer creates cloudprovider ensurer. +func NewEnsurer(logger logr.Logger) cloudprovider.Ensurer { + return &ensurer{ + logger: logger, + } +} + +type ensurer struct { + logger logr.Logger + client client.Client +} + +// InjectClient injects the given client into the ensurer. +func (e *ensurer) InjectClient(client client.Client) error { + e.client = client + return nil +} + +// InjectScheme injects the given scheme into the decoder of the ensurer. +func (e *ensurer) InjectScheme(_ *runtime.Scheme) error { + return nil +} + +// EnsureCloudProviderSecret ensures that cloudprovider secret contain +// a service principal clientID and clientSecret (if not present) that match +// to a corresponding tenantID. +func (e *ensurer) EnsureCloudProviderSecret(ctx context.Context, _ gcontext.GardenContext, new, _ *corev1.Secret) error { + if !hasSecretKey(new, azure.TenantIDKey) { + return fmt.Errorf("could not mutate cloudprovider secret as %q field is missing", azure.TenantIDKey) + } + + if hasSecretKey(new, azure.ClientIDKey) || hasSecretKey(new, azure.ClientSecretKey) { + return nil + } + + servicePrincipalSecret, err := e.fetchTenantServicePrincipalSecret(ctx, string(new.Data[azure.TenantIDKey])) + if err != nil { + return err + } + + e.logger.V(5).Info("mutate cloudprovider secret", "namespace", new.Namespace, "name", new.Name) + new.Data[azure.ClientIDKey] = servicePrincipalSecret.Data[azure.ClientIDKey] + new.Data[azure.ClientSecretKey] = servicePrincipalSecret.Data[azure.ClientSecretKey] + + return nil +} + +func (e *ensurer) fetchTenantServicePrincipalSecret(ctx context.Context, tenantID string) (*corev1.Secret, error) { + var ( + servicePrincipalSecretList = &corev1.SecretList{} + matchingSecrets = []*corev1.Secret{} + labelSelector = client.MatchingLabels{azure.ExtensionPurposeLabel: azure.ExtensionPurposeServicePrincipalSecret} + ) + + if err := e.client.List(ctx, servicePrincipalSecretList, labelSelector); err != nil { + return nil, err + } + + for _, sec := range servicePrincipalSecretList.Items { + if !hasSecretKey(&sec, azure.TenantIDKey) { + e.logger.V(5).Info("service principal secret is invalid as it does not contain a tenant id", "namespace", sec.Namespace, "name", sec.Name) + continue + } + + if string(sec.Data[azure.TenantIDKey]) == tenantID { + tmp := &sec + matchingSecrets = append(matchingSecrets, tmp) + } + } + + if len(matchingSecrets) == 0 { + return nil, fmt.Errorf("found no service principal secrets matching to tenant id %q", tenantID) + } + + if len(matchingSecrets) > 1 { + return nil, fmt.Errorf("found more than one service principal matching to tenant id %q", tenantID) + } + + return matchingSecrets[0], nil +} + +func hasSecretKey(secret *corev1.Secret, key string) bool { + if _, ok := secret.Data[key]; ok { + return true + } + return false +} diff --git a/pkg/webhook/cloudprovider/ensurer_test.go b/pkg/webhook/cloudprovider/ensurer_test.go new file mode 100644 index 000000000..795eaf5c6 --- /dev/null +++ b/pkg/webhook/cloudprovider/ensurer_test.go @@ -0,0 +1,157 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cloudprovider_test + +import ( + "context" + "testing" + + "github.com/gardener/gardener-extension-provider-azure/pkg/apis/azure/install" + . "github.com/gardener/gardener-extension-provider-azure/pkg/webhook/cloudprovider" + + "github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider" + gcontext "github.com/gardener/gardener/extensions/pkg/webhook/context" + mockclient "github.com/gardener/gardener/pkg/mock/controller-runtime/client" + "github.com/golang/mock/gomock" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/runtime/inject" +) + +func TestController(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "CloudProvider Webhook Suite") +} + +var _ = Describe("Ensurer", func() { + var ( + logger = log.Log.WithName("azure-cloudprovider-webhook-test") + ctx = context.TODO() + ensurer cloudprovider.Ensurer + scheme *runtime.Scheme + + ctrl *gomock.Controller + c *mockclient.MockClient + + secret *corev1.Secret + servicePrincipalSecret corev1.Secret + + gctx = gcontext.NewGardenContext(nil, nil) + labelSelector = client.MatchingLabels{"azure.provider.extensions.gardener.cloud/purpose": "tenant-service-principal-secret"} + ) + + BeforeEach(func() { + secret = &corev1.Secret{ + Data: map[string][]byte{ + "tenantID": []byte("tenant-id"), + }, + } + servicePrincipalSecret = corev1.Secret{ + Data: map[string][]byte{ + "tenantID": []byte("tenant-id"), + "clientID": []byte("client-id"), + "clientSecret": []byte("client-secret"), + }, + } + + ctrl = gomock.NewController(GinkgoT()) + c = mockclient.NewMockClient(ctrl) + scheme = runtime.NewScheme() + install.Install(scheme) + ensurer = NewEnsurer(logger) + + err := ensurer.(inject.Scheme).InjectScheme(scheme) + Expect(err).NotTo(HaveOccurred()) + + err = ensurer.(inject.Client).InjectClient(c) + Expect(err).NotTo(HaveOccurred()) + }) + + AfterEach(func() { + ctrl.Finish() + }) + + Describe("#EnsureCloudProviderSecret", func() { + It("should pass as clientID and clientSecret are present", func() { + secret.Data["clientID"] = []byte("client-id") + secret.Data["clientSecret"] = []byte("client-secret") + + err := ensurer.EnsureCloudProviderSecret(ctx, gctx, secret, nil) + Expect(err).NotTo(HaveOccurred()) + }) + + It("should fail as no tenantID is present", func() { + delete(secret.Data, "tenantID") + err := ensurer.EnsureCloudProviderSecret(ctx, gctx, secret, nil) + Expect(err).To(HaveOccurred()) + }) + + It("should add clientID and clientSecret", func() { + c.EXPECT().List(gomock.Any(), &corev1.SecretList{}, labelSelector). + DoAndReturn(func(_ context.Context, list *corev1.SecretList, _ ...client.ListOption) error { + list.Items = []corev1.Secret{servicePrincipalSecret} + return nil + }) + + err := ensurer.EnsureCloudProviderSecret(ctx, gctx, secret, nil) + Expect(err).NotTo(HaveOccurred()) + Expect(secret.Data).To(Equal(map[string][]byte{ + "tenantID": []byte("tenant-id"), + "clientID": []byte("client-id"), + "clientSecret": []byte("client-secret"), + })) + }) + + It("should fail as service principal secret matching to the tenant id exists", func() { + c.EXPECT().List(gomock.Any(), &corev1.SecretList{}, labelSelector). + DoAndReturn(func(_ context.Context, list *corev1.SecretList, _ ...client.ListOption) error { + list.Items = []corev1.Secret{} + return nil + }) + + err := ensurer.EnsureCloudProviderSecret(ctx, gctx, secret, nil) + Expect(err).To(HaveOccurred()) + }) + + It("should fail as multiple service principal secrets matching to the tenant id exists", func() { + c.EXPECT().List(gomock.Any(), &corev1.SecretList{}, labelSelector). + DoAndReturn(func(_ context.Context, list *corev1.SecretList, _ ...client.ListOption) error { + list.Items = []corev1.Secret{servicePrincipalSecret, servicePrincipalSecret} + return nil + }) + + err := ensurer.EnsureCloudProviderSecret(ctx, gctx, secret, nil) + Expect(err).To(HaveOccurred()) + }) + + It("should fail as multiple service principal secrets matching to the tenant id exists", func() { + servicePrincipalSecret.Data["tenantID"] = []byte("some-different-tenant-id") + c.EXPECT().List(gomock.Any(), &corev1.SecretList{}, labelSelector). + DoAndReturn(func(_ context.Context, list *corev1.SecretList, _ ...client.ListOption) error { + list.Items = []corev1.Secret{servicePrincipalSecret} + return nil + }) + + err := ensurer.EnsureCloudProviderSecret(ctx, gctx, secret, nil) + Expect(err).To(HaveOccurred()) + }) + }) + +}) diff --git a/test/e2e/netpol-gen/app/azure.go b/test/e2e/netpol-gen/app/azure.go deleted file mode 100644 index eb3327f74..000000000 --- a/test/e2e/netpol-gen/app/azure.go +++ /dev/null @@ -1,99 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package app - -import ( - np "github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies" -) - -// azureNetworkPolicy holds Azure-specific network policy settings. -type azureNetworkPolicy struct { - np.Agnostic - - // metadata points to Azure-specific Metadata service. - metadata *np.Host -} - -// NewCloudAware returns Azure-specific policies. -func NewCloudAware() np.CloudAware { - return &azureNetworkPolicy{ - metadata: &np.Host{ - Description: "Metadata service", - HostName: "169.254.169.254", - Port: 80, - }, - } -} - -// Sources returns list of all Azure-specific sources and targets. -func (a *azureNetworkPolicy) Rules() []np.Rule { - ag := a.Agnostic - return []np.Rule{ - a.newSource(ag.KubeAPIServer()).AllowPod(ag.EtcdMain(), ag.EtcdEvents()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.EtcdMain()).AllowHost(ag.External()).Build(), - a.newSource(ag.EtcdEvents()).AllowHost(ag.External()).Build(), - a.newSource(ag.CloudControllerManagerSecured()).AllowPod(ag.KubeAPIServer()).AllowHost(ag.External()).Build(), - a.newSource(ag.Loki()).Build(), - a.newSource(ag.Grafana()).AllowPod(ag.Prometheus(), ag.Loki()).Build(), - a.newSource(ag.AddonManager()).AllowPod(ag.KubeAPIServer()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.KubeControllerManagerSecured()).AllowPod(ag.KubeAPIServer()).AllowHost(a.metadata, ag.External()).Build(), - a.newSource(ag.KubeSchedulerSecured()).AllowPod(ag.KubeAPIServer()).Build(), - a.newSource(ag.KubeStateMetricsShoot()).AllowPod(ag.KubeAPIServer()).Build(), - a.newSource(ag.MachineControllerManager()).AllowPod(ag.KubeAPIServer()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.Prometheus()).AllowPod( - ag.CloudControllerManagerSecured(), - ag.EtcdEvents(), - ag.EtcdMain(), - ag.KubeAPIServer(), - ag.KubeControllerManagerSecured(), - ag.KubeSchedulerSecured(), - ag.KubeStateMetricsShoot(), - ag.MachineControllerManager(), - ).AllowTargetPod(ag.Loki().FromPort("metrics")).AllowHost(ag.SeedKubeAPIServer(), ag.External(), ag.GardenPrometheus()).Build(), - } -} - -// EgressFromOtherNamespaces returns list of all azure-specific sources and targets. -func (a *azureNetworkPolicy) EgressFromOtherNamespaces(sourcePod *np.SourcePod) np.Rule { - return np.NewSource(sourcePod).DenyPod(a.Sources()...).AllowPod(a.Agnostic.KubeAPIServer()).Build() -} - -func (a *azureNetworkPolicy) newSource(sourcePod *np.SourcePod) *np.RuleBuilder { - return np.NewSource(sourcePod).DenyPod(a.Sources()...).DenyHost(a.metadata, a.Agnostic.External(), a.Agnostic.GardenPrometheus()) -} - -// Sources returns a list of SourcePods of Azure. -func (a *azureNetworkPolicy) Sources() []*np.SourcePod { - ag := a.Agnostic - return []*np.SourcePod{ - ag.AddonManager(), - ag.CloudControllerManagerSecured(), - ag.Loki(), - ag.EtcdEvents(), - ag.EtcdMain(), - ag.Grafana(), - ag.KubeAPIServer(), - ag.KubeControllerManagerSecured(), - ag.KubeSchedulerSecured(), - ag.KubeStateMetricsShoot(), - ag.MachineControllerManager(), - ag.Prometheus(), - } -} - -// Provider returns Azure cloud provider. -func (a *azureNetworkPolicy) Provider() string { - return "azure" -} diff --git a/test/e2e/networkpolicies/networkpolicy_test.go b/test/e2e/networkpolicies/networkpolicy_test.go deleted file mode 100644 index 7b0ebeb7c..000000000 --- a/test/e2e/networkpolicies/networkpolicy_test.go +++ /dev/null @@ -1,1182 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by netpol-gen. DO NOT EDIT. - -package networkpolies - -import ( - "context" - "encoding/json" - "flag" - "fmt" - "strings" - "sync" - "time" - - "github.com/gardener/gardener/extensions/test/e2e/framework/executor" - networkpolicies "github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies" - "github.com/gardener/gardener/pkg/client/kubernetes" - "github.com/gardener/gardener/test/framework" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/sets" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -var ( - cleanup = flag.Bool("cleanup", false, "deletes all created e2e resources after the test suite is done") -) - -const ( - InitializationTimeout = 10 * time.Minute - FinalizationTimeout = time.Minute - DefaultTestTimeout = 10 * time.Second -) - -func init() { - framework.RegisterShootFrameworkFlags() -} - -var _ = Describe("Network Policy Testing", func() { - - var ( - f = framework.NewShootFramework(nil) - sharedResources networkpolicies.SharedResources - - agnostic = &networkpolicies.Agnostic{} - DefaultCIt = func(text string, body func(ctx context.Context)) { - f.Default().CIt(text, body, DefaultTestTimeout) - } - - getTargetPod = func(ctx context.Context, targetPod *networkpolicies.NamespacedTargetPod) *corev1.Pod { - if !targetPod.Pod.CheckVersion(f.Shoot) { - Skip("Target pod doesn't match Shoot version constraints. Skipping.") - } - if !targetPod.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - By(fmt.Sprintf("Checking that target Pod: %s is running", targetPod.Pod.Name)) - err := f.WaitUntilPodIsRunningWithLabels(ctx, targetPod.Pod.Selector(), targetPod.Namespace, f.SeedClient) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - By(fmt.Sprintf("Get target pod: %s", targetPod.Pod.Name)) - trgPod, err := framework.GetFirstRunningPodWithLabels(ctx, targetPod.Pod.Selector(), targetPod.Namespace, f.SeedClient) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - return trgPod - } - - establishConnectionToHost = func(ctx context.Context, nsp *networkpolicies.NamespacedSourcePod, host string, port int32) (stdout, stderr string, err error) { - if !nsp.Pod.CheckVersion(f.Shoot) { - Skip("Source pod doesn't match Shoot version constraints. Skipping.") - } - if !nsp.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - By(fmt.Sprintf("Checking for source Pod: %s is running", nsp.Pod.Name)) - ExpectWithOffset(1, f.WaitUntilPodIsRunningWithLabels(ctx, nsp.Pod.Selector(), nsp.Namespace, f.SeedClient)).NotTo(HaveOccurred()) - - command := []string{"nc", "-vznw", "3", host, fmt.Sprint(port)} - By(fmt.Sprintf("Executing connectivity command in %s/%s to %s", nsp.Namespace, nsp.Pod.Name, strings.Join(command, " "))) - - return executor.NewExecutor(f.SeedClient). - ExecCommandInContainerWithFullOutput(ctx, nsp.Namespace, nsp.Pod.Name, "busybox-0", command...) - } - - assertCannotConnectToHost = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, host string, port int32) { - _, stderr, err := establishConnectionToHost(ctx, sourcePod, host, port) - ExpectWithOffset(1, err).To(HaveOccurred()) - By("Connection message is timed out\n") - ExpectWithOffset(1, stderr).To(SatisfyAny(ContainSubstring("Connection timed out"), ContainSubstring("nc: bad address"))) - } - - assertConnectToHost = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetHost *networkpolicies.Host, allowed bool) { - _, stderr, err := establishConnectionToHost(ctx, sourcePod, targetHost.HostName, targetHost.Port) - if allowed { - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - } else { - ExpectWithOffset(1, err).To(HaveOccurred()) - ExpectWithOffset(1, stderr).To(SatisfyAny(BeEmpty(), ContainSubstring("Connection timed out"), ContainSubstring("nc: bad address")), "stderr has correct message") - } - } - - assertCannotConnectToPod = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetPod *networkpolicies.NamespacedTargetPod) { - pod := getTargetPod(ctx, targetPod) - assertCannotConnectToHost(ctx, sourcePod, pod.Status.PodIP, targetPod.Port.Port) - } - - assertConnectToPod = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetPod *networkpolicies.NamespacedTargetPod, allowed bool) { - pod := getTargetPod(ctx, targetPod) - assertConnectToHost(ctx, sourcePod, &networkpolicies.Host{ - HostName: pod.Status.PodIP, - Port: targetPod.Port.Port, - }, allowed) - } - - // generated targets - CloudControllerManagerHttps = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "cloud-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "role": "cloud-controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10258, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - CloudControllerManagerHttps10258 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "cloud-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "role": "cloud-controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10258, - Name: ""}} - EtcdEvents = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "etcd-events", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "events"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 2379, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-etcd": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - EtcdEvents2379 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "etcd-events", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "events"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 2379, - Name: ""}} - EtcdMain = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "etcd-main", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "main"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 2379, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-etcd": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - EtcdMain2379 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "etcd-main", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "main"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 2379, - Name: ""}} - ExternalhostPort53 = &networkpolicies.Host{ - Description: "External host", - HostName: "8.8.8.8", - Port: 53} - GardenPrometheusPort80 = &networkpolicies.Host{ - Description: "Garden Prometheus", - HostName: "prometheus-web.garden", - Port: 80} - GardenerResourceManager = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "gardener-resource-manager", - Labels: labels.Set{ - "app": "gardener-resource-manager", - "gardener.cloud/role": "controlplane"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port(nil), - ExpectedPolicies: sets.String{ - "allow-to-dns": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - GardenerResourceManager8080 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "gardener-resource-manager", - Labels: labels.Set{ - "app": "gardener-resource-manager", - "gardener.cloud/role": "controlplane"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 8080, - Name: "dummy"}} - Grafana = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "grafana", - Labels: labels.Set{ - "component": "grafana", - "gardener.cloud/role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 3000, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-grafana": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "deny-all": sets.Empty{}}} - Grafana3000 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "grafana", - Labels: labels.Set{ - "component": "grafana", - "gardener.cloud/role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 3000, - Name: ""}} - KubeApiserver = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-apiserver", - Labels: labels.Set{ - "app": "kubernetes", - "role": "apiserver"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 443, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-kube-apiserver": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeApiserver443 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-apiserver", - Labels: labels.Set{ - "app": "kubernetes", - "role": "apiserver"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 443, - Name: ""}} - KubeControllerManagerHttps = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "gardener.cloud/role": "controlplane", - "role": "controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10257, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-blocked-cidrs": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeControllerManagerHttps10257 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "gardener.cloud/role": "controlplane", - "role": "controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10257, - Name: ""}} - KubeSchedulerHttps = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-scheduler-https", - Labels: labels.Set{ - "app": "kubernetes", - "gardener.cloud/role": "controlplane", - "role": "scheduler"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10259, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeSchedulerHttps10259 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-scheduler-https", - Labels: labels.Set{ - "app": "kubernetes", - "gardener.cloud/role": "controlplane", - "role": "scheduler"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10259, - Name: ""}} - KubeStateMetricsShoot = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-state-metrics-shoot", - Labels: labels.Set{ - "component": "kube-state-metrics", - "gardener.cloud/role": "monitoring", - "type": "shoot"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 8080, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeStateMetricsShoot8080 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-state-metrics-shoot", - Labels: labels.Set{ - "component": "kube-state-metrics", - "gardener.cloud/role": "monitoring", - "type": "shoot"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 8080, - Name: ""}} - Loki = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "loki", - Labels: labels.Set{ - "app": "loki", - "gardener.cloud/role": "logging", - "role": "logging"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 3100, - Name: "metrics"}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-loki": sets.Empty{}, - "deny-all": sets.Empty{}}} - Loki3100 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "loki", - Labels: labels.Set{ - "app": "loki", - "gardener.cloud/role": "logging", - "role": "logging"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 3100, - Name: "metrics"}} - MachineControllerManager = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "machine-controller-manager", - Labels: labels.Set{ - "app": "kubernetes", - "role": "machine-controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10258, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - MachineControllerManager10258 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "machine-controller-manager", - Labels: labels.Set{ - "app": "kubernetes", - "role": "machine-controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10258, - Name: ""}} - MetadataservicePort80 = &networkpolicies.Host{ - Description: "Metadata service", - HostName: "169.254.169.254", - Port: 80} - Prometheus = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "prometheus", - Labels: labels.Set{ - "app": "prometheus", - "gardener.cloud/role": "monitoring", - "role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 9090, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "allow-to-shoot-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - Prometheus9090 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "prometheus", - Labels: labels.Set{ - "app": "prometheus", - "gardener.cloud/role": "monitoring", - "role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 9090, - Name: ""}} - SeedKubeAPIServerPort443 = &networkpolicies.Host{ - Description: "Seed Kube APIServer", - HostName: "kubernetes.default", - Port: 443} - ) - - SynchronizedBeforeSuite(func() []byte { - ctx, cancel := context.WithTimeout(context.TODO(), InitializationTimeout) - defer cancel() - - var err error - - // The framework has to be manually initialized as BeforeEach is not allowed to be called inside a SynchronizedBeforeSuite - f = &framework.ShootFramework{ - GardenerFramework: framework.NewGardenerFrameworkFromConfig(nil), - TestDescription: framework.NewTestDescription("SHOOT"), - Config: nil, - } - f.CommonFramework.BeforeEach() - f.GardenerFramework.BeforeEach() - f.BeforeEach(ctx) - - By("Getting Seed Cloud Provider") - sharedResources.SeedCloudProvider = f.Seed.Spec.Provider.Type - - By("Creating namespace for Ingress testing") - ns := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "gardener-e2e-network-policies-", - Labels: map[string]string{ - "gardener-e2e-test": "networkpolicies", - }, - }, - } - err = f.SeedClient.Client().Create(ctx, ns) - Expect(err).NotTo(HaveOccurred()) - - sharedResources.External = ns.GetName() - - By("Creating mirror namespace for pod2pod network testing") - mirrorNamespace := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "gardener-e2e-mirror-network-policies-", - Labels: map[string]string{ - "gardener-e2e-test": "networkpolicies", - }, - }, - } - err = f.SeedClient.Client().Create(ctx, mirrorNamespace) - Expect(err).NotTo(HaveOccurred()) - - sharedResources.Mirror = mirrorNamespace.GetName() - - By(fmt.Sprintf("Getting all network policies in namespace %q", f.ShootSeedNamespace())) - list := &networkingv1.NetworkPolicyList{} - err = f.SeedClient.Client().List(ctx, list, client.InNamespace(f.ShootSeedNamespace())) - Expect(err).ToNot(HaveOccurred()) - - sharedResources.Policies = list.Items - - for _, netPol := range sharedResources.Policies { - cpy := &networkingv1.NetworkPolicy{} - cpy.Name = netPol.Name - cpy.Namespace = sharedResources.Mirror - cpy.Spec = *netPol.Spec.DeepCopy() - By(fmt.Sprintf("Copying network policy %s in namespace %q", netPol.Name, sharedResources.Mirror)) - err = f.SeedClient.Client().Create(ctx, cpy) - Expect(err).NotTo(HaveOccurred()) - } - - By("Getting the current CloudProvider") - currentProvider := f.Shoot.Spec.Provider.Type - - getFirstNodeInternalIP := func(ctx context.Context, cl kubernetes.Interface) (string, error) { - nodes := &corev1.NodeList{} - err := cl.Client().List(ctx, nodes, client.Limit(1)) - if err != nil { - return "", err - } - - if len(nodes.Items) > 0 { - firstNode := nodes.Items[0] - for _, address := range firstNode.Status.Addresses { - if address.Type == corev1.NodeInternalIP { - return address.Address, nil - } - } - } - - return "", framework.ErrNoInternalIPsForNodeWasFound - } - - By("Getting fist running node") - sharedResources.SeedNodeIP, err = getFirstNodeInternalIP(ctx, f.SeedClient) - Expect(err).NotTo(HaveOccurred()) - - if currentProvider != "azure" { - Fail(fmt.Sprintf("Not supported cloud provider %s", currentProvider)) - } - - createBusyBox := func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, ports ...corev1.ContainerPort) { - if len(ports) == 0 { - Fail(fmt.Sprintf("No ports found for SourcePod %+v", *sourcePod.SourcePod)) - } - containers := []corev1.Container{} - for i, port := range ports { - containers = append(containers, corev1.Container{ - Args: []string{"nc", "-lk", "-p", fmt.Sprint(port.ContainerPort), "-e", "/bin/echo", "-s", "0.0.0.0"}, - Image: "busybox", - Name: fmt.Sprintf("busybox-%d", i), - Ports: []corev1.ContainerPort{port}, - }) - } - pod := &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: sourcePod.Pod.Name, - Namespace: sourcePod.Namespace, - Labels: sourcePod.Pod.Labels, - }, - Spec: corev1.PodSpec{ - Containers: containers, - }, - } - - By(fmt.Sprintf("Creating Pod %s/%s", sourcePod.Namespace, sourcePod.Name)) - err := f.SeedClient.Client().Create(ctx, pod) - Expect(err).NotTo(HaveOccurred()) - - By(fmt.Sprintf("Waiting foo Pod %s/%s to be running", sourcePod.Namespace, sourcePod.Name)) - err = framework.WaitUntilPodIsRunning(ctx, f.Logger, pod.GetName(), sourcePod.Namespace, f.SeedClient) - if err != nil { - Fail(fmt.Sprintf("Couldn't find running busybox %s/%s", sourcePod.Namespace, pod.GetName())) - } - } - - sources := []*networkpolicies.SourcePod{ - GardenerResourceManager, - CloudControllerManagerHttps, - Loki, - EtcdEvents, - EtcdMain, - Grafana, - KubeApiserver, - KubeControllerManagerHttps, - KubeSchedulerHttps, - KubeStateMetricsShoot, - MachineControllerManager, - Prometheus, - } - - var wg sync.WaitGroup - // one extra for the busybox Pod bellow. - wg.Add(len(sources) + 1) - - for _, s := range sources { - go func(pi *networkpolicies.SourcePod) { - defer GinkgoRecover() - defer wg.Done() - if !pi.Pod.CheckVersion(f.Shoot) || !pi.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - return - } - pod, err := framework.GetFirstRunningPodWithLabels(ctx, pi.Pod.Selector(), f.ShootSeedNamespace(), f.SeedClient) - if err != nil { - Fail(fmt.Sprintf("Couldn't find running Pod %s/%s with labels: %+v", f.ShootSeedNamespace(), pi.Pod.Name, pi.Pod.Labels)) - } - cpy := *pi - - targetLabels := make(map[string]string) - - for k, v := range pod.Labels { - targetLabels[k] = v - } - - cpy.Pod.Labels = targetLabels - By(fmt.Sprintf("Mirroring Pod %s to namespace %s", cpy.Pod.Labels.String(), sharedResources.Mirror)) - - expectedPorts := sets.Int64{} - actualPorts := sets.Int64{} - for _, p := range pi.Ports { - expectedPorts.Insert(int64(p.Port)) - } - containerPorts := []corev1.ContainerPort{} - for _, container := range pod.Spec.Containers { - if len(container.Ports) > 0 { - for _, p := range container.Ports { - actualPorts.Insert(int64(p.ContainerPort)) - } - containerPorts = append(containerPorts, container.Ports...) - } - } - - if !actualPorts.HasAll(expectedPorts.List()...) { - Fail(fmt.Sprintf("Pod %s doesn't have all ports. Expected %+v, actual %+v", pi.Pod.Name, expectedPorts.List(), actualPorts.List())) - } - if len(containerPorts) == 0 { - // Dummy port for containers which don't have any ports. - containerPorts = append(containerPorts, corev1.ContainerPort{ContainerPort: 8080}) - } - createBusyBox(ctx, networkpolicies.NewNamespacedSourcePod(&cpy, sharedResources.Mirror), containerPorts...) - }(s) - } - go func() { - defer GinkgoRecover() - defer wg.Done() - createBusyBox(ctx, networkpolicies.NewNamespacedSourcePod(agnostic.Busybox(), ns.GetName()), corev1.ContainerPort{ContainerPort: 8080}) - }() - - wg.Wait() - - b, err := json.Marshal(sharedResources) - Expect(err).NotTo(HaveOccurred()) - - return b - }, func(data []byte) { - sr := &networkpolicies.SharedResources{} - err := json.Unmarshal(data, sr) - Expect(err).NotTo(HaveOccurred()) - - sharedResources = *sr - }) - - SynchronizedAfterSuite(func() { - if !*cleanup { - return - } - - ctx, cancel := context.WithTimeout(context.TODO(), FinalizationTimeout) - defer cancel() - - namespaces := &corev1.NamespaceList{} - selector := labels.SelectorFromSet(labels.Set{ - "gardener-e2e-test": "networkpolicies", - }) - err := f.SeedClient.Client().List(ctx, namespaces, client.MatchingLabelsSelector{Selector: selector}) - Expect(err).NotTo(HaveOccurred()) - - for _, ns := range namespaces.Items { - err = f.SeedClient.Client().Delete(ctx, &ns) - if err != nil && !errors.IsConflict(err) { - Expect(err).NotTo(HaveOccurred()) - } - } - }, func() {}) - - Context("Deprecated old policies are removed", func() { - - const ( - deprecatedKubeAPIServerPolicy = "kube-apiserver-default" - deprecatedMetadataAppPolicy = "cloud-metadata-service-deny-blacklist-app" - deprecatedMetadataRolePolicy = "cloud-metadata-service-deny-blacklist-role" - ) - - var ( - assertPolicyIsGone = func(policyName string) func(ctx context.Context) { - return func(ctx context.Context) { - By(fmt.Sprintf("Getting network policy %q in namespace %q", policyName, f.ShootSeedNamespace())) - getErr := f.SeedClient.Client().Get(ctx, types.NamespacedName{Name: policyName, Namespace: f.ShootSeedNamespace()}, &networkingv1.NetworkPolicy{}) - Expect(getErr).To(HaveOccurred()) - By("error is NotFound") - Expect(errors.IsNotFound(getErr)).To(BeTrue()) - } - } - ) - - DefaultCIt(deprecatedKubeAPIServerPolicy, assertPolicyIsGone(deprecatedKubeAPIServerPolicy)) - DefaultCIt(deprecatedMetadataAppPolicy, assertPolicyIsGone(deprecatedMetadataAppPolicy)) - DefaultCIt(deprecatedMetadataRolePolicy, assertPolicyIsGone(deprecatedMetadataRolePolicy)) - }) - - Context("components are selected by correct policies", func() { - var ( - assertHasNetworkPolicy = func(sourcePod *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - if !sourcePod.Pod.CheckVersion(f.Shoot) { - Skip("Component doesn't match Shoot version constraints. Skipping.") - } - if !sourcePod.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - - matched := sets.NewString() - var podLabelSet labels.Set - - By(fmt.Sprintf("Getting first running pod with selectors %q in namespace %q", sourcePod.Pod.Labels, f.ShootSeedNamespace())) - pod, err := framework.GetFirstRunningPodWithLabels(ctx, sourcePod.Pod.Selector(), f.ShootSeedNamespace(), f.SeedClient) - podLabelSet = pod.GetLabels() - Expect(err).NotTo(HaveOccurred()) - - for _, netPol := range sharedResources.Policies { - netPolSelector, err := metav1.LabelSelectorAsSelector(&netPol.Spec.PodSelector) - Expect(err).NotTo(HaveOccurred()) - - if netPolSelector.Matches(podLabelSet) { - matched.Insert(netPol.GetName()) - } - } - By(fmt.Sprintf("Matching actual network policies against expected %s", sourcePod.ExpectedPolicies.List())) - Expect(matched.List()).Should(ConsistOf(sourcePod.ExpectedPolicies.List())) - } - } - ) - DefaultCIt(`kube-apiserver`, assertHasNetworkPolicy(KubeApiserver)) - DefaultCIt(`etcd-main`, assertHasNetworkPolicy(EtcdMain)) - DefaultCIt(`etcd-events`, assertHasNetworkPolicy(EtcdEvents)) - DefaultCIt(`cloud-controller-manager-https`, assertHasNetworkPolicy(CloudControllerManagerHttps)) - DefaultCIt(`loki`, assertHasNetworkPolicy(Loki)) - DefaultCIt(`grafana`, assertHasNetworkPolicy(Grafana)) - DefaultCIt(`gardener-resource-manager`, assertHasNetworkPolicy(GardenerResourceManager)) - DefaultCIt(`kube-controller-manager-https`, assertHasNetworkPolicy(KubeControllerManagerHttps)) - DefaultCIt(`kube-scheduler-https`, assertHasNetworkPolicy(KubeSchedulerHttps)) - DefaultCIt(`kube-state-metrics-shoot`, assertHasNetworkPolicy(KubeStateMetricsShoot)) - DefaultCIt(`machine-controller-manager`, assertHasNetworkPolicy(MachineControllerManager)) - DefaultCIt(`prometheus`, assertHasNetworkPolicy(Prometheus)) - }) - - Context("ingress from other namespaces", func() { - - var ( - assertBlockIngress = func(to *networkpolicies.TargetPod, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToPod(ctx, networkpolicies.NewNamespacedSourcePod(agnostic.Busybox(), sharedResources.External), networkpolicies.NewNamespacedTargetPod(to, f.ShootSeedNamespace()), allowed) - } - } - ) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertBlockIngress(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertBlockIngress(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertBlockIngress(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertBlockIngress(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertBlockIngress(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertBlockIngress(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertBlockIngress(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertBlockIngress(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertBlockIngress(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertBlockIngress(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertBlockIngress(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertBlockIngress(Prometheus9090, false)) - }) - - Context("egress to other namespaces", func() { - - var ( - assertBlockEgresss = func(from *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - assertCannotConnectToPod(ctx, networkpolicies.NewNamespacedSourcePod(from, sharedResources.Mirror), networkpolicies.NewNamespacedTargetPod(agnostic.Busybox().DummyPort(), sharedResources.External)) - } - } - ) - - DefaultCIt(`should block connectivity from kube-apiserver to busybox`, assertBlockEgresss(KubeApiserver)) - DefaultCIt(`should block connectivity from etcd-main to busybox`, assertBlockEgresss(EtcdMain)) - DefaultCIt(`should block connectivity from etcd-events to busybox`, assertBlockEgresss(EtcdEvents)) - DefaultCIt(`should block connectivity from cloud-controller-manager-https to busybox`, assertBlockEgresss(CloudControllerManagerHttps)) - DefaultCIt(`should block connectivity from loki to busybox`, assertBlockEgresss(Loki)) - DefaultCIt(`should block connectivity from grafana to busybox`, assertBlockEgresss(Grafana)) - DefaultCIt(`should block connectivity from gardener-resource-manager to busybox`, assertBlockEgresss(GardenerResourceManager)) - DefaultCIt(`should block connectivity from kube-controller-manager-https to busybox`, assertBlockEgresss(KubeControllerManagerHttps)) - DefaultCIt(`should block connectivity from kube-scheduler-https to busybox`, assertBlockEgresss(KubeSchedulerHttps)) - DefaultCIt(`should block connectivity from kube-state-metrics-shoot to busybox`, assertBlockEgresss(KubeStateMetricsShoot)) - DefaultCIt(`should block connectivity from machine-controller-manager to busybox`, assertBlockEgresss(MachineControllerManager)) - DefaultCIt(`should block connectivity from prometheus to busybox`, assertBlockEgresss(Prometheus)) - }) - - Context("egress to Seed nodes", func() { - - var ( - assertBlockToSeedNodes = func(from *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - assertCannotConnectToHost(ctx, networkpolicies.NewNamespacedSourcePod(from, sharedResources.Mirror), sharedResources.SeedNodeIP, 10250) - } - } - ) - - DefaultCIt(`should block connectivity from kube-apiserver`, assertBlockToSeedNodes(KubeApiserver)) - DefaultCIt(`should block connectivity from etcd-main`, assertBlockToSeedNodes(EtcdMain)) - DefaultCIt(`should block connectivity from etcd-events`, assertBlockToSeedNodes(EtcdEvents)) - DefaultCIt(`should block connectivity from cloud-controller-manager-https`, assertBlockToSeedNodes(CloudControllerManagerHttps)) - DefaultCIt(`should block connectivity from loki`, assertBlockToSeedNodes(Loki)) - DefaultCIt(`should block connectivity from grafana`, assertBlockToSeedNodes(Grafana)) - DefaultCIt(`should block connectivity from gardener-resource-manager`, assertBlockToSeedNodes(GardenerResourceManager)) - DefaultCIt(`should block connectivity from kube-controller-manager-https`, assertBlockToSeedNodes(KubeControllerManagerHttps)) - DefaultCIt(`should block connectivity from kube-scheduler-https`, assertBlockToSeedNodes(KubeSchedulerHttps)) - DefaultCIt(`should block connectivity from kube-state-metrics-shoot`, assertBlockToSeedNodes(KubeStateMetricsShoot)) - DefaultCIt(`should block connectivity from machine-controller-manager`, assertBlockToSeedNodes(MachineControllerManager)) - DefaultCIt(`should block connectivity from prometheus`, assertBlockToSeedNodes(Prometheus)) - }) - - Context("egress for mirrored pods", func() { - - var ( - from *networkpolicies.NamespacedSourcePod - - assertEgresssToMirroredPod = func(to *networkpolicies.TargetPod, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToPod(ctx, from, networkpolicies.NewNamespacedTargetPod(to, sharedResources.Mirror), allowed) - } - } - - assertEgresssToHost = func(to *networkpolicies.Host, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToHost(ctx, from, to, allowed) - } - } - ) - - Context("kube-apiserver", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeApiserver, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should allow connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, true)) - DefaultCIt(`should allow connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, true)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("etcd-main", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(EtcdMain, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("etcd-events", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(EtcdEvents, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("cloud-controller-manager-https", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(CloudControllerManagerHttps, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("loki", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(Loki, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("grafana", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(Grafana, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should allow connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, true)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should allow connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, true)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("gardener-resource-manager", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(GardenerResourceManager, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("kube-controller-manager-https", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeControllerManagerHttps, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should allow connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, true)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kube-scheduler-https", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeSchedulerHttps, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kube-state-metrics-shoot", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeStateMetricsShoot, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("machine-controller-manager", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(MachineControllerManager, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("prometheus", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(Prometheus, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should allow connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, true)) - DefaultCIt(`should allow connection to Pod "loki" at port 3100`, assertEgresssToMirroredPod(Loki3100, true)) - DefaultCIt(`should allow connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, true)) - DefaultCIt(`should allow connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, true)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should allow connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, true)) - DefaultCIt(`should allow connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, true)) - DefaultCIt(`should allow connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, true)) - DefaultCIt(`should allow connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, true)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should allow connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, true)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - }) -}) diff --git a/test/integration/infrastructure/matchers.go b/test/integration/infrastructure/matchers.go index f05ccd6d2..bd3885831 100644 --- a/test/integration/infrastructure/matchers.go +++ b/test/integration/infrastructure/matchers.go @@ -43,6 +43,7 @@ func (a *azureNotFoundErrorMatcher) Match(actual interface{}) (success bool, err return false, nil } +// IsNotFound returns true if the given error is a autorest.DetailedError with status code http.StatusNotFound. func IsNotFound(err error) bool { if err == nil { return false diff --git a/test/tm/generator.go b/test/tm/generator.go index 5c9ef14ec..4a379d72d 100644 --- a/test/tm/generator.go +++ b/test/tm/generator.go @@ -36,7 +36,7 @@ const ( defaultNetworkWorkerCidr = "10.250.0.0/19" ) -type GeneratorConfig struct { +type generatorConfig struct { networkWorkerCidr string networkVnetCidr string infrastructureProviderConfigPath string @@ -46,12 +46,12 @@ type GeneratorConfig struct { } var ( - cfg *GeneratorConfig + cfg *generatorConfig logger logr.Logger ) func addFlags() { - cfg = &GeneratorConfig{} + cfg = &generatorConfig{} flag.StringVar(&cfg.infrastructureProviderConfigPath, "infrastructure-provider-config-filepath", "", "filepath to the provider specific infrastructure config") flag.StringVar(&cfg.controlplaneProviderConfigPath, "controlplane-provider-config-filepath", "", "filepath to the provider specific controlplane config") diff --git a/vendor/github.com/gardener/dependency-watchdog/pkg/scaler/api/encoding.go b/vendor/github.com/gardener/dependency-watchdog/pkg/scaler/api/encoding.go new file mode 100644 index 000000000..da167a448 --- /dev/null +++ b/vendor/github.com/gardener/dependency-watchdog/pkg/scaler/api/encoding.go @@ -0,0 +1,28 @@ +// SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Gardener contributors. +// +// SPDX-License-Identifier: Apache-2.0 + +package api + +import ( + "github.com/ghodss/yaml" +) + +// Encode encodes the ProbeDependantsList objects into a string. +func Encode(dependants *ProbeDependantsList) (string, error) { + data, err := yaml.Marshal(dependants) + if err != nil { + return "", err + } + return string(data), nil +} + +// Decode decodes the byte stream to ServiceDependants objects. +func Decode(data []byte) (*ProbeDependantsList, error) { + dependants := new(ProbeDependantsList) + err := yaml.Unmarshal(data, dependants) + if err != nil { + return nil, err + } + return dependants, nil +} diff --git a/vendor/github.com/gardener/dependency-watchdog/pkg/scaler/api/types.go b/vendor/github.com/gardener/dependency-watchdog/pkg/scaler/api/types.go new file mode 100644 index 000000000..895a7dbd6 --- /dev/null +++ b/vendor/github.com/gardener/dependency-watchdog/pkg/scaler/api/types.go @@ -0,0 +1,47 @@ +// SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Gardener contributors. +// +// SPDX-License-Identifier: Apache-2.0 + +package api + +import ( + autoscalingv1 "k8s.io/api/autoscaling/v1" +) + +// ProbeDependantsList holds a list of probes (internal and external) and their corresponding +// dependant Scales. If the external probe fails and the internal probe still succeeds, then the +// corresponding dependant Scales are scaled down to `zero`. They are scaled back to their +// original scale when the external probe succeeds again. +type ProbeDependantsList struct { + Probes []ProbeDependants `json:"probes"` + Namespace string `json:"namespace"` +} + +// ProbeDependants struct captures the details about a probe and its dependant scale sub-resources. +type ProbeDependants struct { + Name string `json:"name"` + Probe *ProbeConfig `json:"probe"` + DependantScales []*DependantScaleDetails `json:"dependantScales"` +} + +// ProbeConfig struct captures the details for probing a Kubernetes apiserver. +type ProbeConfig struct { + External *ProbeDetails `json:"external,omitempty"` + Internal *ProbeDetails `json:"internal,omitempty"` + InitialDelaySeconds *int32 `json:"initialDelaySeconds,omitempty"` + TimeoutSeconds *int32 `json:"timeoutSeconds,omitempty"` + PeriodSeconds *int32 `json:"periodSeconds,omitempty"` + SuccessThreshold *int32 `json:"successThreshold,omitempty"` + FailureThreshold *int32 `json:"failureThreshold,omitempty"` +} + +// ProbeDetails captures the kubeconfig secret details to probe a Kubernetes apiserver. +type ProbeDetails struct { + KubeconfigSecretName string `json:"kubeconfigSecretName"` +} + +// DependantScaleDetails has the details about the dependant scale sub-resource. +type DependantScaleDetails struct { + ScaleRef autoscalingv1.CrossVersionObjectReference `json:"scaleRef"` + Replicas *int32 `json:"replicas"` +} diff --git a/vendor/github.com/gardener/gardener/.github/ISSUE_TEMPLATE/support.md b/vendor/github.com/gardener/gardener/.github/ISSUE_TEMPLATE/support.md index e646f0371..1e09d27cf 100644 --- a/vendor/github.com/gardener/gardener/.github/ISSUE_TEMPLATE/support.md +++ b/vendor/github.com/gardener/gardener/.github/ISSUE_TEMPLATE/support.md @@ -10,5 +10,5 @@ STOP -- PLEASE READ! GitHub is not the right place for support requests. -If you're looking for help, please post your question on the [Kubernetes Slack](http://slack.k8s.io/) ([#gardener](https://kubernetes.slack.com/messages/gardener) channel) or join our [weekly meetings](https://github.com/gardener/documentation/blob/master/CONTRIBUTING.md#weekly-meeting). +If you're looking for help, please post your question on the [Kubernetes Slack](http://slack.k8s.io/) ([#gardener](https://kubernetes.slack.com/messages/gardener) channel) or join our [bi-weekly meetings](https://gardener.cloud/docs/contribute/#bi-weekly-meetings). --> diff --git a/vendor/github.com/gardener/gardener/charts/images.yaml b/vendor/github.com/gardener/gardener/charts/images.yaml index 8ebdbf350..5add01a1d 100644 --- a/vendor/github.com/gardener/gardener/charts/images.yaml +++ b/vendor/github.com/gardener/gardener/charts/images.yaml @@ -106,7 +106,7 @@ images: - name: prometheus sourceRepository: github.com/prometheus/prometheus repository: quay.io/prometheus/prometheus - tag: v2.29.1 + tag: v2.30.2 - name: configmap-reloader sourceRepository: github.com/jimmidyson/configmap-reload repository: quay.io/coreos/configmap-reload @@ -190,16 +190,27 @@ images: - name: nginx-ingress-controller sourceRepository: github.com/kubernetes/ingress-nginx repository: k8s.gcr.io/ingress-nginx/controller - tag: "v0.41.2" - targetVersion: ">= 1.20" + tag: "v0.49.0" + targetVersion: ">= 1.20, < 1.22" +- name: nginx-ingress-controller + sourceRepository: github.com/kubernetes/ingress-nginx + repository: k8s.gcr.io/ingress-nginx/controller + tag: "v1.0.0" + targetVersion: ">= 1.22" - name: nginx-ingress-controller-seed sourceRepository: github.com/kubernetes/ingress-nginx repository: k8s.gcr.io/ingress-nginx/controller - tag: "v0.41.2" + tag: "v0.49.0" + targetVersion: "< 1.22" +- name: nginx-ingress-controller-seed + sourceRepository: github.com/kubernetes/ingress-nginx + repository: k8s.gcr.io/ingress-nginx/controller + tag: "v1.0.0" + targetVersion: ">= 1.22" - name: ingress-default-backend sourceRepository: github.com/gardener/ingress-default-backend repository: eu.gcr.io/gardener-project/gardener/ingress-default-backend - tag: "0.9.0" + tag: "0.10.0" # Miscellaenous - name: alpine @@ -214,11 +225,11 @@ images: - name: fluent-bit sourceRepository: github.com/fluent/fluent-bit repository: fluent/fluent-bit - tag: "1.7.8" + tag: "1.8.7" - name: fluent-bit-plugin-installer sourceRepository: github.com/gardener/logging repository: eu.gcr.io/gardener-project/gardener/fluent-bit-to-loki - tag: "v0.36.2" + tag: "v0.37.2" - name: loki sourceRepository: github.com/grafana/loki repository: grafana/loki @@ -226,7 +237,7 @@ images: - name: loki-curator sourceRepository: github.com/gardener/logging repository: eu.gcr.io/gardener-project/gardener/loki-curator - tag: "v0.36.2" + tag: "v0.37.2" - name: kube-rbac-proxy sourceRepository: github.com/brancz/kube-rbac-proxy repository: quay.io/brancz/kube-rbac-proxy @@ -234,11 +245,11 @@ images: - name: promtail sourceRepository: github.com/grafana/loki repository: "docker.io/grafana/promtail" - tag: "2.1.0" + tag: "2.2.1" - name: telegraf sourceRepository: github.com/gardener/logging repository: eu.gcr.io/gardener-project/gardener/telegraf-iptables - tag: "v0.36.2" + tag: "v0.37.2" # VPA - name: vpa-admission-controller diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupbucket/mapper.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupbucket/mapper.go index 8623a3e92..8895de312 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupbucket/mapper.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupbucket/mapper.go @@ -16,6 +16,7 @@ package backupbucket import ( "context" + "time" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" @@ -27,9 +28,11 @@ import ( extensionshandler "github.com/gardener/gardener/extensions/pkg/handler" extensionspredicate "github.com/gardener/gardener/extensions/pkg/predicate" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + ctxutils "github.com/gardener/gardener/pkg/utils/context" ) type secretToBackupBucketMapper struct { + ctx context.Context client client.Client predicates []predicate.Predicate } @@ -39,6 +42,11 @@ func (m *secretToBackupBucketMapper) InjectClient(c client.Client) error { return nil } +func (m *secretToBackupBucketMapper) InjectStopChannel(stopCh <-chan struct{}) error { + m.ctx = ctxutils.FromStopChannel(stopCh) + return nil +} + func (m *secretToBackupBucketMapper) InjectFunc(f inject.Func) error { for _, p := range m.predicates { if err := f(p); err != nil { @@ -49,13 +57,16 @@ func (m *secretToBackupBucketMapper) InjectFunc(f inject.Func) error { } func (m *secretToBackupBucketMapper) Map(obj client.Object) []reconcile.Request { + ctx, cancel := context.WithTimeout(m.ctx, 5*time.Second) + defer cancel() + secret, ok := obj.(*corev1.Secret) if !ok { return nil } backupBucketList := &extensionsv1alpha1.BackupBucketList{} - if err := m.client.List(context.TODO(), backupBucketList); err != nil { + if err := m.client.List(ctx, backupBucketList); err != nil { return nil } diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/controller.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/controller.go index 5c794f799..c5d386a5f 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/controller.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/controller.go @@ -88,14 +88,14 @@ func add(mgr manager.Manager, args AddArgs, predicates []predicate.Predicate) er if args.IgnoreOperationAnnotation { if err := ctrl.Watch( &source.Kind{Type: &corev1.Namespace{}}, - extensionshandler.EnqueueRequestsFromMapper(NamespaceToBackupEntryMapper(mgr.GetClient(), predicates), extensionshandler.UpdateWithNew), + extensionshandler.EnqueueRequestsFromMapper(NamespaceToBackupEntryMapper(predicates), extensionshandler.UpdateWithNew), ); err != nil { return err } if err := ctrl.Watch( &source.Kind{Type: &corev1.Secret{}}, - extensionshandler.EnqueueRequestsFromMapper(SecretToBackupEntryMapper(mgr.GetClient(), predicates), extensionshandler.UpdateWithNew), + extensionshandler.EnqueueRequestsFromMapper(SecretToBackupEntryMapper(predicates), extensionshandler.UpdateWithNew), ); err != nil { return err } diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/mapper.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/mapper.go index dfe3c311b..dfc55f96b 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/mapper.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/mapper.go @@ -16,6 +16,7 @@ package backupentry import ( "context" + "time" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" @@ -27,21 +28,36 @@ import ( extensionspredicate "github.com/gardener/gardener/extensions/pkg/predicate" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + ctxutils "github.com/gardener/gardener/pkg/utils/context" ) type secretToBackupEntryMapper struct { + ctx context.Context client client.Client predicates []predicate.Predicate } +func (m *secretToBackupEntryMapper) InjectClient(c client.Client) error { + m.client = c + return nil +} + +func (m *secretToBackupEntryMapper) InjectStopChannel(stopCh <-chan struct{}) error { + m.ctx = ctxutils.FromStopChannel(stopCh) + return nil +} + func (m *secretToBackupEntryMapper) Map(obj client.Object) []reconcile.Request { + ctx, cancel := context.WithTimeout(m.ctx, 5*time.Second) + defer cancel() + secret, ok := obj.(*corev1.Secret) if !ok { return nil } backupEntryList := &extensionsv1alpha1.BackupEntryList{} - if err := m.client.List(context.TODO(), backupEntryList); err != nil { + if err := m.client.List(ctx, backupEntryList); err != nil { return nil } @@ -63,23 +79,37 @@ func (m *secretToBackupEntryMapper) Map(obj client.Object) []reconcile.Request { // SecretToBackupEntryMapper returns a mapper that returns requests for BackupEntry whose // referenced secrets have been modified. -func SecretToBackupEntryMapper(client client.Client, predicates []predicate.Predicate) extensionshandler.Mapper { - return &secretToBackupEntryMapper{client, predicates} +func SecretToBackupEntryMapper(predicates []predicate.Predicate) extensionshandler.Mapper { + return &secretToBackupEntryMapper{predicates: predicates} } type namespaceToBackupEntryMapper struct { + ctx context.Context client client.Client predicates []predicate.Predicate } +func (m *namespaceToBackupEntryMapper) InjectClient(c client.Client) error { + m.client = c + return nil +} + +func (m *namespaceToBackupEntryMapper) InjectStopChannel(stopCh <-chan struct{}) error { + m.ctx = ctxutils.FromStopChannel(stopCh) + return nil +} + func (m *namespaceToBackupEntryMapper) Map(obj client.Object) []reconcile.Request { + ctx, cancel := context.WithTimeout(m.ctx, 5*time.Second) + defer cancel() + namespace, ok := obj.(*corev1.Namespace) if !ok { return nil } backupEntryList := &extensionsv1alpha1.BackupEntryList{} - if err := m.client.List(context.TODO(), backupEntryList); err != nil { + if err := m.client.List(ctx, backupEntryList); err != nil { return nil } @@ -105,6 +135,6 @@ func (m *namespaceToBackupEntryMapper) Map(obj client.Object) []reconcile.Reques // NamespaceToBackupEntryMapper returns a mapper that returns requests for BackupEntry whose // associated Shoot's seed namespace have been modified. -func NamespaceToBackupEntryMapper(client client.Client, predicates []predicate.Predicate) extensionshandler.Mapper { - return &namespaceToBackupEntryMapper{client, predicates} +func NamespaceToBackupEntryMapper(predicates []predicate.Predicate) extensionshandler.Mapper { + return &namespaceToBackupEntryMapper{predicates: predicates} } diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/reconciler.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/reconciler.go index ca3a3ad3e..a4502c16b 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/reconciler.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/backupentry/reconciler.go @@ -27,6 +27,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/runtime/inject" extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" + "github.com/gardener/gardener/extensions/pkg/controller/common" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" @@ -84,28 +85,43 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( } shootTechnicalID, _ := ExtractShootDetailsFromBackupEntryName(be.Name) - shoot, err := extensionscontroller.GetShoot(ctx, r.client, shootTechnicalID) + cluster, err := extensionscontroller.GetCluster(ctx, r.client, shootTechnicalID) // As BackupEntry continues to exist post deletion of a Shoot, // we do not want to block its deletion when the Cluster is not found. if client.IgnoreNotFound(err) != nil { return reconcile.Result{}, err } - if extensionscontroller.IsShootFailed(shoot) { - r.logger.Info("Skipping the reconciliation of backupentry of failed shoot", "name", kutil.ObjectName(be)) + logger := r.logger.WithValues("backupentry", be.Name) + if extensionscontroller.IsFailed(cluster) { + logger.Info("Skipping the reconciliation of backupentry of failed shoot") return reconcile.Result{}, nil } operationType := gardencorev1beta1helper.ComputeOperationType(be.ObjectMeta, be.Status.LastOperation) + if cluster != nil && cluster.Shoot != nil && operationType != gardencorev1beta1.LastOperationTypeMigrate { + key := "backupentry:" + be.Name + ok, watchdogCtx, cleanup, err := common.GetOwnerCheckResultAndContext(ctx, r.client, shootTechnicalID, cluster.Shoot.Name, key) + if err != nil { + return reconcile.Result{}, err + } else if !ok { + return reconcile.Result{}, fmt.Errorf("this seed is not the owner of shoot %s", kutil.ObjectName(cluster.Shoot)) + } + ctx = watchdogCtx + if cleanup != nil { + defer cleanup() + } + } + switch { - case extensionscontroller.IsMigrated(be): + case extensionscontroller.ShouldSkipOperation(operationType, be): return reconcile.Result{}, nil case operationType == gardencorev1beta1.LastOperationTypeMigrate: return r.migrate(ctx, be) case be.DeletionTimestamp != nil: return r.delete(ctx, be) - case be.Annotations[v1beta1constants.GardenerOperation] == v1beta1constants.GardenerOperationRestore: + case operationType == gardencorev1beta1.LastOperationTypeRestore: return r.restore(ctx, be) default: return r.reconcile(ctx, be, operationType) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/cluster.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/cluster.go index 8430eadb1..839f5f5e6 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/cluster.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/cluster.go @@ -32,4 +32,6 @@ var ( ShootFromCluster = extensions.ShootFromCluster // GetShoot tries to read Gardener's Cluster extension resource in the given namespace and return the embedded Shoot resource. GetShoot = extensions.GetShoot + // GetOwnerNameAndID reads the owner DNS name and ID from the owner DNSRecord extension resource in the given namespace. + GetOwnerNameAndID = extensions.GetOwnerNameAndID ) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/checkerwatchdog.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/checkerwatchdog.go new file mode 100644 index 000000000..49f69fe22 --- /dev/null +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/checkerwatchdog.go @@ -0,0 +1,195 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package common + +import ( + "context" + "sync" + "time" + + "github.com/go-logr/logr" + "k8s.io/apimachinery/pkg/util/clock" +) + +// Watchdog manages a goroutine that regularly checks if a certain condition is true, +// and if the check fails or returns false, cancels multiple previously added contexts. +type Watchdog interface { + // Start starts a goroutine that regularly checks if a certain condition is true. + // If the check fails or returns false, it cancels all contexts. + Start(ctx context.Context) + // Stop stops the goroutine started by Start. + Stop() + // AddContext adds the given context to this watchdog mapped to the given key, + // and returns a new context that will be cancelled if the condition check fails or returns false. + // It returns true if the first context has been added, false otherwise. + AddContext(ctx context.Context, key string) (context.Context, bool) + // RemoveContext removes the context mapped to the given key from this watchdog. + // It returns true if the last context has been removed, false otherwise. + RemoveContext(key string) bool + // Result returns the result of the last condition check. + Result() (bool, error) +} + +// NewCheckerWatchdog creates a new Watchdog that checks if the condition checked by the given checker is true +// every given interval, using the given clock and logger. +func NewCheckerWatchdog(checker Checker, interval, timeout time.Duration, clock clock.Clock, logger logr.Logger) Watchdog { + return &checkerWatchdog{ + checker: checker, + interval: interval, + timeout: timeout, + clock: clock, + logger: logger, + ctxCancelFuncs: make(map[string]context.CancelFunc), + resultChan: make(chan struct{}), + resultReadyChan: make(chan struct{}), + timerChan: make(chan bool), + } +} + +type checkerWatchdog struct { + checker Checker + interval time.Duration + timeout time.Duration + clock clock.Clock + logger logr.Logger + cancelFunc context.CancelFunc + ctxCancelFuncs map[string]context.CancelFunc + ctxCancelFuncsMutex sync.Mutex + result bool + err error + resultTime time.Time + resultMutex sync.RWMutex + resultChan chan struct{} + resultReadyChan chan struct{} + timerChan chan bool +} + +// Start starts a goroutine that checks if the condition checked by the watchdog checker is true every watchdog interval. +// If the check fails or returns false, it cancels all contexts. +func (w *checkerWatchdog) Start(ctx context.Context) { + w.logger.V(1).Info("Starting watchdog") + ctx, w.cancelFunc = context.WithCancel(ctx) + timer := w.clock.NewTimer(w.interval) + timer.Stop() + go func() { + for { + // Wait for a timer event or a result request + resultRequested := false + select { + case <-ctx.Done(): + return + case reset := <-w.timerChan: + // Stop the timer, then reset it if a reset was requested + // Timers are not concurrency safe, therefore all timer updates are performed here + timer.Stop() + if reset { + timer.Reset(w.interval) + } + continue + case <-w.resultChan: + resultRequested = true + // If the last result is not older than w.interval, use it + if !time.Now().After(w.resultTime.Add(w.interval)) { + w.resultReadyChan <- struct{}{} + continue + } + case <-timer.C(): + timer.Reset(w.interval) + } + + // Call checker and update result + timeoutCtx, cancel := context.WithTimeout(ctx, w.timeout) + result, err := w.checker.Check(timeoutCtx) + cancel() + w.setResult(result, err) + + // If a result was requested, notify the requester that the new result is available + if resultRequested { + w.resultReadyChan <- struct{}{} + } + + // If the check failed or returned false, cancel all contexts + if err != nil || !result { + w.logger.Info("Cancelling all contexts") + w.ctxCancelFuncsMutex.Lock() + for _, cancelFunc := range w.ctxCancelFuncs { + cancelFunc() + } + w.ctxCancelFuncsMutex.Unlock() + } + } + }() +} + +// Stop stops the goroutine started by Start. +func (w *checkerWatchdog) Stop() { + w.logger.V(1).Info("Stopping watchdog") + w.cancelFunc() +} + +// AddContext adds the given context to this watchdog mapped to the given key, +// and returns a new context that will be cancelled if the condition check fails or returns false. +// It returns true if the first context has been added, false otherwise. +func (w *checkerWatchdog) AddContext(ctx context.Context, key string) (context.Context, bool) { + w.logger.V(1).Info("Adding context", "key", key) + + w.ctxCancelFuncsMutex.Lock() + ctx, cancelFunc := context.WithCancel(ctx) + w.ctxCancelFuncs[key] = cancelFunc + firstAdded := len(w.ctxCancelFuncs) == 1 + w.ctxCancelFuncsMutex.Unlock() + + // Reset the timer if the first context has been added + if firstAdded { + w.timerChan <- true + } + + return ctx, firstAdded +} + +// RemoveContext removes the context mapped to the given key from this watchdog. +// It returns true if the last context has been removed, false otherwise. +func (w *checkerWatchdog) RemoveContext(key string) bool { + w.logger.V(1).Info("Removing context", "key", key) + + w.ctxCancelFuncsMutex.Lock() + delete(w.ctxCancelFuncs, key) + lastRemoved := len(w.ctxCancelFuncs) == 0 + w.ctxCancelFuncsMutex.Unlock() + + // Stop the timer if the last context has been removed + if lastRemoved { + w.timerChan <- false + } + + return lastRemoved +} + +// Result returns the result of the last condition check. +func (w *checkerWatchdog) Result() (bool, error) { + // Request the result and wait for it to be updated if needed + w.resultChan <- struct{}{} + <-w.resultReadyChan + + w.resultMutex.RLock() + defer w.resultMutex.RUnlock() + return w.result, w.err +} + +func (w *checkerWatchdog) setResult(result bool, err error) { + w.resultMutex.Lock() + defer w.resultMutex.Unlock() + w.result, w.err, w.resultTime = result, err, time.Now() +} diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/checkerwatchdogfactory.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/checkerwatchdogfactory.go new file mode 100644 index 000000000..6032b9d5a --- /dev/null +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/checkerwatchdogfactory.go @@ -0,0 +1,64 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package common + +import ( + "context" + "time" + + "github.com/go-logr/logr" + "k8s.io/apimachinery/pkg/util/clock" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// WatchdogFactory creates Watchdog instances. +type WatchdogFactory interface { + // NewWatchdog creates a new Watchdog using the given context, client, namespace, and shoot name. + NewWatchdog(ctx context.Context, c client.Client, namespace, shootName string) (Watchdog, error) +} + +// NewCheckerWatchdogFactory creates a new WatchdogFactory that uses NewCheckerWatchdog to create Watchdog instances. +func NewCheckerWatchdogFactory(checkerFactory CheckerFactory, interval, timeout time.Duration, clock clock.Clock, logger logr.Logger) WatchdogFactory { + return &checkerWatchdogFactory{ + checkerFactory: checkerFactory, + interval: interval, + timeout: timeout, + clock: clock, + logger: logger, + } +} + +type checkerWatchdogFactory struct { + checkerFactory CheckerFactory + interval time.Duration + timeout time.Duration + clock clock.Clock + logger logr.Logger +} + +// NewWatchdog creates a new Watchdog using the given context, client, namespace, and shoot name. +// It uses the checker factory to create a new Checker that is then passed to NewCheckerWatchdog. +// If the checker factory returns a nil Checker, this method returns a nil Watchdog. +func (f *checkerWatchdogFactory) NewWatchdog(ctx context.Context, c client.Client, namespace, shootName string) (Watchdog, error) { + checker, err := f.checkerFactory.NewChecker(ctx, c, namespace, shootName) + if err != nil { + return nil, err + } + if checker == nil { + return nil, nil + } + + return NewCheckerWatchdog(checker, f.interval, f.timeout, f.clock, f.logger.WithName(namespace)), nil +} diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/context.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/context.go index 904f15aba..39d4e272b 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/context.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/context.go @@ -34,7 +34,7 @@ type ClientContext struct { client client.Client } -// NewClientConntext offers the possibility to create a ClientContext without injection. +// NewClientContext offers the possibility to create a ClientContext without injection. func NewClientContext(client client.Client, scheme *runtime.Scheme, decoder runtime.Decoder) ClientContext { if decoder == nil && scheme != nil { decoder = serializer.NewCodecFactory(scheme, serializer.EnableStrict).UniversalDecoder() diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/ownerchecker.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/ownerchecker.go new file mode 100644 index 000000000..e2edc4465 --- /dev/null +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/ownerchecker.go @@ -0,0 +1,74 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package common + +import ( + "context" + "fmt" + + "github.com/go-logr/logr" +) + +// Resolver looks up domain names and returns the corresponding DNS records. +type Resolver interface { + // LookupTXT returns the DNS TXT records for the given domain name. + LookupTXT(ctx context.Context, name string) ([]string, error) +} + +// Checker checks if a certain condition is true. +type Checker interface { + // Check checks that a certain condition is true. + Check(ctx context.Context) (bool, error) +} + +// NewOwnerChecker returns a Checker that checks if the given owner domain name resolves to the given owner ID, +// using the given resolver and logger. +func NewOwnerChecker(ownerName, ownerID string, resolver Resolver, logger logr.Logger) Checker { + return &ownerChecker{ + ownerName: ownerName, + ownerID: ownerID, + resolver: resolver, + logger: logger, + } +} + +type ownerChecker struct { + ownerName string + ownerID string + resolver Resolver + logger logr.Logger +} + +// Check returns true if the owner domain name resolves to the owner ID, false otherwise. +func (c *ownerChecker) Check(ctx context.Context) (bool, error) { + c.logger.V(1).Info("Resolving owner domain name", "ownerName", c.ownerName) + owner, err := c.resolver.LookupTXT(ctx, c.ownerName) + if err != nil { + return false, fmt.Errorf("could not resolve owner domain name %s: %w", c.ownerName, err) + } + + var actualOwnerID string + if len(owner) > 0 { + actualOwnerID = owner[0] + } + + switch { + case actualOwnerID == c.ownerID: + return true, nil + default: + c.logger.Info("Resolved owner domain name to a different owner ID", "ownerName", c.ownerName, "ownerID", c.ownerID, "actualOwnerID", actualOwnerID) + return false, nil + } +} diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/ownercheckerfactory.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/ownercheckerfactory.go new file mode 100644 index 000000000..c3294775e --- /dev/null +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/ownercheckerfactory.go @@ -0,0 +1,59 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package common + +import ( + "context" + + extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" + + "github.com/go-logr/logr" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// CheckerFactory creates Checker instances. +type CheckerFactory interface { + // NewChecker creates a new Checker using the given context, client, namespace, and shoot name. + NewChecker(ctx context.Context, c client.Client, namespace, shootName string) (Checker, error) +} + +// NewOwnerCheckerFactory creates a new CheckerFactory that uses NewOwnerChecker to create Checker instances. +func NewOwnerCheckerFactory(resolver Resolver, logger logr.Logger) CheckerFactory { + return &ownerCheckerFactory{ + resolver: resolver, + logger: logger, + } +} + +type ownerCheckerFactory struct { + resolver Resolver + logger logr.Logger +} + +// NewChecker creates a new Checker using the given context, client, namespace, and shoot name. +// It reads the owner domain name and ID from the owner DNSRecord extension resource in the given namespace +// so that it can pass them to NewOwnerChecker. +// If the owner domain name and ID are empty strings, this method returns a nil Checker. +func (f *ownerCheckerFactory) NewChecker(ctx context.Context, c client.Client, namespace, shootName string) (Checker, error) { + ownerName, ownerID, err := extensionscontroller.GetOwnerNameAndID(ctx, c, namespace, shootName) + if err != nil { + return nil, err + } + if ownerName == "" && ownerID == "" { + return nil, nil + } + + return NewOwnerChecker(ownerName, ownerID, f.resolver, f.logger.WithName(namespace)), nil +} diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/watchdogmanager.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/watchdogmanager.go new file mode 100644 index 000000000..ec7887bb5 --- /dev/null +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/common/watchdogmanager.go @@ -0,0 +1,209 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package common + +import ( + "context" + "net" + "sync" + "time" + + "github.com/go-logr/logr" + "k8s.io/apimachinery/pkg/util/clock" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" +) + +const ( + // DefaultWatchdogInterval is the default interval between checks performed by watchdogs. + DefaultWatchdogInterval = 30 * time.Second + // DefaultWatchdogTimeout is the default timeout for checks performed by watchdogs. + DefaultWatchdogTimeout = 2 * time.Minute + // DefaultWatchdogTTL is the default watchdog TTL. + DefaultWatchdogTTL = 10 * time.Minute +) + +// WatchdogManager manages Watchdog instances for multiple namespaces. +type WatchdogManager interface { + // GetResultAndContext returns the result and context from the watchdog for the given namespace. + // If the watchdog does not exist yet, it is created using the given context, client, namespace, and shoot name. + // If the watchdog result is true, the given context is added to the watchdog mapped to the given key, + // and a cleanup function for properly removing it is also returned. + GetResultAndContext(ctx context.Context, c client.Client, namespace, shootName, key string) (bool, context.Context, func(), error) +} + +// GetOwnerCheckResultAndContext returns the result and context from the watchdog for the given namespace managed by +// the default owner check WatchdogManager. +func GetOwnerCheckResultAndContext(ctx context.Context, c client.Client, namespace, shootName, key string) (bool, context.Context, func(), error) { + return GetDefaultOwnerCheckWatchdogManager().GetResultAndContext(ctx, c, namespace, shootName, key) +} + +// GetDefaultOwnerCheckWatchdogManager returns the default owner check WatchdogManager. +func GetDefaultOwnerCheckWatchdogManager() WatchdogManager { + defaultOwnerCheckWatchdogManagerMutex.Lock() + defer defaultOwnerCheckWatchdogManagerMutex.Unlock() + + if defaultOwnerCheckWatchdogManager == nil { + defaultOwnerCheckWatchdogManager = NewWatchdogManager( + NewCheckerWatchdogFactory( + NewOwnerCheckerFactory( + net.DefaultResolver, + log.Log.WithName("owner-checker"), + ), + DefaultWatchdogInterval, + DefaultWatchdogTimeout, + clock.RealClock{}, + log.Log.WithName("owner-check-watchdog"), + ), + DefaultWatchdogTTL, + clock.RealClock{}, + log.Log.WithName("owner-check-watchdog-manager"), + ) + } + return defaultOwnerCheckWatchdogManager +} + +var ( + defaultOwnerCheckWatchdogManager WatchdogManager + defaultOwnerCheckWatchdogManagerMutex sync.Mutex +) + +// NewWatchdogManager creates a new WatchdogManager using the given watchdog factory, ttl, and logger. +func NewWatchdogManager(watchdogFactory WatchdogFactory, ttl time.Duration, clk clock.Clock, logger logr.Logger) WatchdogManager { + return &watchdogManager{ + watchdogFactory: watchdogFactory, + ttl: ttl, + clock: clk, + logger: logger, + watchdogs: make(map[string]Watchdog), + timers: make(map[string]clock.Timer), + } +} + +type watchdogManager struct { + watchdogFactory WatchdogFactory + ttl time.Duration + clock clock.Clock + logger logr.Logger + watchdogs map[string]Watchdog + watchdogsMutex sync.Mutex + timers map[string]clock.Timer + timersMutex sync.Mutex +} + +// GetResultAndContext returns the result and context from the watchdog for the given namespace. +// If the watchdog does not exist yet, it is created using the given context, client, namespace, and shoot name. +// If the watchdog factory returns a nil watchdog, this method returns true. +// If the watchdog result is false or error, it is returned immediately. +// If the watchdog result is true, the given context is added to the watchdog mapped to the given key, +// and a cleanup function for properly removing it is also returned. +func (m *watchdogManager) GetResultAndContext(ctx context.Context, c client.Client, namespace, shootName, key string) (bool, context.Context, func(), error) { + // Get ot create the watchdog for the given namespace + watchdog, err := m.getWatchdog(ctx, c, namespace, shootName) + if err != nil { + return false, ctx, nil, err + } + + // If a nil watchdog was returned by the watchdog factory, return true + if watchdog == nil { + return true, ctx, nil, nil + } + + // Get watchdog result and return false if it's false or error + result, err := watchdog.Result() + if err != nil { + return false, ctx, nil, err + } + if !result { + return false, ctx, nil, nil + } + + // Add the given context to the watchdog mapped to the given key and return a cleanup function for removing it + var firstAdded bool + if ctx, firstAdded = watchdog.AddContext(ctx, key); firstAdded { + // Prevent the watchdog from being stopped and removed if it has contexts + m.cancelWatchdogRemoval(namespace) + } + cleanup := func() { + if lastRemoved := watchdog.RemoveContext(key); lastRemoved { + // Ensure that the watchdog is eventually stopped and removed if has no contexts + m.scheduleWatchdogRemoval(namespace) + } + } + return true, ctx, cleanup, nil +} + +func (m *watchdogManager) getWatchdog(ctx context.Context, c client.Client, namespace, shootName string) (Watchdog, error) { + m.watchdogsMutex.Lock() + defer m.watchdogsMutex.Unlock() + + watchdog, ok := m.watchdogs[namespace] + if !ok { + var err error + watchdog, err = m.watchdogFactory.NewWatchdog(ctx, c, namespace, shootName) + if err != nil { + return nil, err + } + if watchdog == nil { + return nil, nil + } + + m.logger.Info("Starting watchdog", "namespace", namespace) + watchdog.Start(context.Background()) + // Ensure that the watchdog is eventually stopped and removed + // even if no context are ever added to it (because e.g. its result is always false or error) + m.scheduleWatchdogRemoval(namespace) + + m.watchdogs[namespace] = watchdog + } + + return watchdog, nil +} + +func (m *watchdogManager) removeWatchdog(namespace string) { + m.watchdogsMutex.Lock() + defer m.watchdogsMutex.Unlock() + + if watchdog, ok := m.watchdogs[namespace]; ok { + m.logger.Info("Stopping watchdog", "namespace", namespace) + watchdog.Stop() + + delete(m.watchdogs, namespace) + } +} + +func (m *watchdogManager) scheduleWatchdogRemoval(namespace string) { + m.timersMutex.Lock() + defer m.timersMutex.Unlock() + + if timer, ok := m.timers[namespace]; !ok { + timer = m.clock.AfterFunc(m.ttl, func() { + m.removeWatchdog(namespace) + }) + m.timers[namespace] = timer + } else { + timer.Reset(m.ttl) + } +} + +func (m *watchdogManager) cancelWatchdogRemoval(namespace string) { + m.timersMutex.Lock() + defer m.timersMutex.Unlock() + + if timer, ok := m.timers[namespace]; ok { + timer.Stop() + delete(m.timers, namespace) + } +} diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go index 186f4959e..c9b1af15e 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go @@ -24,6 +24,7 @@ import ( "github.com/gardener/gardener/extensions/pkg/controller/controlplane" "github.com/gardener/gardener/extensions/pkg/webhook" extensionswebhookshoot "github.com/gardener/gardener/extensions/pkg/webhook/shoot" + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" clientkubernetes "github.com/gardener/gardener/pkg/client/kubernetes" @@ -279,18 +280,12 @@ func (a *actuator) reconcileControlPlane( // then we requeue the `ControlPlane` CRD in order to give the provider-specific control plane components time to // properly prepare the cluster for hibernation (whatever needs to be done). If the kube-apiserver is already scaled down // then we allow continuing the reconciliation. - if cluster.Shoot.DeletionTimestamp == nil { + if cluster.Shoot.DeletionTimestamp == nil && (cluster.Shoot.Status.LastOperation == nil || cluster.Shoot.Status.LastOperation.Type != gardencorev1beta1.LastOperationTypeMigrate) { if dep.Spec.Replicas != nil && *dep.Spec.Replicas > 0 { requeue = true } else { scaledDown = true } - // Similarly, if a hibernated shoot is deleted then we might need to wake up all the provider-specific components. We - // wait until the kube-apiserver is woken up again before we wake up the provider-specific components. - } else { - if dep.Spec.Replicas == nil || *dep.Spec.Replicas == 0 { - return true, nil - } } } diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/reconciler.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/reconciler.go index ca92f6cb4..77f8bce85 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/reconciler.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/reconciler.go @@ -28,6 +28,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/runtime/inject" extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" + "github.com/gardener/gardener/extensions/pkg/controller/common" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" @@ -92,21 +93,36 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( return reconcile.Result{}, err } + logger := r.logger.WithValues("controlplane", kutil.ObjectName(cp)) if extensionscontroller.IsFailed(cluster) { - r.logger.Info("Skipping the reconciliation of controlplane of failed shoot.", "controlplane", kutil.ObjectName(cp)) + logger.Info("Skipping the reconciliation of controlplane of failed shoot.") return reconcile.Result{}, nil } operationType := gardencorev1beta1helper.ComputeOperationType(cp.ObjectMeta, cp.Status.LastOperation) + if cluster.Shoot != nil && operationType != gardencorev1beta1.LastOperationTypeMigrate { + key := "controlplane:" + kutil.ObjectName(cp) + ok, watchdogCtx, cleanup, err := common.GetOwnerCheckResultAndContext(ctx, r.client, cp.Namespace, cluster.Shoot.Name, key) + if err != nil { + return reconcile.Result{}, err + } else if !ok { + return reconcile.Result{}, fmt.Errorf("this seed is not the owner of shoot %s", kutil.ObjectName(cluster.Shoot)) + } + ctx = watchdogCtx + if cleanup != nil { + defer cleanup() + } + } + switch { - case extensionscontroller.IsMigrated(cp): + case extensionscontroller.ShouldSkipOperation(operationType, cp): return reconcile.Result{}, nil case operationType == gardencorev1beta1.LastOperationTypeMigrate: return r.migrate(ctx, cp, cluster) case cp.DeletionTimestamp != nil: return r.delete(ctx, cp, cluster) - case cp.Annotations[v1beta1constants.GardenerOperation] == v1beta1constants.GardenerOperationRestore: + case operationType == gardencorev1beta1.LastOperationTypeRestore: return r.restore(ctx, cp, cluster) default: return r.reconcile(ctx, cp, cluster, operationType) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/dnsrecord/reconciler.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/dnsrecord/reconciler.go index c3a8097e9..f3a1ed04d 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/dnsrecord/reconciler.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/dnsrecord/reconciler.go @@ -27,12 +27,14 @@ import ( "sigs.k8s.io/controller-runtime/pkg/runtime/inject" extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" + "github.com/gardener/gardener/extensions/pkg/controller/common" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" "github.com/gardener/gardener/pkg/controllerutils" "github.com/gardener/gardener/pkg/extensions" + "github.com/gardener/gardener/pkg/operation/botanist" kutil "github.com/gardener/gardener/pkg/utils/kubernetes" ) @@ -84,6 +86,7 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( return reconcile.Result{}, err } + logger := r.logger.WithValues("dnsrecord", kutil.ObjectName(dns)) var cluster *extensions.Cluster if dns.Namespace != v1beta1constants.GardenNamespace { var err error @@ -93,21 +96,35 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( } if extensionscontroller.IsFailed(cluster) { - r.logger.Info("Skipping the reconciliation of dnsrecord of failed shoot", "dnsrecord", kutil.ObjectName(dns)) + logger.Info("Skipping the reconciliation of dnsrecord of failed shoot") return reconcile.Result{}, nil } } operationType := gardencorev1beta1helper.ComputeOperationType(dns.ObjectMeta, dns.Status.LastOperation) + if cluster != nil && cluster.Shoot != nil && dns.Name != cluster.Shoot.Name+"-"+botanist.DNSOwnerName && operationType != gardencorev1beta1.LastOperationTypeMigrate { + key := "dnsrecord:" + kutil.ObjectName(dns) + ok, watchdogCtx, cleanup, err := common.GetOwnerCheckResultAndContext(ctx, r.client, dns.Namespace, cluster.Shoot.Name, key) + if err != nil { + return reconcile.Result{}, err + } else if !ok { + return reconcile.Result{}, fmt.Errorf("this seed is not the owner of shoot %s", kutil.ObjectName(cluster.Shoot)) + } + ctx = watchdogCtx + if cleanup != nil { + defer cleanup() + } + } + switch { - case extensionscontroller.IsMigrated(dns): + case extensionscontroller.ShouldSkipOperation(operationType, dns): return reconcile.Result{}, nil case operationType == gardencorev1beta1.LastOperationTypeMigrate: return r.migrate(ctx, dns, cluster) case dns.DeletionTimestamp != nil: return r.delete(ctx, dns, cluster) - case dns.Annotations[v1beta1constants.GardenerOperation] == v1beta1constants.GardenerOperationRestore: + case operationType == gardencorev1beta1.LastOperationTypeRestore: return r.restore(ctx, dns, cluster) default: return r.reconcile(ctx, dns, cluster, operationType) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/actuator.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/actuator.go index 25f13184d..6c9463f18 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/actuator.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/actuator.go @@ -50,7 +50,7 @@ import ( // For example: func() extensionsv1alpha1.Object {return &extensionsv1alpha1.Worker{}} type GetExtensionObjectFunc = func() extensionsv1alpha1.Object -// GetExtensionObjectFunc returns the extension object that should be registered with the health check controller. Has to be a List. +// GetExtensionObjectListFunc returns the extension object list that should be registered with the health check controller. // For example: func() client.ObjectList { return &extensionsv1alpha1.WorkerList{} } type GetExtensionObjectListFunc = func() client.ObjectList diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/types.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/types.go index a0d225bcf..3139bea0e 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/types.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/types.go @@ -16,6 +16,7 @@ package config import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// HealthCheckConfig contains the health check controller configuration. type HealthCheckConfig struct { // SyncPeriod is the duration how often the existing resources are reconciled (how // often the health check of Shoot clusters is performed (only if no operation is diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/v1alpha1/types.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/v1alpha1/types.go index 3868cc09f..4011513e2 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/v1alpha1/types.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/v1alpha1/types.go @@ -16,6 +16,7 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// HealthCheckConfig contains the health check controller configuration. type HealthCheckConfig struct { // SyncPeriod is the duration how often the existing resources are reconciled (how // often the health check of Shoot clusters is performed (only if no operation is diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/controller.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/controller.go index 9478a5c2d..c6ce1cd56 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/controller.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/controller.go @@ -131,6 +131,7 @@ func (a *AddArgs) RegisterExtension(getExtensionObjFunc GetExtensionObjectFunc, return nil } +// GetExtensionGroupVersionKind returns the schema.GroupVersionKind of the registered extension of this AddArgs. func (a *AddArgs) GetExtensionGroupVersionKind() schema.GroupVersionKind { return a.registeredExtension.groupVersionKind } diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/daemonset.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/daemonset.go index d07fe3de0..4e007c49e 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/daemonset.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/daemonset.go @@ -43,15 +43,15 @@ type DaemonSetHealthChecker struct { type DaemonSetCheckType string const ( - DaemonSetCheckTypeSeed DaemonSetCheckType = "Seed" - DaemonSetCheckTypeShoot DaemonSetCheckType = "Shoot" + daemonSetCheckTypeSeed DaemonSetCheckType = "Seed" + daemonSetCheckTypeShoot DaemonSetCheckType = "Shoot" ) // NewSeedDaemonSetHealthChecker is a healthCheck function to check DaemonSets func NewSeedDaemonSetHealthChecker(name string) healthcheck.HealthCheck { return &DaemonSetHealthChecker{ name: name, - checkType: DaemonSetCheckTypeSeed, + checkType: daemonSetCheckTypeSeed, } } @@ -59,7 +59,7 @@ func NewSeedDaemonSetHealthChecker(name string) healthcheck.HealthCheck { func NewShootDaemonSetHealthChecker(name string) healthcheck.HealthCheck { return &DaemonSetHealthChecker{ name: name, - checkType: DaemonSetCheckTypeShoot, + checkType: daemonSetCheckTypeShoot, } } @@ -88,7 +88,7 @@ func (healthChecker *DaemonSetHealthChecker) DeepCopy() healthcheck.HealthCheck func (healthChecker *DaemonSetHealthChecker) Check(ctx context.Context, request types.NamespacedName) (*healthcheck.SingleCheckResult, error) { daemonSet := &appsv1.DaemonSet{} var err error - if healthChecker.checkType == DaemonSetCheckTypeSeed { + if healthChecker.checkType == daemonSetCheckTypeSeed { err = healthChecker.seedClient.Get(ctx, client.ObjectKey{Namespace: request.Namespace, Name: healthChecker.name}, daemonSet) } else { err = healthChecker.shootClient.Get(ctx, client.ObjectKey{Namespace: request.Namespace, Name: healthChecker.name}, daemonSet) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/deployment.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/deployment.go index d84412d76..8751b9782 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/deployment.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/deployment.go @@ -43,15 +43,15 @@ type DeploymentHealthChecker struct { type DeploymentCheckType string const ( - DeploymentCheckTypeSeed DeploymentCheckType = "Seed" - DeploymentCheckTypeShoot DeploymentCheckType = "Shoot" + deploymentCheckTypeSeed DeploymentCheckType = "Seed" + deploymentCheckTypeShoot DeploymentCheckType = "Shoot" ) // NewSeedDeploymentHealthChecker is a healthCheck function to check Deployments in the Seed cluster func NewSeedDeploymentHealthChecker(deploymentName string) healthcheck.HealthCheck { return &DeploymentHealthChecker{ name: deploymentName, - checkType: DeploymentCheckTypeSeed, + checkType: deploymentCheckTypeSeed, } } @@ -59,7 +59,7 @@ func NewSeedDeploymentHealthChecker(deploymentName string) healthcheck.HealthChe func NewShootDeploymentHealthChecker(deploymentName string) healthcheck.HealthCheck { return &DeploymentHealthChecker{ name: deploymentName, - checkType: DeploymentCheckTypeShoot, + checkType: deploymentCheckTypeShoot, } } @@ -89,7 +89,7 @@ func (healthChecker *DeploymentHealthChecker) Check(ctx context.Context, request deployment := &appsv1.Deployment{} var err error - if healthChecker.checkType == DeploymentCheckTypeSeed { + if healthChecker.checkType == deploymentCheckTypeSeed { err = healthChecker.seedClient.Get(ctx, client.ObjectKey{Namespace: request.Namespace, Name: healthChecker.name}, deployment) } else { err = healthChecker.shootClient.Get(ctx, client.ObjectKey{Namespace: request.Namespace, Name: healthChecker.name}, deployment) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/statefulsets.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/statefulsets.go index 1ec87ad43..6ebeeb6ea 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/statefulsets.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general/statefulsets.go @@ -43,15 +43,15 @@ type StatefulSetHealthChecker struct { type StatefulSetCheckType string const ( - StatefulSetCheckTypeSeed StatefulSetCheckType = "Seed" - StatefulSetCheckTypeShoot StatefulSetCheckType = "Shoot" + statefulSetCheckTypeSeed StatefulSetCheckType = "Seed" + statefulSetCheckTypeShoot StatefulSetCheckType = "Shoot" ) // NewSeedStatefulSetChecker is a healthCheck function to check StatefulSets func NewSeedStatefulSetChecker(name string) healthcheck.HealthCheck { return &StatefulSetHealthChecker{ name: name, - checkType: StatefulSetCheckTypeSeed, + checkType: statefulSetCheckTypeSeed, } } @@ -59,7 +59,7 @@ func NewSeedStatefulSetChecker(name string) healthcheck.HealthCheck { func NewShootStatefulSetChecker(name string) healthcheck.HealthCheck { return &StatefulSetHealthChecker{ name: name, - checkType: StatefulSetCheckTypeShoot, + checkType: statefulSetCheckTypeShoot, } } @@ -89,7 +89,7 @@ func (healthChecker *StatefulSetHealthChecker) Check(ctx context.Context, reques statefulSet := &appsv1.StatefulSet{} var err error - if healthChecker.checkType == StatefulSetCheckTypeSeed { + if healthChecker.checkType == statefulSetCheckTypeSeed { err = healthChecker.seedClient.Get(ctx, client.ObjectKey{Namespace: request.Namespace, Name: healthChecker.name}, statefulSet) } else { err = healthChecker.shootClient.Get(ctx, client.ObjectKey{Namespace: request.Namespace, Name: healthChecker.name}, statefulSet) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/healtcheck_actuator.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/healtcheck_actuator.go index 563f84cfa..56c1a8b10 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/healtcheck_actuator.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/healtcheck_actuator.go @@ -61,17 +61,20 @@ func NewActuator(provider, extensionKind string, getExtensionObjFunc GetExtensio } } +// InjectScheme injects the given runtime.Scheme into this Actuator. func (a *Actuator) InjectScheme(scheme *runtime.Scheme) error { a.scheme = scheme a.decoder = serializer.NewCodecFactory(a.scheme).UniversalDecoder() return nil } +// InjectClient injects the given client.Client into this Actuator. func (a *Actuator) InjectClient(client client.Client) error { a.seedClient = client return nil } +// InjectConfig injects the given rest.Config into this Actuator. func (a *Actuator) InjectConfig(config *rest.Config) error { a.restConfig = config return nil diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/inject.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/inject.go index 9b99a583b..a81fc6ff3 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/inject.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/healthcheck/inject.go @@ -24,7 +24,7 @@ type ShootClient interface { InjectShootClient(client.Client) } -// ShootClient is an interface to be used to receive a seed client. +// SeedClient is an interface to be used to receive a seed client. type SeedClient interface { // InjectSeedClient injects the seed client InjectSeedClient(client.Client) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/infrastructure/reconciler.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/infrastructure/reconciler.go index f2232a511..51b401f46 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/infrastructure/reconciler.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/infrastructure/reconciler.go @@ -28,6 +28,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/runtime/inject" extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" + "github.com/gardener/gardener/extensions/pkg/controller/common" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" @@ -96,22 +97,36 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( return reconcile.Result{}, err } - logger := r.logger.WithValues("infrastructure", client.ObjectKeyFromObject(infrastructure)) + logger := r.logger.WithValues("infrastructure", kutil.ObjectName(infrastructure)) if extensionscontroller.IsFailed(cluster) { - r.logger.Info("Skipping the reconciliation of infrastructure of failed shoot", "infrastructure", kutil.ObjectName(infrastructure)) + logger.Info("Skipping the reconciliation of infrastructure of failed shoot") return reconcile.Result{}, nil } operationType := gardencorev1beta1helper.ComputeOperationType(infrastructure.ObjectMeta, infrastructure.Status.LastOperation) + if cluster.Shoot != nil && operationType != gardencorev1beta1.LastOperationTypeMigrate { + key := "infrastructure:" + kutil.ObjectName(infrastructure) + ok, watchdogCtx, cleanup, err := common.GetOwnerCheckResultAndContext(ctx, r.client, infrastructure.Namespace, cluster.Shoot.Name, key) + if err != nil { + return reconcile.Result{}, err + } else if !ok { + return reconcile.Result{}, fmt.Errorf("this seed is not the owner of shoot %s", kutil.ObjectName(cluster.Shoot)) + } + ctx = watchdogCtx + if cleanup != nil { + defer cleanup() + } + } + switch { - case extensionscontroller.IsMigrated(infrastructure): + case extensionscontroller.ShouldSkipOperation(operationType, infrastructure): return reconcile.Result{}, nil case operationType == gardencorev1beta1.LastOperationTypeMigrate: return r.migrate(ctx, logger.WithValues("operation", "migrate"), infrastructure, cluster) case infrastructure.DeletionTimestamp != nil: return r.delete(ctx, logger.WithValues("operation", "delete"), infrastructure, cluster) - case infrastructure.Annotations[v1beta1constants.GardenerOperation] == v1beta1constants.GardenerOperationRestore: + case operationType == gardencorev1beta1.LastOperationTypeRestore: return r.restore(ctx, logger.WithValues("operation", "restore"), infrastructure, cluster) default: return r.reconcile(ctx, logger.WithValues("operation", "reconcile"), infrastructure, cluster, operationType) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/shoot.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/shoot.go index b0730e66c..dc9d1a914 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/shoot.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/shoot.go @@ -56,6 +56,9 @@ func IsHibernated(cluster *Cluster) bool { // IsFailed returns true if the embedded shoot is failed, or false otherwise. func IsFailed(cluster *Cluster) bool { + if cluster == nil { + return false + } return IsShootFailed(cluster.Shoot) } diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/utils.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/utils.go index 1bbb5390f..64c015f90 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/utils.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/utils.go @@ -185,6 +185,11 @@ func IsMigrated(obj extensionsv1alpha1.Object) bool { lastOp.State == gardencorev1beta1.LastOperationStateSucceeded } +// ShouldSkipOperation checks if the current operation should be skipped depending on the lastOperation of the extension object. +func ShouldSkipOperation(operationType gardencorev1beta1.LastOperationType, obj extensionsv1alpha1.Object) bool { + return operationType != gardencorev1beta1.LastOperationTypeMigrate && operationType != gardencorev1beta1.LastOperationTypeRestore && IsMigrated(obj) +} + // GetObjectByReference gets an object by the given reference, in the given namespace. // If the object kind doesn't match the given reference kind this will result in an error. func GetObjectByReference(ctx context.Context, c client.Client, ref *autoscalingv1.CrossVersionObjectReference, namespace string, obj client.Object) error { diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/controller.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/controller.go index bee9a2227..cc26c82c4 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/controller.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/controller.go @@ -15,6 +15,7 @@ package worker import ( + "github.com/gardener/gardener/extensions/pkg/controller/common" machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" @@ -77,7 +78,7 @@ func DefaultPredicates(ignoreOperationAnnotation bool) []predicate.Predicate { // Add creates a new Worker Controller and adds it to the Manager. // and Start it when the Manager is Started. func Add(mgr manager.Manager, args AddArgs) error { - args.ControllerOptions.Reconciler = NewReconciler(args.Actuator) + args.ControllerOptions.Reconciler = NewReconciler(args.Actuator, common.GetDefaultOwnerCheckWatchdogManager()) predicates := extensionspredicate.AddTypePredicate(args.Predicates, args.Type) if err := add(mgr, args, predicates); err != nil { return err diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go index e17749762..6a4091182 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go @@ -18,7 +18,6 @@ import ( "context" "encoding/json" "fmt" - "time" machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" "github.com/go-logr/logr" @@ -31,7 +30,6 @@ import ( extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" "github.com/gardener/gardener/pkg/client/kubernetes" kutil "github.com/gardener/gardener/pkg/utils/kubernetes" - gardeneretry "github.com/gardener/gardener/pkg/utils/retry" ) // Restore uses the Worker's spec to figure out the wanted MachineDeployments. Then it parses the Worker's state. @@ -82,7 +80,7 @@ func (a *genericActuator) Restore(ctx context.Context, worker *extensionsv1alpha } // Do the actual restoration - if err := a.deployMachineSetsAndMachines(ctx, logger, wantedMachineDeployments); err != nil { + if err := a.restoreMachineSetsAndMachines(ctx, logger, wantedMachineDeployments); err != nil { return fmt.Errorf("failed restoration of the machineSet and the machines: %w", err) } @@ -116,31 +114,24 @@ func (a *genericActuator) addStateToMachineDeployment(worker *extensionsv1alpha1 return nil } -func (a *genericActuator) deployMachineSetsAndMachines(ctx context.Context, logger logr.Logger, wantedMachineDeployments workercontroller.MachineDeployments) error { +func (a *genericActuator) restoreMachineSetsAndMachines(ctx context.Context, logger logr.Logger, wantedMachineDeployments workercontroller.MachineDeployments) error { logger.Info("Deploying Machines and MachineSets") for _, wantedMachineDeployment := range wantedMachineDeployments { - machineSets := wantedMachineDeployment.State.MachineSets - - for _, machineSet := range machineSets { - // Create the MachineSet if not already exists. We do not care about the MachineSet status - // because the MCM will update it - if err := a.client.Create(ctx, &machineSet); err != nil && !apierrors.IsAlreadyExists(err) { + for _, machineSet := range wantedMachineDeployment.State.MachineSets { + if err := a.client.Create(ctx, &machineSet); kutil.IgnoreAlreadyExists(err) != nil { return err } } - // Deploy each machine owned by the MachineSet which was restored above for _, machine := range wantedMachineDeployment.State.Machines { - // Create the machine if it not exists already - err := a.client.Create(ctx, &machine) - if err != nil && !apierrors.IsAlreadyExists(err) { + newMachine := (&machine).DeepCopy() + newMachine.Status = machinev1alpha1.MachineStatus{} + if err := a.client.Create(ctx, newMachine); kutil.IgnoreAlreadyExists(err) != nil { return err } - // Attach the Shoot node to the Machine status - node := machine.Status.Node - if err := a.waitUntilStatusIsUpdates(ctx, &machine, func() error { - machine.Status.Node = node + if err := extensionscontroller.TryPatchStatus(ctx, retry.DefaultBackoff, a.client, newMachine, func() error { + newMachine.Status = machine.Status return nil }); err != nil { return err @@ -151,18 +142,6 @@ func (a *genericActuator) deployMachineSetsAndMachines(ctx context.Context, logg return nil } -func (a *genericActuator) waitUntilStatusIsUpdates(ctx context.Context, obj client.Object, transform func() error) error { - return gardeneretry.Until(ctx, 5*time.Second, func(ctx context.Context) (done bool, err error) { - if err := extensionscontroller.TryUpdateStatus(ctx, retry.DefaultBackoff, a.client, obj, transform); err != nil { - if apierrors.IsNotFound(err) { - return gardeneretry.NotOk() - } - return gardeneretry.SevereError(err) - } - return gardeneretry.Ok() - }) -} - func removeWantedDeploymentWithoutState(wantedMachineDeployments workercontroller.MachineDeployments) workercontroller.MachineDeployments { if wantedMachineDeployments == nil { return nil diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/mapper.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/mapper.go index b79ea4c82..7ac545a89 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/mapper.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/mapper.go @@ -16,6 +16,7 @@ package worker import ( "context" + "time" machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" "k8s.io/apimachinery/pkg/api/meta" @@ -124,13 +125,16 @@ func (m *machineToObjectMapper) InjectFunc(f inject.Func) error { } func (m *machineToObjectMapper) Map(obj client.Object) []reconcile.Request { + ctx, cancel := context.WithTimeout(m.ctx, 5*time.Second) + defer cancel() + machine, ok := obj.(*machinev1alpha1.Machine) if !ok { return nil } objList := m.newObjListFunc() - if err := m.client.List(m.ctx, objList, client.InNamespace(machine.Namespace)); err != nil { + if err := m.client.List(ctx, objList, client.InNamespace(machine.Namespace)); err != nil { return nil } diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/reconciler.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/reconciler.go index 2a7f4d1d1..a0608a086 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/reconciler.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/reconciler.go @@ -27,6 +27,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/runtime/inject" extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" + "github.com/gardener/gardener/extensions/pkg/controller/common" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" @@ -36,8 +37,9 @@ import ( ) type reconciler struct { - logger logr.Logger - actuator Actuator + logger logr.Logger + actuator Actuator + watchdogManager common.WatchdogManager client client.Client reader client.Reader @@ -46,15 +48,16 @@ type reconciler struct { // NewReconciler creates a new reconcile.Reconciler that reconciles // Worker resources of Gardener's `extensions.gardener.cloud` API group. -func NewReconciler(actuator Actuator) reconcile.Reconciler { +func NewReconciler(actuator Actuator, watchdogManager common.WatchdogManager) reconcile.Reconciler { logger := log.Log.WithName(ControllerName) return extensionscontroller.OperationAnnotationWrapper( func() client.Object { return &extensionsv1alpha1.Worker{} }, &reconciler{ - logger: logger, - actuator: actuator, - statusUpdater: extensionscontroller.NewStatusUpdater(logger), + logger: logger, + actuator: actuator, + watchdogManager: watchdogManager, + statusUpdater: extensionscontroller.NewStatusUpdater(logger), }, ) } @@ -96,14 +99,28 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( operationType := gardencorev1beta1helper.ComputeOperationType(worker.ObjectMeta, worker.Status.LastOperation) + if cluster.Shoot != nil && operationType != gardencorev1beta1.LastOperationTypeMigrate { + key := "worker:" + kutil.ObjectName(worker) + ok, watchdogCtx, cleanup, err := r.watchdogManager.GetResultAndContext(ctx, r.client, worker.Namespace, cluster.Shoot.Name, key) + if err != nil { + return reconcile.Result{}, err + } else if !ok { + return reconcile.Result{}, fmt.Errorf("this seed is not the owner of shoot %s", kutil.ObjectName(cluster.Shoot)) + } + ctx = watchdogCtx + if cleanup != nil { + defer cleanup() + } + } + switch { - case isWorkerMigrated(worker): + case extensionscontroller.ShouldSkipOperation(operationType, worker): return reconcile.Result{}, nil case operationType == gardencorev1beta1.LastOperationTypeMigrate: return r.migrate(ctx, logger.WithValues("operation", "migrate"), worker, cluster) case worker.DeletionTimestamp != nil: return r.delete(ctx, logger.WithValues("operation", "delete"), worker, cluster) - case worker.Annotations[v1beta1constants.GardenerOperation] == v1beta1constants.GardenerOperationRestore: + case operationType == gardencorev1beta1.LastOperationTypeRestore: return r.restore(ctx, logger.WithValues("operation", "restore"), worker, cluster) default: return r.reconcile(ctx, logger.WithValues("operation", "reconcile"), worker, cluster, operationType) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/state.go b/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/state.go index bf62bd1e7..88ec49f42 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/state.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/state.go @@ -206,11 +206,7 @@ func CreateState(ctx context.Context, c client.Client, namespace, name string, o configMap.SetOwnerReferences(kutil.MergeOwnerReferences(configMap.OwnerReferences, *ownerRef)) } - if err := c.Create(ctx, configMap); err != nil && !apierrors.IsAlreadyExists(err) { - return err - } - - return nil + return kutil.IgnoreAlreadyExists(c.Create(ctx, configMap)) } // Initialize implements StateConfigMapInitializer diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/terraformer.go b/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/terraformer.go index 147bd0c32..90a3937ee 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/terraformer.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/terraformer/terraformer.go @@ -35,7 +35,6 @@ import ( gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" "github.com/gardener/gardener/pkg/client/kubernetes" "github.com/gardener/gardener/pkg/controllerutils" - kutil "github.com/gardener/gardener/pkg/utils/kubernetes" ) const ( @@ -238,12 +237,6 @@ func (t *terraformer) execute(ctx context.Context, command string) error { if pod != nil { podLogger := logger.WithValues("pod", client.ObjectKey{Namespace: t.namespace, Name: pod.Name}) - // TODO: remove after several releases - // ensure ownerRef for already existing state configmaps - if err := t.ensureStateHasOwnerRef(ctx); err != nil { - return fmt.Errorf("failed to ensure owner reference for the state configmap: %w", err) - } - // Wait for the Terraform apply/destroy Pod to be completed status, terminationMessage := t.waitForPod(ctx, logger, pod) if status == podStatusSucceeded { @@ -255,6 +248,8 @@ func (t *terraformer) execute(ctx context.Context, command string) error { if terminationMessage != "" { podLogger.V(1).Info("Termination message of Terraformer pod: " + terminationMessage) + } else if ctx.Err() != nil { + podLogger.V(1).Info("Context error: " + ctx.Err().Error()) } else { // fall back to pod logs as termination message podLogger.V(1).Info("Fetching logs of Terraformer pod as termination message is empty") @@ -268,6 +263,15 @@ func (t *terraformer) execute(ctx context.Context, command string) error { } podLogger.Info("Cleaning up Terraformer pod") + // If the context error is non-nil (cancelled or deadline exceeded), + // create a new context for deleting the pod since attempting to use the original context will fail. + // The context might get cancelled for example by the owner check watchdog and the pod should be + // deleted to prevent the terraform script from running after the context was cancelled. + if ctx.Err() != nil { + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(context.Background(), 1*time.Minute) + defer cancel() + } if err := t.client.Delete(ctx, pod); client.IgnoreNotFound(err) != nil { return err } @@ -343,25 +347,6 @@ func (t *terraformer) ensureTerraformerAuth(ctx context.Context) error { return t.ensureRoleBinding(ctx) } -func (t *terraformer) ensureStateHasOwnerRef(ctx context.Context) error { - if t.ownerRef == nil { - return nil - } - - configMap := &corev1.ConfigMap{} - if err := t.client.Get(ctx, kutil.Key(t.namespace, t.stateName), configMap); err != nil { - return err - } - - oldConfigMap := configMap.DeepCopy() - configMap.SetOwnerReferences(kutil.MergeOwnerReferences(configMap.OwnerReferences, *t.ownerRef)) - - return t.client.Patch(ctx, configMap, client.MergeFromWithOptions( - oldConfigMap, - client.MergeFromWithOptimisticLock{}, - )) -} - func (t *terraformer) deployTerraformerPod(ctx context.Context, generateName, command string) (*corev1.Pod, error) { if err := t.ensureTerraformerAuth(ctx); err != nil { return nil, err diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider/cloudprovider.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider/cloudprovider.go new file mode 100644 index 000000000..84223b8de --- /dev/null +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider/cloudprovider.go @@ -0,0 +1,78 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cloudprovider + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" +) + +const ( + // WebhookName is the name of the webhook. + WebhookName = "cloudprovider" +) + +var ( + logger = log.Log.WithName("cloudprovider-webhook") +) + +// Args are the requirements to create a cloudprovider webhook. +type Args struct { + Provider string + Mutator extensionswebhook.Mutator +} + +// New creates a new cloudprovider webhook. +func New(mgr manager.Manager, args Args) (*extensionswebhook.Webhook, error) { + logger := logger.WithValues("cloud-provider", args.Provider) + + types := []client.Object{&corev1.Secret{}} + handler, err := extensionswebhook.NewBuilder(mgr, logger).WithMutator(args.Mutator, types...).Build() + if err != nil { + return nil, err + } + + namespaceSelector := buildSelector(args.Provider) + logger.Info("Creating webhook") + + return &extensionswebhook.Webhook{ + Name: WebhookName, + Target: extensionswebhook.TargetSeed, + Provider: args.Provider, + Types: types, + Webhook: &admission.Webhook{Handler: handler}, + Path: WebhookName, + Selector: namespaceSelector, + }, nil +} + +func buildSelector(provider string) *metav1.LabelSelector { + return &metav1.LabelSelector{ + MatchExpressions: []metav1.LabelSelectorRequirement{ + { + Key: v1beta1constants.LabelShootProvider, + Operator: metav1.LabelSelectorOpIn, + Values: []string{provider}, + }, + }, + } +} diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider/mutator.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider/mutator.go new file mode 100644 index 000000000..670849039 --- /dev/null +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider/mutator.go @@ -0,0 +1,93 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cloudprovider + +import ( + "context" + "fmt" + + "github.com/gardener/gardener/extensions/pkg/webhook" + gcontext "github.com/gardener/gardener/extensions/pkg/webhook/context" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + + "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/runtime/inject" +) + +// Ensurer ensures that the cloudprovider secret conforms to the provider requirements. +type Ensurer interface { + EnsureCloudProviderSecret(ctx context.Context, gctx gcontext.GardenContext, new, old *corev1.Secret) error +} + +// NewMutator creates a new cloudprovider mutator. +func NewMutator(logger logr.Logger, ensurer Ensurer) webhook.Mutator { + return &mutator{ + logger: logger.WithName("mutator"), + ensurer: ensurer, + } +} + +type mutator struct { + client client.Client + logger logr.Logger + ensurer Ensurer +} + +// InjectClient injects the client into the ensurer. +func (m *mutator) InjectClient(client client.Client) error { + m.client = client + if _, err := inject.ClientInto(client, m.ensurer); err != nil { + return fmt.Errorf("could not inject the client into the ensurer: %w", err) + } + return nil +} + +// InjectScheme injects the manager's scheme into the ensurer. +func (m *mutator) InjectScheme(scheme *runtime.Scheme) error { + if _, err := inject.SchemeInto(scheme, m.ensurer); err != nil { + return fmt.Errorf("could not inject scheme into the ensurer: %w", err) + } + return nil +} + +// Mutate validates and if needed mutates the given object. +func (m *mutator) Mutate(ctx context.Context, new, old client.Object) error { + if new.GetDeletionTimestamp() != nil { + return nil + } + + newSecret, ok := new.(*corev1.Secret) + if !ok { + return fmt.Errorf("could not mutate: object is not of type %q", "Secret") + } + if newSecret.Name != v1beta1constants.SecretNameCloudProvider { + return nil + } + + var oldSecret *corev1.Secret + if old != nil { + oldSecret, ok = old.(*corev1.Secret) + if !ok { + return fmt.Errorf("could not mutate: old object could not be casted to type %q", "Secret") + } + } + + etcx := gcontext.NewGardenContext(m.client, new) + webhook.LogMutation(m.logger, newSecret.Kind, newSecret.Namespace, newSecret.Name) + return m.ensurer.EnsureCloudProviderSecret(ctx, etcx, newSecret, oldSecret) +} diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cmd/options.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cmd/options.go index c40dd5182..b8e41cc9f 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cmd/options.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/cmd/options.go @@ -216,9 +216,7 @@ type AddToManagerConfig struct { // AddToManager instantiates all webhooks of this configuration. If there are any webhooks, it creates a // webhook server, registers the webhooks and adds the server to the manager. Otherwise, it is a no-op. // It generates and registers the seed targeted webhooks via a Mutatingwebhookconfiguration. -func (c *AddToManagerConfig) AddToManager(mgr manager.Manager) ([]admissionregistrationv1.MutatingWebhook, []admissionregistrationv1.MutatingWebhook, error) { - ctx := context.Background() - +func (c *AddToManagerConfig) AddToManager(ctx context.Context, mgr manager.Manager) ([]admissionregistrationv1.MutatingWebhook, []admissionregistrationv1.MutatingWebhook, error) { webhooks, err := c.Switch.WebhooksFactory(mgr) if err != nil { return nil, nil, fmt.Errorf("could not create webhooks: %w", err) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/controlplane/genericmutator/mutator.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/controlplane/genericmutator/mutator.go index d8b3a0978..f7dc3f26a 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/controlplane/genericmutator/mutator.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/controlplane/genericmutator/mutator.go @@ -270,11 +270,7 @@ func (m *mutator) mutateOperatingSystemConfig(ctx context.Context, gctx gcontext return err } - if err := m.ensurer.EnsureAdditionalUnits(ctx, gctx, &osc.Spec.Units, oldUnits); err != nil { - return err - } - - return nil + return m.ensurer.EnsureAdditionalUnits(ctx, gctx, &osc.Spec.Units, oldUnits) } func (m *mutator) ensureKubeletServiceUnitContent(ctx context.Context, gctx gcontext.GardenContext, content, oldContent *string) error { @@ -373,6 +369,7 @@ func (m *mutator) ensureKubernetesGeneralConfiguration(ctx context.Context, gctx return nil } +// CloudProviderConfigPath is the path to the cloudprovider.conf kubelet configuration file. const CloudProviderConfigPath = "/var/lib/kubelet/cloudprovider.conf" func (m *mutator) ensureKubeletCloudProviderConfig(ctx context.Context, gctx gcontext.GardenContext, osc *extensionsv1alpha1.OperatingSystemConfig) error { diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/network/mutator.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/network/mutator.go index 3e5471796..44ace0945 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/network/mutator.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/network/mutator.go @@ -25,6 +25,7 @@ import ( extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" ) +// MutateFn is a function that validates and if needed mutates the given extensionsv1alpha1.Network. type MutateFn func(new, old *extensionsv1alpha1.Network) error // NewMutator creates a new network mutator. diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/registration.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/registration.go index 52ee2d9b1..653d11c53 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/registration.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/registration.go @@ -35,7 +35,7 @@ import ( const ( // NamePrefix is the prefix used for {Valida,Muta}tingWebhookConfigurations of extensions. NamePrefix = "gardener-extension-" - // NameSuffixShoots is the suffix used for {Valida,Muta}tingWebhookConfigurations of extensions targeting a shoot. + // NameSuffixShoot is the suffix used for {Valida,Muta}tingWebhookConfigurations of extensions targeting a shoot. NameSuffixShoot = "-shoot" ) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/shoot/shoot.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/shoot/shoot.go index 6934ffc67..4e2e17fed 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/shoot/shoot.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/shoot/shoot.go @@ -46,7 +46,7 @@ type Args struct { MutatorWithShootClient extensionswebhook.MutatorWithShootClient } -// Add creates a new webhook with the shoot as target cluster. +// New creates a new webhook with the shoot as target cluster. func New(mgr manager.Manager, args Args) (*extensionswebhook.Webhook, error) { logger.Info("Creating webhook", "name", WebhookName) diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/webhook.go b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/webhook.go index 491192a36..d0575a94c 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/webhook/webhook.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/webhook/webhook.go @@ -50,6 +50,7 @@ type Webhook struct { Selector *metav1.LabelSelector } +// Args contains Webhook creation arguments. type Args struct { Provider string Name string diff --git a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/executor/executor.go b/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/executor/executor.go deleted file mode 100644 index 4bc496682..000000000 --- a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/executor/executor.go +++ /dev/null @@ -1,116 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package executor - -import ( - "bytes" - "context" - "io" - "net/url" - "strings" - - "github.com/gardener/gardener/pkg/client/kubernetes" - corev1 "k8s.io/api/core/v1" - "k8s.io/client-go/kubernetes/scheme" - restclient "k8s.io/client-go/rest" - "k8s.io/client-go/tools/remotecommand" -) - -// Executor allows for execution of commands in containers. -type Executor interface { - ExecCommandInContainerWithFullOutput(ctx context.Context, namespace, podName, containerName string, cmd ...string) (stdout, stderr string, err error) -} - -// execOptions passed to ExecWithOptions -type execOptions struct { - client kubernetes.Interface - command []string - namespace string - podName string - containerName string - stdin io.Reader - captureStdout bool - captureStderr bool - // If false, whitespace in std{err,out} will be removed. - preserveWhitespace bool -} - -type defaultExecutor struct { - client kubernetes.Interface -} - -// NewExecutor creates a new instance of Executor for a specific -// Kubernetes client. -func NewExecutor(client kubernetes.Interface) Executor { - return &defaultExecutor{client: client} -} - -// ExecCommandInContainerWithFullOutput executes a command in the -// specified container and return stdout, stderr and error -func (e *defaultExecutor) ExecCommandInContainerWithFullOutput(ctx context.Context, namespace, podName, containerName string, cmd ...string) (stdout, stderr string, err error) { - return execWithOptions(execOptions{ - client: e.client, - command: cmd, - namespace: namespace, - podName: podName, - containerName: containerName, - stdin: nil, - captureStdout: true, - captureStderr: true, - preserveWhitespace: false, - }) -} - -// execWithOptions executes a command in the specified container, -// returning stdout, stderr and error. `options` allowed for -// additional parameters to be passed. -func execWithOptions(options execOptions) (stdout, stderr string, err error) { - const tty = false - req := options.client.Kubernetes().CoreV1().RESTClient().Post(). - Resource("pods"). - Name(options.podName). - Namespace(options.namespace). - SubResource("exec"). - Param("container", options.containerName) - req.VersionedParams(&corev1.PodExecOptions{ - Container: options.containerName, - Command: options.command, - Stdin: options.stdin != nil, - Stdout: options.captureStdout, - Stderr: options.captureStderr, - TTY: tty, - }, scheme.ParameterCodec) - - var stdoutBuff, stderrBuff bytes.Buffer - err = execute("POST", req.URL(), options.client.RESTConfig(), options.stdin, &stdoutBuff, &stderrBuff, tty) - - if options.preserveWhitespace { - return stdoutBuff.String(), stderrBuff.String(), err - } - return strings.TrimSpace(stdoutBuff.String()), strings.TrimSpace(stderrBuff.String()), err -} - -func execute(method string, url *url.URL, config *restclient.Config, stdin io.Reader, stdout, stderr io.Writer, tty bool) error { - exec, err := remotecommand.NewSPDYExecutor(config, method, url) - if err != nil { - return err - } - return exec.Stream(remotecommand.StreamOptions{ - Stdin: stdin, - Stdout: stdout, - Stderr: stderr, - Tty: tty, - }) -} diff --git a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/agnostic.go b/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/agnostic.go deleted file mode 100644 index c56b92212..000000000 --- a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/agnostic.go +++ /dev/null @@ -1,290 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package networkpolicies - -import ( - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - "github.com/gardener/gardener/pkg/operation/botanist/component/etcd" - "github.com/gardener/gardener/pkg/operation/botanist/component/kubecontrollermanager" - "github.com/gardener/gardener/pkg/operation/botanist/component/kubescheduler" - - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/sets" -) - -// Agnostic contains cloud agnostic settings. -type Agnostic struct{} - -// KubeAPIServer points to cloud-agnostic kube-apiserver. -func (a *Agnostic) KubeAPIServer() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(443), - Pod: NewPod("kube-apiserver", labels.Set{ - v1beta1constants.LabelApp: v1beta1constants.LabelKubernetes, - v1beta1constants.LabelRole: "apiserver", - }), - ExpectedPolicies: sets.NewString( - "allow-from-prometheus", - "allow-kube-apiserver", - "allow-to-dns", - "allow-to-public-networks", - "allow-to-private-networks", - "allow-to-shoot-networks", - "deny-all", - ), - } -} - -// KubeControllerManagerSecured points to cloud-agnostic kube-controller-manager running on HTTPS port. -func (a *Agnostic) KubeControllerManagerSecured() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(10257), - Pod: NewPod("kube-controller-manager-https", labels.Set{ - v1beta1constants.LabelApp: v1beta1constants.LabelKubernetes, - v1beta1constants.GardenRole: v1beta1constants.GardenRoleControlPlane, - v1beta1constants.LabelRole: kubecontrollermanager.LabelRole, - }), - ExpectedPolicies: sets.NewString( - "allow-to-public-networks", - "allow-to-private-networks", - "allow-from-prometheus", - "allow-to-dns", - "allow-to-blocked-cidrs", - "allow-to-shoot-apiserver", - "deny-all", - ), - } -} - -// KubeSchedulerSecured points to cloud-agnostic kube-scheduler running on HTTPS port. -func (a *Agnostic) KubeSchedulerSecured() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(10259), - Pod: NewPod("kube-scheduler-https", labels.Set{ - v1beta1constants.LabelApp: v1beta1constants.LabelKubernetes, - v1beta1constants.GardenRole: v1beta1constants.GardenRoleControlPlane, - v1beta1constants.LabelRole: kubescheduler.LabelRole, - }), - ExpectedPolicies: sets.NewString( - "allow-from-prometheus", - "allow-to-shoot-apiserver", - "allow-to-dns", - "deny-all", - ), - } -} - -// EtcdMain points to cloud-agnostic etcd-main instance. -func (a *Agnostic) EtcdMain() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(2379), - Pod: NewPod("etcd-main", labels.Set{ - v1beta1constants.LabelApp: etcd.LabelAppValue, - v1beta1constants.DeprecatedGardenRole: v1beta1constants.GardenRoleControlPlane, - v1beta1constants.LabelRole: v1beta1constants.ETCDRoleMain, - }), - ExpectedPolicies: sets.NewString( - etcd.NetworkPolicyName, - "allow-to-dns", - "allow-to-public-networks", - "allow-to-private-networks", - "deny-all", - ), - } -} - -// EtcdEvents points to cloud-agnostic etcd-main instance. -func (a *Agnostic) EtcdEvents() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(2379), - Pod: NewPod("etcd-events", labels.Set{ - v1beta1constants.LabelApp: etcd.LabelAppValue, - v1beta1constants.DeprecatedGardenRole: v1beta1constants.GardenRoleControlPlane, - v1beta1constants.LabelRole: v1beta1constants.ETCDRoleEvents, - }), - ExpectedPolicies: sets.NewString( - etcd.NetworkPolicyName, - "allow-to-dns", - "allow-to-public-networks", - "allow-to-private-networks", - "deny-all", - ), - } -} - -// CloudControllerManagerSecured points to cloud-agnostic cloud-controller-manager running on HTTPS port. -func (a *Agnostic) CloudControllerManagerSecured() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(10258), - Pod: NewPod("cloud-controller-manager-https", labels.Set{ - v1beta1constants.LabelApp: v1beta1constants.LabelKubernetes, - v1beta1constants.LabelRole: "cloud-controller-manager", - }), - ExpectedPolicies: sets.NewString( - "allow-from-prometheus", - "allow-to-shoot-apiserver", - "allow-to-dns", - "allow-to-public-networks", - "deny-all", - ), - } -} - -// Loki points to cloud-agnostic loki instance. -func (a *Agnostic) Loki() *SourcePod { - return &SourcePod{ - Ports: []Port{ - {Name: "metrics", Port: 3100}, - }, - Pod: NewPod("loki", labels.Set{ - v1beta1constants.LabelApp: "loki", - v1beta1constants.GardenRole: "logging", - v1beta1constants.LabelRole: "logging", - }), - ExpectedPolicies: sets.NewString( - "allow-from-prometheus", - "allow-loki", - "deny-all", - ), - } -} - -// Grafana points to cloud-agnostic grafana instance. -func (a *Agnostic) Grafana() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(3000), - Pod: NewPod("grafana", labels.Set{ - "component": "grafana", - v1beta1constants.GardenRole: "monitoring", - }), - ExpectedPolicies: sets.NewString( - "allow-grafana", - "allow-to-dns", - "deny-all", - ), - } -} - -// KubeStateMetricsShoot points to cloud-agnostic kube-state-metrics-shoot instance. -func (a *Agnostic) KubeStateMetricsShoot() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(8080), - Pod: NewPod("kube-state-metrics-shoot", labels.Set{ - "component": "kube-state-metrics", - v1beta1constants.GardenRole: "monitoring", - "type": "shoot", - }), - ExpectedPolicies: sets.NewString( - "allow-from-prometheus", - "allow-to-dns", - "allow-to-shoot-apiserver", - "deny-all", - ), - } -} - -// MachineControllerManager points to cloud-agnostic machine-controller-manager instance. -func (a *Agnostic) MachineControllerManager() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(10258), - Pod: NewPod("machine-controller-manager", labels.Set{ - v1beta1constants.LabelApp: v1beta1constants.LabelKubernetes, - v1beta1constants.LabelRole: "machine-controller-manager", - }), - ExpectedPolicies: sets.NewString( - "allow-from-prometheus", - "allow-to-dns", - "allow-to-public-networks", - "allow-to-private-networks", - "allow-to-seed-apiserver", - "allow-to-shoot-apiserver", - "deny-all", - ), - } -} - -// Prometheus points to cloud-agnostic prometheus instance. -func (a *Agnostic) Prometheus() *SourcePod { - return &SourcePod{ - Ports: NewSinglePort(9090), - Pod: NewPod("prometheus", labels.Set{ - v1beta1constants.LabelApp: "prometheus", - v1beta1constants.GardenRole: "monitoring", - v1beta1constants.LabelRole: "monitoring", - }), - ExpectedPolicies: sets.NewString( - "allow-prometheus", - "allow-to-dns", - "allow-to-public-networks", - "allow-to-seed-apiserver", - "allow-to-shoot-apiserver", - "allow-to-shoot-networks", - "deny-all", - ), - } -} - -// AddonManager points to gardener-resource-manager instance. -func (a *Agnostic) AddonManager() *SourcePod { - return &SourcePod{ - Pod: NewPod("gardener-resource-manager", labels.Set{ - v1beta1constants.LabelApp: "gardener-resource-manager", - v1beta1constants.GardenRole: v1beta1constants.GardenRoleControlPlane, - }), - ExpectedPolicies: sets.NewString( - "allow-to-dns", - "allow-to-seed-apiserver", - "allow-to-shoot-apiserver", - "deny-all", - ), - } -} - -// Busybox points to busybox instance. -func (a *Agnostic) Busybox() *SourcePod { - return &SourcePod{ - Pod: NewPod("busybox", labels.Set{ - v1beta1constants.LabelApp: "busybox", - v1beta1constants.LabelRole: "testing", - }), - } -} - -// External points external host. -func (a *Agnostic) External() *Host { - return &Host{ - Description: "External host", - HostName: "8.8.8.8", - Port: 53, - } -} - -// SeedKubeAPIServer points the Seed Kube APIServer. -func (a *Agnostic) SeedKubeAPIServer() *Host { - return &Host{ - Description: "Seed Kube APIServer", - HostName: "kubernetes.default", - Port: 443, - } -} - -// GardenPrometheus points the Gardener Prometheus running in the seed cluster. -func (a *Agnostic) GardenPrometheus() *Host { - return &Host{ - Description: "Garden Prometheus", - HostName: "prometheus-web.garden", - Port: 80, - } -} diff --git a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/generators/networkpolicies.go b/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/generators/networkpolicies.go deleted file mode 100644 index 4bdc76bf3..000000000 --- a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/generators/networkpolicies.go +++ /dev/null @@ -1,739 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package generators - -import ( - "fmt" - "io" - "sort" - "strings" - - "github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies" - - "github.com/huandu/xstrings" - "k8s.io/gengo/args" - "k8s.io/gengo/generator" - "k8s.io/gengo/namer" - "k8s.io/klog" -) - -const ( - outPkgName = "networkpolies" -) - -// NameSystems returns the name system used by the generators in this package. -func NameSystems() namer.NameSystems { - return namer.NameSystems{ - "public": namer.NewPublicNamer(0), - "private": namer.NewPrivateNamer(0), - "raw": namer.NewRawNamer("", nil), - } -} - -// DefaultNameSystem returns the default name system for ordering the types to be -// processed by the generators in this package. -func DefaultNameSystem() string { - return "public" -} - -type cloudAwarePackage struct { - cloud networkpolicies.CloudAware -} - -func NewPackages(cloud networkpolicies.CloudAware) func(p *generator.Context, arguments *args.GeneratorArgs) generator.Packages { - return (&cloudAwarePackage{cloud: cloud}).Packages -} - -// Packages makes the sets package definition. -func (a *cloudAwarePackage) Packages(p *generator.Context, arguments *args.GeneratorArgs) generator.Packages { - boilerplate, err := arguments.LoadGoBoilerplate() - if err != nil { - klog.Fatalf("Failed loading boilerplate: %v", err) - } - - pkg := &generator.DefaultPackage{ - PackageName: outPkgName, - PackagePath: arguments.OutputPackagePath, - HeaderText: boilerplate, - PackageDocumentation: []byte( - `// Package has auto-generated cloud-specific network policy tests. - `), - // GeneratorFunc returns a list of generators. Each generator makes a - // single file. - GeneratorFunc: func(c *generator.Context) (generators []generator.Generator) { - generators = []generator.Generator{ - // Always generate a "doc.go" file. - generator.DefaultGen{OptionalName: "doc"}, - generator.DefaultGen{ - OptionalName: "networkpolicies_suite_test", - OptionalBody: []byte(suiteBody), - }, - &genTest{ - DefaultGen: generator.DefaultGen{ - OptionalName: "networkpolicy_test", - }, - outputPackage: outPkgName, - imports: generator.NewImportTracker(), - provider: a.cloud, - }, - } - - return generators - }, - } - - return generator.Packages{pkg} -} - -// genTest produces a file with a set for a single type. -type genTest struct { - generator.DefaultGen - outputPackage string - imports namer.ImportTracker - provider networkpolicies.CloudAware -} - -func (g *genTest) Imports(c *generator.Context) (imports []string) { - return append(g.imports.ImportLines(), - `context`, - `encoding/json`, - `flag`, - `fmt`, - `strings`, - `sync`, - `time`, - - `"github.com/gardener/gardener/test/framework"`, - `. "github.com/onsi/ginkgo"`, - `. "github.com/onsi/gomega"`, - `corev1 "k8s.io/api/core/v1"`, - `github.com/gardener/gardener/pkg/apis/core/v1beta1`, - `github.com/gardener/gardener/pkg/client/kubernetes`, - `github.com/gardener/gardener/pkg/logger`, - `github.com/gardener/gardener/extensions/test/e2e/framework/executor`, - `github.com/sirupsen/logrus`, - `k8s.io/apimachinery/pkg/api/errors`, - `k8s.io/apimachinery/pkg/labels`, - `k8s.io/apimachinery/pkg/types`, - `k8s.io/apimachinery/pkg/util/sets`, - `metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`, - `networkingv1 "k8s.io/api/networking/v1"`, - `networkpolicies "github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies"`, - `sigs.k8s.io/controller-runtime/pkg/client`, - ) -} - -func (g *genTest) simpleArgs(kv ...interface{}) interface{} { - m := map[interface{}]interface{}{} - for i := 0; i < len(kv)/2; i++ { - m[kv[i*2]] = kv[i*2+1] - } - return m -} - -// GenerateType makes the body of a file implementing a set for type t. -func (g *genTest) Init(c *generator.Context, w io.Writer) error { - sw := generator.NewSnippetWriter(w, c, "$", "$") - sw.Do(setHeader, nil) - g.generateValues(sw) - sw.Do(setBody, g.simpleArgs("providerName", g.provider.Provider(), "sourceVarName", g.sources())) - g.correctPolicies(sw) - g.ingressFromOtherNamespaces(sw) - g.egressToOtherNamespaces(sw) - g.egressToSeedNodes(sw) - g.egressForMirroredPods(sw) - sw.Do("})\n", nil) - return nil -} - -func (g *genTest) sources() string { - sourceNames := g.provider.Sources() - names := []string{} - for _, source := range sourceNames { - names = append(names, podToVariableName(&source.Pod)) - } - return strings.Join(names, ",\n") -} - -func (g *genTest) correctPolicies(sw *generator.SnippetWriter) { - sw.Do(` -Context("components are selected by correct policies", func() { - var ( - assertHasNetworkPolicy = func(sourcePod *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - if !sourcePod.Pod.CheckVersion(f.Shoot) { - Skip("Component doesn't match Shoot version constraints. Skipping.") - } - if !sourcePod.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - - matched := sets.NewString() - var podLabelSet labels.Set - - By(fmt.Sprintf("Getting first running pod with selectors %q in namespace %q", sourcePod.Pod.Labels, f.ShootSeedNamespace())) - pod, err := framework.GetFirstRunningPodWithLabels(ctx, sourcePod.Pod.Selector(), f.ShootSeedNamespace(), f.SeedClient) - podLabelSet = pod.GetLabels() - Expect(err).NotTo(HaveOccurred()) - - for _, netPol := range sharedResources.Policies { - netPolSelector, err := metav1.LabelSelectorAsSelector(&netPol.Spec.PodSelector) - Expect(err).NotTo(HaveOccurred()) - - if netPolSelector.Matches(podLabelSet) { - matched.Insert(netPol.GetName()) - } - } - By(fmt.Sprintf("Matching actual network policies against expected %s", sourcePod.ExpectedPolicies.List())) - Expect(matched.List()).Should(ConsistOf(sourcePod.ExpectedPolicies.List())) - } - } - ) -`, nil) - - for _, s := range g.provider.Rules() { - sw.Do("DefaultCIt(`$.sourcePodName$`, assertHasNetworkPolicy($.sourceVarName$))", g.simpleArgs("sourcePodName", s.SourcePod.Pod.Name, "sourceVarName", podToVariableName(&s.SourcePod.Pod))) - sw.Do("\n", nil) - } - - sw.Do("})\n", nil) -} - -func (g *genTest) generateValues(sw *generator.SnippetWriter) { - sw.Do("// generated targets\n", nil) - for _, t := range g.flattenPods() { - sw.Do("$.targetName$ = &$.targetPod$\n", g.simpleArgs("targetName", t.name, "targetPod", t.value)) - } -} - -func (g *genTest) egressForMirroredPods(sw *generator.SnippetWriter) { - sw.Do(` -Context("egress for mirrored pods", func() { - - var ( - from *networkpolicies.NamespacedSourcePod - - assertEgresssToMirroredPod = func(to *networkpolicies.TargetPod, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToPod(ctx, from, networkpolicies.NewNamespacedTargetPod(to, sharedResources.Mirror), allowed) - } - } - - assertEgresssToHost = func(to *networkpolicies.Host, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToHost(ctx, from, to, allowed) - } - } - ) -`, nil) - - for _, s := range g.provider.Rules() { - - sw.Do(` -Context("$.podName$", func() { - - BeforeEach(func(){ - from = networkpolicies.NewNamespacedSourcePod($.sourcePod$, sharedResources.Mirror) - }) - - `, g.simpleArgs("podName", s.SourcePod.Pod.Name, "sourcePod", podToVariableName(&s.SourcePod.Pod))) - for _, t := range s.TargetPods { - if s.Pod.Name != t.Pod.Name { - sw.Do("DefaultCIt(`$.description$`, assertEgresssToMirroredPod($.targetVarName$, $.allowed$))", g.simpleArgs("description", t.ToString(), "targetVarName", targetPodToVariableName(&t.TargetPod), "allowed", t.Allowed)) - sw.Do("\n", nil) - } - } - for _, h := range s.TargetHosts { - sw.Do("DefaultCIt(`$.description$`, assertEgresssToHost($.targetVarName$, $.allowed$))", g.simpleArgs("description", h.ToString(), "targetVarName", hostToVariableName(&h.Host), "allowed", h.Allowed)) - sw.Do("\n", nil) - } - - sw.Do("})\n", nil) - - } - sw.Do("})\n", nil) -} - -func (g *genTest) egressToSeedNodes(sw *generator.SnippetWriter) { - sw.Do(` -Context("egress to Seed nodes", func() { - - var ( - assertBlockToSeedNodes = func(from *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - assertCannotConnectToHost(ctx, networkpolicies.NewNamespacedSourcePod(from, sharedResources.Mirror), sharedResources.SeedNodeIP, 10250) - } - } - ) - - `, nil) - for _, s := range g.provider.Rules() { - sw.Do("DefaultCIt(`should block connectivity from $.podName$`, assertBlockToSeedNodes($.targetVarName$))", g.simpleArgs("podName", s.SourcePod.Pod.Name, "targetVarName", podToVariableName(&s.SourcePod.Pod))) - sw.Do("\n", nil) - } - sw.Do("})\n", nil) -} - -func (g *genTest) egressToOtherNamespaces(sw *generator.SnippetWriter) { - sw.Do(` -Context("egress to other namespaces", func() { - - var ( - assertBlockEgresss = func(from *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - assertCannotConnectToPod(ctx, networkpolicies.NewNamespacedSourcePod(from, sharedResources.Mirror), networkpolicies.NewNamespacedTargetPod(agnostic.Busybox().DummyPort(), sharedResources.External)) - } - } - ) - - `, nil) - - for _, s := range g.provider.Rules() { - sw.Do("DefaultCIt(`should block connectivity from $.sourcePodName$ to busybox`, assertBlockEgresss($.sourceVarName$))", g.simpleArgs("sourcePodName", s.SourcePod.Pod.Name, "sourceVarName", podToVariableName(&s.SourcePod.Pod))) - sw.Do("\n", nil) - } - sw.Do("})\n", nil) -} - -func (g *genTest) ingressFromOtherNamespaces(sw *generator.SnippetWriter) { - sw.Do(` -Context("ingress from other namespaces", func() { - - var ( - assertBlockIngress = func(to *networkpolicies.TargetPod, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToPod(ctx, networkpolicies.NewNamespacedSourcePod(agnostic.Busybox(), sharedResources.External), networkpolicies.NewNamespacedTargetPod(to, f.ShootSeedNamespace()), allowed) - } - } - ) - - `, nil) - for _, tp := range g.provider.EgressFromOtherNamespaces((&networkpolicies.Agnostic{}).Busybox()).TargetPods { - sw.Do("DefaultCIt(`$.description$`, assertBlockIngress($.targetVarName$, $.allowed$))", g.simpleArgs("description", tp.ToString(), "targetVarName", targetPodToVariableName(&tp.TargetPod), "allowed", tp.Allowed)) - sw.Do("\n", nil) - } - sw.Do("})\n", nil) - -} - -type target struct { - name string - value string -} - -func (g *genTest) flattenPods() []target { - fPods := map[string]string{} - targets := []target{} - for _, s := range g.provider.Rules() { - - targets = append(targets, target{name: podToVariableName(&s.SourcePod.Pod), value: prettyPrint(*s.SourcePod)}) - - for _, p := range s.TargetPods { - fPodName := targetPodToVariableName(&p.TargetPod) - if _, exists := fPods[fPodName]; !exists { - v := prettyPrint(p.TargetPod) - fPods[fPodName] = v - targets = append(targets, target{name: fPodName, value: v}) - } - } - for _, h := range s.TargetHosts { - fHostName := hostToVariableName(&h.Host) - if _, exists := fPods[fHostName]; !exists { - v := prettyPrint(h.Host) - fPods[fHostName] = v - targets = append(targets, target{name: fHostName, value: v}) - } - } - } - sort.Slice(targets, func(i, j int) bool { return targets[i].name < targets[j].name }) - - return targets -} - -func podToVariableName(p *networkpolicies.Pod) string { - return xstrings.ToCamelCase(strings.ReplaceAll(p.Name, "-", "_")) -} - -func targetPodToVariableName(p *networkpolicies.TargetPod) string { - return xstrings.ToCamelCase(strings.ReplaceAll(fmt.Sprintf("%s%d", p.Pod.Name, p.Port.Port), "-", "_")) -} - -func hostToVariableName(p *networkpolicies.Host) string { - return xstrings.FirstRuneToUpper(strings.ReplaceAll(fmt.Sprintf("%sPort%d", p.Description, p.Port), " ", "")) -} - -var suiteBody = ` -import ( - "testing" - - "github.com/onsi/ginkgo" - "github.com/onsi/gomega" -) - -func TestNetworkPolicies(t *testing.T) { - gomega.RegisterFailHandler(ginkgo.Fail) - ginkgo.RunSpecs(t, "Network Policies e2e Test Suite") -} -` - -var setHeader = ` -var ( - cleanup = flag.Bool("cleanup", false, "deletes all created e2e resources after the test suite is done") -) - -const ( - InitializationTimeout = 10 * time.Minute - FinalizationTimeout = time.Minute - DefaultTestTimeout = 10 * time.Second -) - -func init() { - framework.RegisterShootFrameworkFlags() -} - -var _ = Describe("Network Policy Testing", func() { - - var ( - f = framework.NewShootFramework(nil) - sharedResources networkpolicies.SharedResources - - agnostic = &networkpolicies.Agnostic{} - DefaultCIt = func(text string, body func(ctx context.Context)) { - f.Default().CIt(text, body, DefaultTestTimeout) - } - - getTargetPod = func(ctx context.Context, targetPod *networkpolicies.NamespacedTargetPod) *corev1.Pod { - if !targetPod.Pod.CheckVersion(f.Shoot) { - Skip("Target pod doesn't match Shoot version constraints. Skipping.") - } - if !targetPod.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - By(fmt.Sprintf("Checking that target Pod: %s is running", targetPod.Pod.Name)) - err := f.WaitUntilPodIsRunningWithLabels(ctx, targetPod.Pod.Selector(), targetPod.Namespace, f.SeedClient) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - By(fmt.Sprintf("Get target pod: %s", targetPod.Pod.Name)) - trgPod, err := framework.GetFirstRunningPodWithLabels(ctx, targetPod.Pod.Selector(), targetPod.Namespace, f.SeedClient) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - return trgPod - } - - - establishConnectionToHost = func(ctx context.Context, nsp *networkpolicies.NamespacedSourcePod, host string, port int32) (stdout, stderr string, err error) { - if !nsp.Pod.CheckVersion(f.Shoot) { - Skip("Source pod doesn't match Shoot version constraints. Skipping.") - } - if !nsp.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - By(fmt.Sprintf("Checking for source Pod: %s is running", nsp.Pod.Name)) - ExpectWithOffset(1, f.WaitUntilPodIsRunningWithLabels(ctx, nsp.Pod.Selector(), nsp.Namespace, f.SeedClient)).NotTo(HaveOccurred()) - - command := []string{"nc", "-vznw", "3", host, fmt.Sprint(port)} - By(fmt.Sprintf("Executing connectivity command in %s/%s to %s", nsp.Namespace, nsp.Pod.Name, strings.Join(command, " "))) - - return executor.NewExecutor(f.SeedClient). - ExecCommandInContainerWithFullOutput(ctx, nsp.Namespace, nsp.Pod.Name, "busybox-0", command...) - } - - assertCannotConnectToHost = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, host string, port int32) { - _, stderr, err := establishConnectionToHost(ctx, sourcePod, host, port) - ExpectWithOffset(1, err).To(HaveOccurred()) - By("Connection message is timed out\n") - ExpectWithOffset(1, stderr).To(SatisfyAny(ContainSubstring("Connection timed out"), ContainSubstring("nc: bad address"))) - } - - assertConnectToHost = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetHost *networkpolicies.Host, allowed bool) { - _, stderr, err := establishConnectionToHost(ctx, sourcePod, targetHost.HostName, targetHost.Port) - if allowed { - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - } else { - ExpectWithOffset(1, err).To(HaveOccurred()) - ExpectWithOffset(1, stderr).To(SatisfyAny(BeEmpty(), ContainSubstring("Connection timed out"), ContainSubstring("nc: bad address")), "stderr has correct message") - } - } - - assertCannotConnectToPod = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetPod *networkpolicies.NamespacedTargetPod) { - pod := getTargetPod(ctx, targetPod) - assertCannotConnectToHost(ctx, sourcePod, pod.Status.PodIP, targetPod.Port.Port) - } - - assertConnectToPod = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetPod *networkpolicies.NamespacedTargetPod, allowed bool) { - pod := getTargetPod(ctx, targetPod) - assertConnectToHost(ctx, sourcePod, &networkpolicies.Host{ - HostName: pod.Status.PodIP, - Port: targetPod.Port.Port, - }, allowed) - } - -` - -var setBody = ` - ) - - SynchronizedBeforeSuite(func() []byte { - ctx, cancel := context.WithTimeout(context.TODO(), InitializationTimeout) - defer cancel() - - var err error - - // The framework has to be manually initialized as BeforeEach is not allowed to be called inside a SynchronizedBeforeSuite - f = &framework.ShootFramework{ - GardenerFramework: framework.NewGardenerFrameworkFromConfig(nil), - TestDescription: framework.NewTestDescription("SHOOT"), - Config: nil, - } - f.CommonFramework.BeforeEach() - f.GardenerFramework.BeforeEach() - f.BeforeEach(ctx) - - By("Getting Seed Cloud Provider") - sharedResources.SeedCloudProvider = f.Seed.Spec.Provider.Type - - By("Creating namespace for Ingress testing") - ns := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "gardener-e2e-network-policies-", - Labels: map[string]string{ - "gardener-e2e-test": "networkpolicies", - }, - }, - } - err = f.SeedClient.Client().Create(ctx, ns) - Expect(err).NotTo(HaveOccurred()) - - sharedResources.External = ns.GetName() - - By("Creating mirror namespace for pod2pod network testing") - mirrorNamespace := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "gardener-e2e-mirror-network-policies-", - Labels: map[string]string{ - "gardener-e2e-test": "networkpolicies", - }, - }, - } - err = f.SeedClient.Client().Create(ctx, mirrorNamespace) - Expect(err).NotTo(HaveOccurred()) - - sharedResources.Mirror = mirrorNamespace.GetName() - - By(fmt.Sprintf("Getting all network policies in namespace %q", f.ShootSeedNamespace())) - list := &networkingv1.NetworkPolicyList{} - err = f.SeedClient.Client().List(ctx, list, client.InNamespace(f.ShootSeedNamespace())) - Expect(err).ToNot(HaveOccurred()) - - sharedResources.Policies = list.Items - - for _, netPol := range sharedResources.Policies { - cpy := &networkingv1.NetworkPolicy{} - cpy.Name = netPol.Name - cpy.Namespace = sharedResources.Mirror - cpy.Spec = *netPol.Spec.DeepCopy() - By(fmt.Sprintf("Copying network policy %s in namespace %q", netPol.Name, sharedResources.Mirror)) - err = f.SeedClient.Client().Create(ctx, cpy) - Expect(err).NotTo(HaveOccurred()) - } - - By("Getting the current CloudProvider") - currentProvider := f.Shoot.Spec.Provider.Type - - getFirstNodeInternalIP := func(ctx context.Context, cl kubernetes.Interface) (string, error) { - nodes := &corev1.NodeList{} - err := cl.Client().List(ctx, nodes, client.Limit(1)) - if err != nil { - return "", err - } - - if len(nodes.Items) > 0 { - firstNode := nodes.Items[0] - for _, address := range firstNode.Status.Addresses { - if address.Type == corev1.NodeInternalIP { - return address.Address, nil - } - } - } - - return "", framework.ErrNoInternalIPsForNodeWasFound - } - - By("Getting fist running node") - sharedResources.SeedNodeIP, err = getFirstNodeInternalIP(ctx, f.SeedClient) - Expect(err).NotTo(HaveOccurred()) - - if currentProvider != "$.providerName$" { - Fail(fmt.Sprintf("Not supported cloud provider %s", currentProvider)) - } - - createBusyBox := func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, ports ...corev1.ContainerPort) { - if len(ports) == 0 { - Fail(fmt.Sprintf("No ports found for SourcePod %+v", *sourcePod.SourcePod)) - } - containers := []corev1.Container{} - for i, port := range ports { - containers = append(containers, corev1.Container{ - Args: []string{"nc", "-lk", "-p", fmt.Sprint(port.ContainerPort), "-e", "/bin/echo", "-s", "0.0.0.0"}, - Image: "busybox", - Name: fmt.Sprintf("busybox-%d", i), - Ports: []corev1.ContainerPort{port}, - }) - } - pod := &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: sourcePod.Pod.Name, - Namespace: sourcePod.Namespace, - Labels: sourcePod.Pod.Labels, - }, - Spec: corev1.PodSpec{ - Containers: containers, - }, - } - - By(fmt.Sprintf("Creating Pod %s/%s", sourcePod.Namespace, sourcePod.Name)) - err := f.SeedClient.Client().Create(ctx, pod) - Expect(err).NotTo(HaveOccurred()) - - By(fmt.Sprintf("Waiting foo Pod %s/%s to be running", sourcePod.Namespace, sourcePod.Name)) - err = framework.WaitUntilPodIsRunning(ctx, f.Logger, pod.GetName(), sourcePod.Namespace, f.SeedClient) - if err != nil { - Fail(fmt.Sprintf("Couldn't find running busybox %s/%s", sourcePod.Namespace, pod.GetName())) - } - } - - sources := []*networkpolicies.SourcePod{ - $.sourceVarName$, - } - - var wg sync.WaitGroup - // one extra for the busybox Pod bellow. - wg.Add(len(sources) + 1) - - for _, s := range sources { - go func(pi *networkpolicies.SourcePod) { - defer GinkgoRecover() - defer wg.Done() - if !pi.Pod.CheckVersion(f.Shoot) || !pi.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - return - } - pod, err := framework.GetFirstRunningPodWithLabels(ctx, pi.Pod.Selector(), f.ShootSeedNamespace(), f.SeedClient) - if err != nil { - Fail(fmt.Sprintf("Couldn't find running Pod %s/%s with labels: %+v", f.ShootSeedNamespace(), pi.Pod.Name, pi.Pod.Labels)) - } - cpy := *pi - - targetLabels := make(map[string]string) - - for k, v := range pod.Labels { - targetLabels[k] = v - } - - cpy.Pod.Labels = targetLabels - By(fmt.Sprintf("Mirroring Pod %s to namespace %s", cpy.Pod.Labels.String(), sharedResources.Mirror)) - - expectedPorts := sets.Int64{} - actualPorts := sets.Int64{} - for _, p := range pi.Ports { - expectedPorts.Insert(int64(p.Port)) - } - containerPorts := []corev1.ContainerPort{} - for _, container := range pod.Spec.Containers { - if len(container.Ports) > 0 { - for _, p := range container.Ports { - actualPorts.Insert(int64(p.ContainerPort)) - } - containerPorts = append(containerPorts, container.Ports...) - } - } - - if !actualPorts.HasAll(expectedPorts.List()...) { - Fail(fmt.Sprintf("Pod %s doesn't have all ports. Expected %+v, actual %+v", pi.Pod.Name, expectedPorts.List(), actualPorts.List())) - } - if len(containerPorts) == 0 { - // Dummy port for containers which don't have any ports. - containerPorts = append(containerPorts, corev1.ContainerPort{ContainerPort: 8080}) - } - createBusyBox(ctx, networkpolicies.NewNamespacedSourcePod(&cpy, sharedResources.Mirror), containerPorts...) - }(s) - } - go func() { - defer GinkgoRecover() - defer wg.Done() - createBusyBox(ctx, networkpolicies.NewNamespacedSourcePod(agnostic.Busybox(), ns.GetName()), corev1.ContainerPort{ContainerPort: 8080}) - }() - - wg.Wait() - - b, err := json.Marshal(sharedResources) - Expect(err).NotTo(HaveOccurred()) - - return b - }, func(data []byte) { - sr := &networkpolicies.SharedResources{} - err := json.Unmarshal(data, sr) - Expect(err).NotTo(HaveOccurred()) - - sharedResources = *sr - }) - - SynchronizedAfterSuite(func() { - if !*cleanup { - return - } - - ctx, cancel := context.WithTimeout(context.TODO(), FinalizationTimeout) - defer cancel() - - namespaces := &corev1.NamespaceList{} - selector := labels.SelectorFromSet(labels.Set{ - "gardener-e2e-test": "networkpolicies", - }) - err := f.SeedClient.Client().List(ctx, namespaces, client.MatchingLabelsSelector{Selector: selector}) - Expect(err).NotTo(HaveOccurred()) - - for _, ns := range namespaces.Items { - err = f.SeedClient.Client().Delete(ctx, &ns) - if err != nil && !errors.IsConflict(err) { - Expect(err).NotTo(HaveOccurred()) - } - } - }, func() {}) - - Context("Deprecated old policies are removed", func() { - - const ( - deprecatedKubeAPIServerPolicy = "kube-apiserver-default" - deprecatedMetadataAppPolicy = "cloud-metadata-service-deny-blacklist-app" - deprecatedMetadataRolePolicy = "cloud-metadata-service-deny-blacklist-role" - ) - - var ( - assertPolicyIsGone = func(policyName string) func(ctx context.Context) { - return func(ctx context.Context) { - By(fmt.Sprintf("Getting network policy %q in namespace %q", policyName, f.ShootSeedNamespace())) - getErr := f.SeedClient.Client().Get(ctx, types.NamespacedName{Name: policyName, Namespace: f.ShootSeedNamespace()}, &networkingv1.NetworkPolicy{}) - Expect(getErr).To(HaveOccurred()) - By("error is NotFound") - Expect(errors.IsNotFound(getErr)).To(BeTrue()) - } - } - ) - - DefaultCIt(deprecatedKubeAPIServerPolicy, assertPolicyIsGone(deprecatedKubeAPIServerPolicy)) - DefaultCIt(deprecatedMetadataAppPolicy, assertPolicyIsGone(deprecatedMetadataAppPolicy)) - DefaultCIt(deprecatedMetadataRolePolicy, assertPolicyIsGone(deprecatedMetadataRolePolicy)) - }) -` diff --git a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/rule_builder.go b/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/rule_builder.go deleted file mode 100644 index 9007400da..000000000 --- a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/rule_builder.go +++ /dev/null @@ -1,107 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package networkpolicies - -// RuleBuilder is a builder for easy construction of Source. -type RuleBuilder struct { - rule Rule -} - -// NewSource creates a new instance of RuleBuilder. -func NewSource(pi *SourcePod) *RuleBuilder { - return &RuleBuilder{rule: Rule{SourcePod: pi}} -} - -// AllowHost adds `allowedHosts` as allowed Targets. -func (s *RuleBuilder) AllowHost(allowedHosts ...*Host) *RuleBuilder { - return s.conditionalHost(true, allowedHosts...) -} - -// AllowPod adds `allowedSources` as allowed Targets. -func (s *RuleBuilder) AllowPod(allowedSources ...*SourcePod) *RuleBuilder { - allowedTargets := []*TargetPod{} - for _, ap := range allowedSources { - allowedTargets = append(allowedTargets, ap.AsTargetPods()...) - } - return s.conditionalPod(true, allowedTargets...) -} - -// AllowTargetPod adds `allowTargetPods` as allowed Targets. -func (s *RuleBuilder) AllowTargetPod(allowTargetPods ...*TargetPod) *RuleBuilder { - return s.conditionalPod(true, allowTargetPods...) -} - -// DenyHost adds `deniedHosts` as denied Targets. -func (s *RuleBuilder) DenyHost(deniedHosts ...*Host) *RuleBuilder { - return s.conditionalHost(false, deniedHosts...) -} - -// DenyPod adds `deniedPods` as denied Targets. -func (s *RuleBuilder) DenyPod(deniedPods ...*SourcePod) *RuleBuilder { - deniedTargets := []*TargetPod{} - for _, ap := range deniedPods { - deniedTargets = append(deniedTargets, ap.AsTargetPods()...) - } - return s.conditionalPod(false, deniedTargets...) -} - -// DenyTargetPod adds `deniedTargets` as denied Targets. -func (s *RuleBuilder) DenyTargetPod(deniedTargets ...*TargetPod) *RuleBuilder { - return s.conditionalPod(false, deniedTargets...) -} - -// Build returns the completed Source instance. -func (s *RuleBuilder) Build() Rule { - return s.rule -} - -func (s *RuleBuilder) conditionalPod(allowed bool, pods ...*TargetPod) *RuleBuilder { - for _, pod := range pods { - if s.rule.SourcePod.Name == pod.Pod.Name { - // same target and source pods are alwayds allowed to talk to eachother. - continue - } - found := false - for i, existingTarget := range s.rule.TargetPods { - if pod.Pod.Name == existingTarget.TargetPod.Pod.Name && pod.Port.Port == existingTarget.TargetPod.Port.Port { - s.rule.TargetPods[i].Allowed = allowed - found = true - break - } - } - if !found { - s.rule.TargetPods = append(s.rule.TargetPods, PodRule{TargetPod: *pod, Allowed: allowed}) - } - } - return s -} - -func (s *RuleBuilder) conditionalHost(allowed bool, hosts ...*Host) *RuleBuilder { - for _, host := range hosts { - found := false - for i, existingTarget := range s.rule.TargetHosts { - - if host.HostName == existingTarget.Host.HostName && host.Port == existingTarget.Host.Port { - s.rule.TargetHosts[i].Allowed = allowed - found = true - break - } - } - if !found { - s.rule.TargetHosts = append(s.rule.TargetHosts, HostRule{Host: *host, Allowed: allowed}) - } - } - return s -} diff --git a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/types.go b/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/types.go deleted file mode 100644 index 78b1deb18..000000000 --- a/vendor/github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/types.go +++ /dev/null @@ -1,218 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package networkpolicies - -import ( - "fmt" - - "github.com/Masterminds/semver" - "github.com/gardener/gardener/pkg/apis/core/v1beta1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/sets" -) - -// SourcePod holds the data about pods in the shoot namespace and their services. -type SourcePod struct { - Pod - Ports []Port - ExpectedPolicies sets.String -} - -// TargetPod contains data about a Pod listening on a specific port. -type TargetPod struct { - Pod - Port -} - -// Pod contains the barebone detals about a Pod. -type Pod struct { - Name string - Labels labels.Set - ShootVersionConstraint string - // For which seed clusters this pod is active. - SeedClusterConstraints sets.String -} - -// Port holds the data about a single port. -type Port struct { - Port int32 - Name string -} - -// HostRule contains a target Host and decision if it's visible to the source Pod. -type HostRule struct { - Host - Allowed bool -} - -// PodRule contains a rule which allows/disallow traffic to a TargetPod. -type PodRule struct { - TargetPod - Allowed bool -} - -// Host contains host with port and optional description. -type Host struct { - Description string - HostName string - Port int32 -} - -// Rule contains Pod and target Pods and Hosts to which it's (not) allowed to talk to. -type Rule struct { - *SourcePod - TargetPods []PodRule - TargetHosts []HostRule -} - -// CloudAware contains a Cloud-specific information for Source(s) to Target(s) communication. -type CloudAware interface { - // Rules returns a list of all Rules of the CloudProvider. - Rules() []Rule - - // Sources returns a list of all Sources of the CloudProvider. - Sources() []*SourcePod - - // EgressFromOtherNamespaces returns a list of all TargetPod. - EgressFromOtherNamespaces(source *SourcePod) Rule - - // Provider returns the CloudProvider. - Provider() string -} - -// NewPod creates a new instance of Pod. -func NewPod(name string, labels labels.Set, shootVersionConstraints ...string) Pod { - constraint := "" - if len(shootVersionConstraints) > 0 { - constraint = shootVersionConstraints[0] - } - return Pod{name, labels, constraint, nil} -} - -// ToString returns the string representation of TargetHost. -func (t *HostRule) ToString() string { - action := "block" - if t.Allowed { - action = "allow" - } - return fmt.Sprintf("should %s connection to %q %s:%d", action, t.Host.Description, t.Host.HostName, t.Host.Port) -} - -// ToString returns the string representation of TargetPod. -func (p *PodRule) ToString() string { - action := "block" - if p.Allowed { - action = "allow" - } - return fmt.Sprintf("should %s connection to Pod %q at port %d", action, p.TargetPod.Pod.Name, p.TargetPod.Port.Port) -} - -// NewSinglePort returns just one port. -func NewSinglePort(p int32) []Port { - return []Port{{Port: p}} -} - -// CheckVersion checks if shoot version is matched by ShootVersionConstraint. -func (p *Pod) CheckVersion(shoot *v1beta1.Shoot) bool { - if len(p.ShootVersionConstraint) == 0 { - return true - } - c, err := semver.NewConstraint(p.ShootVersionConstraint) - if err != nil { - panic(fmt.Sprintf("Error parsing Pod Version constraint for pod %v: %v", *p, err)) - } - v, err := semver.NewVersion(shoot.Spec.Kubernetes.Version) - if err != nil { - panic(fmt.Sprintf("Error parsing version %v", err)) - } - return c.Check(v) -} - -// CheckSeedCluster checks if Seed cluster is matched by ShootVersionConstraint. -func (p *Pod) CheckSeedCluster(provider string) bool { - return p.SeedClusterConstraints.Len() == 0 || p.SeedClusterConstraints.Has(string(provider)) -} - -// Selector returns label selector for specific pod. -func (p *Pod) Selector() labels.Selector { - return labels.SelectorFromSet(p.Labels) -} - -// AsTargetPods returns a list of TargetPods for each Port. -// Returned slice is not deep copied! -func (s *SourcePod) AsTargetPods() []*TargetPod { - - targetPods := []*TargetPod{} - - // Create a dummy port for testing - if len(s.Ports) == 0 { - targetPods = append(targetPods, s.DummyPort()) - } - for _, port := range s.Ports { - targetPods = append(targetPods, &TargetPod{ - Pod: s.Pod, - Port: port, - }) - } - return targetPods -} - -// FromPort returns a TargetPod containing only one specific port. -// This resource is not deep copied! -func (s *SourcePod) FromPort(portName string) *TargetPod { - for _, port := range s.Ports { - if port.Name == portName { - return &TargetPod{ - Pod: s.Pod, - Port: port, - } - } - } - panic(fmt.Sprintf("Port named %q not found", portName)) -} - -// DummyPort returns a TargetPod containing only one 8080 port. -// This resource is not deep copied! -func (s *SourcePod) DummyPort() *TargetPod { - if len(s.Ports) > 0 { - panic("DummyPort should only be used for Pods without a Port") - } - return &TargetPod{ - Pod: s.Pod, - Port: Port{Port: 8080, Name: "dummy"}, - } -} - -// NamespacedSourcePod holds namespaced PodInfo. -type NamespacedSourcePod struct { - *SourcePod - Namespace string -} - -// NewNamespacedSourcePod creates a new NamespacedSourcePod. -func NewNamespacedSourcePod(sp *SourcePod, namespace string) *NamespacedSourcePod { - return &NamespacedSourcePod{SourcePod: sp, Namespace: namespace} -} - -// NamespacedTargetPod holds namespaced TargetPod. -type NamespacedTargetPod struct { - *TargetPod - Namespace string -} - -// NewNamespacedTargetPod creates a new NamespacedTargetPod. -func NewNamespacedTargetPod(tp *TargetPod, namespace string) *NamespacedTargetPod { - return &NamespacedTargetPod{TargetPod: tp, Namespace: namespace} -} diff --git a/vendor/github.com/gardener/gardener/extensions/test/integration/healthcheck/healthcheck_operation.go b/vendor/github.com/gardener/gardener/extensions/test/integration/healthcheck/healthcheck_operation.go index 029f7fc1e..e7c19ca7d 100644 --- a/vendor/github.com/gardener/gardener/extensions/test/integration/healthcheck/healthcheck_operation.go +++ b/vendor/github.com/gardener/gardener/extensions/test/integration/healthcheck/healthcheck_operation.go @@ -19,25 +19,25 @@ import ( "fmt" "time" - extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" - "github.com/gardener/gardener/extensions/pkg/controller/healthcheck" - "github.com/gardener/gardener/extensions/test/integration/operation" - "k8s.io/utils/pointer" - resourcev1alpha1 "github.com/gardener/gardener-resource-manager/api/resources/v1alpha1" resourcev1alpha1helper "github.com/gardener/gardener-resource-manager/api/resources/v1alpha1/helper" - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - kutil "github.com/gardener/gardener/pkg/utils/kubernetes" - "github.com/gardener/gardener/test/framework" machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" appsv1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/util/retry" + "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" + + extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" + "github.com/gardener/gardener/extensions/pkg/controller/healthcheck" + "github.com/gardener/gardener/extensions/test/integration/operation" + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + kutil "github.com/gardener/gardener/pkg/utils/kubernetes" + "github.com/gardener/gardener/test/framework" ) // ControlPlaneHealthCheckWithManagedResource is a convenience function to tests that an unhealthy condition in a given ManagedResource leads to an unhealthy health check condition in the given ControlPlane CRD. @@ -108,8 +108,13 @@ func TestHealthCheckWithManagedResource(ctx context.Context, timeout time.Durati var ( err error resourceManagerDeploymentReplicasBeforeScaledown *int32 + + cancel context.CancelFunc ) - resourceManagerDeploymentReplicasBeforeScaledown, err = operation.ScaleGardenerResourceManager(timeout, f.ShootSeedNamespace(), f.SeedClient.Client(), pointer.Int32(0)) + ctx, cancel = context.WithTimeout(ctx, timeout) + defer cancel() + + resourceManagerDeploymentReplicasBeforeScaledown, err = operation.ScaleGardenerResourceManager(ctx, f.ShootSeedNamespace(), f.SeedClient.Client(), pointer.Int32(0)) if err != nil { return err } @@ -117,7 +122,7 @@ func TestHealthCheckWithManagedResource(ctx context.Context, timeout time.Durati defer func() { f.Logger.Infof("Cleanup: scaling resource manager to %d replicas again", int(*resourceManagerDeploymentReplicasBeforeScaledown)) // scale up again - _, err = operation.ScaleGardenerResourceManager(timeout, f.ShootSeedNamespace(), f.SeedClient.Client(), resourceManagerDeploymentReplicasBeforeScaledown) + _, err = operation.ScaleGardenerResourceManager(ctx, f.ShootSeedNamespace(), f.SeedClient.Client(), resourceManagerDeploymentReplicasBeforeScaledown) framework.ExpectNoError(err) // wait until healthy again @@ -153,10 +158,12 @@ func TestHealthCheckWithManagedResource(ctx context.Context, timeout time.Durati }, healthConditionType, gardencorev1beta1.ConditionFalse, healthcheck.ReasonUnsuccessful) } +// ControlPlaneHealthCheckDeleteSeedDeployment is a convenience function to delete the given deployment and check the control plane resource condition. func ControlPlaneHealthCheckDeleteSeedDeployment(ctx context.Context, f *framework.ShootFramework, controlPlaneName, deploymentName string, healthConditionType gardencorev1beta1.ConditionType) error { return deleteSeedDeploymentCheck(ctx, f, extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.ControlPlaneResource), controlPlaneName, deploymentName, healthConditionType) } +// WorkerHealthCheckDeleteSeedDeployment is a convenience function to delete the given deployment and check the worker resource condition. func WorkerHealthCheckDeleteSeedDeployment(ctx context.Context, f *framework.ShootFramework, controlPlaneName, deploymentName string, healthConditionType gardencorev1beta1.ConditionType) error { return deleteSeedDeploymentCheck(ctx, f, extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.WorkerResource), controlPlaneName, deploymentName, healthConditionType) } @@ -188,6 +195,7 @@ func deleteSeedDeploymentCheck(ctx context.Context, f *framework.ShootFramework, }, healthConditionType, gardencorev1beta1.ConditionUnknown, gardencorev1beta1.ConditionCheckError) } +// MachineDeletionHealthCheck is a convenience function to delete the first machine and check the worker resource condition. func MachineDeletionHealthCheck(ctx context.Context, f *framework.ShootFramework) error { var err error machineList := machinev1alpha1.MachineList{} diff --git a/vendor/github.com/gardener/gardener/extensions/test/integration/operation/shoot_operation.go b/vendor/github.com/gardener/gardener/extensions/test/integration/operation/shoot_operation.go index eeaaeea95..b70f77c85 100644 --- a/vendor/github.com/gardener/gardener/extensions/test/integration/operation/shoot_operation.go +++ b/vendor/github.com/gardener/gardener/extensions/test/integration/operation/shoot_operation.go @@ -19,16 +19,17 @@ import ( "fmt" "time" - "github.com/gardener/gardener/pkg/api/extensions" - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - "github.com/gardener/gardener/pkg/utils/retry" - "github.com/gardener/gardener/test/framework" "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/gardener/gardener/pkg/api/extensions" + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + "github.com/gardener/gardener/pkg/utils/retry" + "github.com/gardener/gardener/test/framework" ) // WaitForExtensionCondition waits for the extension to contain the condition type, status and reason @@ -60,6 +61,6 @@ func WaitForExtensionCondition(ctx context.Context, logger *logrus.Logger, seedC } // ScaleGardenerResourceManager scales the gardener-resource-manager to the desired replicas -func ScaleGardenerResourceManager(setupContextTimeout time.Duration, namespace string, client client.Client, desiredReplicas *int32) (*int32, error) { - return framework.ScaleDeployment(setupContextTimeout, client, desiredReplicas, v1beta1constants.DeploymentNameGardenerResourceManager, namespace) +func ScaleGardenerResourceManager(ctx context.Context, namespace string, client client.Client, desiredReplicas *int32) (*int32, error) { + return framework.ScaleDeployment(ctx, client, desiredReplicas, v1beta1constants.DeploymentNameGardenerResourceManager, namespace) } diff --git a/vendor/github.com/gardener/gardener/hack/test-integration.sh b/vendor/github.com/gardener/gardener/hack/test-integration.sh index 2cd357e27..1e047a934 100755 --- a/vendor/github.com/gardener/gardener/hack/test-integration.sh +++ b/vendor/github.com/gardener/gardener/hack/test-integration.sh @@ -27,8 +27,7 @@ if ! command -v setup-envtest &> /dev/null ; then fi # --use-env allows overwriting the envtest tools path via the KUBEBUILDER_ASSETS env var just like it was before -setup-envtest use --use-env -p env ${ENVTEST_K8S_VERSION} -source <(setup-envtest use --use-env -p env ${ENVTEST_K8S_VERSION}) +export KUBEBUILDER_ASSETS="$(setup-envtest use --use-env -p path ${ENVTEST_K8S_VERSION})" echo "using envtest tools installed at '$KUBEBUILDER_ASSETS'" echo "> Integration Tests" diff --git a/vendor/github.com/gardener/gardener/hack/update-codegen.sh b/vendor/github.com/gardener/gardener/hack/update-codegen.sh index 889b14c6d..2a7b42add 100755 --- a/vendor/github.com/gardener/gardener/hack/update-codegen.sh +++ b/vendor/github.com/gardener/gardener/hack/update-codegen.sh @@ -53,8 +53,8 @@ extensions_groups() { echo "Generating API groups for pkg/apis/extensions" bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-groups.sh \ - "deepcopy,client,informer,lister" \ - github.com/gardener/gardener/pkg/client/extensions \ + "deepcopy" \ + github.com/gardener/gardener/pkg/apis \ github.com/gardener/gardener/pkg/apis \ "extensions:v1alpha1" \ -h "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" @@ -111,8 +111,8 @@ operations_groups() { echo "Generating API groups for pkg/apis/operations" bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-internal-groups.sh \ - deepcopy,defaulter,client,lister,informer \ - github.com/gardener/gardener/pkg/client/operations \ + deepcopy,defaulter \ + github.com/gardener/gardener/pkg/apis \ github.com/gardener/gardener/pkg/apis \ github.com/gardener/gardener/pkg/apis \ "operations:v1alpha1" \ @@ -246,7 +246,7 @@ gardenlet_groups() { } export -f gardenlet_groups -# Componentconfig for landscaper-gardenlet +# Componentconfig for the gardenlet landscaper component landscapergardenlet_groups() { echo "Generating API groups for landscaper/gardenlet/pkg/apis/imports" @@ -270,6 +270,30 @@ landscapergardenlet_groups() { } export -f landscapergardenlet_groups +# Componentconfig for control plane landscaper component + +landscapercontrolplane_groups() { + echo "Generating API groups for landscaper/controlplane/pkg/apis/imports" + + bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-internal-groups.sh \ + deepcopy,defaulter \ + github.com/gardener/gardener/pkg/client/componentconfig \ + github.com/gardener/gardener/landscaper/pkg/controlplane/apis \ + github.com/gardener/gardener/landscaper/pkg/controlplane/apis \ + "imports:v1alpha1" \ + -h "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" + + bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-internal-groups.sh \ + conversion \ + github.com/gardener/gardener/pkg/client/componentconfig \ + github.com/gardener/gardener/landscaper/pkg/controlplane/apis \ + github.com/gardener/gardener/landscaper/pkg/controlplane/apis \ + "imports:v1alpha1" \ + --extra-peer-dirs=k8s.io/apiserver/pkg/apis/apiserver/v1,k8s.io/apiserver/pkg/apis/audit/v1,k8s.io/apiserver/pkg/apis/config/v1,github.com/gardener/hvpa-controller/api/v1alpha1,github.com/gardener/landscaper/apis/core/v1alpha1,k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/apimachinery/pkg/conversion,k8s.io/apimachinery/pkg/runtime \ + -h "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" +} +export -f landscapercontrolplane_groups + # Componentconfig for admission plugins shoottolerationrestriction_groups() { @@ -340,6 +364,7 @@ if [[ $# -gt 0 && "$1" == "--parallel" ]]; then gardenlet_groups \ shoottolerationrestriction_groups \ landscapergardenlet_groups + landscapercontrolplane_groups else authentication_groups core_groups @@ -353,6 +378,7 @@ else gardenlet_groups shoottolerationrestriction_groups landscapergardenlet_groups + landscapercontrolplane_groups fi openapi_definitions "$@" diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/types_adminkubeconfigrequest.go b/vendor/github.com/gardener/gardener/pkg/apis/authentication/types_adminkubeconfigrequest.go deleted file mode 100644 index cb82bf372..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/types_adminkubeconfigrequest.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authentication - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// AdminKubeconfigRequest can be used to request a kubeconfig with admin credentials -// for a Shoot cluster. -type AdminKubeconfigRequest struct { - metav1.TypeMeta - // Standard object metadata. - metav1.ObjectMeta - // Spec is the specification of the AdminKubeconfigRequest. - Spec AdminKubeconfigRequestSpec - // Status is the status of the AdminKubeconfigRequest. - Status AdminKubeconfigRequestStatus -} - -// AdminKubeconfigRequestStatus is the status of the AdminKubeconfigRequest containing -// the kubeconfig and expiration of the credential. -type AdminKubeconfigRequestStatus struct { - // Kubeconfig contains the kubeconfig with cluster-admin privileges for the shoot cluster. - Kubeconfig []byte - // ExpirationTimestamp is the expiration timestamp of of the returned credential. - ExpirationTimestamp metav1.Time -} - -// AdminKubeconfigRequestSpec contains the expiration time of the kubeconfig. -type AdminKubeconfigRequestSpec struct { - // ExpirationSeconds is the requested validity duration of the credential. The - // credential issuer may return a credential with a different validity duration so a - // client needs to check the 'expirationTimestamp' field in a response. - // Defaults to 1 hour. - ExpirationSeconds int64 -} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/doc.go b/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/doc.go deleted file mode 100644 index 19fbeede3..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/doc.go +++ /dev/null @@ -1,28 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1alpha1 is the v1alpha1 version of the API. -// +k8s:deepcopy-gen=package,register -// +k8s:conversion-gen=github.com/gardener/gardener/pkg/apis/authentication -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta -// +k8s:protobuf-gen=package - -//go:generate gen-crd-api-reference-docs -api-dir . -config ../../../../hack/api-reference/authentication-config.json -template-dir ../../../../hack/api-reference/template -out-file ../../../../hack/api-reference/authentication.md - -// Package v1alpha1 is a version of the API. -// +groupName=authentication.gardener.cloud -package v1alpha1 diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.pb.go b/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.pb.go deleted file mode 100644 index 607bca3a6..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.pb.go +++ /dev/null @@ -1,813 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.proto - -package v1alpha1 - -import ( - fmt "fmt" - - io "io" - - proto "github.com/gogo/protobuf/proto" - - math "math" - math_bits "math/bits" - reflect "reflect" - strings "strings" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -func (m *AdminKubeconfigRequest) Reset() { *m = AdminKubeconfigRequest{} } -func (*AdminKubeconfigRequest) ProtoMessage() {} -func (*AdminKubeconfigRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{0} -} -func (m *AdminKubeconfigRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdminKubeconfigRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdminKubeconfigRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdminKubeconfigRequest.Merge(m, src) -} -func (m *AdminKubeconfigRequest) XXX_Size() int { - return m.Size() -} -func (m *AdminKubeconfigRequest) XXX_DiscardUnknown() { - xxx_messageInfo_AdminKubeconfigRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_AdminKubeconfigRequest proto.InternalMessageInfo - -func (m *AdminKubeconfigRequestSpec) Reset() { *m = AdminKubeconfigRequestSpec{} } -func (*AdminKubeconfigRequestSpec) ProtoMessage() {} -func (*AdminKubeconfigRequestSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{1} -} -func (m *AdminKubeconfigRequestSpec) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdminKubeconfigRequestSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdminKubeconfigRequestSpec) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdminKubeconfigRequestSpec.Merge(m, src) -} -func (m *AdminKubeconfigRequestSpec) XXX_Size() int { - return m.Size() -} -func (m *AdminKubeconfigRequestSpec) XXX_DiscardUnknown() { - xxx_messageInfo_AdminKubeconfigRequestSpec.DiscardUnknown(m) -} - -var xxx_messageInfo_AdminKubeconfigRequestSpec proto.InternalMessageInfo - -func (m *AdminKubeconfigRequestStatus) Reset() { *m = AdminKubeconfigRequestStatus{} } -func (*AdminKubeconfigRequestStatus) ProtoMessage() {} -func (*AdminKubeconfigRequestStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{2} -} -func (m *AdminKubeconfigRequestStatus) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdminKubeconfigRequestStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdminKubeconfigRequestStatus) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdminKubeconfigRequestStatus.Merge(m, src) -} -func (m *AdminKubeconfigRequestStatus) XXX_Size() int { - return m.Size() -} -func (m *AdminKubeconfigRequestStatus) XXX_DiscardUnknown() { - xxx_messageInfo_AdminKubeconfigRequestStatus.DiscardUnknown(m) -} - -var xxx_messageInfo_AdminKubeconfigRequestStatus proto.InternalMessageInfo - -func init() { - proto.RegisterType((*AdminKubeconfigRequest)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.AdminKubeconfigRequest") - proto.RegisterType((*AdminKubeconfigRequestSpec)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.AdminKubeconfigRequestSpec") - proto.RegisterType((*AdminKubeconfigRequestStatus)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.AdminKubeconfigRequestStatus") -} - -func init() { - proto.RegisterFile("github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.proto", fileDescriptor_4ad0cb10cdbf25b8) -} - -var fileDescriptor_4ad0cb10cdbf25b8 = []byte{ - // 467 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x92, 0x41, 0x6b, 0xd4, 0x40, - 0x14, 0xc7, 0x33, 0x6d, 0x29, 0x65, 0x2c, 0x85, 0xa6, 0x28, 0xcb, 0x2a, 0xb3, 0xb2, 0x27, 0x11, - 0x9c, 0xb8, 0x22, 0xe2, 0xc5, 0x83, 0x91, 0x9e, 0xa4, 0x08, 0xa9, 0x17, 0xf5, 0xe2, 0xdb, 0xe4, - 0x35, 0x19, 0xd7, 0x64, 0xc6, 0xcc, 0x64, 0xb1, 0x78, 0x11, 0xfc, 0x02, 0x7e, 0xac, 0xf5, 0xd6, - 0x63, 0x4f, 0x8b, 0x1b, 0x3f, 0x87, 0x20, 0x33, 0x9b, 0x6d, 0xd6, 0x6e, 0xab, 0x82, 0xf4, 0xf6, - 0x5e, 0xe6, 0xfd, 0xff, 0xbf, 0x7f, 0xe6, 0x0d, 0x3d, 0x48, 0x85, 0xc9, 0xaa, 0x21, 0x8f, 0x65, - 0x1e, 0xa4, 0x50, 0x26, 0x58, 0x60, 0xd9, 0x16, 0x6a, 0x94, 0x06, 0xa0, 0x84, 0x0e, 0xa0, 0x32, - 0x19, 0x16, 0x46, 0xc4, 0x60, 0x84, 0x2c, 0x82, 0xf1, 0x00, 0xde, 0xab, 0x0c, 0x06, 0x41, 0x6a, - 0xc7, 0xc0, 0x60, 0xc2, 0x55, 0x29, 0x8d, 0xf4, 0x9f, 0xb4, 0x76, 0x7c, 0xe1, 0xd2, 0x16, 0x6a, - 0x94, 0x72, 0x6b, 0xc7, 0x7f, 0xb7, 0xe3, 0x0b, 0xbb, 0xee, 0xbd, 0xe5, 0x34, 0x32, 0x95, 0x81, - 0x73, 0x1d, 0x56, 0x47, 0xae, 0x73, 0x8d, 0xab, 0xe6, 0xb4, 0xee, 0xc3, 0xd1, 0x63, 0xcd, 0x85, - 0xb4, 0x11, 0x73, 0x88, 0x33, 0x51, 0x60, 0x79, 0xdc, 0x66, 0xce, 0xd1, 0x40, 0x30, 0x5e, 0xc9, - 0xd8, 0x0d, 0x2e, 0x53, 0x95, 0x55, 0x61, 0x44, 0x8e, 0x2b, 0x82, 0x47, 0x7f, 0x13, 0xe8, 0x38, - 0xc3, 0x1c, 0xce, 0xeb, 0xfa, 0x3f, 0xd7, 0xe8, 0x8d, 0xa7, 0x49, 0x2e, 0x8a, 0xe7, 0xd5, 0x10, - 0x63, 0x59, 0x1c, 0x89, 0x34, 0xc2, 0x0f, 0x15, 0x6a, 0xe3, 0xbf, 0xa5, 0x5b, 0x36, 0x5e, 0x02, - 0x06, 0x3a, 0xe4, 0x36, 0xb9, 0x73, 0xed, 0xc1, 0x7d, 0x3e, 0xa7, 0xf0, 0x65, 0x4a, 0x7b, 0x63, - 0x76, 0x9a, 0x8f, 0x07, 0xfc, 0xc5, 0xf0, 0x1d, 0xc6, 0xe6, 0x00, 0x0d, 0x84, 0xfe, 0x64, 0xda, - 0xf3, 0xea, 0x69, 0x8f, 0xb6, 0xdf, 0xa2, 0x33, 0x57, 0xff, 0x13, 0xdd, 0xd0, 0x0a, 0xe3, 0xce, - 0x9a, 0x73, 0x7f, 0xc5, 0xff, 0x6b, 0x31, 0xfc, 0xe2, 0xdf, 0x38, 0x54, 0x18, 0x87, 0xdb, 0x4d, - 0x8c, 0x0d, 0xdb, 0x45, 0x0e, 0xea, 0x7f, 0x21, 0x74, 0x53, 0x1b, 0x30, 0x95, 0xee, 0xac, 0x3b, - 0xfe, 0x9b, 0xab, 0xe1, 0x3b, 0x44, 0xb8, 0xd3, 0x24, 0xd8, 0x9c, 0xf7, 0x51, 0x83, 0xee, 0x03, - 0xed, 0x5e, 0x9e, 0xdb, 0x7f, 0x46, 0x77, 0xf1, 0xa3, 0x12, 0xa5, 0x23, 0x1d, 0xda, 0x81, 0x44, - 0xbb, 0x5d, 0xac, 0x87, 0xd7, 0xeb, 0x69, 0x6f, 0x77, 0xff, 0xfc, 0x61, 0xb4, 0x3a, 0xdf, 0xff, - 0x46, 0xe8, 0xad, 0x3f, 0x65, 0xf3, 0x39, 0xa5, 0xa3, 0xb3, 0x23, 0x67, 0xbf, 0x1d, 0xee, 0xd8, - 0xa5, 0x2d, 0x09, 0x96, 0x26, 0xfc, 0x63, 0xba, 0xd7, 0x52, 0x5e, 0x8a, 0x1c, 0xb5, 0x81, 0x5c, - 0x35, 0x5b, 0xbc, 0xfb, 0x6f, 0x6f, 0xc4, 0xca, 0xc2, 0x9b, 0xcd, 0xa5, 0xec, 0xed, 0xaf, 0xda, - 0x45, 0x17, 0x31, 0x42, 0x3e, 0x99, 0x31, 0xef, 0x64, 0xc6, 0xbc, 0xd3, 0x19, 0xf3, 0x3e, 0xd7, - 0x8c, 0x4c, 0x6a, 0x46, 0x4e, 0x6a, 0x46, 0x4e, 0x6b, 0x46, 0xbe, 0xd7, 0x8c, 0x7c, 0xfd, 0xc1, - 0xbc, 0xd7, 0x5b, 0x8b, 0x9d, 0xfc, 0x0a, 0x00, 0x00, 0xff, 0xff, 0xfc, 0x8b, 0x17, 0xae, 0x3b, - 0x04, 0x00, 0x00, -} - -func (m *AdminKubeconfigRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdminKubeconfigRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdminKubeconfigRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - { - size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - { - size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - { - size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *AdminKubeconfigRequestSpec) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdminKubeconfigRequestSpec) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdminKubeconfigRequestSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.ExpirationSeconds != nil { - i = encodeVarintGenerated(dAtA, i, uint64(*m.ExpirationSeconds)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *AdminKubeconfigRequestStatus) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdminKubeconfigRequestStatus) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdminKubeconfigRequestStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - { - size, err := m.ExpirationTimestamp.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - if m.Kubeconfig != nil { - i -= len(m.Kubeconfig) - copy(dAtA[i:], m.Kubeconfig) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Kubeconfig))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { - offset -= sovGenerated(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *AdminKubeconfigRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = m.ObjectMeta.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.Spec.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.Status.Size() - n += 1 + l + sovGenerated(uint64(l)) - return n -} - -func (m *AdminKubeconfigRequestSpec) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.ExpirationSeconds != nil { - n += 1 + sovGenerated(uint64(*m.ExpirationSeconds)) - } - return n -} - -func (m *AdminKubeconfigRequestStatus) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Kubeconfig != nil { - l = len(m.Kubeconfig) - n += 1 + l + sovGenerated(uint64(l)) - } - l = m.ExpirationTimestamp.Size() - n += 1 + l + sovGenerated(uint64(l)) - return n -} - -func sovGenerated(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozGenerated(x uint64) (n int) { - return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (this *AdminKubeconfigRequest) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&AdminKubeconfigRequest{`, - `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, - `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "AdminKubeconfigRequestSpec", "AdminKubeconfigRequestSpec", 1), `&`, ``, 1) + `,`, - `Status:` + strings.Replace(strings.Replace(this.Status.String(), "AdminKubeconfigRequestStatus", "AdminKubeconfigRequestStatus", 1), `&`, ``, 1) + `,`, - `}`, - }, "") - return s -} -func (this *AdminKubeconfigRequestSpec) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&AdminKubeconfigRequestSpec{`, - `ExpirationSeconds:` + valueToStringGenerated(this.ExpirationSeconds) + `,`, - `}`, - }, "") - return s -} -func (this *AdminKubeconfigRequestStatus) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&AdminKubeconfigRequestStatus{`, - `Kubeconfig:` + valueToStringGenerated(this.Kubeconfig) + `,`, - `ExpirationTimestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ExpirationTimestamp), "Time", "v1.Time", 1), `&`, ``, 1) + `,`, - `}`, - }, "") - return s -} -func valueToStringGenerated(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" - } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) -} -func (m *AdminKubeconfigRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdminKubeconfigRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdminKubeconfigRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AdminKubeconfigRequestSpec) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdminKubeconfigRequestSpec: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdminKubeconfigRequestSpec: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ExpirationSeconds", wireType) - } - var v int64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int64(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.ExpirationSeconds = &v - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AdminKubeconfigRequestStatus) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdminKubeconfigRequestStatus: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdminKubeconfigRequestStatus: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kubeconfig", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Kubeconfig = append(m.Kubeconfig[:0], dAtA[iNdEx:postIndex]...) - if m.Kubeconfig == nil { - m.Kubeconfig = []byte{} - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExpirationTimestamp", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ExpirationTimestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipGenerated(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthGenerated - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupGenerated - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") -) diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.proto b/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.proto deleted file mode 100644 index e0d4340eb..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/generated.proto +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file was autogenerated by go-to-protobuf. Do not edit it manually! - -syntax = "proto2"; - -package github.com.gardener.gardener.pkg.apis.authentication.v1alpha1; - -import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; - -// Package-wide variables from generator "generated". -option go_package = "v1alpha1"; - -// AdminKubeconfigRequest can be used to request a kubeconfig with admin credentials -// for a Shoot cluster. -message AdminKubeconfigRequest { - // Standard object metadata. - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; - - // Spec is the specification of the AdminKubeconfigRequest. - optional AdminKubeconfigRequestSpec spec = 2; - - // Status is the status of the AdminKubeconfigRequest. - optional AdminKubeconfigRequestStatus status = 3; -} - -// AdminKubeconfigRequestSpec contains the expiration time of the kubeconfig. -message AdminKubeconfigRequestSpec { - // ExpirationSeconds is the requested validity duration of the credential. The - // credential issuer may return a credential with a different validity duration so a - // client needs to check the 'expirationTimestamp' field in a response. - // Defaults to 1 hour. - // +optional - optional int64 expirationSeconds = 1; -} - -// AdminKubeconfigRequestStatus is the status of the AdminKubeconfigRequest containing -// the kubeconfig and expiration of the credential. -message AdminKubeconfigRequestStatus { - // Kubeconfig contains the kubeconfig with cluster-admin privileges for the shoot cluster. - optional bytes kubeconfig = 1; - - // ExpirationTimestamp is the expiration timestamp of the returned credential. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2; -} - diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go b/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go deleted file mode 100644 index a8432778b..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// AdminKubeconfigRequest can be used to request a kubeconfig with admin credentials -// for a Shoot cluster. -type AdminKubeconfigRequest struct { - metav1.TypeMeta `json:",inline"` - // Standard object metadata. - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - // Spec is the specification of the AdminKubeconfigRequest. - Spec AdminKubeconfigRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` - // Status is the status of the AdminKubeconfigRequest. - Status AdminKubeconfigRequestStatus `json:"status" protobuf:"bytes,3,opt,name=status"` -} - -// AdminKubeconfigRequestStatus is the status of the AdminKubeconfigRequest containing -// the kubeconfig and expiration of the credential. -type AdminKubeconfigRequestStatus struct { - // Kubeconfig contains the kubeconfig with cluster-admin privileges for the shoot cluster. - Kubeconfig []byte `json:"kubeconfig" protobuf:"bytes,1,name=kubeconfig"` - // ExpirationTimestamp is the expiration timestamp of the returned credential. - ExpirationTimestamp metav1.Time `json:"expirationTimestamp" protobuf:"bytes,2,name=expirationTimestamp"` -} - -// AdminKubeconfigRequestSpec contains the expiration time of the kubeconfig. -type AdminKubeconfigRequestSpec struct { - // ExpirationSeconds is the requested validity duration of the credential. The - // credential issuer may return a credential with a different validity duration so a - // client needs to check the 'expirationTimestamp' field in a response. - // Defaults to 1 hour. - // +optional - ExpirationSeconds *int64 `json:"expirationSeconds,omitempty" protobuf:"varint,1,opt,name=expirationSeconds"` -} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go b/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index c6fb10c45..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,148 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - authentication "github.com/gardener/gardener/pkg/apis/authentication" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*AdminKubeconfigRequest)(nil), (*authentication.AdminKubeconfigRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AdminKubeconfigRequest_To_authentication_AdminKubeconfigRequest(a.(*AdminKubeconfigRequest), b.(*authentication.AdminKubeconfigRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.AdminKubeconfigRequest)(nil), (*AdminKubeconfigRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_AdminKubeconfigRequest_To_v1alpha1_AdminKubeconfigRequest(a.(*authentication.AdminKubeconfigRequest), b.(*AdminKubeconfigRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*AdminKubeconfigRequestSpec)(nil), (*authentication.AdminKubeconfigRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AdminKubeconfigRequestSpec_To_authentication_AdminKubeconfigRequestSpec(a.(*AdminKubeconfigRequestSpec), b.(*authentication.AdminKubeconfigRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.AdminKubeconfigRequestSpec)(nil), (*AdminKubeconfigRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_AdminKubeconfigRequestSpec_To_v1alpha1_AdminKubeconfigRequestSpec(a.(*authentication.AdminKubeconfigRequestSpec), b.(*AdminKubeconfigRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*AdminKubeconfigRequestStatus)(nil), (*authentication.AdminKubeconfigRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AdminKubeconfigRequestStatus_To_authentication_AdminKubeconfigRequestStatus(a.(*AdminKubeconfigRequestStatus), b.(*authentication.AdminKubeconfigRequestStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.AdminKubeconfigRequestStatus)(nil), (*AdminKubeconfigRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_AdminKubeconfigRequestStatus_To_v1alpha1_AdminKubeconfigRequestStatus(a.(*authentication.AdminKubeconfigRequestStatus), b.(*AdminKubeconfigRequestStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_AdminKubeconfigRequest_To_authentication_AdminKubeconfigRequest(in *AdminKubeconfigRequest, out *authentication.AdminKubeconfigRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_AdminKubeconfigRequestSpec_To_authentication_AdminKubeconfigRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_AdminKubeconfigRequestStatus_To_authentication_AdminKubeconfigRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_AdminKubeconfigRequest_To_authentication_AdminKubeconfigRequest is an autogenerated conversion function. -func Convert_v1alpha1_AdminKubeconfigRequest_To_authentication_AdminKubeconfigRequest(in *AdminKubeconfigRequest, out *authentication.AdminKubeconfigRequest, s conversion.Scope) error { - return autoConvert_v1alpha1_AdminKubeconfigRequest_To_authentication_AdminKubeconfigRequest(in, out, s) -} - -func autoConvert_authentication_AdminKubeconfigRequest_To_v1alpha1_AdminKubeconfigRequest(in *authentication.AdminKubeconfigRequest, out *AdminKubeconfigRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authentication_AdminKubeconfigRequestSpec_To_v1alpha1_AdminKubeconfigRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authentication_AdminKubeconfigRequestStatus_To_v1alpha1_AdminKubeconfigRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authentication_AdminKubeconfigRequest_To_v1alpha1_AdminKubeconfigRequest is an autogenerated conversion function. -func Convert_authentication_AdminKubeconfigRequest_To_v1alpha1_AdminKubeconfigRequest(in *authentication.AdminKubeconfigRequest, out *AdminKubeconfigRequest, s conversion.Scope) error { - return autoConvert_authentication_AdminKubeconfigRequest_To_v1alpha1_AdminKubeconfigRequest(in, out, s) -} - -func autoConvert_v1alpha1_AdminKubeconfigRequestSpec_To_authentication_AdminKubeconfigRequestSpec(in *AdminKubeconfigRequestSpec, out *authentication.AdminKubeconfigRequestSpec, s conversion.Scope) error { - if err := v1.Convert_Pointer_int64_To_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_AdminKubeconfigRequestSpec_To_authentication_AdminKubeconfigRequestSpec is an autogenerated conversion function. -func Convert_v1alpha1_AdminKubeconfigRequestSpec_To_authentication_AdminKubeconfigRequestSpec(in *AdminKubeconfigRequestSpec, out *authentication.AdminKubeconfigRequestSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_AdminKubeconfigRequestSpec_To_authentication_AdminKubeconfigRequestSpec(in, out, s) -} - -func autoConvert_authentication_AdminKubeconfigRequestSpec_To_v1alpha1_AdminKubeconfigRequestSpec(in *authentication.AdminKubeconfigRequestSpec, out *AdminKubeconfigRequestSpec, s conversion.Scope) error { - if err := v1.Convert_int64_To_Pointer_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil { - return err - } - return nil -} - -// Convert_authentication_AdminKubeconfigRequestSpec_To_v1alpha1_AdminKubeconfigRequestSpec is an autogenerated conversion function. -func Convert_authentication_AdminKubeconfigRequestSpec_To_v1alpha1_AdminKubeconfigRequestSpec(in *authentication.AdminKubeconfigRequestSpec, out *AdminKubeconfigRequestSpec, s conversion.Scope) error { - return autoConvert_authentication_AdminKubeconfigRequestSpec_To_v1alpha1_AdminKubeconfigRequestSpec(in, out, s) -} - -func autoConvert_v1alpha1_AdminKubeconfigRequestStatus_To_authentication_AdminKubeconfigRequestStatus(in *AdminKubeconfigRequestStatus, out *authentication.AdminKubeconfigRequestStatus, s conversion.Scope) error { - out.Kubeconfig = *(*[]byte)(unsafe.Pointer(&in.Kubeconfig)) - out.ExpirationTimestamp = in.ExpirationTimestamp - return nil -} - -// Convert_v1alpha1_AdminKubeconfigRequestStatus_To_authentication_AdminKubeconfigRequestStatus is an autogenerated conversion function. -func Convert_v1alpha1_AdminKubeconfigRequestStatus_To_authentication_AdminKubeconfigRequestStatus(in *AdminKubeconfigRequestStatus, out *authentication.AdminKubeconfigRequestStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_AdminKubeconfigRequestStatus_To_authentication_AdminKubeconfigRequestStatus(in, out, s) -} - -func autoConvert_authentication_AdminKubeconfigRequestStatus_To_v1alpha1_AdminKubeconfigRequestStatus(in *authentication.AdminKubeconfigRequestStatus, out *AdminKubeconfigRequestStatus, s conversion.Scope) error { - out.Kubeconfig = *(*[]byte)(unsafe.Pointer(&in.Kubeconfig)) - out.ExpirationTimestamp = in.ExpirationTimestamp - return nil -} - -// Convert_authentication_AdminKubeconfigRequestStatus_To_v1alpha1_AdminKubeconfigRequestStatus is an autogenerated conversion function. -func Convert_authentication_AdminKubeconfigRequestStatus_To_v1alpha1_AdminKubeconfigRequestStatus(in *authentication.AdminKubeconfigRequestStatus, out *AdminKubeconfigRequestStatus, s conversion.Scope) error { - return autoConvert_authentication_AdminKubeconfigRequestStatus_To_v1alpha1_AdminKubeconfigRequestStatus(in, out, s) -} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index c1f4c0e9f..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,96 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdminKubeconfigRequest) DeepCopyInto(out *AdminKubeconfigRequest) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminKubeconfigRequest. -func (in *AdminKubeconfigRequest) DeepCopy() *AdminKubeconfigRequest { - if in == nil { - return nil - } - out := new(AdminKubeconfigRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdminKubeconfigRequest) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdminKubeconfigRequestSpec) DeepCopyInto(out *AdminKubeconfigRequestSpec) { - *out = *in - if in.ExpirationSeconds != nil { - in, out := &in.ExpirationSeconds, &out.ExpirationSeconds - *out = new(int64) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminKubeconfigRequestSpec. -func (in *AdminKubeconfigRequestSpec) DeepCopy() *AdminKubeconfigRequestSpec { - if in == nil { - return nil - } - out := new(AdminKubeconfigRequestSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdminKubeconfigRequestStatus) DeepCopyInto(out *AdminKubeconfigRequestStatus) { - *out = *in - if in.Kubeconfig != nil { - in, out := &in.Kubeconfig, &out.Kubeconfig - *out = make([]byte, len(*in)) - copy(*out, *in) - } - in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminKubeconfigRequestStatus. -func (in *AdminKubeconfigRequestStatus) DeepCopy() *AdminKubeconfigRequestStatus { - if in == nil { - return nil - } - out := new(AdminKubeconfigRequestStatus) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/authentication/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/apis/authentication/zz_generated.deepcopy.go deleted file mode 100644 index a6eddc4f9..000000000 --- a/vendor/github.com/gardener/gardener/pkg/apis/authentication/zz_generated.deepcopy.go +++ /dev/null @@ -1,91 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package authentication - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdminKubeconfigRequest) DeepCopyInto(out *AdminKubeconfigRequest) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminKubeconfigRequest. -func (in *AdminKubeconfigRequest) DeepCopy() *AdminKubeconfigRequest { - if in == nil { - return nil - } - out := new(AdminKubeconfigRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdminKubeconfigRequest) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdminKubeconfigRequestSpec) DeepCopyInto(out *AdminKubeconfigRequestSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminKubeconfigRequestSpec. -func (in *AdminKubeconfigRequestSpec) DeepCopy() *AdminKubeconfigRequestSpec { - if in == nil { - return nil - } - out := new(AdminKubeconfigRequestSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdminKubeconfigRequestStatus) DeepCopyInto(out *AdminKubeconfigRequestStatus) { - *out = *in - if in.Kubeconfig != nil { - in, out := &in.Kubeconfig, &out.Kubeconfig - *out = make([]byte, len(*in)) - copy(*out, *in) - } - in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminKubeconfigRequestStatus. -func (in *AdminKubeconfigRequestStatus) DeepCopy() *AdminKubeconfigRequestStatus { - if in == nil { - return nil - } - out := new(AdminKubeconfigRequestStatus) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/helper/helpers.go b/vendor/github.com/gardener/gardener/pkg/apis/core/helper/helpers.go index 8e6a7c56c..aed056178 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/helper/helpers.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/helper/helpers.go @@ -26,6 +26,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/utils/pointer" ) // GetConditionIndex returns the index of the condition with the given out of the list of . @@ -369,3 +370,25 @@ func ConvertSeedExternal(obj runtime.Object) (*gardencorev1beta1.Seed, error) { } return result, nil } + +// CalculateSeedUsage returns a map representing the number of shoots per seed from the given list of shoots. +// It takes both spec.seedName and status.seedName into account. +func CalculateSeedUsage(shootList []*core.Shoot) map[string]int { + m := map[string]int{} + + for _, shoot := range shootList { + var ( + specSeed = pointer.StringDeref(shoot.Spec.SeedName, "") + statusSeed = pointer.StringDeref(shoot.Status.SeedName, "") + ) + + if specSeed != "" { + m[specSeed]++ + } + if statusSeed != "" && specSeed != statusSeed { + m[statusSeed]++ + } + } + + return m +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/install/install.go b/vendor/github.com/gardener/gardener/pkg/apis/core/install/install.go index 6b7215442..36b903170 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/install/install.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/install/install.go @@ -23,6 +23,15 @@ import ( utilruntime "k8s.io/apimachinery/pkg/util/runtime" ) +var ( + localSchemeBuilder = runtime.SchemeBuilder{ + v1alpha1.AddToScheme, + v1beta1.AddToScheme, + } + // AddToScheme adds all versioned API types to the given scheme. + AddToScheme = localSchemeBuilder.AddToScheme +) + // Install registers the API group and adds types to a scheme. func Install(scheme *runtime.Scheme) { utilruntime.Must(core.AddToScheme(scheme)) diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/types_cloudprofile.go b/vendor/github.com/gardener/gardener/pkg/apis/core/types_cloudprofile.go index 3eccfe869..8e6c87d9d 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/types_cloudprofile.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/types_cloudprofile.go @@ -187,7 +187,7 @@ const ( VolumeClassPremium string = "premium" ) -// VersionClassification is the logical state of a version according to https://github.com/gardener/gardener/blob/master/docs/operations/versioning.md +// VersionClassification is the logical state of a version. type VersionClassification string const ( @@ -195,7 +195,7 @@ const ( // ClassificationPreview versions will not be considered for automatic Kubernetes and Machine Image patch version updates. ClassificationPreview VersionClassification = "preview" // ClassificationSupported indicates that a patch version is the recommended version for a shoot. - // Using VersionMaintenance (see: https://github.com/gardener/gardener/docs/operation/versioning.md) there is one supported version per maintained minor version. + // Only one "supported" version is allowed per minor version. // Supported versions are eligible for the automated Kubernetes and Machine image patch version update for shoot clusters in Gardener. ClassificationSupported VersionClassification = "supported" // ClassificationDeprecated indicates that a patch version should not be used anymore, should be updated to a new version diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/types_quota.go b/vendor/github.com/gardener/gardener/pkg/apis/core/types_quota.go index bf9e0a976..5080e1252 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/types_quota.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/types_quota.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret. type Quota struct { metav1.TypeMeta // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/types_secretbinding.go b/vendor/github.com/gardener/gardener/pkg/apis/core/types_secretbinding.go index 9732d385a..cb66ce201 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/types_secretbinding.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/types_secretbinding.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// SecretBinding represents a binding to a secret in the same or another namespace. type SecretBinding struct { metav1.TypeMeta // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go index 9c6917598..d42563b9d 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go @@ -29,6 +29,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Shoot represents a Shoot cluster created and managed by Gardener. type Shoot struct { metav1.TypeMeta // Standard object metadata. @@ -225,10 +226,11 @@ type DNSProvider struct { Zones *DNSIncludeExclude } +// DNSIncludeExclude contains information about which domains shall be included/excluded. type DNSIncludeExclude struct { - // Include is a list of resources that shall be included. + // Include is a list of domains that shall be included. Include []string - // Exclude is a list of resources that shall be excluded. + // Exclude is a list of domains that shall be excluded. Exclude []string } @@ -331,6 +333,8 @@ type ClusterAutoscaler struct { Expander *ExpanderMode // MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins). MaxNodeProvisionTime *metav1.Duration + // MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600). + MaxGracefulTerminationSeconds *int32 } // ExpanderMode is type used for Expander values @@ -441,6 +445,15 @@ type ServiceAccountConfig struct { // service account token issuer. The issuer will sign issued ID tokens with this private key. // Only useful if service account tokens are also issued by another external system. SigningKeySecret *corev1.LocalObjectReference + // ExtendTokenExpiration turns on projected service account expiration extension during token generation, which + // helps safe transition from legacy token to bound service account token feature. If this flag is enabled, + // admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, + // ignoring value of service-account-max-token-expiration. + ExtendTokenExpiration *bool + // MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an + // otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued + // with a validity duration of this value. + MaxTokenExpiration *metav1.Duration } // AuditConfig contains settings for audit of the api server @@ -934,8 +947,10 @@ type CRI struct { type CRIName string const ( + // CRINameContainerD is a constant for ContainerD CRI name. CRINameContainerD CRIName = "containerd" - CRINameDocker CRIName = "docker" + // CRINameDocker is a constant for Docker CRI name. + CRINameDocker CRIName = "docker" ) // ContainerRuntime contains information about worker's available container runtime diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/conversions.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/conversions.go index 48dce7b58..07a81b1c9 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/conversions.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/conversions.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//nolint:revive package v1alpha1 import ( diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/defaults.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/defaults.go index f8b7ba1dd..56f76e026 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/defaults.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/defaults.go @@ -348,6 +348,9 @@ func SetDefaults_ClusterAutoscaler(obj *ClusterAutoscaler) { if obj.MaxNodeProvisionTime == nil { obj.MaxNodeProvisionTime = &metav1.Duration{Duration: 20 * time.Minute} } + if obj.MaxGracefulTerminationSeconds == nil { + obj.MaxGracefulTerminationSeconds = pointer.Int32(600) + } } // SetDefaults_NginxIngress sets default values for NginxIngress objects. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.pb.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.pb.go index 7f2daeb8f..ece7c4033 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.pb.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.pb.go @@ -4336,606 +4336,611 @@ func init() { } var fileDescriptor_f1caaec5647a9dbf = []byte{ - // 9576 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x7d, 0x6d, 0x6c, 0x24, 0xc9, - 0x75, 0x98, 0x7a, 0xc8, 0x21, 0x87, 0x6f, 0x48, 0x2e, 0x59, 0xfb, 0x71, 0xbc, 0xbd, 0xbd, 0xe5, - 0xaa, 0xa5, 0x53, 0xee, 0x22, 0x99, 0xeb, 0xd3, 0x87, 0x75, 0x77, 0xba, 0x3b, 0x1d, 0x67, 0x86, - 0xbb, 0x3b, 0xda, 0xe5, 0x2e, 0xaf, 0x66, 0x79, 0xa7, 0x93, 0x0c, 0x9d, 0x9a, 0xdd, 0xc5, 0x61, - 0x1f, 0x7b, 0xba, 0xe7, 0xba, 0x7b, 0xb8, 0xe4, 0x9e, 0x12, 0x29, 0x67, 0x4b, 0x8e, 0x2d, 0x24, - 0x48, 0x60, 0x07, 0x0a, 0x24, 0x41, 0xfe, 0x40, 0x10, 0x38, 0xc8, 0x87, 0x1c, 0x07, 0x51, 0xa0, - 0x24, 0x70, 0x00, 0xfb, 0x87, 0x05, 0x39, 0x50, 0x8c, 0x7c, 0x18, 0x8a, 0x61, 0x53, 0x11, 0x13, - 0x24, 0x4e, 0xe2, 0xfc, 0x08, 0x8c, 0xfc, 0x59, 0x38, 0x41, 0x50, 0x1f, 0x5d, 0x5d, 0xdd, 0xd3, - 0x4d, 0x0e, 0xbb, 0x77, 0x79, 0xb7, 0xbf, 0xc8, 0xa9, 0x7a, 0xfd, 0x5e, 0x7d, 0xbe, 0x7a, 0xef, - 0xd5, 0xab, 0xf7, 0xa0, 0xd9, 0xb5, 0xc3, 0xad, 0xc1, 0xc6, 0x92, 0xe9, 0xf5, 0x2e, 0x77, 0x0d, - 0xdf, 0x22, 0x2e, 0xf1, 0xe3, 0x7f, 0xfa, 0xdb, 0xdd, 0xcb, 0x46, 0xdf, 0x0e, 0x2e, 0x9b, 0x9e, - 0x4f, 0x2e, 0xef, 0x3c, 0x6d, 0x38, 0xfd, 0x2d, 0xe3, 0xe9, 0xcb, 0x5d, 0x5a, 0x69, 0x84, 0xc4, - 0x5a, 0xea, 0xfb, 0x5e, 0xe8, 0xa1, 0x8f, 0xc4, 0x48, 0x96, 0xa2, 0x6f, 0xe3, 0x7f, 0xfa, 0xdb, - 0xdd, 0x25, 0x8a, 0x64, 0x89, 0x22, 0x59, 0x8a, 0x90, 0x9c, 0x6f, 0x1c, 0x8b, 0xf2, 0x06, 0x09, - 0x87, 0x09, 0x9f, 0xff, 0x09, 0x15, 0x87, 0xd7, 0xf5, 0x2e, 0xb3, 0xe2, 0x8d, 0xc1, 0x26, 0xfb, - 0xc5, 0x7e, 0xb0, 0xff, 0x04, 0xf8, 0x53, 0xdb, 0xcf, 0x04, 0x4b, 0xb6, 0x47, 0x11, 0x5f, 0x36, - 0x06, 0xa1, 0x17, 0x98, 0x86, 0x63, 0xbb, 0xdd, 0xcb, 0x3b, 0xc3, 0x98, 0x75, 0x05, 0x54, 0x34, - 0xe1, 0x50, 0x18, 0x7f, 0xc3, 0x30, 0xb3, 0x60, 0x3e, 0x1a, 0xc3, 0xf4, 0x0c, 0x73, 0xcb, 0x76, - 0x89, 0xbf, 0x17, 0x75, 0xee, 0xb2, 0x4f, 0x02, 0x6f, 0xe0, 0x9b, 0xe4, 0x58, 0x5f, 0x05, 0x97, - 0x7b, 0x24, 0x34, 0xb2, 0x68, 0x5d, 0xce, 0xfb, 0xca, 0x1f, 0xb8, 0xa1, 0xdd, 0x1b, 0x26, 0xf3, - 0x53, 0x47, 0x7d, 0x10, 0x98, 0x5b, 0xa4, 0x67, 0x0c, 0x7d, 0xf7, 0x91, 0xbc, 0xef, 0x06, 0xa1, - 0xed, 0x5c, 0xb6, 0xdd, 0x30, 0x08, 0xfd, 0xf4, 0x47, 0xfa, 0x87, 0xa1, 0xba, 0x6c, 0x59, 0x9e, - 0x8b, 0x9e, 0x82, 0x49, 0xe2, 0x1a, 0x1b, 0x0e, 0xb1, 0x16, 0xb4, 0x4b, 0xda, 0x93, 0xb5, 0xc6, - 0xa9, 0xef, 0xed, 0x2f, 0xbe, 0xe7, 0x60, 0x7f, 0x71, 0x72, 0x85, 0x17, 0xe3, 0xa8, 0x5e, 0xff, - 0x5a, 0x05, 0x26, 0xd8, 0x47, 0x01, 0xfa, 0x45, 0x0d, 0x4e, 0x6f, 0x0f, 0x36, 0x88, 0xef, 0x92, - 0x90, 0x04, 0x2d, 0x23, 0xd8, 0xda, 0xf0, 0x0c, 0x9f, 0xa3, 0xa8, 0x7f, 0xf8, 0xda, 0x52, 0x81, - 0x25, 0xb8, 0x74, 0x7d, 0x18, 0x5f, 0xe3, 0x91, 0x83, 0xfd, 0xc5, 0xd3, 0x19, 0x15, 0x38, 0x8b, - 0x3a, 0xba, 0x03, 0xd3, 0x6e, 0xd7, 0x76, 0x77, 0xdb, 0x6e, 0xd7, 0x27, 0x41, 0xb0, 0x50, 0x61, - 0xad, 0x59, 0x2e, 0xd4, 0x9a, 0x9b, 0x0a, 0xa2, 0xc6, 0xdc, 0xc1, 0xfe, 0xe2, 0xb4, 0x5a, 0x82, - 0x13, 0x84, 0xf4, 0xaf, 0x68, 0x70, 0x6a, 0xd9, 0xea, 0xd9, 0x41, 0x60, 0x7b, 0xee, 0x9a, 0x33, - 0xe8, 0xda, 0x2e, 0xba, 0x04, 0xe3, 0xae, 0xd1, 0x23, 0x6c, 0x48, 0xa6, 0x1a, 0xd3, 0x62, 0x54, - 0xc7, 0x6f, 0x1a, 0x3d, 0x82, 0x59, 0x0d, 0x7a, 0x19, 0x26, 0x4c, 0xcf, 0xdd, 0xb4, 0xbb, 0xa2, - 0xa1, 0x3f, 0xb1, 0xc4, 0x67, 0x72, 0x49, 0x9d, 0x49, 0xd6, 0x3e, 0xb1, 0x02, 0x96, 0xb0, 0x71, - 0x67, 0x65, 0x37, 0x24, 0x2e, 0x25, 0xd3, 0x80, 0x83, 0xfd, 0xc5, 0x89, 0x26, 0x43, 0x80, 0x05, - 0x22, 0xfd, 0x0a, 0xd4, 0x96, 0x1d, 0xe2, 0x87, 0xb6, 0xdb, 0x45, 0xcf, 0xc1, 0x2c, 0xe9, 0x19, - 0xb6, 0x83, 0x89, 0x49, 0xec, 0x1d, 0xe2, 0x07, 0x0b, 0xda, 0xa5, 0xb1, 0x27, 0xa7, 0x1a, 0xe8, - 0x60, 0x7f, 0x71, 0x76, 0x25, 0x51, 0x83, 0x53, 0x90, 0xfa, 0xdb, 0x1a, 0xd4, 0x97, 0x07, 0x96, - 0x1d, 0x72, 0xfc, 0x28, 0x80, 0xba, 0x41, 0x7f, 0xae, 0x79, 0x8e, 0x6d, 0xee, 0x89, 0x69, 0x7e, - 0xa9, 0xd0, 0xc0, 0x2e, 0xc7, 0x78, 0x1a, 0xa7, 0x0e, 0xf6, 0x17, 0xeb, 0x4a, 0x01, 0x56, 0xa9, - 0xe8, 0x5b, 0xa0, 0xd6, 0xa1, 0xd7, 0x60, 0x9a, 0xf7, 0x72, 0xd5, 0xe8, 0x63, 0xb2, 0x29, 0x1a, - 0xf1, 0x3e, 0x65, 0xd0, 0x22, 0x4a, 0x4b, 0xb7, 0x36, 0xde, 0x20, 0x66, 0x88, 0xc9, 0x26, 0xf1, - 0x89, 0x6b, 0x12, 0x3e, 0x7f, 0x4d, 0xe5, 0x63, 0x9c, 0x40, 0xa5, 0xff, 0x48, 0x83, 0xb9, 0xe5, - 0x1d, 0xc3, 0x76, 0x8c, 0x0d, 0xdb, 0xb1, 0xc3, 0xbd, 0xcf, 0x78, 0x2e, 0x19, 0x61, 0x02, 0xd7, - 0xe1, 0x91, 0x81, 0x6b, 0xf0, 0xef, 0x1c, 0xb2, 0xca, 0xa7, 0xec, 0xf6, 0x5e, 0x9f, 0xd0, 0xa5, - 0x47, 0x87, 0xfa, 0xb1, 0x83, 0xfd, 0xc5, 0x47, 0xd6, 0xb3, 0x41, 0x70, 0xde, 0xb7, 0x08, 0xc3, - 0x39, 0xa5, 0xea, 0x15, 0xcf, 0x19, 0xf4, 0x04, 0xd6, 0x31, 0x86, 0xf5, 0xfc, 0xc1, 0xfe, 0xe2, - 0xb9, 0xf5, 0x4c, 0x08, 0x9c, 0xf3, 0xa5, 0xfe, 0xfd, 0x0a, 0x4c, 0x37, 0x0c, 0x73, 0x7b, 0xd0, - 0x6f, 0x0c, 0xcc, 0x6d, 0x12, 0xa2, 0xcf, 0x43, 0x8d, 0x72, 0x2e, 0xcb, 0x08, 0x0d, 0x31, 0x92, - 0x3f, 0x99, 0xbb, 0xfc, 0xd8, 0x2c, 0x52, 0xe8, 0x78, 0x6c, 0x57, 0x49, 0x68, 0x34, 0x90, 0x18, - 0x13, 0x88, 0xcb, 0xb0, 0xc4, 0x8a, 0xba, 0x30, 0x1e, 0xf4, 0x89, 0x29, 0x16, 0xf7, 0x4a, 0xa1, - 0xc5, 0xa2, 0x36, 0xb9, 0xd3, 0x27, 0x66, 0x3c, 0x0d, 0xf4, 0x17, 0x66, 0x04, 0x90, 0x07, 0x13, - 0x41, 0x68, 0x84, 0x03, 0x3a, 0x3e, 0x94, 0xd4, 0xd5, 0xf2, 0xa4, 0x18, 0xba, 0xc6, 0xac, 0x20, - 0x36, 0xc1, 0x7f, 0x63, 0x41, 0x46, 0xff, 0xa1, 0x06, 0x73, 0x2a, 0xf8, 0x0d, 0x3b, 0x08, 0xd1, - 0x4f, 0x0f, 0x0d, 0xe8, 0xd2, 0x68, 0x03, 0x4a, 0xbf, 0x66, 0xc3, 0x39, 0x27, 0xc8, 0xd5, 0xa2, - 0x12, 0x65, 0x30, 0x37, 0xa1, 0x6a, 0x87, 0xa4, 0xc7, 0x17, 0x56, 0x51, 0x9e, 0xa6, 0xb6, 0xb9, - 0x31, 0x23, 0xa8, 0x55, 0xdb, 0x14, 0x2f, 0xe6, 0xe8, 0xf5, 0xcf, 0xc3, 0x19, 0x15, 0x6a, 0xcd, - 0xf7, 0x76, 0x6c, 0x8b, 0xf8, 0x74, 0x33, 0x84, 0x7b, 0xfd, 0xa1, 0xcd, 0x40, 0x17, 0x17, 0x66, - 0x35, 0xe8, 0x03, 0x30, 0xe1, 0x93, 0xae, 0xed, 0xb9, 0x6c, 0xc2, 0xa7, 0xe2, 0xc1, 0xc3, 0xac, - 0x14, 0x8b, 0x5a, 0xfd, 0x7f, 0x54, 0x92, 0x83, 0x47, 0x27, 0x12, 0xdd, 0x81, 0x5a, 0x5f, 0x90, - 0x12, 0x83, 0xd7, 0x2e, 0xdd, 0xc3, 0xa8, 0xed, 0xf1, 0xb8, 0x46, 0x25, 0x58, 0x12, 0x43, 0x36, - 0xcc, 0x46, 0xff, 0x37, 0x4b, 0xf0, 0x62, 0xc6, 0x53, 0xd7, 0x12, 0x88, 0x70, 0x0a, 0x31, 0xba, - 0x0d, 0x53, 0x01, 0x31, 0x7d, 0x42, 0xf9, 0x92, 0x58, 0xa9, 0x99, 0xcc, 0xab, 0x13, 0x01, 0x09, - 0xe6, 0x35, 0x2f, 0x9a, 0x3f, 0x25, 0x2b, 0x70, 0x8c, 0x08, 0x5d, 0x80, 0xf1, 0x80, 0x10, 0x6b, - 0x61, 0x9c, 0x0d, 0x7a, 0x8d, 0x6d, 0x0d, 0x42, 0x2c, 0xcc, 0x4a, 0xf5, 0x5f, 0x1b, 0x07, 0x34, - 0xbc, 0xb0, 0xd5, 0x5e, 0xf3, 0x12, 0x31, 0xe8, 0x65, 0x7a, 0x2d, 0xf6, 0x48, 0x0a, 0x31, 0x7a, - 0x0b, 0x66, 0x1c, 0x23, 0x08, 0x6f, 0xf5, 0xa9, 0xf8, 0x11, 0xad, 0x8e, 0xfa, 0x87, 0x1b, 0x85, - 0xa6, 0xf7, 0x86, 0x8a, 0xa9, 0x31, 0x7f, 0xb0, 0xbf, 0x38, 0x93, 0x28, 0xc2, 0x49, 0x5a, 0x68, - 0x1b, 0xa6, 0x68, 0xc1, 0x8a, 0xef, 0x7b, 0xbe, 0x18, 0xf2, 0x17, 0x0b, 0x13, 0x66, 0x58, 0x1a, - 0x33, 0x74, 0x26, 0xe4, 0x4f, 0x1c, 0xe3, 0x47, 0x9f, 0x02, 0xe4, 0x6d, 0x04, 0xc4, 0xdf, 0x21, - 0xd6, 0x55, 0x2e, 0x6d, 0xd1, 0xee, 0xd2, 0x79, 0x19, 0x6b, 0x9c, 0x17, 0x73, 0x88, 0x6e, 0x0d, - 0x41, 0xe0, 0x8c, 0xaf, 0xd0, 0x36, 0x20, 0x29, 0xb1, 0xc9, 0x69, 0x5f, 0xa8, 0x8e, 0xbe, 0x68, - 0xce, 0x51, 0x62, 0x57, 0x87, 0x50, 0xe0, 0x0c, 0xb4, 0xfa, 0xef, 0x56, 0xa0, 0xce, 0x17, 0xc9, - 0x8a, 0x1b, 0xfa, 0x7b, 0x27, 0x70, 0x34, 0x6c, 0x26, 0x8e, 0x86, 0x56, 0x89, 0xad, 0xce, 0x5a, - 0x9c, 0x7b, 0x32, 0xb8, 0xa9, 0x93, 0xe1, 0x4a, 0x69, 0x4a, 0x87, 0x1f, 0x0c, 0x7f, 0xa0, 0xc1, - 0x29, 0x05, 0xfa, 0x04, 0xce, 0x05, 0x92, 0x3c, 0x17, 0x5e, 0x2a, 0xdb, 0xc1, 0x9c, 0x63, 0xc1, - 0x4c, 0xf4, 0x8b, 0xb1, 0xec, 0x0f, 0x03, 0x6c, 0x30, 0x9e, 0x72, 0x33, 0x16, 0x92, 0xe4, 0xac, - 0x37, 0x64, 0x0d, 0x56, 0xa0, 0x24, 0xb3, 0xaa, 0x64, 0x32, 0xab, 0x3f, 0xab, 0xc0, 0xfc, 0xd0, - 0x58, 0x0f, 0x33, 0x10, 0xed, 0x9d, 0x62, 0x20, 0x95, 0x77, 0x84, 0x81, 0x8c, 0x15, 0x62, 0x20, - 0x4f, 0x42, 0x8d, 0x8e, 0x29, 0x9b, 0x1b, 0x7e, 0x34, 0x4c, 0xd3, 0x15, 0xd4, 0x11, 0x65, 0x58, - 0xd6, 0xea, 0xbf, 0xa3, 0xc1, 0x58, 0x13, 0xb7, 0xd1, 0x07, 0x13, 0xe2, 0xee, 0x23, 0xaa, 0xb8, - 0x7b, 0x6f, 0x7f, 0x71, 0xb2, 0x89, 0xdb, 0x8a, 0xe4, 0xfb, 0xd7, 0x35, 0x98, 0x37, 0x3d, 0x37, - 0x34, 0xe8, 0xda, 0xc5, 0xfc, 0x6c, 0x88, 0xd6, 0x60, 0x31, 0x49, 0xaf, 0x99, 0xc2, 0xd6, 0x78, - 0x54, 0xb4, 0x60, 0x3e, 0x5d, 0x13, 0xe0, 0x61, 0xd2, 0xfa, 0x3a, 0x4c, 0x35, 0x1d, 0x6f, 0x60, - 0xb5, 0xdd, 0x4d, 0xef, 0x3e, 0x0a, 0x2b, 0xff, 0x51, 0x83, 0x69, 0x86, 0x77, 0xcd, 0xf7, 0x36, - 0x6d, 0x87, 0x3c, 0x24, 0x62, 0xb3, 0xda, 0xe4, 0x3c, 0xe6, 0xc8, 0xa4, 0x58, 0x15, 0xf0, 0x61, - 0x91, 0x62, 0xd5, 0x36, 0xe7, 0xb0, 0xab, 0x6f, 0x4c, 0x26, 0xbb, 0xc6, 0x18, 0xd6, 0x93, 0x50, - 0x33, 0x8d, 0xc6, 0xc0, 0xb5, 0x1c, 0xb9, 0x32, 0x68, 0x33, 0x9b, 0xcb, 0xbc, 0x0c, 0xcb, 0x5a, - 0xf4, 0x16, 0x40, 0x6c, 0x5e, 0x10, 0x13, 0x71, 0xb5, 0xa4, 0x4d, 0xa3, 0x43, 0x42, 0xaa, 0x95, - 0x07, 0xf1, 0xec, 0xc7, 0x75, 0x58, 0x21, 0x87, 0xfe, 0x32, 0xcc, 0x88, 0x61, 0x6e, 0xf7, 0x8c, - 0xae, 0x50, 0xfa, 0x8a, 0x8e, 0xd5, 0xaa, 0x82, 0xa9, 0x71, 0x56, 0x50, 0x9e, 0x51, 0x4b, 0x03, - 0x9c, 0x24, 0x87, 0xee, 0xc2, 0x74, 0x4f, 0xd5, 0x64, 0xc7, 0x4b, 0x1c, 0x2c, 0x8a, 0x5a, 0xdb, - 0x38, 0x23, 0xa8, 0x4f, 0x27, 0x94, 0xe0, 0x04, 0xad, 0x0c, 0x69, 0xbc, 0xfa, 0xa0, 0xa4, 0xf1, - 0x4d, 0x98, 0xe4, 0x7b, 0x3c, 0x58, 0x98, 0x60, 0x3d, 0xfc, 0x44, 0xa1, 0x1e, 0x72, 0x7e, 0x11, - 0x1b, 0xcd, 0xf8, 0xef, 0x00, 0x47, 0xc8, 0xd1, 0x1d, 0x98, 0xa6, 0xac, 0xb6, 0x43, 0x1c, 0x62, - 0x86, 0x9e, 0xbf, 0x30, 0x59, 0xc2, 0x26, 0xd5, 0x51, 0x10, 0x71, 0x9b, 0x86, 0x5a, 0x82, 0x13, - 0x84, 0x24, 0x13, 0xac, 0xe5, 0x32, 0xc1, 0x1d, 0xa8, 0xef, 0x28, 0xc6, 0x85, 0x29, 0x36, 0x0c, - 0x9f, 0x2c, 0xd4, 0xb2, 0xd8, 0xd4, 0xd0, 0x38, 0x2d, 0x28, 0xd5, 0x55, 0xb3, 0x84, 0x4a, 0x48, - 0xff, 0x57, 0x93, 0x30, 0xdf, 0x74, 0x06, 0x41, 0x48, 0xfc, 0x65, 0x61, 0xf7, 0x25, 0x3e, 0x7a, - 0x5b, 0x83, 0x73, 0xec, 0xdf, 0x96, 0x77, 0xc7, 0x6d, 0x11, 0xc7, 0xd8, 0x5b, 0xde, 0xa4, 0x10, - 0x96, 0x75, 0x3c, 0x46, 0xd4, 0x1a, 0x88, 0xd3, 0x9d, 0x99, 0x49, 0x3a, 0x99, 0x18, 0x71, 0x0e, - 0x25, 0xf4, 0x55, 0x0d, 0x1e, 0xcd, 0xa8, 0x6a, 0x11, 0x87, 0x84, 0x44, 0x70, 0x82, 0xe3, 0xb6, - 0xe3, 0xf1, 0x83, 0xfd, 0xc5, 0x47, 0x3b, 0x79, 0x48, 0x71, 0x3e, 0x3d, 0x7a, 0xca, 0x9e, 0xcf, - 0xa8, 0xbd, 0x62, 0xd8, 0xce, 0xc0, 0x27, 0x42, 0xa6, 0x3d, 0x6e, 0x73, 0x2e, 0x1e, 0xec, 0x2f, - 0x9e, 0xef, 0xe4, 0x62, 0xc5, 0x87, 0x50, 0x44, 0x5f, 0x84, 0xb3, 0xb2, 0x76, 0xdd, 0x75, 0x09, - 0xb1, 0x88, 0x75, 0xdb, 0x16, 0x22, 0xc6, 0xf1, 0x9b, 0xf2, 0xe8, 0xc1, 0xfe, 0xe2, 0xd9, 0x4e, - 0x16, 0x42, 0x9c, 0x4d, 0x07, 0x75, 0xe1, 0xf1, 0xb8, 0x22, 0xb4, 0x1d, 0xfb, 0x2e, 0xc3, 0x74, - 0x7b, 0xcb, 0x27, 0xc1, 0x96, 0xe7, 0x58, 0x8c, 0x5f, 0x68, 0x8d, 0xf7, 0x1e, 0xec, 0x2f, 0x3e, - 0xde, 0x39, 0x0c, 0x10, 0x1f, 0x8e, 0x07, 0x59, 0x30, 0x1d, 0x98, 0x86, 0xdb, 0x76, 0x43, 0xe2, - 0xef, 0x18, 0xce, 0xc2, 0x44, 0xa1, 0x0e, 0xf2, 0x3d, 0xaa, 0xe0, 0xc1, 0x09, 0xac, 0xe8, 0x19, - 0xa8, 0x91, 0xdd, 0xbe, 0xe1, 0x5a, 0x84, 0x33, 0x86, 0xa9, 0xc6, 0x05, 0x7a, 0x24, 0xad, 0x88, - 0xb2, 0x7b, 0xfb, 0x8b, 0xd3, 0xd1, 0xff, 0xab, 0x9e, 0x45, 0xb0, 0x84, 0x46, 0x5f, 0x80, 0x33, - 0x3d, 0x63, 0xf7, 0xa6, 0x67, 0x11, 0xc6, 0xe7, 0x28, 0xdb, 0x63, 0x13, 0x51, 0x2b, 0xd4, 0xce, - 0x85, 0x83, 0xfd, 0xc5, 0x33, 0xab, 0x19, 0xf8, 0x70, 0x26, 0x15, 0xfd, 0x7f, 0x6a, 0x50, 0x17, - 0x3b, 0x98, 0x09, 0x5c, 0x26, 0x54, 0x4d, 0x7a, 0xdc, 0x8a, 0x9d, 0xfa, 0x62, 0xf1, 0x73, 0x9d, - 0xa2, 0x8b, 0x0f, 0x75, 0x56, 0x84, 0x39, 0x6e, 0x74, 0x27, 0xe3, 0x54, 0x6e, 0x96, 0x3c, 0x95, - 0x19, 0xb9, 0x23, 0x4e, 0x64, 0x7d, 0x7f, 0x0c, 0xa6, 0x9a, 0x9e, 0x6b, 0xd9, 0x4c, 0xb2, 0x7e, - 0x3a, 0x21, 0x5c, 0x3e, 0xae, 0xf2, 0xd5, 0x7b, 0xfb, 0x8b, 0x33, 0x12, 0x50, 0x61, 0xb4, 0xcf, - 0x4a, 0x35, 0x94, 0x4b, 0x9b, 0xef, 0x4d, 0xaa, 0x8f, 0xf7, 0xf6, 0x17, 0x4f, 0xc9, 0xcf, 0x92, - 0x1a, 0x25, 0xda, 0x01, 0x44, 0x15, 0x84, 0xdb, 0xbe, 0xe1, 0x06, 0x1c, 0x2d, 0x9d, 0x65, 0xbe, - 0xf3, 0xff, 0xe2, 0x68, 0xb3, 0x4c, 0xbf, 0x88, 0xf5, 0x87, 0x1b, 0x43, 0xd8, 0x70, 0x06, 0x05, - 0xf4, 0x06, 0xcc, 0xd2, 0xd2, 0xf5, 0xbe, 0x65, 0x84, 0x44, 0xd9, 0xe2, 0xc7, 0xa1, 0x79, 0x4e, - 0xd0, 0x9c, 0xbd, 0x91, 0xc0, 0x84, 0x53, 0x98, 0xb9, 0x30, 0x6e, 0x04, 0x9e, 0xcb, 0x76, 0x6f, - 0x42, 0x18, 0xa7, 0xa5, 0x58, 0xd4, 0xa2, 0xa7, 0x60, 0xb2, 0x47, 0x82, 0xc0, 0xe8, 0x12, 0xb6, - 0x1d, 0xa7, 0xe2, 0x53, 0x77, 0x95, 0x17, 0xe3, 0xa8, 0x1e, 0x7d, 0x08, 0xaa, 0xa6, 0x67, 0x91, - 0x60, 0x61, 0x92, 0x59, 0xcc, 0xcf, 0xb1, 0xc5, 0x44, 0x0b, 0xee, 0xed, 0x2f, 0x4e, 0x31, 0x6d, - 0x8b, 0xfe, 0xc2, 0x1c, 0x48, 0xff, 0x65, 0x2a, 0x09, 0xa7, 0x54, 0x8a, 0x3c, 0xf3, 0x3f, 0x9f, - 0x56, 0xa6, 0x04, 0x9d, 0x9c, 0xed, 0x50, 0xff, 0xf9, 0x0a, 0x9c, 0xa1, 0x2d, 0xf4, 0x3d, 0xc7, - 0xa1, 0xc7, 0x43, 0xdf, 0xf1, 0xf6, 0x7a, 0xc4, 0x3d, 0x09, 0x33, 0x7e, 0x24, 0x47, 0x54, 0x72, - 0xe5, 0x88, 0xde, 0xd0, 0x38, 0x8c, 0x15, 0x19, 0x07, 0xb9, 0x5c, 0x8e, 0x18, 0x8b, 0x3f, 0xd1, - 0x60, 0x21, 0x6b, 0x2c, 0x4e, 0x40, 0x7f, 0x71, 0x93, 0xfa, 0x4b, 0xbb, 0xb0, 0xa6, 0x9b, 0x6e, - 0x7b, 0x8e, 0x1e, 0xf3, 0x27, 0x15, 0x38, 0x17, 0x83, 0xb7, 0xdd, 0x20, 0x34, 0x1c, 0x87, 0x2b, - 0xf8, 0x0f, 0x7e, 0xe2, 0xdf, 0x4c, 0x28, 0xa2, 0xb7, 0x4a, 0xf6, 0x55, 0x6d, 0x7c, 0xae, 0xbd, - 0x6e, 0x2f, 0x65, 0xaf, 0x7b, 0xf9, 0x7e, 0x12, 0x3d, 0xdc, 0x74, 0xf7, 0xa7, 0x1a, 0x9c, 0xcf, - 0xfe, 0xf0, 0x04, 0xd6, 0x55, 0x3f, 0xb9, 0xae, 0xae, 0xdf, 0xc7, 0x6e, 0xe7, 0xac, 0xac, 0xdf, - 0xac, 0xe4, 0x75, 0x97, 0xe9, 0xca, 0x9b, 0x70, 0x8a, 0x2a, 0x30, 0x41, 0x28, 0x4c, 0x4c, 0xc7, - 0xbb, 0x6e, 0x8d, 0x8c, 0x47, 0xa7, 0x70, 0x12, 0x07, 0x4e, 0x23, 0x45, 0x37, 0x61, 0x92, 0x2a, - 0x2d, 0x14, 0x7f, 0x65, 0x74, 0xfc, 0x92, 0xef, 0x77, 0xf8, 0xb7, 0x38, 0x42, 0x82, 0x7e, 0x1a, - 0x66, 0x2c, 0xb9, 0xa9, 0x8e, 0xb8, 0x67, 0x49, 0x63, 0x65, 0xd6, 0xc0, 0x96, 0xfa, 0x35, 0x4e, - 0x22, 0xd3, 0xff, 0xaf, 0x06, 0x17, 0x0e, 0x5b, 0x5c, 0xc8, 0x07, 0x30, 0xa3, 0x83, 0x9c, 0x5f, - 0xb7, 0x17, 0x16, 0x86, 0x22, 0x34, 0xf1, 0x26, 0x95, 0x45, 0x01, 0x56, 0xa8, 0x64, 0xdc, 0xe5, - 0x54, 0x1e, 0xd0, 0x5d, 0x8e, 0xfe, 0xbf, 0x34, 0x95, 0x1d, 0xa9, 0x93, 0xfb, 0xd0, 0xb1, 0x23, - 0xb5, 0xf1, 0xb9, 0x16, 0xb2, 0x3f, 0x1e, 0x83, 0x4b, 0xd9, 0x9f, 0x28, 0x27, 0xf0, 0x85, 0x84, - 0x3c, 0x58, 0x4b, 0x9d, 0x8d, 0x27, 0x78, 0xbf, 0xf8, 0x12, 0x4c, 0xf4, 0xb9, 0x7b, 0xc6, 0x18, - 0x6b, 0xca, 0x93, 0x94, 0xcb, 0x71, 0xdf, 0x89, 0x7b, 0xfb, 0x8b, 0xe7, 0xb3, 0x8e, 0x1d, 0xe1, - 0x75, 0x21, 0xbe, 0x43, 0x76, 0xca, 0x56, 0xc1, 0x45, 0xbe, 0x8f, 0x8c, 0xc8, 0xe8, 0x8c, 0x0d, - 0xe2, 0x8c, 0x6c, 0x9d, 0x78, 0x5b, 0x83, 0xd9, 0xc4, 0xe6, 0x0a, 0x16, 0xaa, 0x6c, 0xbb, 0x14, - 0xb3, 0xeb, 0x27, 0xb6, 0x6d, 0x2c, 0x49, 0x24, 0x8a, 0x03, 0x9c, 0xa2, 0x98, 0xe2, 0xf9, 0xea, - 0xfc, 0x3e, 0x7c, 0x3c, 0x5f, 0x6d, 0x7d, 0x0e, 0xcf, 0xff, 0x56, 0x25, 0xaf, 0xbb, 0x8c, 0xe7, - 0xef, 0xc2, 0x54, 0xe4, 0x02, 0x17, 0xf1, 0xae, 0xab, 0xa5, 0x1b, 0xc5, 0xf1, 0xc5, 0x77, 0xd8, - 0x51, 0x49, 0x80, 0x63, 0x62, 0xe8, 0xcb, 0x1a, 0x40, 0x3c, 0x35, 0x62, 0x87, 0xac, 0xdf, 0xc7, - 0x01, 0x51, 0x04, 0xad, 0x59, 0xca, 0x60, 0x94, 0x75, 0xa1, 0x10, 0xd6, 0x7f, 0xa3, 0x02, 0x68, - 0xb8, 0xf1, 0x54, 0x02, 0xde, 0xb6, 0x5d, 0x2b, 0xad, 0x09, 0x5c, 0xb7, 0x5d, 0x0b, 0xb3, 0x9a, - 0x11, 0x64, 0xe4, 0x17, 0xe0, 0x54, 0xd7, 0xf1, 0x36, 0x0c, 0xc7, 0xd9, 0x13, 0x7e, 0x75, 0x6c, - 0x97, 0xd6, 0x1a, 0xa7, 0xe9, 0x39, 0x79, 0x35, 0x59, 0x85, 0xd3, 0xb0, 0xa8, 0x0f, 0x73, 0x3e, - 0x31, 0x3d, 0xd7, 0xb4, 0x1d, 0xa6, 0x33, 0x79, 0x83, 0xb0, 0xa0, 0xcd, 0xe5, 0xcc, 0xc1, 0xfe, - 0xe2, 0x1c, 0x4e, 0xe1, 0xc2, 0x43, 0xd8, 0xd1, 0x13, 0x30, 0xd9, 0xf7, 0xed, 0x9e, 0xe1, 0xef, - 0x31, 0xad, 0xac, 0xd6, 0xa8, 0xd3, 0x03, 0x77, 0x8d, 0x17, 0xe1, 0xa8, 0x4e, 0xff, 0xa6, 0x06, - 0x63, 0xad, 0x9b, 0x1d, 0xa4, 0xc3, 0x84, 0xe5, 0xf5, 0x0c, 0xdb, 0x15, 0xa3, 0xc4, 0x9c, 0xd3, - 0x5a, 0xac, 0x04, 0x8b, 0x1a, 0xf4, 0x26, 0x4c, 0x45, 0x2c, 0xab, 0xdc, 0x7d, 0x65, 0xeb, 0x66, - 0x47, 0x3a, 0x77, 0xc8, 0x95, 0x15, 0x95, 0x04, 0x38, 0xa6, 0xa2, 0x1b, 0x30, 0xdf, 0xba, 0xd9, - 0x69, 0xbb, 0xa6, 0x33, 0xb0, 0xc8, 0xca, 0x2e, 0xfb, 0x43, 0xbb, 0x66, 0xf3, 0x12, 0xe1, 0x11, - 0xc7, 0xba, 0x26, 0x80, 0x70, 0x54, 0x47, 0xc1, 0x08, 0xff, 0x42, 0x78, 0x73, 0x31, 0x30, 0x81, - 0x04, 0x47, 0x75, 0xfa, 0x1f, 0x56, 0xa0, 0xae, 0x34, 0x08, 0xf5, 0x60, 0x92, 0xf7, 0x37, 0x72, - 0xaa, 0xb8, 0x52, 0xb4, 0x8f, 0xc9, 0x66, 0x73, 0xf2, 0x7c, 0x48, 0x03, 0x1c, 0xd1, 0x50, 0xe7, - 0xa9, 0x92, 0x3f, 0x4f, 0x68, 0x09, 0x80, 0xfb, 0x8c, 0xb0, 0x1b, 0x41, 0x7e, 0x40, 0xb0, 0xad, - 0xd0, 0x91, 0xa5, 0x58, 0x81, 0x90, 0xa7, 0xda, 0x78, 0xe6, 0xa9, 0xd6, 0x85, 0xea, 0x5d, 0xcf, - 0x25, 0x81, 0x30, 0xcf, 0xdf, 0xaf, 0x1e, 0x4e, 0x51, 0x96, 0xf5, 0x19, 0x8a, 0x18, 0x73, 0xfc, - 0xfa, 0xaf, 0x6a, 0x00, 0x2d, 0x23, 0x34, 0xb8, 0x2d, 0x79, 0x04, 0x97, 0xbc, 0x0b, 0x89, 0x9d, - 0x58, 0x1b, 0xba, 0xf6, 0x1b, 0x0f, 0xec, 0xbb, 0x51, 0xff, 0xa5, 0xbc, 0xc1, 0xb1, 0x77, 0xec, - 0xbb, 0x04, 0xb3, 0x7a, 0xf4, 0x41, 0x98, 0x22, 0xae, 0xe9, 0xef, 0xf5, 0x43, 0xe1, 0x59, 0x53, - 0xe3, 0xd7, 0xb6, 0x2b, 0x51, 0x21, 0x8e, 0xeb, 0xf5, 0xa7, 0x21, 0x29, 0x35, 0x1e, 0xdd, 0x4a, - 0x7d, 0x07, 0x6a, 0x2b, 0xae, 0xd5, 0xf7, 0x6c, 0x37, 0x1c, 0xa1, 0x4f, 0x8f, 0xc3, 0xd8, 0xc0, - 0x77, 0x44, 0x97, 0xea, 0x02, 0x60, 0x6c, 0x1d, 0xdf, 0xc0, 0xb4, 0x1c, 0x3d, 0x05, 0x93, 0xfd, - 0x81, 0xdf, 0xf7, 0x82, 0xa8, 0x5f, 0x52, 0x3c, 0x5e, 0xe3, 0xc5, 0x38, 0xaa, 0xd7, 0xef, 0x69, - 0x30, 0xb7, 0xb2, 0xdb, 0xb7, 0x7d, 0xe6, 0x1e, 0x48, 0x7c, 0x2a, 0x5b, 0xd0, 0xef, 0x77, 0xf8, - 0xbf, 0xa2, 0x0d, 0xf2, 0x7b, 0x01, 0x81, 0xa3, 0x7a, 0xb4, 0x09, 0xb3, 0x84, 0x7d, 0xce, 0x98, - 0xaa, 0x21, 0x4d, 0xe2, 0xc7, 0xb1, 0x0a, 0x71, 0xf7, 0xd3, 0x04, 0x16, 0x9c, 0xc2, 0x8a, 0x3a, - 0x30, 0x6b, 0x3a, 0x46, 0x10, 0xd8, 0x9b, 0xb6, 0x19, 0xdf, 0x82, 0x4f, 0x35, 0x3e, 0x48, 0xbf, - 0x6d, 0x26, 0x6a, 0xee, 0xed, 0x2f, 0x9e, 0x15, 0xed, 0x4c, 0x56, 0xe0, 0x14, 0x0a, 0xfd, 0xeb, - 0x15, 0x98, 0x59, 0xd9, 0xed, 0x7b, 0xc1, 0xc0, 0x27, 0x0c, 0xf4, 0x04, 0x84, 0xd6, 0xa7, 0x60, - 0x72, 0xcb, 0x70, 0x2d, 0x87, 0xf8, 0x62, 0xfa, 0xe4, 0xd8, 0x5e, 0xe3, 0xc5, 0x38, 0xaa, 0x47, - 0x5f, 0x00, 0x08, 0xcc, 0x2d, 0x62, 0x0d, 0x1c, 0xdb, 0x8d, 0x2c, 0x28, 0x37, 0x0a, 0x6d, 0xac, - 0x44, 0x27, 0x3b, 0x12, 0xa7, 0xd8, 0xef, 0xf2, 0x37, 0x56, 0xe8, 0xe9, 0x7f, 0xa8, 0xc1, 0x7c, - 0xe2, 0xbb, 0x13, 0x90, 0x80, 0xba, 0x49, 0x09, 0xa8, 0x51, 0xbe, 0xb3, 0x39, 0x82, 0xcf, 0x2f, - 0x54, 0xe0, 0x91, 0x9c, 0x41, 0x19, 0xba, 0x9f, 0xd3, 0x4e, 0xea, 0x7e, 0x6e, 0x07, 0xea, 0xa1, - 0xe7, 0x08, 0x7f, 0x8d, 0x68, 0x0c, 0x8a, 0xdd, 0xbe, 0xdd, 0x96, 0x78, 0xe2, 0xdb, 0xb7, 0xb8, - 0x2c, 0xc0, 0x2a, 0x21, 0xfd, 0xb7, 0x35, 0x98, 0x92, 0x8a, 0xc5, 0x08, 0xae, 0x12, 0x27, 0xa8, - 0xc1, 0x3c, 0x09, 0x35, 0xcb, 0x0e, 0x54, 0xe9, 0x88, 0xdd, 0xd0, 0xb7, 0x44, 0x19, 0x96, 0xb5, - 0xfa, 0xbf, 0xae, 0xc0, 0x39, 0x89, 0x3b, 0x12, 0xd4, 0xa8, 0x96, 0x3a, 0x8a, 0xb4, 0x76, 0x41, - 0x70, 0x5c, 0xe5, 0x8c, 0x50, 0xb8, 0xed, 0x13, 0x69, 0x76, 0x5a, 0xcf, 0x62, 0xa5, 0xe8, 0x26, - 0x54, 0x03, 0x4a, 0x4f, 0x88, 0x61, 0xc7, 0x1c, 0x0d, 0x76, 0xd2, 0xb1, 0xf6, 0x62, 0x8e, 0x06, - 0xbd, 0xa5, 0x4a, 0xdf, 0x5c, 0x15, 0xfa, 0xd4, 0xf1, 0x16, 0x03, 0x7b, 0x94, 0xb3, 0x44, 0x7b, - 0x62, 0x45, 0x23, 0x92, 0xe1, 0x44, 0x9a, 0x25, 0x80, 0xeb, 0xff, 0x4e, 0x83, 0x53, 0xb2, 0x71, - 0xc2, 0x96, 0x71, 0x3f, 0xa4, 0xde, 0x11, 0xc7, 0x72, 0x5d, 0x9a, 0xfd, 0x0a, 0x0d, 0x66, 0x9e, - 0x49, 0x2f, 0x80, 0xda, 0x55, 0x31, 0x58, 0xe8, 0x3c, 0x54, 0xec, 0xa8, 0x2f, 0x20, 0xe0, 0x2b, - 0xed, 0x16, 0xae, 0xd8, 0x96, 0x3c, 0x81, 0x2b, 0xb9, 0x27, 0xb0, 0x72, 0x44, 0x8e, 0x1d, 0x7e, - 0x44, 0xea, 0x7f, 0x5f, 0x83, 0x33, 0x11, 0xd5, 0x68, 0xac, 0x5b, 0xc2, 0x8e, 0x7e, 0xc4, 0x39, - 0x7f, 0xf4, 0x78, 0xde, 0x82, 0x71, 0xc6, 0x8b, 0x0b, 0xd9, 0xd7, 0x25, 0x42, 0xda, 0x1c, 0xcc, - 0x10, 0xe9, 0xdf, 0xd6, 0xa0, 0x7e, 0xcd, 0xde, 0x20, 0xbe, 0xcb, 0xcd, 0x38, 0x4f, 0xa4, 0x5f, - 0x03, 0xd5, 0xb3, 0x5e, 0x02, 0xa1, 0x3d, 0x98, 0x12, 0x67, 0x87, 0xf4, 0xfa, 0x2a, 0xf6, 0xe6, - 0x47, 0xa1, 0x2d, 0x78, 0xb2, 0xea, 0xef, 0x1c, 0x91, 0xc0, 0x31, 0x35, 0xfd, 0x2d, 0x38, 0x9d, - 0xf1, 0x11, 0x5a, 0x64, 0xdb, 0xd1, 0x0f, 0xc5, 0xf0, 0x46, 0xfb, 0xcb, 0x0f, 0x31, 0x2f, 0x47, - 0x8f, 0xc2, 0x18, 0x71, 0x23, 0xcf, 0xc3, 0x49, 0x2a, 0x40, 0xad, 0xb8, 0x16, 0xa6, 0x65, 0x94, - 0xed, 0x38, 0x5e, 0x42, 0xce, 0x60, 0x6c, 0xe7, 0x86, 0x28, 0xc3, 0xb2, 0x56, 0xff, 0xe7, 0xe3, - 0xf0, 0xf8, 0x35, 0xcf, 0xb7, 0xef, 0x7a, 0x6e, 0x68, 0x38, 0x6b, 0x9e, 0x15, 0xfb, 0x2f, 0x08, - 0x16, 0xf6, 0x65, 0x0d, 0x1e, 0x31, 0xfb, 0x83, 0xb6, 0x6b, 0x87, 0xb6, 0x11, 0x5d, 0x2b, 0xaf, - 0x11, 0xdf, 0xf6, 0x8a, 0xba, 0x31, 0xb0, 0x37, 0x24, 0xcd, 0xb5, 0xf5, 0x2c, 0x94, 0x38, 0x8f, - 0x16, 0xf3, 0xa6, 0xb0, 0xbc, 0x3b, 0x2e, 0x6b, 0x5c, 0x27, 0x64, 0xef, 0x5a, 0xee, 0xc6, 0x5d, - 0x2c, 0xe8, 0x4d, 0xd1, 0xca, 0xc4, 0x88, 0x73, 0x28, 0xa1, 0x2f, 0xc2, 0x59, 0x9b, 0x37, 0x0e, - 0x13, 0xc3, 0xb2, 0x5d, 0x12, 0x04, 0xcc, 0xa7, 0xa0, 0x8c, 0xbb, 0x40, 0x3b, 0x0b, 0x21, 0xce, - 0xa6, 0x83, 0x3e, 0x07, 0x10, 0xec, 0xb9, 0xa6, 0x18, 0xff, 0x6a, 0x21, 0xaa, 0x5c, 0x6a, 0x92, - 0x58, 0xb0, 0x82, 0x91, 0xea, 0x09, 0xfc, 0x68, 0x75, 0x4d, 0x7e, 0x27, 0xa9, 0x71, 0x3d, 0xe1, - 0x76, 0x54, 0x88, 0xe3, 0x7a, 0xfd, 0x1f, 0x6a, 0x30, 0x29, 0x1e, 0x8c, 0xa1, 0x0f, 0xa4, 0xd4, - 0x65, 0xc9, 0xc2, 0x52, 0x2a, 0xf3, 0x5d, 0x66, 0x50, 0x16, 0x06, 0x09, 0x71, 0xf0, 0x16, 0xd3, - 0xb6, 0x04, 0xe5, 0xd8, 0xbc, 0x91, 0x30, 0x2c, 0x47, 0x26, 0x0f, 0x85, 0x9a, 0xfe, 0x2b, 0x1a, - 0xcc, 0x0f, 0x7d, 0x35, 0xc2, 0xb1, 0x70, 0x82, 0xd7, 0xa2, 0x5f, 0xae, 0x03, 0x7b, 0x1d, 0xb8, - 0xbc, 0xd6, 0xee, 0x10, 0x7f, 0x47, 0xee, 0xc2, 0xaf, 0x6a, 0x30, 0x17, 0x5f, 0xe0, 0x8b, 0x56, - 0x68, 0x25, 0x1c, 0x2a, 0xaf, 0xa7, 0x90, 0x35, 0x16, 0x44, 0xc7, 0xe7, 0xd2, 0x35, 0x78, 0x88, - 0x30, 0xfa, 0x05, 0x0d, 0xe6, 0x8c, 0xe4, 0xeb, 0xc0, 0x88, 0x6b, 0x16, 0x73, 0x7d, 0x4f, 0x3d, - 0x35, 0x8c, 0x1b, 0x93, 0xaa, 0x08, 0xf0, 0x10, 0x5d, 0xf4, 0x51, 0x98, 0x36, 0xfa, 0xf6, 0xf2, - 0xc0, 0xb2, 0xa9, 0x5c, 0x10, 0x3d, 0x29, 0x63, 0xc2, 0xea, 0xf2, 0x5a, 0x5b, 0x96, 0xe3, 0x04, - 0x94, 0x7c, 0xff, 0x27, 0x86, 0x72, 0xbc, 0xec, 0xfb, 0x3f, 0x31, 0x8a, 0xf1, 0xfb, 0x3f, 0x31, - 0x78, 0x2a, 0x15, 0xf4, 0x59, 0x78, 0x94, 0x1f, 0x38, 0x0d, 0x23, 0xb0, 0xcd, 0xe5, 0x41, 0xb8, - 0x45, 0xdc, 0x30, 0x52, 0x08, 0xb9, 0x51, 0x8a, 0xf9, 0x56, 0xad, 0xe4, 0x01, 0xe1, 0xfc, 0xef, - 0x91, 0x07, 0xe0, 0xd9, 0x96, 0x29, 0x3a, 0xc4, 0xdd, 0x7b, 0x8a, 0x49, 0xdf, 0xb7, 0xda, 0xad, - 0xa6, 0xe8, 0x0f, 0xe3, 0x15, 0xf1, 0x6f, 0xac, 0x90, 0x40, 0x7f, 0x5b, 0x83, 0x19, 0xb1, 0xd0, - 0x05, 0xd1, 0x49, 0xb6, 0x04, 0x3e, 0x5b, 0x78, 0x41, 0xa6, 0x56, 0xfd, 0x12, 0x56, 0xb1, 0x73, - 0x6f, 0x7e, 0xe9, 0xf2, 0x99, 0xa8, 0xc3, 0xc9, 0x86, 0xa0, 0xaf, 0x69, 0x70, 0x26, 0x20, 0xfe, - 0x8e, 0x6d, 0x92, 0x65, 0xd3, 0xf4, 0x06, 0x6e, 0x34, 0xcf, 0xb5, 0x12, 0x4f, 0xb1, 0x3a, 0x19, - 0x08, 0xb9, 0xa3, 0x51, 0x56, 0x0d, 0xce, 0x6c, 0x00, 0xfa, 0x19, 0x0d, 0x4e, 0xdd, 0x31, 0x42, - 0x73, 0xab, 0x69, 0x98, 0x5b, 0xcc, 0x42, 0x13, 0x2c, 0x4c, 0x95, 0x78, 0x34, 0xf2, 0x6a, 0x12, - 0x17, 0xb7, 0xbe, 0xa6, 0x0a, 0x71, 0x9a, 0x22, 0x0a, 0xa1, 0xe6, 0x93, 0x37, 0x07, 0x24, 0x08, - 0x83, 0x05, 0x60, 0xd4, 0x3f, 0x55, 0x7e, 0xd2, 0xb0, 0xc0, 0xc8, 0x85, 0x8d, 0xe8, 0x17, 0x96, - 0x94, 0x50, 0x17, 0x1e, 0xe7, 0xcb, 0x77, 0xd9, 0xf5, 0xdc, 0xbd, 0x9e, 0x37, 0x08, 0x52, 0x5b, - 0xa0, 0xce, 0xb6, 0x00, 0xf3, 0x75, 0x5b, 0x39, 0x0c, 0x10, 0x1f, 0x8e, 0xe7, 0xfc, 0x4b, 0x80, - 0x86, 0x97, 0x0e, 0x9a, 0x83, 0xb1, 0x6d, 0xc2, 0x9f, 0xfa, 0x4e, 0x61, 0xfa, 0x2f, 0x3a, 0x03, - 0xd5, 0x1d, 0xc3, 0x19, 0x70, 0x01, 0xb5, 0x86, 0xf9, 0x8f, 0xe7, 0x2a, 0xcf, 0x68, 0xfa, 0x77, - 0x34, 0x38, 0x9b, 0xd9, 0x39, 0x84, 0xe1, 0x1c, 0xf3, 0x20, 0x73, 0x57, 0x07, 0xa1, 0x11, 0xda, - 0x6e, 0xb7, 0xed, 0x6e, 0x3a, 0x76, 0x77, 0x8b, 0x0b, 0x6a, 0x55, 0x2e, 0x56, 0xac, 0x66, 0x42, - 0xe0, 0x9c, 0x2f, 0x51, 0x1b, 0x4e, 0xf7, 0x8c, 0xdd, 0x21, 0x84, 0x15, 0x86, 0x90, 0xbd, 0x18, - 0x5f, 0x1d, 0xae, 0xc6, 0x59, 0xdf, 0xe8, 0xdf, 0xac, 0xc2, 0x63, 0xb4, 0xe1, 0xf1, 0x01, 0xb7, - 0x6a, 0xb8, 0x46, 0xf7, 0x5d, 0x7a, 0x90, 0x7c, 0x5b, 0x83, 0x47, 0xb6, 0xb2, 0xc5, 0x4f, 0x71, - 0xc6, 0xe2, 0x62, 0x52, 0xf8, 0x61, 0x22, 0x2d, 0x5f, 0x60, 0x87, 0x82, 0xe0, 0xbc, 0x56, 0xa1, - 0x97, 0x60, 0xce, 0xf5, 0x2c, 0xd2, 0x6c, 0xb7, 0xf0, 0xaa, 0x11, 0x6c, 0x77, 0x22, 0xe3, 0x6b, - 0x95, 0xdf, 0x43, 0xdc, 0x4c, 0xd5, 0xe1, 0x21, 0x68, 0xb4, 0x03, 0xa8, 0xef, 0x59, 0x2b, 0x3b, - 0xb6, 0x19, 0xf9, 0xa6, 0x15, 0xbf, 0xfb, 0x60, 0x8f, 0xe2, 0xd6, 0x86, 0xb0, 0xe1, 0x0c, 0x0a, - 0x4c, 0x80, 0xa6, 0x8d, 0x59, 0xf5, 0x5c, 0x3b, 0xf4, 0xfc, 0xab, 0xbe, 0x61, 0x92, 0x52, 0x72, - 0x24, 0x5b, 0xe9, 0x37, 0x33, 0x31, 0xe2, 0x1c, 0x4a, 0xfa, 0xff, 0xd6, 0xe0, 0x14, 0x5d, 0x17, - 0x6b, 0xbe, 0xb7, 0xbb, 0xf7, 0xae, 0x5c, 0x92, 0x4f, 0xc1, 0x78, 0xcf, 0xb3, 0x22, 0x9d, 0xf5, - 0x2c, 0x15, 0x05, 0x57, 0x3d, 0x8b, 0xdc, 0xe3, 0x17, 0x32, 0xbb, 0x7b, 0xcc, 0x6d, 0x95, 0x81, - 0xa8, 0xba, 0xe5, 0x58, 0xbe, 0x6e, 0xa9, 0xff, 0x91, 0xc6, 0x65, 0xba, 0x48, 0xb5, 0x7b, 0x77, - 0x6e, 0xc5, 0x8f, 0xc3, 0x0c, 0x2d, 0x5b, 0x35, 0x76, 0xd7, 0x5a, 0xaf, 0x78, 0x4e, 0xe4, 0xd9, - 0xc9, 0x7c, 0x48, 0xae, 0xab, 0x15, 0x38, 0x09, 0xa7, 0xff, 0x97, 0x59, 0x60, 0x00, 0x0e, 0x09, - 0xdf, 0x95, 0x1d, 0x7b, 0x1a, 0xea, 0x66, 0x7f, 0xd0, 0xbc, 0xd2, 0x79, 0x79, 0xe0, 0x85, 0x86, - 0xb8, 0x53, 0x62, 0x72, 0x5a, 0x73, 0x6d, 0x3d, 0x2a, 0xc6, 0x2a, 0x0c, 0xdd, 0xe4, 0x66, 0x7f, - 0x20, 0x18, 0xe7, 0x9a, 0xea, 0x82, 0xc0, 0x36, 0x79, 0x73, 0x6d, 0x3d, 0x51, 0x87, 0x87, 0xa0, - 0xd1, 0x97, 0x34, 0x98, 0x26, 0x62, 0x03, 0x5e, 0x33, 0x7c, 0x4b, 0xec, 0xef, 0xe2, 0xa7, 0xac, - 0x1c, 0xdd, 0x68, 0x5b, 0x73, 0x09, 0x77, 0x45, 0xa1, 0x81, 0x13, 0x14, 0x99, 0xb0, 0x29, 0x7e, - 0xd3, 0xc9, 0xf2, 0xac, 0xf4, 0x8e, 0xaf, 0x0a, 0x61, 0x33, 0x0f, 0x08, 0xe7, 0x7f, 0x8f, 0xfe, - 0x81, 0x06, 0xe7, 0x64, 0xad, 0xed, 0xda, 0xbd, 0x41, 0x0f, 0x13, 0xd3, 0x31, 0xec, 0x9e, 0x90, - 0x3c, 0x3f, 0x7d, 0xff, 0x7a, 0x9a, 0xc4, 0xcf, 0xd9, 0x4e, 0x76, 0x1d, 0xce, 0x69, 0x13, 0xfa, - 0x15, 0x0d, 0x2e, 0x45, 0x55, 0x6b, 0x54, 0xff, 0x1b, 0xf8, 0x24, 0xf6, 0x0f, 0x16, 0x63, 0x32, - 0x59, 0x88, 0x0b, 0xbe, 0xff, 0x60, 0x7f, 0xf1, 0xd2, 0xca, 0x11, 0xb8, 0xf1, 0x91, 0xd4, 0x13, - 0x2b, 0xa6, 0xe3, 0x6d, 0x86, 0x42, 0x54, 0x7d, 0x60, 0x2b, 0x86, 0xd2, 0xc0, 0x09, 0x8a, 0xe8, - 0x37, 0x34, 0x78, 0x44, 0x2d, 0x50, 0x17, 0x0c, 0x97, 0x51, 0x5f, 0xbb, 0x7f, 0xad, 0x49, 0x11, - 0xe0, 0x56, 0xa1, 0x9c, 0x4a, 0x9c, 0xd7, 0x2c, 0xca, 0x82, 0x7b, 0x6c, 0x71, 0x72, 0x39, 0xb6, - 0xca, 0x59, 0x30, 0x5f, 0xaf, 0x01, 0x8e, 0xea, 0xa8, 0x8e, 0xd8, 0xf7, 0xac, 0x35, 0xdb, 0x0a, - 0x6e, 0xd8, 0x3d, 0x3b, 0x64, 0x82, 0xe6, 0x18, 0x1f, 0x8f, 0x35, 0xcf, 0x5a, 0x6b, 0xb7, 0x78, - 0x39, 0x4e, 0x40, 0xb1, 0xb7, 0x33, 0x76, 0xcf, 0xe8, 0x92, 0xb5, 0x81, 0xe3, 0xac, 0xf9, 0x1e, - 0xb3, 0x1c, 0xb4, 0x88, 0x61, 0x39, 0xb6, 0x4b, 0x16, 0xa6, 0x8b, 0xbf, 0x9d, 0x69, 0xe7, 0x21, - 0xc5, 0xf9, 0xf4, 0xd0, 0x12, 0xc0, 0xa6, 0x61, 0x3b, 0x9d, 0x3b, 0x46, 0xff, 0x96, 0xbb, 0x30, - 0xc3, 0xd8, 0x18, 0x53, 0xcf, 0xae, 0xc8, 0x52, 0xac, 0x40, 0xb0, 0x05, 0x45, 0x99, 0x21, 0x26, - 0xfc, 0x2d, 0xed, 0xc2, 0xec, 0xfd, 0x5a, 0x50, 0x11, 0x46, 0x3e, 0x80, 0xd7, 0x15, 0x1a, 0x38, - 0x41, 0x11, 0x7d, 0x45, 0x83, 0xd9, 0x60, 0x2f, 0x08, 0x49, 0x4f, 0x36, 0xe2, 0xd4, 0x7d, 0x6f, - 0x04, 0x33, 0xab, 0x74, 0x12, 0x54, 0x70, 0x8a, 0x2a, 0x32, 0xe0, 0x31, 0x36, 0xb0, 0x57, 0x9b, - 0xd7, 0xec, 0xee, 0x96, 0x7c, 0x14, 0xb3, 0x46, 0x7c, 0x93, 0xb8, 0xe1, 0xc2, 0x1c, 0x5b, 0x3a, - 0x8b, 0x07, 0xfb, 0x8b, 0x8f, 0xb5, 0xf3, 0xc1, 0xf0, 0x61, 0x38, 0xd0, 0xe7, 0xe0, 0xbc, 0xa8, - 0xbe, 0xe1, 0xdd, 0x19, 0xa2, 0x30, 0xcf, 0x28, 0xb0, 0x97, 0x4a, 0xed, 0x5c, 0x28, 0x7c, 0x08, - 0x06, 0x7d, 0xbf, 0xc2, 0x35, 0x92, 0xa1, 0x8d, 0x84, 0x5e, 0x80, 0x53, 0x3d, 0xd2, 0xf3, 0xfc, - 0xbd, 0xe5, 0x28, 0x4e, 0x8e, 0xb0, 0x65, 0x31, 0x5d, 0x70, 0x35, 0x59, 0x85, 0xd3, 0xb0, 0xf4, - 0xb0, 0x63, 0x64, 0xaf, 0x74, 0xe2, 0xef, 0x2b, 0xf1, 0x61, 0xd7, 0x4e, 0xd5, 0xe1, 0x21, 0x68, - 0xd4, 0x84, 0x79, 0x51, 0xd6, 0xa6, 0x62, 0x5f, 0x70, 0xc5, 0x27, 0xd1, 0xf5, 0x08, 0x95, 0x9f, - 0xe6, 0xdb, 0xe9, 0x4a, 0x3c, 0x0c, 0x4f, 0x7b, 0x41, 0x7f, 0xa8, 0xad, 0x18, 0x8f, 0x7b, 0x71, - 0x33, 0x59, 0x85, 0xd3, 0xb0, 0x91, 0x5c, 0x9e, 0x68, 0x42, 0x35, 0xee, 0xc5, 0xcd, 0x54, 0x1d, - 0x1e, 0x82, 0xd6, 0xff, 0x68, 0x1c, 0xde, 0x37, 0xc2, 0xf9, 0x83, 0x7a, 0xd9, 0xc3, 0x7d, 0x04, - 0x2b, 0x58, 0x8a, 0xee, 0xa6, 0x96, 0x5e, 0x1e, 0x18, 0x6e, 0x68, 0x87, 0x7b, 0x23, 0x4e, 0x4f, - 0x3f, 0x67, 0x7a, 0x8e, 0x4f, 0x6f, 0xd4, 0xe9, 0x0c, 0xf2, 0xa6, 0xf3, 0xf8, 0x24, 0x47, 0x9f, - 0xfe, 0x5e, 0xf6, 0xf4, 0x17, 0x1c, 0xd5, 0x23, 0x97, 0x4b, 0x3f, 0x67, 0xb9, 0x14, 0x1c, 0xd5, - 0x11, 0x96, 0xd7, 0x1f, 0x8f, 0xc3, 0xfb, 0x47, 0x39, 0x08, 0x0b, 0xae, 0xaf, 0x8c, 0xa3, 0xe6, - 0x81, 0xae, 0xaf, 0x3c, 0x47, 0xbc, 0x07, 0xb8, 0xbe, 0x32, 0x48, 0x3e, 0xe8, 0xf5, 0x95, 0x37, - 0xaa, 0x0f, 0x6a, 0x7d, 0xe5, 0x8d, 0xea, 0x08, 0xeb, 0xeb, 0xcf, 0xd2, 0xe7, 0x83, 0x3c, 0xfc, - 0xda, 0x30, 0x66, 0xf6, 0x07, 0x05, 0x99, 0x14, 0xbb, 0x58, 0x6c, 0xae, 0xad, 0x63, 0x8a, 0x03, - 0x61, 0x98, 0xe0, 0xeb, 0xa7, 0x20, 0x0b, 0x62, 0x4e, 0x94, 0x7c, 0x49, 0x62, 0x81, 0x89, 0x0e, - 0x15, 0xe9, 0x6f, 0x91, 0x1e, 0xf1, 0x0d, 0xa7, 0x13, 0x7a, 0xbe, 0xd1, 0x2d, 0xca, 0x6d, 0xd8, - 0x50, 0xad, 0xa4, 0x70, 0xe1, 0x21, 0xec, 0x74, 0x40, 0xfa, 0xb6, 0x55, 0x90, 0xbf, 0xb0, 0x01, - 0x59, 0x6b, 0xb7, 0x30, 0xc5, 0xa1, 0x7f, 0xbf, 0x06, 0xca, 0x23, 0x4b, 0xaa, 0x73, 0x19, 0x8e, - 0xe3, 0xdd, 0x59, 0xf3, 0xed, 0x1d, 0xdb, 0x21, 0x5d, 0x62, 0xc9, 0x57, 0x78, 0x81, 0xb8, 0x7f, - 0x66, 0x02, 0xe0, 0x72, 0x1e, 0x10, 0xce, 0xff, 0x9e, 0x8a, 0xa3, 0xf3, 0x66, 0xfa, 0x95, 0x79, - 0xa9, 0x2b, 0xb4, 0xa1, 0x37, 0xeb, 0x7c, 0x43, 0x0d, 0x15, 0xe3, 0x61, 0xba, 0xe8, 0xaf, 0x68, - 0xdc, 0x60, 0x20, 0x2d, 0xa4, 0x62, 0xd2, 0xae, 0xdd, 0x2f, 0xeb, 0x7f, 0x6c, 0x7a, 0x88, 0x8d, - 0xb0, 0x49, 0x8a, 0xe8, 0x57, 0x35, 0x38, 0xbb, 0x9d, 0x65, 0xec, 0x14, 0x73, 0xbb, 0x56, 0xb8, - 0x2d, 0x39, 0xe6, 0x53, 0x7e, 0x63, 0x9b, 0x09, 0x80, 0xb3, 0x5b, 0x22, 0xc7, 0x49, 0x5a, 0x7f, - 0x04, 0x1f, 0x28, 0x3e, 0x4e, 0x29, 0x3b, 0x52, 0x3c, 0x4e, 0xb2, 0x02, 0x27, 0x29, 0xa2, 0x37, - 0x61, 0x6a, 0x3b, 0x32, 0xba, 0x09, 0xfd, 0xbc, 0x55, 0x98, 0xbc, 0x62, 0xba, 0xe3, 0x77, 0xc3, - 0xb2, 0x10, 0xc7, 0x54, 0x90, 0x0d, 0x93, 0xdb, 0x9c, 0x1b, 0x09, 0xbd, 0xba, 0x51, 0x5e, 0xe4, - 0xe7, 0xca, 0x9d, 0x28, 0xc2, 0x11, 0x7e, 0xd5, 0x97, 0xa5, 0x76, 0x84, 0xbb, 0xe7, 0x37, 0x34, - 0x38, 0xbb, 0x43, 0xfc, 0xd0, 0x36, 0xd3, 0xd6, 0xe6, 0xa9, 0x12, 0x7a, 0xc9, 0x2b, 0x59, 0x18, - 0xf9, 0x52, 0xc9, 0xac, 0xc2, 0xd9, 0x6d, 0xd0, 0xff, 0x9b, 0x06, 0x43, 0x06, 0x2d, 0xf4, 0x37, - 0x35, 0x98, 0xde, 0x24, 0x46, 0x38, 0xf0, 0xc9, 0x55, 0x23, 0x94, 0x0f, 0x19, 0x5e, 0xbd, 0x2f, - 0x86, 0xb4, 0xa5, 0x2b, 0x0a, 0x66, 0x7e, 0xc1, 0x26, 0xa3, 0x9a, 0xa8, 0x55, 0x38, 0xd1, 0x84, - 0xf3, 0x9f, 0x84, 0xf9, 0xa1, 0x0f, 0x8f, 0x75, 0xbd, 0xf2, 0x5b, 0xc2, 0x24, 0x9a, 0x8e, 0x77, - 0xfb, 0x3a, 0x54, 0x0d, 0xcb, 0x92, 0x31, 0xf5, 0x9e, 0x2b, 0x78, 0x99, 0x6c, 0xa9, 0x2f, 0x46, - 0xd8, 0x4f, 0xcc, 0xf1, 0xa2, 0x2b, 0x80, 0x8c, 0xc4, 0x5d, 0xd1, 0xaa, 0x67, 0x45, 0xea, 0x12, - 0x33, 0xa6, 0x2f, 0x0f, 0xd5, 0xe2, 0x8c, 0x2f, 0xf4, 0x4f, 0xc0, 0x6c, 0xf2, 0xcd, 0xfd, 0x31, - 0x9c, 0x8e, 0xf5, 0x9f, 0xd7, 0x00, 0x0d, 0xc7, 0xd1, 0x41, 0x01, 0xd4, 0x04, 0x44, 0x34, 0xc9, - 0x2b, 0x45, 0x1d, 0x48, 0x13, 0xfe, 0xd0, 0xb1, 0xcb, 0xaa, 0x28, 0x08, 0xb0, 0x24, 0xa4, 0xff, - 0xb9, 0x06, 0x71, 0xec, 0x2e, 0xf4, 0x31, 0xa8, 0x5b, 0x24, 0x30, 0x7d, 0xbb, 0x1f, 0xc6, 0x1d, - 0x91, 0x1e, 0x98, 0xad, 0xb8, 0x0a, 0xab, 0x70, 0x48, 0x87, 0x89, 0xd0, 0x08, 0xb6, 0xdb, 0x2d, - 0xa1, 0x38, 0xb2, 0x63, 0xfe, 0x36, 0x2b, 0xc1, 0xa2, 0x26, 0x7e, 0xc0, 0x3e, 0x36, 0xc2, 0x03, - 0x76, 0xb4, 0x79, 0x1f, 0x5e, 0xeb, 0xa3, 0xa3, 0x5f, 0xea, 0xeb, 0xff, 0xb6, 0x02, 0xc9, 0x78, - 0x69, 0x45, 0x87, 0x60, 0x38, 0xbc, 0x40, 0xe5, 0x81, 0x85, 0x17, 0xf8, 0x10, 0x8b, 0x2d, 0xca, - 0x23, 0x42, 0xf3, 0xbb, 0x27, 0x35, 0x20, 0x28, 0x0f, 0xe7, 0x2c, 0x21, 0xd0, 0xb3, 0xaa, 0x5f, - 0xe7, 0x54, 0xe3, 0x7d, 0xd1, 0xbe, 0x60, 0xce, 0x9a, 0xf7, 0x44, 0x00, 0x05, 0xd9, 0xff, 0x84, - 0x0b, 0xe7, 0xc7, 0x84, 0xff, 0x5e, 0x35, 0x11, 0xe4, 0x21, 0x8a, 0x0c, 0x31, 0x9f, 0xf8, 0x30, - 0x76, 0xea, 0xd3, 0x7f, 0x49, 0x83, 0x49, 0x11, 0x13, 0x69, 0x04, 0x77, 0xdc, 0x2e, 0x54, 0x99, - 0xb8, 0x5e, 0x4a, 0x92, 0xe9, 0x6c, 0x79, 0x5e, 0x98, 0x88, 0x0d, 0xc5, 0x1c, 0xe6, 0xd8, 0xbf, - 0x98, 0xe3, 0xd7, 0xbf, 0x31, 0x0e, 0x97, 0x04, 0xc8, 0xd0, 0x31, 0x2d, 0x37, 0xe1, 0x1e, 0x9c, - 0x16, 0xd3, 0xd4, 0xf2, 0x0d, 0x5b, 0x5e, 0xcf, 0x15, 0xd3, 0xc0, 0xc4, 0xd5, 0xed, 0x10, 0x3a, - 0x9c, 0x45, 0x83, 0x47, 0x40, 0x61, 0xc5, 0xd7, 0x88, 0xe1, 0x84, 0x5b, 0x11, 0xed, 0x4a, 0x99, - 0x08, 0x28, 0xc3, 0xf8, 0x70, 0x26, 0x15, 0x76, 0x3d, 0x28, 0x2a, 0x9a, 0x3e, 0x31, 0xd4, 0xbb, - 0xc9, 0x12, 0xfe, 0x75, 0xab, 0x99, 0x18, 0x71, 0x0e, 0x25, 0x66, 0xca, 0x32, 0x76, 0x99, 0x66, - 0x8c, 0x49, 0xe8, 0xdb, 0x84, 0x3b, 0xd0, 0x56, 0x85, 0x2e, 0x9b, 0xac, 0xc2, 0x69, 0x58, 0xf4, - 0x1c, 0xcc, 0xb2, 0xeb, 0xd6, 0xf8, 0xc5, 0x72, 0x35, 0x0e, 0x10, 0x7e, 0x33, 0x51, 0x83, 0x53, - 0x90, 0xfa, 0xaf, 0x6b, 0x30, 0xad, 0x2e, 0xa0, 0x11, 0xdc, 0x5b, 0x77, 0x14, 0x86, 0x5d, 0xc6, - 0x67, 0x54, 0x25, 0x3b, 0x22, 0xcf, 0x3e, 0x9d, 0xf1, 0x0d, 0xbb, 0x77, 0x23, 0x29, 0xe6, 0x5f, - 0xea, 0xde, 0x6d, 0xe8, 0x24, 0x91, 0xf7, 0x6e, 0xe9, 0x1a, 0x3c, 0x44, 0x18, 0xbd, 0x0a, 0x63, - 0xa6, 0x6f, 0x8b, 0x81, 0x79, 0xa6, 0x98, 0x7e, 0x82, 0xdb, 0xf1, 0xf3, 0xa0, 0x26, 0x6e, 0x63, - 0x8a, 0x51, 0xff, 0xee, 0x18, 0xd4, 0x95, 0x90, 0x6b, 0x68, 0xb5, 0x8c, 0x7e, 0x1b, 0xa3, 0x8f, - 0x74, 0xdc, 0x55, 0x18, 0xeb, 0xf6, 0x07, 0x05, 0x15, 0x5c, 0x89, 0xee, 0x2a, 0x45, 0xd7, 0xed, - 0x0f, 0xd0, 0x2b, 0x52, 0x65, 0x2e, 0xa6, 0xd4, 0x4a, 0x47, 0xca, 0x94, 0xda, 0x1c, 0x2d, 0xcf, - 0xf1, 0xdc, 0xe5, 0xe9, 0xc2, 0x64, 0x20, 0xf4, 0xe9, 0x6a, 0x89, 0x88, 0x7f, 0xca, 0x50, 0x0b, - 0x05, 0x9a, 0xcb, 0xe1, 0x91, 0x7e, 0x1d, 0x11, 0xa1, 0x52, 0xc0, 0x80, 0xbd, 0x66, 0x60, 0x2a, - 0x46, 0x8d, 0x4b, 0x01, 0xeb, 0xac, 0x04, 0x8b, 0x1a, 0xfd, 0xe7, 0x2a, 0x80, 0x86, 0x11, 0xa2, - 0xf7, 0x41, 0x95, 0xbd, 0x6d, 0x12, 0x9b, 0x4d, 0x09, 0x97, 0x64, 0x04, 0x01, 0xe6, 0x75, 0xa8, - 0x23, 0xde, 0xba, 0x15, 0x9b, 0x19, 0x76, 0xe3, 0x2b, 0xe8, 0x29, 0x0f, 0xe3, 0xa2, 0xf3, 0x69, - 0x2c, 0xf7, 0x7c, 0x5a, 0x87, 0xc9, 0x9e, 0xed, 0x32, 0x47, 0x8f, 0x62, 0x16, 0x03, 0x7e, 0x25, - 0xc5, 0x51, 0xe0, 0x08, 0x97, 0xfe, 0xa3, 0x0a, 0x5d, 0xc5, 0xb6, 0x1b, 0x12, 0xd7, 0x70, 0x4d, - 0x82, 0xee, 0x02, 0x18, 0x83, 0xd0, 0xe3, 0xc7, 0xbc, 0x58, 0xcc, 0x9f, 0x2a, 0x38, 0x61, 0x12, - 0xeb, 0xb2, 0xc4, 0xc8, 0xaf, 0x8a, 0xe2, 0xdf, 0x58, 0xa1, 0x46, 0x69, 0x87, 0x76, 0x8f, 0xbc, - 0x6a, 0xbb, 0x96, 0x77, 0x47, 0x8c, 0x6f, 0x69, 0xda, 0xb7, 0x25, 0x46, 0x4e, 0x3b, 0xfe, 0x8d, - 0x15, 0x6a, 0xe8, 0xd3, 0xb0, 0xc0, 0x32, 0x17, 0xb8, 0x2c, 0xa6, 0xa5, 0x68, 0x9c, 0xe7, 0x38, - 0xd1, 0xc1, 0x53, 0x63, 0x11, 0xc4, 0x16, 0x9a, 0x39, 0x30, 0x38, 0xf7, 0x6b, 0xfd, 0xdb, 0x1a, - 0x9c, 0xcd, 0x1c, 0x0b, 0x74, 0x15, 0xe6, 0x63, 0x37, 0x01, 0x95, 0x51, 0xd6, 0xe2, 0x20, 0xad, - 0xd7, 0xd3, 0x00, 0x78, 0xf8, 0x1b, 0xb4, 0x2a, 0xa5, 0x05, 0x95, 0x11, 0x0b, 0x1f, 0x83, 0xc7, - 0x04, 0xaa, 0x2c, 0x5e, 0x8d, 0xb3, 0xbe, 0xd3, 0x3f, 0x9b, 0x68, 0x70, 0x3c, 0x60, 0x74, 0x7f, - 0x6c, 0x90, 0xae, 0x74, 0xae, 0x96, 0xfb, 0xa3, 0x41, 0x0b, 0x31, 0xaf, 0x43, 0x8f, 0xab, 0x0f, - 0x02, 0x24, 0x23, 0x8a, 0x1e, 0x05, 0xe8, 0x03, 0x00, 0xe1, 0x90, 0x63, 0xbb, 0x5d, 0xd4, 0x85, - 0x9a, 0x21, 0xf2, 0x6a, 0x88, 0xc5, 0xf6, 0x42, 0x31, 0x65, 0x4b, 0x20, 0xe1, 0x4e, 0x7f, 0xd1, - 0x2f, 0x2c, 0x91, 0xeb, 0x7f, 0x4f, 0x83, 0x73, 0xd9, 0x4f, 0x78, 0x46, 0x38, 0x61, 0x7b, 0x50, - 0xf7, 0xe3, 0xcf, 0xc4, 0xca, 0xfc, 0x29, 0x35, 0xf6, 0x89, 0x92, 0x67, 0x87, 0x4a, 0x1f, 0x4d, - 0xdf, 0x0b, 0xa2, 0xd9, 0x49, 0x87, 0x43, 0x91, 0x42, 0xbc, 0xd2, 0x12, 0xac, 0xe2, 0xd7, 0xdf, - 0xae, 0x00, 0xdc, 0x24, 0xe1, 0x1d, 0xcf, 0xdf, 0xa6, 0x63, 0xf4, 0xae, 0x7a, 0x4a, 0x76, 0x01, - 0xc6, 0xfb, 0x9e, 0x15, 0x08, 0x46, 0xc5, 0xde, 0x78, 0xb1, 0x3b, 0x6e, 0x56, 0x8a, 0x16, 0xa1, - 0xca, 0x4c, 0xc1, 0xe2, 0x38, 0x60, 0xc2, 0x2f, 0x15, 0x78, 0x02, 0xcc, 0xcb, 0x79, 0xf8, 0x64, - 0xe6, 0x8f, 0x1a, 0x08, 0x71, 0x5e, 0x84, 0x4f, 0xe6, 0x65, 0x58, 0xd6, 0xea, 0x3f, 0x3b, 0x0e, - 0x89, 0xcc, 0x30, 0xb1, 0x52, 0x3e, 0xfe, 0x80, 0x94, 0xf2, 0x4f, 0xc3, 0x82, 0xe3, 0x19, 0x56, - 0xc3, 0x70, 0xe8, 0xb2, 0xf7, 0x3b, 0x7c, 0x3e, 0x0c, 0xb7, 0x4b, 0xa2, 0x0c, 0x2f, 0x8c, 0x05, - 0xdc, 0xc8, 0x81, 0xc1, 0xb9, 0x5f, 0xa3, 0x81, 0x92, 0x90, 0x86, 0x8a, 0x21, 0xab, 0xa5, 0x33, - 0xe7, 0x2c, 0xa9, 0xce, 0xc8, 0xf2, 0x6c, 0x4e, 0x26, 0xad, 0x41, 0x5f, 0xd1, 0xe0, 0x2c, 0xd9, - 0x0d, 0x89, 0xef, 0x1a, 0xce, 0x6d, 0xdf, 0xd8, 0xdc, 0xb4, 0xcd, 0x84, 0x17, 0xd1, 0xda, 0xc1, - 0xfe, 0xe2, 0xd9, 0x95, 0x2c, 0x80, 0x7b, 0xfb, 0x8b, 0x1f, 0x19, 0x4e, 0x0d, 0x15, 0xb9, 0x1e, - 0x67, 0x7e, 0xc2, 0x96, 0x63, 0x36, 0xb9, 0xf3, 0xcf, 0x42, 0xfd, 0x18, 0x1e, 0xb0, 0x53, 0xaa, - 0x89, 0xe6, 0x5b, 0x13, 0xa0, 0x38, 0x7e, 0x1f, 0x23, 0xd6, 0xf0, 0xdf, 0xd1, 0xe0, 0x8c, 0xe9, - 0xd8, 0xc4, 0x0d, 0x53, 0xde, 0xbd, 0x7c, 0x6b, 0xbc, 0x52, 0xcc, 0x25, 0xbd, 0x4f, 0xdc, 0x76, - 0xab, 0xe9, 0xb9, 0x2e, 0x31, 0xc3, 0x66, 0x06, 0x76, 0xae, 0xef, 0x64, 0xd5, 0xe0, 0xcc, 0xd6, - 0xb0, 0x0e, 0xb1, 0xf2, 0x76, 0x4b, 0x7d, 0x23, 0xd5, 0x14, 0x65, 0x58, 0xd6, 0xa2, 0xa7, 0xa1, - 0xde, 0xf5, 0xbd, 0x41, 0x3f, 0x68, 0x32, 0xff, 0x26, 0xbe, 0xc3, 0x98, 0x38, 0x71, 0x35, 0x2e, - 0xc6, 0x2a, 0x0c, 0xfa, 0x28, 0x4c, 0xf3, 0x9f, 0x6b, 0x3e, 0xd9, 0xb4, 0x77, 0xc5, 0x8e, 0x63, - 0xee, 0x12, 0x57, 0x95, 0x72, 0x9c, 0x80, 0x42, 0x1f, 0x84, 0x29, 0x3b, 0x08, 0x06, 0xc4, 0x5f, - 0xc7, 0x37, 0x44, 0x40, 0x40, 0x66, 0x60, 0x6d, 0x47, 0x85, 0x38, 0xae, 0x47, 0xbf, 0xa8, 0xc1, - 0xac, 0x4f, 0xde, 0x1c, 0xd8, 0x3e, 0xb1, 0x18, 0xd1, 0x40, 0xb8, 0xdf, 0x77, 0x4a, 0xfa, 0xfc, - 0x2f, 0xe1, 0x04, 0x56, 0xbe, 0xd2, 0xa5, 0x69, 0x22, 0x59, 0x89, 0x53, 0x4d, 0xa0, 0x63, 0x15, - 0xd8, 0x5d, 0xd7, 0x76, 0xbb, 0xcb, 0x4e, 0x37, 0x58, 0xa8, 0xb1, 0xdd, 0xcb, 0x45, 0xaf, 0xb8, - 0x18, 0xab, 0x30, 0xe8, 0xe3, 0x30, 0x33, 0x08, 0xe8, 0xda, 0xed, 0x11, 0x3e, 0xc0, 0x53, 0xb1, - 0xe3, 0xe1, 0xba, 0x5a, 0x81, 0x93, 0x70, 0x54, 0xdb, 0x8b, 0x0a, 0xc4, 0x30, 0x03, 0x8f, 0x82, - 0x40, 0xdb, 0xb9, 0x9e, 0xa8, 0xc1, 0x29, 0xc8, 0xf3, 0xcb, 0x70, 0x3a, 0xa3, 0x9b, 0xc7, 0xda, - 0x20, 0xbf, 0x5e, 0x81, 0xf7, 0x1e, 0xb9, 0x2c, 0xd1, 0xb7, 0x34, 0xa8, 0x93, 0xdd, 0xd0, 0x37, - 0xa4, 0x1b, 0x24, 0x9d, 0xa3, 0xee, 0x83, 0xd9, 0x04, 0x4b, 0x2b, 0x31, 0x25, 0x3e, 0x6f, 0xf2, - 0xcc, 0x53, 0x6a, 0xb0, 0xda, 0x20, 0x2a, 0xb5, 0xf3, 0x28, 0x19, 0xaa, 0xed, 0x4e, 0xa4, 0xd2, - 0x10, 0x35, 0xe7, 0x5f, 0x84, 0xb9, 0x34, 0xe6, 0x63, 0x0d, 0xd5, 0x3f, 0xad, 0x40, 0x75, 0xcd, - 0x31, 0x4e, 0x24, 0xba, 0xe3, 0xe7, 0x13, 0x51, 0xb5, 0x8a, 0xc5, 0x2a, 0x63, 0x6d, 0xcd, 0x8d, - 0xe9, 0xb7, 0x95, 0x8a, 0xe9, 0xf7, 0x52, 0x09, 0x1a, 0x87, 0x87, 0xf0, 0xfb, 0xbe, 0x06, 0x53, - 0x0c, 0xee, 0x04, 0x62, 0x17, 0xbc, 0x9e, 0x8c, 0x5d, 0xf0, 0x5c, 0xf1, 0x4e, 0xe5, 0xc4, 0x2c, - 0xf8, 0x83, 0xa8, 0x33, 0x2c, 0x36, 0xd3, 0x6b, 0x6a, 0xee, 0x20, 0xde, 0x9b, 0x27, 0xb3, 0x62, - 0xda, 0xdd, 0xf0, 0x4c, 0xc3, 0x19, 0x0a, 0x6c, 0x77, 0x68, 0x02, 0x21, 0x17, 0xa6, 0x88, 0x88, - 0x45, 0x12, 0xf5, 0xa6, 0x98, 0x6c, 0x1b, 0x45, 0x34, 0x89, 0xe9, 0x45, 0x25, 0x01, 0x8e, 0x49, - 0xe8, 0xbf, 0x55, 0x81, 0xba, 0x32, 0x9b, 0xef, 0x48, 0xcc, 0xbc, 0x2b, 0x99, 0x99, 0x36, 0x2a, - 0xcc, 0xcd, 0xf1, 0xdc, 0x31, 0xb2, 0x6c, 0x04, 0x50, 0x37, 0xe3, 0x30, 0xc8, 0xa5, 0x16, 0xb8, - 0x12, 0x4e, 0x59, 0xb8, 0x5b, 0xc7, 0x05, 0x58, 0xa5, 0xa2, 0xff, 0x8b, 0x0a, 0x4c, 0xae, 0xf9, - 0x1e, 0x9d, 0xe3, 0x13, 0x60, 0x10, 0x1b, 0x09, 0x06, 0x51, 0x70, 0xf3, 0xf2, 0xd6, 0xe6, 0xb2, - 0x88, 0x37, 0x52, 0x2c, 0xa2, 0x51, 0x8a, 0xca, 0xe1, 0x4c, 0xe2, 0x07, 0x1a, 0xd4, 0x05, 0xe4, - 0x09, 0xb0, 0x09, 0x23, 0xc9, 0x26, 0x9e, 0x2f, 0xd3, 0xb1, 0x1c, 0x46, 0xf1, 0x75, 0x0d, 0x66, - 0x04, 0xc4, 0x2a, 0xe9, 0x6d, 0x10, 0x1f, 0x5d, 0x81, 0xc9, 0x60, 0xc0, 0xe6, 0x52, 0xf4, 0xe8, - 0x31, 0x95, 0x55, 0xf8, 0x1b, 0x86, 0xc9, 0x32, 0x46, 0x71, 0x10, 0x25, 0x98, 0x26, 0x2f, 0xc0, - 0xd1, 0xc7, 0x54, 0xa1, 0xf3, 0x3d, 0x67, 0x28, 0x1e, 0x01, 0xf6, 0x1c, 0x82, 0x59, 0x0d, 0xd5, - 0xa3, 0xe8, 0xdf, 0xe8, 0x96, 0x8a, 0xe9, 0x51, 0xb4, 0x3a, 0xc0, 0xbc, 0x5c, 0xff, 0xb9, 0x71, - 0x39, 0xda, 0x8c, 0x8f, 0x5d, 0x83, 0x29, 0xd3, 0x27, 0x46, 0x48, 0xac, 0xc6, 0xde, 0x28, 0x8d, - 0x63, 0x02, 0x5d, 0x33, 0xfa, 0x02, 0xc7, 0x1f, 0x53, 0xd1, 0x49, 0xbd, 0x78, 0xaa, 0xc4, 0x62, - 0x66, 0xee, 0xa5, 0xd3, 0xf3, 0x50, 0xf5, 0xee, 0xb8, 0xd2, 0xf5, 0xe2, 0x50, 0xc2, 0xac, 0x2b, - 0xb7, 0x28, 0x34, 0xe6, 0x1f, 0xa9, 0xb1, 0x2c, 0xc6, 0x0f, 0x89, 0x65, 0xd1, 0x83, 0xc9, 0x1e, - 0x9b, 0x86, 0x72, 0x01, 0x0d, 0x13, 0x33, 0xaa, 0x06, 0xba, 0x66, 0xa8, 0x71, 0x44, 0x83, 0x0a, - 0xc1, 0x54, 0x4e, 0x0b, 0xfa, 0x86, 0x49, 0x54, 0x21, 0xf8, 0x66, 0x54, 0x88, 0xe3, 0x7a, 0x74, - 0x37, 0x19, 0x72, 0x66, 0xb2, 0x84, 0x99, 0x53, 0xb4, 0x4f, 0x89, 0x32, 0xc3, 0x07, 0x3f, 0x37, - 0xec, 0xcc, 0x57, 0xc7, 0xe5, 0x32, 0x15, 0x8c, 0x3f, 0x3b, 0xdd, 0x91, 0x56, 0x28, 0xdd, 0xd1, - 0x47, 0xa0, 0xda, 0xdf, 0x32, 0x82, 0x68, 0xad, 0x46, 0x51, 0xd9, 0xab, 0x6b, 0xb4, 0xf0, 0xde, - 0xfe, 0xe2, 0xb4, 0x20, 0xcd, 0x7e, 0x63, 0x0e, 0x8b, 0x06, 0x70, 0x3a, 0x08, 0x0d, 0x87, 0x74, - 0x6c, 0x61, 0x3e, 0x0a, 0x42, 0xa3, 0xd7, 0x2f, 0x10, 0x5c, 0x9d, 0x5d, 0x5c, 0x75, 0x86, 0x51, - 0xe1, 0x2c, 0xfc, 0xe8, 0x67, 0x35, 0x58, 0x60, 0xe5, 0xcb, 0x83, 0xd0, 0xe3, 0x99, 0x1e, 0x62, - 0xe2, 0xc7, 0xbf, 0xb7, 0x65, 0xca, 0x7e, 0x27, 0x07, 0x1f, 0xce, 0xa5, 0x84, 0xde, 0x82, 0xb3, - 0x8e, 0x11, 0x84, 0xcb, 0x66, 0x68, 0xef, 0xd8, 0xe1, 0x5e, 0xdc, 0x84, 0xea, 0xb1, 0x9b, 0xc0, - 0x7c, 0x37, 0x6e, 0x64, 0x21, 0xc3, 0xd9, 0x34, 0xf4, 0xff, 0xa3, 0x01, 0x1a, 0x5e, 0x42, 0xa8, - 0x07, 0x35, 0x8b, 0x6c, 0x1a, 0x03, 0x27, 0x8c, 0x24, 0x81, 0xd2, 0x01, 0x91, 0x24, 0x77, 0x6e, - 0x09, 0xc4, 0x58, 0x92, 0x40, 0x7d, 0x98, 0xba, 0xb3, 0x65, 0x87, 0xc4, 0xb1, 0x83, 0xf0, 0x7e, - 0x05, 0x60, 0x92, 0xc2, 0xcf, 0xab, 0x11, 0x66, 0x1c, 0x13, 0xd1, 0xff, 0xea, 0x18, 0xd4, 0x8e, - 0x91, 0x53, 0x73, 0x00, 0x48, 0x04, 0x64, 0xa0, 0x12, 0x13, 0x29, 0x63, 0x34, 0x63, 0x62, 0x4d, - 0x73, 0x08, 0x19, 0xce, 0x20, 0x80, 0xde, 0x82, 0x33, 0xb6, 0xbb, 0xe9, 0x1b, 0x41, 0xe8, 0x0f, - 0xcc, 0x70, 0xe0, 0x93, 0x32, 0x61, 0xdd, 0x99, 0xa5, 0xa1, 0x9d, 0x81, 0x0e, 0x67, 0x12, 0x41, - 0x9b, 0x30, 0x79, 0xc7, 0xf3, 0xb7, 0x29, 0x03, 0x1d, 0x2f, 0x91, 0x98, 0xe7, 0x55, 0x86, 0x23, - 0xe6, 0x9c, 0xfc, 0x77, 0x80, 0x23, 0xe4, 0xfa, 0xef, 0x69, 0x50, 0xe5, 0xef, 0xd7, 0x1e, 0x0e, - 0x2d, 0x8b, 0xb5, 0x35, 0x37, 0x54, 0x31, 0xd5, 0x7d, 0x18, 0xc4, 0xc3, 0xa2, 0xfb, 0xb0, 0xc6, - 0xe6, 0x88, 0x34, 0xbf, 0x37, 0x26, 0x3a, 0xc3, 0x64, 0x86, 0x36, 0x9c, 0x16, 0xe2, 0xef, 0x0d, - 0x7b, 0x93, 0xd0, 0x05, 0xd6, 0x32, 0xf6, 0x02, 0xf1, 0x7e, 0x9c, 0xb1, 0xde, 0xe6, 0x70, 0x35, - 0xce, 0xfa, 0x06, 0xfd, 0x4b, 0x8d, 0x9e, 0xce, 0xa1, 0x6f, 0x9b, 0xe5, 0xc2, 0xee, 0xca, 0xc6, - 0x2d, 0xad, 0x72, 0x6c, 0xdc, 0x7c, 0xb0, 0x1e, 0x1f, 0xd3, 0xac, 0xf4, 0xde, 0xfe, 0xe2, 0x62, - 0x86, 0x79, 0x32, 0x32, 0xa8, 0xd3, 0xa1, 0x7d, 0xfb, 0x47, 0x87, 0x82, 0x30, 0xe3, 0x7e, 0xd4, - 0x64, 0x74, 0x0d, 0xaa, 0x81, 0xe9, 0xf5, 0xc9, 0x71, 0xa2, 0x9a, 0xcb, 0x11, 0xee, 0xd0, 0x2f, - 0x31, 0x47, 0x70, 0xfe, 0x0d, 0x98, 0x56, 0x5b, 0x9e, 0x61, 0x9e, 0x68, 0xa9, 0xe6, 0x89, 0x63, - 0xdf, 0xe2, 0xa9, 0xe6, 0x8c, 0xdf, 0xae, 0x80, 0x48, 0xab, 0x37, 0xc2, 0x15, 0xc6, 0x1b, 0x51, - 0x64, 0xd1, 0x32, 0xb9, 0x04, 0xd3, 0xa9, 0xbc, 0xe3, 0x41, 0x50, 0x83, 0x8b, 0x22, 0x0f, 0x26, - 0x1c, 0x63, 0x83, 0x38, 0x51, 0x8a, 0xb5, 0xab, 0x25, 0x32, 0x80, 0xf1, 0xf0, 0xd7, 0x41, 0xca, - 0xd0, 0xcd, 0x0b, 0xb1, 0x20, 0x73, 0xfe, 0x59, 0xa8, 0x2b, 0x60, 0xc7, 0xb2, 0x09, 0xfd, 0x40, - 0x83, 0xe9, 0x44, 0x38, 0xb1, 0x1e, 0x8c, 0xf9, 0xd2, 0x16, 0x50, 0xf4, 0x8e, 0x27, 0xf2, 0x6e, - 0x7a, 0xec, 0x10, 0x20, 0x4c, 0xe9, 0xc8, 0xc8, 0x63, 0x95, 0xfb, 0x15, 0x79, 0xec, 0x6b, 0x1a, - 0x9c, 0x8b, 0x3a, 0x94, 0x0c, 0xc0, 0x81, 0x9e, 0x84, 0x9a, 0xd1, 0xb7, 0x99, 0xe5, 0x57, 0x35, - 0x9e, 0x2f, 0xaf, 0xb5, 0x59, 0x19, 0x96, 0xb5, 0xe8, 0x43, 0x50, 0x8b, 0x96, 0x9e, 0x90, 0xfc, - 0x24, 0xdf, 0x92, 0xb7, 0x56, 0x12, 0x02, 0x3d, 0xa1, 0x44, 0x7f, 0xad, 0xc6, 0x07, 0xb5, 0x24, - 0xcc, 0xef, 0xb8, 0xf5, 0x5f, 0xaa, 0xc0, 0x0c, 0xb7, 0x94, 0x34, 0x6c, 0xd7, 0xb2, 0xdd, 0xee, - 0x09, 0x1c, 0x10, 0x89, 0xdc, 0xd0, 0x95, 0xfb, 0x95, 0x1b, 0xfa, 0x3a, 0x4c, 0xbc, 0x49, 0x39, - 0x55, 0xb4, 0xc0, 0x47, 0x62, 0x18, 0x72, 0xf1, 0x32, 0x26, 0x17, 0x60, 0x81, 0x82, 0x45, 0x08, - 0x4d, 0x0c, 0xcb, 0xc3, 0x12, 0x21, 0x34, 0xd1, 0xe8, 0xfc, 0x74, 0x18, 0x2c, 0x13, 0xed, 0x09, - 0x4c, 0xf5, 0xeb, 0x09, 0x59, 0xe0, 0x85, 0xe2, 0x81, 0x46, 0xf3, 0xac, 0x29, 0xdd, 0x94, 0x35, - 0xe5, 0x93, 0xc5, 0x49, 0x1c, 0x6e, 0x4a, 0xf9, 0xe5, 0x0a, 0x00, 0x05, 0xe3, 0x39, 0x7b, 0x85, - 0x9f, 0x65, 0x9c, 0xc3, 0x7d, 0xea, 0xdd, 0x92, 0x78, 0x5d, 0x97, 0xc9, 0x5e, 0xc7, 0x62, 0x9b, - 0x7d, 0x32, 0xd1, 0x6b, 0x72, 0x03, 0x8e, 0xdf, 0xa7, 0x0d, 0xa8, 0xff, 0xa6, 0x06, 0x2c, 0x47, - 0x49, 0xeb, 0x66, 0x07, 0x7d, 0x1c, 0x66, 0x6c, 0x7e, 0x29, 0xda, 0x52, 0x23, 0xbf, 0xb1, 0x8b, - 0x9b, 0xb6, 0x5a, 0x81, 0x93, 0x70, 0xc8, 0x55, 0xc6, 0xb5, 0x4c, 0xc2, 0x6c, 0xd1, 0x10, 0x19, - 0x39, 0x7d, 0x3a, 0x7b, 0x66, 0xf4, 0x1f, 0x57, 0xe0, 0x54, 0x0a, 0x76, 0x04, 0x55, 0xe5, 0xc1, - 0x70, 0x30, 0x25, 0x98, 0xfa, 0xd8, 0x09, 0x04, 0x53, 0x97, 0x71, 0xcd, 0xc7, 0x1f, 0x70, 0x5c, - 0xf3, 0xef, 0x69, 0xc0, 0x72, 0x31, 0x9f, 0x00, 0x0f, 0xfd, 0x5c, 0x92, 0x87, 0x3e, 0x5b, 0x78, - 0xed, 0xe4, 0xb0, 0xce, 0x3f, 0xd7, 0x80, 0x85, 0x39, 0x16, 0x9e, 0x20, 0x8a, 0x73, 0x85, 0x96, - 0xe3, 0x5c, 0x71, 0x49, 0xf8, 0x66, 0xa4, 0xec, 0x8a, 0x8a, 0x7f, 0xc6, 0x87, 0x14, 0xf7, 0x8b, - 0xb1, 0x24, 0x2b, 0x19, 0x76, 0xc1, 0x40, 0x6f, 0xc1, 0x4c, 0xb0, 0xe5, 0x79, 0x61, 0xa4, 0xe1, - 0x8b, 0xd9, 0x6b, 0x14, 0x77, 0x8d, 0x8e, 0xfa, 0xc2, 0x77, 0x67, 0x47, 0x45, 0x8e, 0x93, 0xb4, - 0xf4, 0xdf, 0x11, 0xdd, 0x3f, 0xc6, 0x56, 0x39, 0x41, 0xd6, 0xf7, 0x81, 0x14, 0xeb, 0xcb, 0xcb, - 0x73, 0xfd, 0x5d, 0xd1, 0x0b, 0x19, 0x9d, 0xba, 0x0f, 0x33, 0x8e, 0x9a, 0xd0, 0x45, 0x2c, 0xcc, - 0x42, 0xb9, 0x60, 0x64, 0x10, 0xba, 0x44, 0x31, 0x4e, 0x12, 0xa0, 0xfc, 0x31, 0x6a, 0x3c, 0xcf, - 0x47, 0xcb, 0x93, 0x2e, 0xb0, 0x19, 0x58, 0x53, 0x2b, 0x70, 0x12, 0x4e, 0x7f, 0x19, 0xde, 0xcf, - 0x9b, 0xce, 0x7c, 0xd2, 0x57, 0x76, 0x4d, 0x12, 0x04, 0x4d, 0xa3, 0x6f, 0x98, 0x54, 0x0f, 0x61, - 0xaf, 0x3a, 0xb9, 0x8d, 0xf0, 0xa9, 0x74, 0x6c, 0x5b, 0x69, 0x1b, 0x18, 0x8a, 0x41, 0xf4, 0xa5, - 0x0a, 0x2c, 0x2a, 0x38, 0x13, 0xae, 0x34, 0xd1, 0xaa, 0xfb, 0xa6, 0x06, 0x75, 0xc3, 0x75, 0xbd, - 0xd0, 0x50, 0x6f, 0xae, 0x48, 0x89, 0xc0, 0xe1, 0xb9, 0xb4, 0x96, 0x96, 0x63, 0x3a, 0xa9, 0x8b, - 0x6a, 0xa5, 0x06, 0xab, 0xcd, 0x39, 0xff, 0x22, 0xcc, 0xa5, 0xbf, 0x3a, 0x96, 0xc2, 0xd1, 0x80, - 0xb3, 0x4a, 0xab, 0x94, 0x80, 0xe9, 0x4f, 0xc1, 0xe4, 0x8e, 0x1d, 0xd8, 0xd1, 0x43, 0x6b, 0x65, - 0x18, 0x5f, 0xe1, 0xc5, 0x38, 0xaa, 0xd7, 0x5f, 0x82, 0xd3, 0x2a, 0x0e, 0xb6, 0x6f, 0x6e, 0x76, - 0x8e, 0x33, 0x11, 0xab, 0x70, 0x49, 0xc1, 0x90, 0xf9, 0x3c, 0xec, 0x38, 0xe8, 0xbe, 0x3c, 0x11, - 0x2d, 0x73, 0xf1, 0x7e, 0xe1, 0x3b, 0x1a, 0x3c, 0x4a, 0xf2, 0x56, 0x8c, 0x58, 0xf3, 0xaf, 0x95, - 0x9d, 0xd2, 0xdc, 0x25, 0x29, 0x22, 0x0a, 0xe5, 0x55, 0xe3, 0xfc, 0xa6, 0xa1, 0xbb, 0x89, 0x6c, - 0x01, 0x65, 0x7c, 0x50, 0x33, 0x67, 0xf9, 0xb0, 0x5c, 0x01, 0xc8, 0x87, 0x5a, 0x20, 0xe6, 0xb2, - 0xd4, 0x2b, 0xd6, 0x8c, 0xb5, 0x21, 0xdc, 0xec, 0xc4, 0x2f, 0x2c, 0xe9, 0xa0, 0x5f, 0xd3, 0xe0, - 0x8c, 0x93, 0xb1, 0x35, 0x04, 0xaf, 0xbf, 0xfd, 0x20, 0xb6, 0x1d, 0x37, 0x5d, 0x66, 0xd5, 0xe0, - 0xcc, 0xb6, 0xa0, 0xbf, 0x9b, 0xfb, 0x5e, 0xb2, 0x5a, 0x22, 0xa5, 0xd1, 0x51, 0x1b, 0xa0, 0xc0, - 0xd3, 0xc9, 0x7f, 0x33, 0xc9, 0xc5, 0x0f, 0x66, 0x5f, 0x33, 0x61, 0x62, 0x83, 0x49, 0xf0, 0x62, - 0xbd, 0x17, 0xd7, 0x17, 0xb8, 0x22, 0xc0, 0xe5, 0x6b, 0xfe, 0x3f, 0x16, 0xa8, 0xd1, 0x12, 0xc0, - 0x86, 0xe3, 0x99, 0xdb, 0xcd, 0x76, 0x0b, 0x47, 0xac, 0x9d, 0xad, 0xb1, 0x86, 0x2c, 0xc5, 0x0a, - 0x04, 0xfa, 0x2c, 0x8c, 0x59, 0x52, 0xe8, 0x7b, 0xbe, 0x8c, 0xbc, 0x1b, 0xfb, 0xf6, 0xd2, 0x15, - 0x45, 0xb1, 0x22, 0x0f, 0x6a, 0xae, 0x38, 0xe1, 0xc5, 0xfa, 0x29, 0x9e, 0xef, 0x41, 0x8a, 0x0a, - 0x52, 0x42, 0x89, 0x4a, 0xb0, 0x24, 0x42, 0x09, 0x4a, 0x11, 0xbe, 0x5a, 0x92, 0xa0, 0x94, 0xdf, - 0x0f, 0xd3, 0xae, 0xd6, 0x54, 0x69, 0x7c, 0x62, 0x74, 0x69, 0x7c, 0x26, 0x57, 0x12, 0xdf, 0x84, - 0x89, 0xd0, 0x60, 0x3e, 0x22, 0x93, 0x25, 0x5c, 0x34, 0x68, 0x07, 0x6e, 0x53, 0x34, 0xb1, 0x24, - 0xc2, 0x7e, 0x06, 0x58, 0x60, 0xa7, 0xab, 0x91, 0xe7, 0x8a, 0x17, 0x11, 0xbd, 0x8a, 0xaf, 0x46, - 0x9e, 0xd5, 0x87, 0xaf, 0x46, 0xfe, 0x3f, 0x16, 0xa8, 0xd1, 0x36, 0x95, 0x2f, 0xf9, 0x11, 0x20, - 0x9e, 0x32, 0x2f, 0x97, 0xdd, 0x9a, 0x41, 0xe4, 0x21, 0xcc, 0x7f, 0x61, 0x49, 0x00, 0x99, 0x30, - 0x29, 0x14, 0x3a, 0x11, 0x3c, 0xf6, 0xf9, 0x32, 0x01, 0xbc, 0xa3, 0x64, 0x55, 0xfc, 0xdd, 0x62, - 0x84, 0x59, 0xff, 0xee, 0x18, 0xd7, 0xc5, 0xdf, 0x41, 0xa7, 0x9a, 0x2e, 0xd4, 0x22, 0x64, 0xa5, - 0x8c, 0x1b, 0x51, 0xf6, 0x04, 0x3e, 0xa0, 0x32, 0x97, 0x82, 0x44, 0x8e, 0x9a, 0x59, 0xef, 0x11, - 0x94, 0x00, 0x4a, 0x23, 0xbd, 0x45, 0xc8, 0xbe, 0x7d, 0x1e, 0x2f, 0x74, 0xfb, 0xfc, 0x02, 0x9c, - 0x8a, 0x1c, 0x74, 0x2c, 0xc2, 0xec, 0xdf, 0xc2, 0x85, 0x95, 0xbd, 0xc3, 0x6b, 0x26, 0xab, 0x70, - 0x1a, 0x56, 0xbf, 0x0e, 0x53, 0x72, 0x5f, 0xa0, 0xc7, 0x15, 0x19, 0x2d, 0x66, 0x5d, 0xd7, 0xc9, - 0x1e, 0x17, 0xd8, 0x16, 0x13, 0x02, 0x1b, 0x57, 0xae, 0x5e, 0xa1, 0x05, 0x42, 0x76, 0xd3, 0xff, - 0xbb, 0xc6, 0x17, 0x82, 0xc8, 0x98, 0x65, 0x40, 0xbd, 0xc7, 0x03, 0x32, 0xb1, 0x27, 0x39, 0x5a, - 0xf1, 0xc7, 0x40, 0xab, 0x31, 0x1a, 0xac, 0xe2, 0x44, 0xbb, 0xc3, 0x69, 0xdd, 0xae, 0x96, 0xdc, - 0xb4, 0x23, 0x67, 0x77, 0x43, 0xc3, 0xdf, 0xa8, 0xf9, 0xb0, 0xb4, 0xc3, 0xf3, 0x61, 0x1d, 0x9d, - 0xf9, 0x43, 0xff, 0x47, 0x1a, 0x64, 0xc6, 0xab, 0x46, 0x3a, 0x4c, 0x70, 0xef, 0x62, 0x35, 0xe1, - 0x1d, 0x77, 0x3d, 0xc6, 0xa2, 0x06, 0xf9, 0x70, 0x46, 0xb8, 0xee, 0x5e, 0x27, 0x7b, 0x71, 0xa2, - 0x35, 0xb1, 0x3b, 0x46, 0x77, 0xe0, 0x63, 0x91, 0x5a, 0x3a, 0x29, 0x4c, 0x38, 0x13, 0x37, 0x73, - 0x1e, 0x65, 0xf2, 0xd3, 0x43, 0x72, 0xad, 0xc9, 0xda, 0xfa, 0x80, 0x9d, 0x47, 0x39, 0x8d, 0xc3, - 0x8d, 0x99, 0xaf, 0xc1, 0x39, 0x06, 0xb6, 0x6c, 0x31, 0x91, 0x29, 0x20, 0xd6, 0xb2, 0x65, 0xb1, - 0x07, 0x1d, 0x65, 0x13, 0xb4, 0xe9, 0x7f, 0x4a, 0xd7, 0x10, 0xc5, 0x9d, 0x4e, 0xb1, 0xf3, 0xe0, - 0x67, 0x88, 0x8a, 0xea, 0x8c, 0x16, 0x29, 0x97, 0x71, 0x20, 0xd5, 0x72, 0xc5, 0x1c, 0x23, 0xb0, - 0x63, 0x49, 0x87, 0xe5, 0x67, 0xcf, 0xea, 0xee, 0xc3, 0x92, 0x9f, 0x3d, 0xab, 0xed, 0x39, 0xb6, - 0xaf, 0xef, 0x6b, 0x30, 0xc5, 0xc0, 0x1f, 0x96, 0x5b, 0x77, 0xd6, 0xd8, 0x9c, 0xce, 0xfc, 0xae, - 0x06, 0xf3, 0x43, 0x81, 0x01, 0x46, 0x58, 0xfd, 0x27, 0x68, 0xce, 0x7a, 0x22, 0x9d, 0x87, 0xa9, - 0x9e, 0x19, 0x31, 0xe4, 0x55, 0x98, 0x49, 0x98, 0xf1, 0xe4, 0x6b, 0x30, 0x2d, 0xf3, 0x35, 0x98, - 0xfa, 0xd8, 0xab, 0x72, 0xe8, 0x63, 0xaf, 0x7f, 0x32, 0x23, 0xe6, 0x9b, 0x29, 0x4e, 0xaf, 0xc3, - 0x04, 0x7b, 0x91, 0x15, 0x25, 0xfa, 0xfc, 0x44, 0xf1, 0xa7, 0x5e, 0x01, 0x3f, 0x3f, 0xf8, 0xff, - 0x58, 0xa0, 0x45, 0x2d, 0x98, 0x33, 0x1d, 0x6f, 0x40, 0x45, 0xfe, 0x4d, 0xdb, 0x21, 0x37, 0xe3, - 0xa3, 0x4a, 0xbe, 0x2c, 0x6f, 0xa6, 0xea, 0xf1, 0xd0, 0x17, 0xa8, 0xa3, 0xaa, 0x52, 0xcf, 0x14, - 0x35, 0x69, 0xf3, 0x48, 0x5e, 0x52, 0x85, 0xf2, 0x01, 0x48, 0x34, 0x75, 0x91, 0xa3, 0xce, 0x8b, - 0xe5, 0x58, 0x4b, 0xcc, 0xca, 0x64, 0x51, 0x80, 0x15, 0x2a, 0x28, 0x80, 0xfa, 0x56, 0x9c, 0xfa, - 0x49, 0x28, 0x52, 0x2f, 0x95, 0xcd, 0x3b, 0xc5, 0xa5, 0x1b, 0xa5, 0x00, 0xab, 0x54, 0x50, 0x00, - 0x10, 0x0b, 0x8f, 0xa5, 0xf2, 0x84, 0xc4, 0x62, 0x69, 0xdc, 0xd3, 0xb8, 0x0c, 0x2b, 0x64, 0x28, - 0x51, 0x57, 0x3e, 0xac, 0x14, 0x7e, 0x9a, 0xc5, 0x88, 0xc6, 0xef, 0x33, 0x63, 0xa2, 0x71, 0x19, - 0x56, 0xc8, 0xd0, 0xe1, 0xed, 0xc5, 0xcf, 0x69, 0x85, 0xfa, 0xf5, 0x52, 0xd9, 0x77, 0xcd, 0x42, - 0x78, 0x8c, 0x0b, 0xb0, 0x4a, 0x05, 0x79, 0x00, 0x3d, 0xf9, 0xcc, 0x56, 0xe8, 0x62, 0xc5, 0x7a, - 0x1a, 0xbf, 0xd6, 0xe5, 0x86, 0x85, 0xf8, 0x37, 0x56, 0x48, 0x50, 0xd5, 0x4f, 0xaa, 0xe2, 0x50, - 0x42, 0x4b, 0x19, 0x49, 0x0d, 0xff, 0x58, 0x2c, 0x8a, 0xd6, 0xd9, 0xbe, 0x7d, 0x4c, 0x11, 0x43, - 0xef, 0xed, 0x2f, 0x4e, 0x33, 0x66, 0x32, 0x24, 0x96, 0xc6, 0x56, 0xfb, 0xe9, 0xc3, 0xac, 0xf6, - 0xe8, 0x2a, 0xcc, 0x07, 0xea, 0xe5, 0x36, 0x63, 0x10, 0x33, 0xec, 0x13, 0xf9, 0x30, 0xbb, 0x93, - 0x06, 0xc0, 0xc3, 0xdf, 0x70, 0x0e, 0x48, 0x2c, 0xf6, 0xfd, 0xac, 0xca, 0x01, 0x79, 0x19, 0x96, - 0xb5, 0x43, 0xe9, 0x32, 0x4f, 0x9d, 0x54, 0xba, 0xcc, 0x2f, 0xa8, 0xf9, 0x11, 0xe7, 0x4a, 0xf8, - 0x6e, 0x15, 0x49, 0x90, 0x98, 0x4e, 0xd6, 0x39, 0x7f, 0x42, 0xc9, 0x3a, 0xa9, 0xaa, 0x4b, 0xd4, - 0xc4, 0xa5, 0x6c, 0x86, 0x50, 0xac, 0xea, 0xae, 0xa4, 0x2b, 0xf1, 0x30, 0xbc, 0xfe, 0x1f, 0xa8, - 0x4a, 0x18, 0x89, 0xc0, 0xe4, 0x04, 0xa4, 0x4e, 0x92, 0xd0, 0x0b, 0x9a, 0xe5, 0x64, 0x76, 0x92, - 0xeb, 0xf3, 0xf8, 0xef, 0x35, 0x98, 0x8d, 0xc1, 0x4e, 0x40, 0x04, 0xb3, 0x92, 0x22, 0xd8, 0x27, - 0x4b, 0x76, 0x2c, 0x47, 0x0e, 0xfb, 0x7f, 0x15, 0xb5, 0x5b, 0x4c, 0xd2, 0xb8, 0xa3, 0x98, 0x56, - 0xb4, 0x12, 0xa2, 0x6d, 0x56, 0x62, 0xca, 0xb8, 0xc7, 0x19, 0xa6, 0x96, 0x2f, 0x26, 0x8e, 0xf9, - 0x32, 0x2e, 0x93, 0xd9, 0xd9, 0x5a, 0x8f, 0x3c, 0xf3, 0x7d, 0x75, 0xdb, 0x73, 0x2f, 0xa6, 0xe5, - 0x82, 0x6e, 0x7a, 0x4a, 0x97, 0x0f, 0xcf, 0x86, 0xfa, 0x8f, 0x01, 0xea, 0x8a, 0xca, 0xf8, 0x8e, - 0x18, 0xd3, 0x06, 0x50, 0x37, 0x3d, 0x37, 0x08, 0x7d, 0x43, 0x79, 0x97, 0x57, 0x96, 0xa8, 0xe4, - 0x37, 0xcd, 0x18, 0x35, 0x56, 0xe9, 0xd0, 0xd3, 0x51, 0x2e, 0xb4, 0xb1, 0xfb, 0x61, 0xc3, 0x3b, - 0x6c, 0x71, 0x7d, 0x14, 0x20, 0x92, 0xb4, 0x64, 0x9a, 0x75, 0x19, 0x4f, 0xb1, 0x1d, 0x5c, 0x93, - 0x75, 0x58, 0x81, 0x43, 0x6f, 0xc1, 0x8c, 0xa3, 0x46, 0x52, 0x13, 0x72, 0x60, 0xb1, 0xdb, 0xfe, - 0x44, 0x4c, 0x36, 0x7e, 0xd7, 0x9c, 0x28, 0xc2, 0x49, 0x5a, 0x68, 0x1b, 0xa6, 0x9c, 0x28, 0xfc, - 0x9f, 0x10, 0x06, 0x5f, 0x2c, 0x4c, 0x98, 0x61, 0xe1, 0x26, 0x77, 0xf9, 0x13, 0xc7, 0xf8, 0xe9, - 0xba, 0x93, 0x3f, 0xca, 0x99, 0xdd, 0x63, 0x6a, 0x72, 0xdd, 0xc9, 0xa2, 0x00, 0x2b, 0x54, 0x72, - 0xcc, 0xa2, 0xb5, 0x42, 0x66, 0xd1, 0x01, 0x9c, 0xf6, 0x49, 0xe8, 0xef, 0x35, 0xf7, 0x4c, 0x96, - 0x19, 0xd4, 0x0f, 0x59, 0xa4, 0xbf, 0xa9, 0x62, 0xef, 0x6b, 0xf0, 0x30, 0x2a, 0x9c, 0x85, 0x9f, - 0x2a, 0x7b, 0x54, 0x72, 0x10, 0xcf, 0xdb, 0x99, 0xb2, 0x47, 0xe5, 0x0a, 0xcc, 0x4a, 0xd1, 0xc7, - 0xa0, 0x1e, 0x12, 0x73, 0xcb, 0xb5, 0x4d, 0xc3, 0x69, 0xb7, 0x84, 0x58, 0x16, 0x1f, 0xc4, 0x71, - 0x15, 0x56, 0xe1, 0x50, 0x03, 0xc6, 0x06, 0xb6, 0x25, 0xe4, 0xb1, 0x9f, 0x94, 0x26, 0x9e, 0x76, - 0xeb, 0xde, 0xfe, 0xe2, 0x7b, 0x63, 0x07, 0x6e, 0xd9, 0x93, 0xcb, 0xfd, 0xed, 0xee, 0xe5, 0x70, - 0xaf, 0x4f, 0x82, 0xa5, 0xf5, 0x76, 0x0b, 0xd3, 0x8f, 0xb3, 0xcc, 0xc4, 0x33, 0xa3, 0x9b, 0x89, - 0xd1, 0xd7, 0x35, 0x38, 0x6d, 0xa4, 0xad, 0x53, 0x24, 0x58, 0x98, 0x2d, 0xc1, 0x95, 0xb3, 0x4d, - 0x5e, 0x71, 0x2c, 0x9e, 0xe5, 0x61, 0x7a, 0x38, 0xab, 0x11, 0xfa, 0x0d, 0x80, 0x58, 0x88, 0x29, - 0x6d, 0xc4, 0xfe, 0xaf, 0x55, 0x38, 0x5b, 0xf6, 0xb2, 0x9f, 0x85, 0xe8, 0x63, 0x89, 0x50, 0x96, - 0x37, 0x43, 0xe2, 0xdf, 0xba, 0xb5, 0x2a, 0x93, 0x44, 0x14, 0x8c, 0x11, 0x18, 0xa7, 0xd2, 0x19, - 0xc2, 0x88, 0x73, 0x28, 0x31, 0x01, 0x4e, 0x44, 0xae, 0xc7, 0xf4, 0xbc, 0x1b, 0xf8, 0x41, 0x28, - 0x1c, 0x90, 0xb9, 0x00, 0x97, 0xae, 0xc4, 0xc3, 0xf0, 0x69, 0x24, 0x3c, 0x29, 0xcb, 0x38, 0x4b, - 0x37, 0x3b, 0x84, 0x84, 0x67, 0x66, 0x19, 0x86, 0x57, 0x91, 0xc8, 0xf4, 0xb4, 0x8c, 0x77, 0xa6, - 0x90, 0xc4, 0xb9, 0x6b, 0x87, 0xe1, 0x91, 0x05, 0x17, 0x7c, 0x62, 0x7a, 0xbd, 0x1e, 0x71, 0x2d, - 0x1e, 0xde, 0xd5, 0xf0, 0xbb, 0xb6, 0x7b, 0xc5, 0x37, 0x18, 0xa0, 0xc8, 0x81, 0x7b, 0xe9, 0x60, - 0x7f, 0xf1, 0x02, 0x3e, 0x04, 0x0e, 0x1f, 0x8a, 0x05, 0xf5, 0xe0, 0xd4, 0x80, 0x85, 0x9e, 0xf2, - 0xdb, 0x6e, 0x48, 0xfc, 0x1d, 0xc3, 0x29, 0x98, 0x6d, 0x88, 0x6d, 0xac, 0xf5, 0x24, 0x2a, 0x9c, - 0xc6, 0x8d, 0xf6, 0x28, 0x9f, 0x12, 0xcd, 0x51, 0x48, 0xd6, 0x8a, 0x07, 0xb1, 0xc4, 0xc3, 0xe8, - 0x70, 0x16, 0x0d, 0xfd, 0x6f, 0x69, 0x20, 0xee, 0x26, 0x65, 0x56, 0x7a, 0x2d, 0x33, 0x2b, 0xfd, - 0x85, 0x44, 0x6e, 0xf0, 0x5a, 0xca, 0xa3, 0xec, 0x03, 0x8a, 0x67, 0xfb, 0x54, 0xcc, 0xe3, 0x39, - 0x66, 0x25, 0x7c, 0xdb, 0x5f, 0x80, 0xc9, 0xbe, 0x6f, 0xf7, 0x0c, 0x7f, 0x4f, 0x1c, 0xb7, 0x33, - 0xfc, 0x99, 0xbe, 0xe9, 0xef, 0xf5, 0xe9, 0x39, 0x1b, 0xd5, 0xea, 0x3f, 0xd0, 0x40, 0x7c, 0xcd, - 0x62, 0x06, 0x8e, 0x14, 0x70, 0xee, 0xe8, 0x34, 0xea, 0x71, 0xc8, 0xbb, 0xb1, 0xbc, 0x90, 0x77, - 0x0f, 0x2a, 0x7e, 0xdc, 0x77, 0x34, 0x48, 0xe7, 0xf9, 0x44, 0x4f, 0xc0, 0xa4, 0x78, 0x0a, 0x28, - 0x1e, 0x13, 0x71, 0xa7, 0x50, 0x5e, 0x84, 0xa3, 0xba, 0xa4, 0xe6, 0x59, 0x46, 0x04, 0xce, 0x7e, - 0xee, 0x70, 0x84, 0x30, 0xba, 0x3f, 0x0b, 0x13, 0xfc, 0xed, 0x1a, 0xfa, 0x99, 0x4c, 0x8f, 0xb3, - 0x1b, 0x25, 0x9e, 0xc7, 0x15, 0x70, 0x2c, 0x4b, 0x84, 0x36, 0xaa, 0x1c, 0x1a, 0xda, 0xa8, 0xc3, - 0x43, 0x5a, 0x96, 0x31, 0x3c, 0x36, 0x71, 0x5b, 0xe4, 0x54, 0x10, 0xe1, 0x2c, 0xd1, 0x20, 0x61, - 0x8f, 0x1b, 0x2f, 0x11, 0xae, 0x93, 0x0f, 0x81, 0x62, 0x95, 0x9b, 0x3d, 0xc4, 0x22, 0x17, 0xbf, - 0x15, 0xaa, 0x96, 0xb8, 0xe1, 0x14, 0xa3, 0x3e, 0xc2, 0x5b, 0x21, 0xb9, 0x9b, 0x26, 0x72, 0x77, - 0x53, 0x17, 0x26, 0xc5, 0x7e, 0x10, 0xdc, 0xf1, 0xf9, 0x32, 0x01, 0x2b, 0x95, 0x37, 0xe6, 0xbc, - 0x00, 0x47, 0xd8, 0xe9, 0x99, 0xdb, 0x33, 0x76, 0xed, 0xde, 0xa0, 0xc7, 0x78, 0x62, 0x55, 0x05, - 0x65, 0xc5, 0x38, 0xaa, 0x67, 0xa0, 0xfc, 0x6a, 0x98, 0x89, 0x79, 0x2a, 0xa8, 0x48, 0x0b, 0x14, - 0xd5, 0xa3, 0xcf, 0x40, 0xad, 0x67, 0xec, 0x76, 0x06, 0x7e, 0x97, 0x08, 0x43, 0x5c, 0xbe, 0x19, - 0x62, 0x10, 0xda, 0xce, 0x12, 0x55, 0x50, 0x42, 0x7f, 0xa9, 0xed, 0x86, 0xb7, 0xfc, 0x4e, 0xe8, - 0xcb, 0x28, 0x7a, 0xab, 0x02, 0x0b, 0x96, 0xf8, 0x90, 0x03, 0xb3, 0x3d, 0x63, 0x77, 0xdd, 0x35, - 0x64, 0xf6, 0x92, 0x7a, 0x41, 0x0a, 0xec, 0x56, 0x62, 0x35, 0x81, 0x0b, 0xa7, 0x70, 0x67, 0x5c, - 0x80, 0x4c, 0x3f, 0xa8, 0x0b, 0x90, 0x65, 0xe9, 0x85, 0x33, 0xc3, 0x96, 0xe1, 0xa3, 0x59, 0x77, - 0xc8, 0x87, 0x3b, 0xd8, 0xbc, 0x2e, 0x1d, 0x6c, 0x66, 0x4b, 0xdc, 0x5a, 0x1c, 0xe2, 0x5c, 0xb3, - 0x03, 0x75, 0xcb, 0x08, 0x0d, 0x5e, 0x1a, 0x2c, 0x9c, 0x2a, 0x61, 0x2b, 0x69, 0x49, 0x3c, 0x4a, - 0x4c, 0xf1, 0x18, 0x37, 0x56, 0x09, 0xa1, 0x5b, 0x3c, 0xbb, 0x85, 0x43, 0xc2, 0x18, 0x84, 0xd9, - 0xcb, 0xe6, 0xb8, 0x45, 0x34, 0xca, 0x45, 0x31, 0x04, 0x80, 0xb3, 0xbf, 0xa3, 0x62, 0x2a, 0x7f, - 0x0d, 0x30, 0x1f, 0x47, 0xb7, 0x48, 0x3c, 0x20, 0xfc, 0x6b, 0x1a, 0xcc, 0xf1, 0xd4, 0x69, 0x4d, - 0xaf, 0xd7, 0xf7, 0x5c, 0x42, 0x27, 0x06, 0xb1, 0x51, 0xbd, 0x5e, 0x82, 0x3f, 0x74, 0x52, 0x28, - 0xc5, 0xfd, 0x7f, 0xaa, 0x14, 0x0f, 0x91, 0x46, 0xff, 0x4c, 0x83, 0x85, 0x5e, 0x4e, 0xc8, 0xee, - 0x85, 0xd3, 0x25, 0x5c, 0x10, 0x8f, 0x8a, 0x03, 0xce, 0xd3, 0x3a, 0x1e, 0x05, 0x85, 0x73, 0x1b, - 0x57, 0xd6, 0x5b, 0xb9, 0xcc, 0xcb, 0xca, 0xbf, 0x04, 0x73, 0xe9, 0x93, 0x40, 0x4d, 0xc7, 0xa1, - 0x3d, 0xd8, 0x74, 0x1c, 0xfa, 0x0b, 0x70, 0x2e, 0x7b, 0xd6, 0xa9, 0xd0, 0xc5, 0xb2, 0xdb, 0x08, - 0x45, 0x27, 0x0e, 0x06, 0x49, 0x0b, 0x31, 0xaf, 0x6b, 0x2c, 0x7d, 0xef, 0xc7, 0x17, 0xdf, 0xf3, - 0xfb, 0x3f, 0xbe, 0xf8, 0x9e, 0x1f, 0xfe, 0xf8, 0xe2, 0x7b, 0xbe, 0x74, 0x70, 0x51, 0xfb, 0xde, - 0xc1, 0x45, 0xed, 0xf7, 0x0f, 0x2e, 0x6a, 0x3f, 0x3c, 0xb8, 0xa8, 0xfd, 0xa7, 0x83, 0x8b, 0xda, - 0xdf, 0xf8, 0xcf, 0x17, 0xdf, 0xf3, 0x99, 0x5a, 0xd4, 0xa4, 0xff, 0x1f, 0x00, 0x00, 0xff, 0xff, - 0xcc, 0x5f, 0x24, 0x2b, 0x62, 0xbc, 0x00, 0x00, + // 9654 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0xbd, 0x6b, 0x6c, 0x24, 0xd9, + 0x75, 0x18, 0xac, 0x6a, 0xb2, 0xc9, 0xe6, 0xe1, 0x63, 0xc8, 0x3b, 0x8f, 0xe5, 0xce, 0xce, 0x0e, + 0x47, 0xa5, 0xc7, 0xb7, 0xfb, 0x49, 0xe6, 0x78, 0xb5, 0x92, 0xb5, 0xbb, 0xda, 0x5d, 0x2d, 0xbb, + 0xc9, 0x99, 0x69, 0xcd, 0x70, 0x86, 0x7b, 0x7b, 0xb8, 0xab, 0x95, 0x0c, 0xad, 0x8a, 0x55, 0x97, + 0xcd, 0x5a, 0x56, 0x57, 0xf5, 0x56, 0x55, 0x73, 0xc8, 0x59, 0x25, 0x52, 0xd6, 0x96, 0x1c, 0x5b, + 0x48, 0x90, 0xc0, 0x0e, 0x14, 0x48, 0x82, 0xfc, 0x40, 0x10, 0x28, 0x48, 0x02, 0x39, 0x0e, 0xa2, + 0x40, 0x49, 0xe0, 0x1f, 0xf6, 0x0f, 0x0b, 0x72, 0xa0, 0x18, 0x79, 0x18, 0x8a, 0x61, 0x53, 0x11, + 0x13, 0x24, 0x4e, 0xe2, 0xfc, 0x08, 0x8c, 0x20, 0xc0, 0xc0, 0x09, 0x82, 0xfb, 0xa8, 0x5b, 0xb7, + 0x5e, 0x64, 0xb3, 0x6a, 0x86, 0xbb, 0xf3, 0x8b, 0xec, 0x7b, 0x4f, 0x9d, 0x73, 0x9f, 0xe7, 0x9e, + 0x73, 0xee, 0xb9, 0xe7, 0x40, 0xab, 0x6b, 0x87, 0x5b, 0x83, 0x8d, 0x45, 0xd3, 0xeb, 0x5d, 0xee, + 0x1a, 0xbe, 0x45, 0x5c, 0xe2, 0xc7, 0xff, 0xf4, 0xb7, 0xbb, 0x97, 0x8d, 0xbe, 0x1d, 0x5c, 0x36, + 0x3d, 0x9f, 0x5c, 0xde, 0x79, 0xca, 0x70, 0xfa, 0x5b, 0xc6, 0x53, 0x97, 0xbb, 0xb4, 0xd2, 0x08, + 0x89, 0xb5, 0xd8, 0xf7, 0xbd, 0xd0, 0x43, 0x4f, 0xc7, 0x48, 0x16, 0xa3, 0x6f, 0xe3, 0x7f, 0xfa, + 0xdb, 0xdd, 0x45, 0x8a, 0x64, 0x91, 0x22, 0x59, 0x8c, 0x90, 0x9c, 0x6f, 0x1e, 0x8b, 0xf2, 0x06, + 0x09, 0xb3, 0x84, 0xcf, 0xff, 0x94, 0x8a, 0xc3, 0xeb, 0x7a, 0x97, 0x59, 0xf1, 0xc6, 0x60, 0x93, + 0xfd, 0x62, 0x3f, 0xd8, 0x7f, 0x02, 0xfc, 0xc9, 0xed, 0x67, 0x82, 0x45, 0xdb, 0xa3, 0x88, 0x2f, + 0x1b, 0x83, 0xd0, 0x0b, 0x4c, 0xc3, 0xb1, 0xdd, 0xee, 0xe5, 0x9d, 0x2c, 0x66, 0x5d, 0x01, 0x15, + 0x4d, 0x38, 0x14, 0xc6, 0xdf, 0x30, 0xcc, 0x3c, 0x98, 0x8f, 0xc6, 0x30, 0x3d, 0xc3, 0xdc, 0xb2, + 0x5d, 0xe2, 0xef, 0x45, 0x9d, 0xbb, 0xec, 0x93, 0xc0, 0x1b, 0xf8, 0x26, 0x39, 0xd6, 0x57, 0xc1, + 0xe5, 0x1e, 0x09, 0x8d, 0x3c, 0x5a, 0x97, 0x8b, 0xbe, 0xf2, 0x07, 0x6e, 0x68, 0xf7, 0xb2, 0x64, + 0x7e, 0xe6, 0xa8, 0x0f, 0x02, 0x73, 0x8b, 0xf4, 0x8c, 0xcc, 0x77, 0x4f, 0x17, 0x7d, 0x37, 0x08, + 0x6d, 0xe7, 0xb2, 0xed, 0x86, 0x41, 0xe8, 0xa7, 0x3f, 0xd2, 0x3f, 0x02, 0xf5, 0x25, 0xcb, 0xf2, + 0x5c, 0xf4, 0x24, 0x8c, 0x13, 0xd7, 0xd8, 0x70, 0x88, 0x35, 0xaf, 0x5d, 0xd2, 0x9e, 0x68, 0x34, + 0x4f, 0x7d, 0x7f, 0x7f, 0xe1, 0x3d, 0x07, 0xfb, 0x0b, 0xe3, 0x2b, 0xbc, 0x18, 0x47, 0xf5, 0xfa, + 0xd7, 0x6a, 0x30, 0xc6, 0x3e, 0x0a, 0xd0, 0x2f, 0x6b, 0x70, 0x7a, 0x7b, 0xb0, 0x41, 0x7c, 0x97, + 0x84, 0x24, 0x58, 0x36, 0x82, 0xad, 0x0d, 0xcf, 0xf0, 0x39, 0x8a, 0xc9, 0x8f, 0x5c, 0x5b, 0x2c, + 0xb1, 0x04, 0x17, 0xaf, 0x67, 0xf1, 0x35, 0x1f, 0x39, 0xd8, 0x5f, 0x38, 0x9d, 0x53, 0x81, 0xf3, + 0xa8, 0xa3, 0x3b, 0x30, 0xe5, 0x76, 0x6d, 0x77, 0xb7, 0xed, 0x76, 0x7d, 0x12, 0x04, 0xf3, 0x35, + 0xd6, 0x9a, 0xa5, 0x52, 0xad, 0xb9, 0xa9, 0x20, 0x6a, 0xce, 0x1e, 0xec, 0x2f, 0x4c, 0xa9, 0x25, + 0x38, 0x41, 0x48, 0xff, 0x8a, 0x06, 0xa7, 0x96, 0xac, 0x9e, 0x1d, 0x04, 0xb6, 0xe7, 0xae, 0x39, + 0x83, 0xae, 0xed, 0xa2, 0x4b, 0x30, 0xea, 0x1a, 0x3d, 0xc2, 0x86, 0x64, 0xa2, 0x39, 0x25, 0x46, + 0x75, 0xf4, 0xa6, 0xd1, 0x23, 0x98, 0xd5, 0xa0, 0x97, 0x61, 0xcc, 0xf4, 0xdc, 0x4d, 0xbb, 0x2b, + 0x1a, 0xfa, 0x53, 0x8b, 0x7c, 0x26, 0x17, 0xd5, 0x99, 0x64, 0xed, 0x13, 0x2b, 0x60, 0x11, 0x1b, + 0x77, 0x56, 0x76, 0x43, 0xe2, 0x52, 0x32, 0x4d, 0x38, 0xd8, 0x5f, 0x18, 0x6b, 0x31, 0x04, 0x58, + 0x20, 0xd2, 0xaf, 0x40, 0x63, 0xc9, 0x21, 0x7e, 0x68, 0xbb, 0x5d, 0xf4, 0x1c, 0xcc, 0x90, 0x9e, + 0x61, 0x3b, 0x98, 0x98, 0xc4, 0xde, 0x21, 0x7e, 0x30, 0xaf, 0x5d, 0x1a, 0x79, 0x62, 0xa2, 0x89, + 0x0e, 0xf6, 0x17, 0x66, 0x56, 0x12, 0x35, 0x38, 0x05, 0xa9, 0xbf, 0xad, 0xc1, 0xe4, 0xd2, 0xc0, + 0xb2, 0x43, 0x8e, 0x1f, 0x05, 0x30, 0x69, 0xd0, 0x9f, 0x6b, 0x9e, 0x63, 0x9b, 0x7b, 0x62, 0x9a, + 0x5f, 0x2a, 0x35, 0xb0, 0x4b, 0x31, 0x9e, 0xe6, 0xa9, 0x83, 0xfd, 0x85, 0x49, 0xa5, 0x00, 0xab, + 0x54, 0xf4, 0x2d, 0x50, 0xeb, 0xd0, 0x6b, 0x30, 0xc5, 0x7b, 0xb9, 0x6a, 0xf4, 0x31, 0xd9, 0x14, + 0x8d, 0x78, 0x9f, 0x32, 0x68, 0x11, 0xa5, 0xc5, 0x5b, 0x1b, 0x6f, 0x10, 0x33, 0xc4, 0x64, 0x93, + 0xf8, 0xc4, 0x35, 0x09, 0x9f, 0xbf, 0x96, 0xf2, 0x31, 0x4e, 0xa0, 0xd2, 0x7f, 0xac, 0xc1, 0xec, + 0xd2, 0x8e, 0x61, 0x3b, 0xc6, 0x86, 0xed, 0xd8, 0xe1, 0xde, 0x67, 0x3c, 0x97, 0x0c, 0x31, 0x81, + 0xeb, 0xf0, 0xc8, 0xc0, 0x35, 0xf8, 0x77, 0x0e, 0x59, 0xe5, 0x53, 0x76, 0x7b, 0xaf, 0x4f, 0xe8, + 0xd2, 0xa3, 0x43, 0xfd, 0xd8, 0xc1, 0xfe, 0xc2, 0x23, 0xeb, 0xf9, 0x20, 0xb8, 0xe8, 0x5b, 0x84, + 0xe1, 0x9c, 0x52, 0xf5, 0x8a, 0xe7, 0x0c, 0x7a, 0x02, 0xeb, 0x08, 0xc3, 0x7a, 0xfe, 0x60, 0x7f, + 0xe1, 0xdc, 0x7a, 0x2e, 0x04, 0x2e, 0xf8, 0x52, 0xff, 0x41, 0x0d, 0xa6, 0x9a, 0x86, 0xb9, 0x3d, + 0xe8, 0x37, 0x07, 0xe6, 0x36, 0x09, 0xd1, 0xe7, 0xa1, 0x41, 0x39, 0x97, 0x65, 0x84, 0x86, 0x18, + 0xc9, 0x9f, 0x2e, 0x5c, 0x7e, 0x6c, 0x16, 0x29, 0x74, 0x3c, 0xb6, 0xab, 0x24, 0x34, 0x9a, 0x48, + 0x8c, 0x09, 0xc4, 0x65, 0x58, 0x62, 0x45, 0x5d, 0x18, 0x0d, 0xfa, 0xc4, 0x14, 0x8b, 0x7b, 0xa5, + 0xd4, 0x62, 0x51, 0x9b, 0xdc, 0xe9, 0x13, 0x33, 0x9e, 0x06, 0xfa, 0x0b, 0x33, 0x02, 0xc8, 0x83, + 0xb1, 0x20, 0x34, 0xc2, 0x01, 0x1d, 0x1f, 0x4a, 0xea, 0x6a, 0x75, 0x52, 0x0c, 0x5d, 0x73, 0x46, + 0x10, 0x1b, 0xe3, 0xbf, 0xb1, 0x20, 0xa3, 0xff, 0x48, 0x83, 0x59, 0x15, 0xfc, 0x86, 0x1d, 0x84, + 0xe8, 0x67, 0x33, 0x03, 0xba, 0x38, 0xdc, 0x80, 0xd2, 0xaf, 0xd9, 0x70, 0xce, 0x0a, 0x72, 0x8d, + 0xa8, 0x44, 0x19, 0xcc, 0x4d, 0xa8, 0xdb, 0x21, 0xe9, 0xf1, 0x85, 0x55, 0x96, 0xa7, 0xa9, 0x6d, + 0x6e, 0x4e, 0x0b, 0x6a, 0xf5, 0x36, 0xc5, 0x8b, 0x39, 0x7a, 0xfd, 0xf3, 0x70, 0x46, 0x85, 0x5a, + 0xf3, 0xbd, 0x1d, 0xdb, 0x22, 0x3e, 0xdd, 0x0c, 0xe1, 0x5e, 0x3f, 0xb3, 0x19, 0xe8, 0xe2, 0xc2, + 0xac, 0x06, 0x7d, 0x10, 0xc6, 0x7c, 0xd2, 0xb5, 0x3d, 0x97, 0x4d, 0xf8, 0x44, 0x3c, 0x78, 0x98, + 0x95, 0x62, 0x51, 0xab, 0xff, 0xb7, 0x5a, 0x72, 0xf0, 0xe8, 0x44, 0xa2, 0x3b, 0xd0, 0xe8, 0x0b, + 0x52, 0x62, 0xf0, 0xda, 0x95, 0x7b, 0x18, 0xb5, 0x3d, 0x1e, 0xd7, 0xa8, 0x04, 0x4b, 0x62, 0xc8, + 0x86, 0x99, 0xe8, 0xff, 0x56, 0x05, 0x5e, 0xcc, 0x78, 0xea, 0x5a, 0x02, 0x11, 0x4e, 0x21, 0x46, + 0xb7, 0x61, 0x22, 0x20, 0xa6, 0x4f, 0x28, 0x5f, 0x12, 0x2b, 0x35, 0x97, 0x79, 0x75, 0x22, 0x20, + 0xc1, 0xbc, 0xe6, 0x44, 0xf3, 0x27, 0x64, 0x05, 0x8e, 0x11, 0xa1, 0x0b, 0x30, 0x1a, 0x10, 0x62, + 0xcd, 0x8f, 0xb2, 0x41, 0x6f, 0xb0, 0xad, 0x41, 0x88, 0x85, 0x59, 0xa9, 0xfe, 0x1b, 0xa3, 0x80, + 0xb2, 0x0b, 0x5b, 0xed, 0x35, 0x2f, 0x11, 0x83, 0x5e, 0xa5, 0xd7, 0x62, 0x8f, 0xa4, 0x10, 0xa3, + 0xb7, 0x60, 0xda, 0x31, 0x82, 0xf0, 0x56, 0x9f, 0x8a, 0x1f, 0xd1, 0xea, 0x98, 0xfc, 0x48, 0xb3, + 0xd4, 0xf4, 0xde, 0x50, 0x31, 0x35, 0xe7, 0x0e, 0xf6, 0x17, 0xa6, 0x13, 0x45, 0x38, 0x49, 0x0b, + 0x6d, 0xc3, 0x04, 0x2d, 0x58, 0xf1, 0x7d, 0xcf, 0x17, 0x43, 0xfe, 0x62, 0x69, 0xc2, 0x0c, 0x4b, + 0x73, 0x9a, 0xce, 0x84, 0xfc, 0x89, 0x63, 0xfc, 0xe8, 0x53, 0x80, 0xbc, 0x8d, 0x80, 0xf8, 0x3b, + 0xc4, 0xba, 0xca, 0xa5, 0x2d, 0xda, 0x5d, 0x3a, 0x2f, 0x23, 0xcd, 0xf3, 0x62, 0x0e, 0xd1, 0xad, + 0x0c, 0x04, 0xce, 0xf9, 0x0a, 0x6d, 0x03, 0x92, 0x12, 0x9b, 0x9c, 0xf6, 0xf9, 0xfa, 0xf0, 0x8b, + 0xe6, 0x1c, 0x25, 0x76, 0x35, 0x83, 0x02, 0xe7, 0xa0, 0xd5, 0x7f, 0xaf, 0x06, 0x93, 0x7c, 0x91, + 0xac, 0xb8, 0xa1, 0xbf, 0x77, 0x02, 0x47, 0xc3, 0x66, 0xe2, 0x68, 0x58, 0xae, 0xb0, 0xd5, 0x59, + 0x8b, 0x0b, 0x4f, 0x06, 0x37, 0x75, 0x32, 0x5c, 0xa9, 0x4c, 0xe9, 0xf0, 0x83, 0xe1, 0x0f, 0x35, + 0x38, 0xa5, 0x40, 0x9f, 0xc0, 0xb9, 0x40, 0x92, 0xe7, 0xc2, 0x4b, 0x55, 0x3b, 0x58, 0x70, 0x2c, + 0x98, 0x89, 0x7e, 0x31, 0x96, 0xfd, 0x11, 0x80, 0x0d, 0xc6, 0x53, 0x6e, 0xc6, 0x42, 0x92, 0x9c, + 0xf5, 0xa6, 0xac, 0xc1, 0x0a, 0x94, 0x64, 0x56, 0xb5, 0x5c, 0x66, 0xf5, 0xe7, 0x35, 0x98, 0xcb, + 0x8c, 0x75, 0x96, 0x81, 0x68, 0xef, 0x14, 0x03, 0xa9, 0xbd, 0x23, 0x0c, 0x64, 0xa4, 0x14, 0x03, + 0x79, 0x02, 0x1a, 0x74, 0x4c, 0xd9, 0xdc, 0xf0, 0xa3, 0x61, 0x8a, 0xae, 0xa0, 0x8e, 0x28, 0xc3, + 0xb2, 0x56, 0xff, 0x5d, 0x0d, 0x46, 0x5a, 0xb8, 0x8d, 0x3e, 0x94, 0x10, 0x77, 0x1f, 0x51, 0xc5, + 0xdd, 0x7b, 0xfb, 0x0b, 0xe3, 0x2d, 0xdc, 0x56, 0x24, 0xdf, 0xbf, 0xae, 0xc1, 0x9c, 0xe9, 0xb9, + 0xa1, 0x41, 0xd7, 0x2e, 0xe6, 0x67, 0x43, 0xb4, 0x06, 0xcb, 0x49, 0x7a, 0xad, 0x14, 0xb6, 0xe6, + 0xa3, 0xa2, 0x05, 0x73, 0xe9, 0x9a, 0x00, 0x67, 0x49, 0xeb, 0xeb, 0x30, 0xd1, 0x72, 0xbc, 0x81, + 0xd5, 0x76, 0x37, 0xbd, 0xfb, 0x28, 0xac, 0xfc, 0x7b, 0x0d, 0xa6, 0x18, 0xde, 0x35, 0xdf, 0xdb, + 0xb4, 0x1d, 0xf2, 0x90, 0x88, 0xcd, 0x6a, 0x93, 0x8b, 0x98, 0x23, 0x93, 0x62, 0x55, 0xc0, 0x87, + 0x45, 0x8a, 0x55, 0xdb, 0x5c, 0xc0, 0xae, 0xbe, 0x31, 0x9e, 0xec, 0x1a, 0x63, 0x58, 0x4f, 0x40, + 0xc3, 0x34, 0x9a, 0x03, 0xd7, 0x72, 0xe4, 0xca, 0xa0, 0xcd, 0x6c, 0x2d, 0xf1, 0x32, 0x2c, 0x6b, + 0xd1, 0x5b, 0x00, 0xb1, 0x79, 0x41, 0x4c, 0xc4, 0xd5, 0x8a, 0x36, 0x8d, 0x0e, 0x09, 0xa9, 0x56, + 0x1e, 0xc4, 0xb3, 0x1f, 0xd7, 0x61, 0x85, 0x1c, 0xfa, 0xcb, 0x30, 0x2d, 0x86, 0xb9, 0xdd, 0x33, + 0xba, 0x42, 0xe9, 0x2b, 0x3b, 0x56, 0xab, 0x0a, 0xa6, 0xe6, 0x59, 0x41, 0x79, 0x5a, 0x2d, 0x0d, + 0x70, 0x92, 0x1c, 0xba, 0x0b, 0x53, 0x3d, 0x55, 0x93, 0x1d, 0xad, 0x70, 0xb0, 0x28, 0x6a, 0x6d, + 0xf3, 0x8c, 0xa0, 0x3e, 0x95, 0x50, 0x82, 0x13, 0xb4, 0x72, 0xa4, 0xf1, 0xfa, 0x83, 0x92, 0xc6, + 0x37, 0x61, 0x9c, 0xef, 0xf1, 0x60, 0x7e, 0x8c, 0xf5, 0xf0, 0x13, 0xa5, 0x7a, 0xc8, 0xf9, 0x45, + 0x6c, 0x34, 0xe3, 0xbf, 0x03, 0x1c, 0x21, 0x47, 0x77, 0x60, 0x8a, 0xb2, 0xda, 0x0e, 0x71, 0x88, + 0x19, 0x7a, 0xfe, 0xfc, 0x78, 0x05, 0x9b, 0x54, 0x47, 0x41, 0xc4, 0x6d, 0x1a, 0x6a, 0x09, 0x4e, + 0x10, 0x92, 0x4c, 0xb0, 0x51, 0xc8, 0x04, 0x77, 0x60, 0x72, 0x47, 0x31, 0x2e, 0x4c, 0xb0, 0x61, + 0xf8, 0x64, 0xa9, 0x96, 0xc5, 0xa6, 0x86, 0xe6, 0x69, 0x41, 0x69, 0x52, 0x35, 0x4b, 0xa8, 0x84, + 0xf4, 0x6f, 0x37, 0x60, 0xae, 0xe5, 0x0c, 0x82, 0x90, 0xf8, 0x4b, 0xc2, 0xee, 0x4b, 0x7c, 0xf4, + 0xb6, 0x06, 0xe7, 0xd8, 0xbf, 0xcb, 0xde, 0x1d, 0x77, 0x99, 0x38, 0xc6, 0xde, 0xd2, 0x26, 0x85, + 0xb0, 0xac, 0xe3, 0x31, 0xa2, 0xe5, 0x81, 0x38, 0xdd, 0x99, 0x99, 0xa4, 0x93, 0x8b, 0x11, 0x17, + 0x50, 0x42, 0x5f, 0xd5, 0xe0, 0xd1, 0x9c, 0xaa, 0x65, 0xe2, 0x90, 0x90, 0x08, 0x4e, 0x70, 0xdc, + 0x76, 0x3c, 0x7e, 0xb0, 0xbf, 0xf0, 0x68, 0xa7, 0x08, 0x29, 0x2e, 0xa6, 0x47, 0x4f, 0xd9, 0xf3, + 0x39, 0xb5, 0x57, 0x0c, 0xdb, 0x19, 0xf8, 0x44, 0xc8, 0xb4, 0xc7, 0x6d, 0xce, 0xc5, 0x83, 0xfd, + 0x85, 0xf3, 0x9d, 0x42, 0xac, 0xf8, 0x10, 0x8a, 0xe8, 0x8b, 0x70, 0x56, 0xd6, 0xae, 0xbb, 0x2e, + 0x21, 0x16, 0xb1, 0x6e, 0xdb, 0x42, 0xc4, 0x38, 0x7e, 0x53, 0x1e, 0x3d, 0xd8, 0x5f, 0x38, 0xdb, + 0xc9, 0x43, 0x88, 0xf3, 0xe9, 0xa0, 0x2e, 0x3c, 0x1e, 0x57, 0x84, 0xb6, 0x63, 0xdf, 0x65, 0x98, + 0x6e, 0x6f, 0xf9, 0x24, 0xd8, 0xf2, 0x1c, 0x8b, 0xf1, 0x0b, 0xad, 0xf9, 0xde, 0x83, 0xfd, 0x85, + 0xc7, 0x3b, 0x87, 0x01, 0xe2, 0xc3, 0xf1, 0x20, 0x0b, 0xa6, 0x02, 0xd3, 0x70, 0xdb, 0x6e, 0x48, + 0xfc, 0x1d, 0xc3, 0x99, 0x1f, 0x2b, 0xd5, 0x41, 0xbe, 0x47, 0x15, 0x3c, 0x38, 0x81, 0x15, 0x3d, + 0x03, 0x0d, 0xb2, 0xdb, 0x37, 0x5c, 0x8b, 0x70, 0xc6, 0x30, 0xd1, 0xbc, 0x40, 0x8f, 0xa4, 0x15, + 0x51, 0x76, 0x6f, 0x7f, 0x61, 0x2a, 0xfa, 0x7f, 0xd5, 0xb3, 0x08, 0x96, 0xd0, 0xe8, 0x0b, 0x70, + 0xa6, 0x67, 0xec, 0xde, 0xf4, 0x2c, 0xc2, 0xf8, 0x1c, 0x65, 0x7b, 0x6c, 0x22, 0x1a, 0xa5, 0xda, + 0x39, 0x7f, 0xb0, 0xbf, 0x70, 0x66, 0x35, 0x07, 0x1f, 0xce, 0xa5, 0x42, 0xa7, 0xa1, 0x67, 0xec, + 0x5e, 0xf5, 0x0d, 0x93, 0x6c, 0x0e, 0x9c, 0xdb, 0xc4, 0xef, 0xd9, 0x2e, 0xc3, 0xd4, 0x21, 0xa6, + 0xe7, 0x5a, 0x94, 0x97, 0x68, 0x4f, 0xd4, 0xf9, 0x34, 0xac, 0x1e, 0x06, 0x88, 0x0f, 0xc7, 0xa3, + 0xff, 0x77, 0x0d, 0x26, 0x05, 0xab, 0x60, 0x92, 0x9d, 0x09, 0x75, 0x93, 0x9e, 0xeb, 0x82, 0x25, + 0xbc, 0x58, 0x5e, 0x80, 0xa0, 0xe8, 0x62, 0xe9, 0x81, 0x15, 0x61, 0x8e, 0x1b, 0xdd, 0xc9, 0x39, + 0xfe, 0x5b, 0x15, 0x8f, 0x7f, 0x46, 0xee, 0x88, 0xa3, 0x5f, 0xdf, 0x1f, 0x81, 0x89, 0x96, 0xe7, + 0x5a, 0x36, 0x13, 0xe1, 0x9f, 0x4a, 0x48, 0xb1, 0x8f, 0xab, 0x0c, 0xfc, 0xde, 0xfe, 0xc2, 0xb4, + 0x04, 0x54, 0x38, 0xfa, 0xb3, 0x52, 0xdf, 0xe5, 0x62, 0xed, 0x7b, 0x93, 0x7a, 0xea, 0xbd, 0xfd, + 0x85, 0x53, 0xf2, 0xb3, 0xa4, 0xea, 0x8a, 0x76, 0x00, 0x51, 0x4d, 0xe4, 0xb6, 0x6f, 0xb8, 0x01, + 0x47, 0x4b, 0x97, 0x13, 0x67, 0x31, 0xff, 0xff, 0x70, 0xcb, 0x89, 0x7e, 0x11, 0x2b, 0x2a, 0x37, + 0x32, 0xd8, 0x70, 0x0e, 0x05, 0xf4, 0x06, 0xcc, 0xd0, 0xd2, 0xf5, 0xbe, 0x65, 0x84, 0x44, 0xe1, + 0x25, 0xc7, 0xa1, 0x79, 0x4e, 0xd0, 0x9c, 0xb9, 0x91, 0xc0, 0x84, 0x53, 0x98, 0xb9, 0xd4, 0x6f, + 0x04, 0x9e, 0xcb, 0xd8, 0x44, 0x42, 0xea, 0xa7, 0xa5, 0x58, 0xd4, 0xa2, 0x27, 0x61, 0xbc, 0x47, + 0x82, 0xc0, 0xe8, 0x12, 0xb6, 0xef, 0x27, 0xe2, 0xe3, 0x7d, 0x95, 0x17, 0xe3, 0xa8, 0x1e, 0x7d, + 0x18, 0xea, 0xa6, 0x67, 0x91, 0x60, 0x7e, 0x9c, 0x99, 0xe6, 0xcf, 0xb1, 0xc5, 0x44, 0x0b, 0xee, + 0xed, 0x2f, 0x4c, 0x30, 0xb5, 0x8e, 0xfe, 0xc2, 0x1c, 0x48, 0xff, 0x55, 0x2a, 0x72, 0xa7, 0x74, + 0x97, 0xa2, 0x7b, 0x06, 0x3e, 0xad, 0x4c, 0xdb, 0x3a, 0x39, 0x23, 0xa5, 0xfe, 0x8b, 0x35, 0x38, + 0x43, 0x5b, 0xe8, 0x7b, 0x8e, 0x43, 0xcf, 0xa1, 0xbe, 0xe3, 0xed, 0xf5, 0x88, 0x7b, 0x12, 0xf7, + 0x05, 0x91, 0xc0, 0x52, 0x2b, 0x14, 0x58, 0x7a, 0x99, 0x71, 0x18, 0x29, 0x33, 0x0e, 0x72, 0xb9, + 0x1c, 0x31, 0x16, 0x7f, 0xaa, 0xc1, 0x7c, 0xde, 0x58, 0x9c, 0x80, 0xa2, 0xe4, 0x26, 0x15, 0xa5, + 0x76, 0x69, 0x95, 0x3a, 0xdd, 0xf6, 0x02, 0x85, 0xe9, 0x4f, 0x6b, 0x70, 0x2e, 0x06, 0x6f, 0xbb, + 0x41, 0x68, 0x38, 0x0e, 0xb7, 0x24, 0x3c, 0xf8, 0x89, 0x7f, 0x33, 0xa1, 0xf1, 0xde, 0xaa, 0xd8, + 0x57, 0xb5, 0xf1, 0x85, 0x86, 0xc1, 0xbd, 0x94, 0x61, 0xf0, 0xe5, 0xfb, 0x49, 0xf4, 0x70, 0x1b, + 0xe1, 0x9f, 0x69, 0x70, 0x3e, 0xff, 0xc3, 0x13, 0x58, 0x57, 0xfd, 0xe4, 0xba, 0xba, 0x7e, 0x1f, + 0xbb, 0x5d, 0xb0, 0xb2, 0x7e, 0xab, 0x56, 0xd4, 0x5d, 0xa6, 0x94, 0x6f, 0xc2, 0x29, 0xaa, 0x29, + 0x05, 0xa1, 0xb0, 0x65, 0x1d, 0xef, 0x5e, 0x37, 0xb2, 0x52, 0x9d, 0xc2, 0x49, 0x1c, 0x38, 0x8d, + 0x14, 0xdd, 0x84, 0x71, 0xaa, 0x1d, 0x51, 0xfc, 0xb5, 0xe1, 0xf1, 0x4b, 0xbe, 0xdf, 0xe1, 0xdf, + 0xe2, 0x08, 0x09, 0xfa, 0x59, 0x98, 0xb6, 0xe4, 0xa6, 0x3a, 0xe2, 0x42, 0x27, 0x8d, 0x95, 0x99, + 0x1d, 0x97, 0xd5, 0xaf, 0x71, 0x12, 0x99, 0xfe, 0x7f, 0x34, 0xb8, 0x70, 0xd8, 0xe2, 0x42, 0x3e, + 0x80, 0x19, 0x1d, 0xe4, 0xfc, 0x5e, 0xbf, 0xb4, 0x30, 0x14, 0xa1, 0x89, 0x37, 0xa9, 0x2c, 0x0a, + 0xb0, 0x42, 0x25, 0xe7, 0xd2, 0xa8, 0xf6, 0x80, 0x2e, 0x8d, 0xf4, 0xff, 0xa1, 0xa9, 0xec, 0x48, + 0x9d, 0xdc, 0x87, 0x8e, 0x1d, 0xa9, 0x8d, 0x2f, 0x34, 0xc5, 0xfd, 0xc9, 0x08, 0x5c, 0xca, 0xff, + 0x44, 0x39, 0x81, 0x2f, 0x24, 0xe4, 0xc1, 0x46, 0xea, 0x6c, 0x3c, 0xc1, 0x8b, 0xcc, 0x97, 0x60, + 0xac, 0xcf, 0xfd, 0x40, 0x46, 0x58, 0x53, 0x9e, 0xa0, 0x5c, 0x8e, 0x3b, 0x69, 0xdc, 0xdb, 0x5f, + 0x38, 0x9f, 0x77, 0xec, 0x08, 0xf7, 0x0e, 0xf1, 0x1d, 0xb2, 0x53, 0x46, 0x11, 0x2e, 0xf2, 0x3d, + 0x3d, 0x24, 0xa3, 0x33, 0x36, 0x88, 0x33, 0xb4, 0x19, 0xe4, 0x6d, 0x0d, 0x66, 0x12, 0x9b, 0x2b, + 0x98, 0xaf, 0xb3, 0xed, 0x52, 0xee, 0x02, 0x21, 0xb1, 0x6d, 0x63, 0x49, 0x22, 0x51, 0x1c, 0xe0, + 0x14, 0xc5, 0x14, 0xcf, 0x57, 0xe7, 0xf7, 0xe1, 0xe3, 0xf9, 0x6a, 0xeb, 0x0b, 0x78, 0xfe, 0xb7, + 0x6a, 0x45, 0xdd, 0x65, 0x3c, 0x7f, 0x17, 0x26, 0x22, 0x5f, 0xbb, 0x88, 0x77, 0x5d, 0xad, 0xdc, + 0x28, 0x8e, 0x2f, 0xbe, 0x2c, 0x8f, 0x4a, 0x02, 0x1c, 0x13, 0x43, 0x5f, 0xd6, 0x00, 0xe2, 0xa9, + 0x11, 0x3b, 0x64, 0xfd, 0x3e, 0x0e, 0x88, 0x22, 0x68, 0xcd, 0x50, 0x06, 0xa3, 0xac, 0x0b, 0x85, + 0xb0, 0xfe, 0x9b, 0x35, 0x40, 0xd9, 0xc6, 0x53, 0x09, 0x78, 0xdb, 0x76, 0xad, 0xb4, 0x26, 0x70, + 0xdd, 0x76, 0x2d, 0xcc, 0x6a, 0x86, 0x90, 0x91, 0x5f, 0x80, 0x53, 0x5d, 0xc7, 0xdb, 0x30, 0x1c, + 0x67, 0x4f, 0x38, 0xf0, 0xb1, 0x5d, 0xda, 0x68, 0x9e, 0xa6, 0xe7, 0xe4, 0xd5, 0x64, 0x15, 0x4e, + 0xc3, 0xa2, 0x3e, 0xcc, 0xfa, 0x54, 0xf7, 0x36, 0x6d, 0x87, 0xe9, 0x4c, 0xde, 0x20, 0x2c, 0x69, + 0xdc, 0x39, 0x73, 0xb0, 0xbf, 0x30, 0x8b, 0x53, 0xb8, 0x70, 0x06, 0x3b, 0xfa, 0x00, 0x8c, 0xf7, + 0x7d, 0xbb, 0x67, 0xf8, 0x7b, 0x4c, 0x2b, 0x6b, 0x34, 0x27, 0xe9, 0x81, 0xbb, 0xc6, 0x8b, 0x70, + 0x54, 0xa7, 0x7f, 0x53, 0x83, 0x91, 0xe5, 0x9b, 0x1d, 0xa4, 0xc3, 0x98, 0xe5, 0xf5, 0x0c, 0xdb, + 0x15, 0xa3, 0xc4, 0xbc, 0xe0, 0x96, 0x59, 0x09, 0x16, 0x35, 0xe8, 0x4d, 0x98, 0x88, 0x58, 0x56, + 0xb5, 0x8b, 0xd1, 0xe5, 0x9b, 0x1d, 0xe9, 0x45, 0x22, 0x57, 0x56, 0x54, 0x12, 0xe0, 0x98, 0x8a, + 0x6e, 0xc0, 0xdc, 0xf2, 0xcd, 0x4e, 0xdb, 0x35, 0x9d, 0x81, 0x45, 0x56, 0x76, 0xd9, 0x1f, 0xda, + 0x35, 0x9b, 0x97, 0x08, 0xd7, 0x3b, 0xd6, 0x35, 0x01, 0x84, 0xa3, 0x3a, 0x0a, 0x46, 0xf8, 0x17, + 0xc2, 0x6d, 0x8c, 0x81, 0x09, 0x24, 0x38, 0xaa, 0xd3, 0xff, 0xa8, 0x06, 0x93, 0x4a, 0x83, 0x50, + 0x0f, 0xc6, 0x79, 0x7f, 0x23, 0xef, 0x8d, 0x2b, 0x65, 0xfb, 0x98, 0x6c, 0x36, 0x27, 0xcf, 0x87, + 0x34, 0xc0, 0x11, 0x0d, 0x75, 0x9e, 0x6a, 0xc5, 0xf3, 0x84, 0x16, 0x01, 0xb8, 0x73, 0x0a, 0xbb, + 0x7a, 0xe4, 0x07, 0x04, 0xdb, 0x0a, 0x1d, 0x59, 0x8a, 0x15, 0x08, 0x79, 0xaa, 0x8d, 0xe6, 0x9e, + 0x6a, 0x5d, 0xa8, 0xdf, 0xf5, 0x5c, 0x12, 0x88, 0x7b, 0x80, 0xfb, 0xd5, 0xc3, 0x09, 0xca, 0xb2, + 0x3e, 0x43, 0x11, 0x63, 0x8e, 0x5f, 0xff, 0x75, 0x0d, 0x60, 0xd9, 0x08, 0x0d, 0x6e, 0xb4, 0x1e, + 0xc2, 0xf7, 0xef, 0x42, 0x62, 0x27, 0x36, 0x32, 0xf7, 0x8b, 0xa3, 0x81, 0x7d, 0x37, 0xea, 0xbf, + 0x94, 0x37, 0x38, 0xf6, 0x8e, 0x7d, 0x97, 0x60, 0x56, 0x8f, 0x3e, 0x04, 0x13, 0xc4, 0x35, 0xfd, + 0xbd, 0x7e, 0x28, 0x5c, 0x78, 0x1a, 0xfc, 0x7e, 0x78, 0x25, 0x2a, 0xc4, 0x71, 0xbd, 0xfe, 0x14, + 0x24, 0xa5, 0xc6, 0xa3, 0x5b, 0xa9, 0xef, 0x40, 0x63, 0xc5, 0xb5, 0xfa, 0x9e, 0xed, 0x86, 0x43, + 0xf4, 0xe9, 0x71, 0x18, 0x19, 0xf8, 0x8e, 0xe8, 0xd2, 0xa4, 0x00, 0x18, 0x59, 0xc7, 0x37, 0x30, + 0x2d, 0x47, 0x4f, 0xc2, 0x78, 0x7f, 0xe0, 0xf7, 0xbd, 0x20, 0xea, 0x97, 0x14, 0x8f, 0xd7, 0x78, + 0x31, 0x8e, 0xea, 0xf5, 0x7b, 0x1a, 0xcc, 0xae, 0xec, 0xf6, 0x6d, 0x9f, 0xf9, 0x21, 0x12, 0x9f, + 0xca, 0x16, 0xf4, 0xfb, 0x1d, 0xfe, 0xaf, 0x68, 0x83, 0xfc, 0x5e, 0x40, 0xe0, 0xa8, 0x1e, 0x6d, + 0xc2, 0x0c, 0x61, 0x9f, 0x33, 0xa6, 0x6a, 0x48, 0xdb, 0xfb, 0x71, 0xac, 0x42, 0xdc, 0xcf, 0x35, + 0x81, 0x05, 0xa7, 0xb0, 0xa2, 0x0e, 0xcc, 0x98, 0x8e, 0x11, 0x04, 0xf6, 0xa6, 0x6d, 0xc6, 0xd7, + 0xed, 0x13, 0xcd, 0x0f, 0xd1, 0x6f, 0x5b, 0x89, 0x9a, 0x7b, 0xfb, 0x0b, 0x67, 0x45, 0x3b, 0x93, + 0x15, 0x38, 0x85, 0x42, 0xff, 0x7a, 0x0d, 0xa6, 0x57, 0x76, 0xfb, 0x5e, 0x30, 0xf0, 0x09, 0x03, + 0x3d, 0x01, 0xa1, 0xf5, 0x49, 0x18, 0xdf, 0x32, 0x5c, 0xcb, 0x21, 0xbe, 0x98, 0x3e, 0x39, 0xb6, + 0xd7, 0x78, 0x31, 0x8e, 0xea, 0xd1, 0x17, 0x00, 0x02, 0x73, 0x8b, 0x58, 0x03, 0xc7, 0x76, 0x23, + 0x0b, 0xca, 0x8d, 0x52, 0x1b, 0x2b, 0xd1, 0xc9, 0x8e, 0xc4, 0x29, 0xf6, 0xbb, 0xfc, 0x8d, 0x15, + 0x7a, 0xfa, 0x1f, 0x69, 0x30, 0x97, 0xf8, 0xee, 0x04, 0x24, 0xa0, 0x6e, 0x52, 0x02, 0x6a, 0x56, + 0xef, 0x6c, 0x81, 0xe0, 0xf3, 0x4b, 0x35, 0x78, 0xa4, 0x60, 0x50, 0x32, 0x17, 0x81, 0xda, 0x49, + 0x5d, 0x04, 0xee, 0xc0, 0x64, 0xe8, 0x39, 0xc2, 0x31, 0x24, 0x1a, 0x83, 0x72, 0xd7, 0x7c, 0xb7, + 0x25, 0x9e, 0xf8, 0x9a, 0x2f, 0x2e, 0x0b, 0xb0, 0x4a, 0x48, 0xff, 0x1d, 0x0d, 0x26, 0xa4, 0x62, + 0x31, 0x84, 0x4f, 0xc6, 0x09, 0x6a, 0x30, 0x4f, 0x40, 0xc3, 0xb2, 0x03, 0x55, 0x3a, 0x62, 0xae, + 0x00, 0xcb, 0xa2, 0x0c, 0xcb, 0x5a, 0xfd, 0x5f, 0xd6, 0xe0, 0x9c, 0xc4, 0x1d, 0x09, 0x6a, 0x54, + 0x4b, 0x1d, 0x46, 0x5a, 0xbb, 0x20, 0x38, 0xae, 0x72, 0x46, 0x28, 0xdc, 0xf6, 0x03, 0x69, 0x76, + 0x3a, 0x99, 0xc7, 0x4a, 0xd1, 0x4d, 0xa8, 0x07, 0x94, 0x9e, 0x10, 0xc3, 0x8e, 0x39, 0x1a, 0xec, + 0xa4, 0x63, 0xed, 0xc5, 0x1c, 0x0d, 0x7a, 0x4b, 0x95, 0xbe, 0xb9, 0x2a, 0xf4, 0xa9, 0xe3, 0x2d, + 0x06, 0xf6, 0xfa, 0x67, 0x91, 0xf6, 0xc4, 0x8a, 0x46, 0x24, 0xc7, 0x5b, 0x35, 0x4f, 0x00, 0xd7, + 0xff, 0x8d, 0x06, 0xa7, 0x64, 0xe3, 0x84, 0x2d, 0xe3, 0x7e, 0x48, 0xbd, 0x43, 0x8e, 0xe5, 0xba, + 0x34, 0xfb, 0x95, 0x1a, 0xcc, 0x22, 0x93, 0x5e, 0x00, 0x8d, 0xab, 0x62, 0xb0, 0xd0, 0x79, 0xa8, + 0xd9, 0x51, 0x5f, 0x40, 0xc0, 0xd7, 0xda, 0xcb, 0xb8, 0x66, 0x5b, 0xf2, 0x04, 0xae, 0x15, 0x9e, + 0xc0, 0xca, 0x11, 0x39, 0x72, 0xf8, 0x11, 0xa9, 0xff, 0x7d, 0x0d, 0xce, 0x44, 0x54, 0xa3, 0xb1, + 0x5e, 0x16, 0x76, 0xf4, 0x23, 0xce, 0xf9, 0xa3, 0xc7, 0xf3, 0x16, 0x8c, 0x32, 0x5e, 0x5c, 0xca, + 0xbe, 0x2e, 0x11, 0xd2, 0xe6, 0x60, 0x86, 0x48, 0xff, 0x8e, 0x06, 0x93, 0xd7, 0xec, 0x0d, 0xe2, + 0xf3, 0xfb, 0x3d, 0x26, 0xf3, 0x26, 0x9e, 0x1d, 0x4d, 0xe6, 0x3d, 0x39, 0x42, 0x7b, 0x30, 0x21, + 0xce, 0x0e, 0xe9, 0x5e, 0x56, 0xee, 0x71, 0x91, 0x42, 0x5b, 0xf0, 0x64, 0xd5, 0xb1, 0x3a, 0x22, + 0x81, 0x63, 0x6a, 0xfa, 0x5b, 0x70, 0x3a, 0xe7, 0x23, 0xb4, 0xc0, 0xb6, 0xa3, 0x1f, 0x8a, 0xe1, + 0x8d, 0xf6, 0x97, 0x1f, 0x62, 0x5e, 0x8e, 0x1e, 0x85, 0x11, 0xe2, 0x46, 0x2e, 0x8e, 0xe3, 0x54, + 0x80, 0x5a, 0x71, 0x2d, 0x4c, 0xcb, 0x28, 0xdb, 0x71, 0xbc, 0x84, 0x9c, 0xc1, 0xd8, 0xce, 0x0d, + 0x51, 0x86, 0x65, 0xad, 0xfe, 0xcf, 0x46, 0xe1, 0xf1, 0x6b, 0x9e, 0x6f, 0xdf, 0xf5, 0xdc, 0xd0, + 0x70, 0xd6, 0x3c, 0x2b, 0x76, 0x94, 0x10, 0x2c, 0xec, 0xcb, 0x1a, 0x3c, 0x62, 0xf6, 0x07, 0x6d, + 0xd7, 0x0e, 0x6d, 0x23, 0xba, 0xbf, 0x5e, 0x23, 0xbe, 0xed, 0x95, 0xf5, 0x97, 0x60, 0x8f, 0x55, + 0x5a, 0x6b, 0xeb, 0x79, 0x28, 0x71, 0x11, 0x2d, 0xe6, 0xb6, 0x61, 0x79, 0x77, 0x5c, 0xd6, 0xb8, + 0x4e, 0xc8, 0x1e, 0xd0, 0xdc, 0x8d, 0xbb, 0x58, 0xd2, 0x6d, 0x63, 0x39, 0x17, 0x23, 0x2e, 0xa0, + 0x84, 0xbe, 0x08, 0x67, 0x6d, 0xde, 0x38, 0x4c, 0x0c, 0xcb, 0x76, 0x49, 0x10, 0x30, 0xe7, 0x85, + 0x2a, 0x7e, 0x09, 0xed, 0x3c, 0x84, 0x38, 0x9f, 0x0e, 0xfa, 0x1c, 0x40, 0xb0, 0xe7, 0x9a, 0x62, + 0xfc, 0xeb, 0xa5, 0xa8, 0x72, 0xa9, 0x49, 0x62, 0xc1, 0x0a, 0x46, 0xaa, 0x27, 0xf0, 0xa3, 0xd5, + 0x35, 0xf9, 0x9d, 0xa4, 0xc6, 0xf5, 0x84, 0xdb, 0x51, 0x21, 0x8e, 0xeb, 0xf5, 0x7f, 0xa8, 0xc1, + 0xb8, 0x78, 0x99, 0x86, 0x3e, 0x98, 0x52, 0x97, 0x25, 0x0b, 0x4b, 0xa9, 0xcc, 0x77, 0x99, 0x41, + 0x59, 0x18, 0x24, 0xc4, 0xc1, 0x5b, 0x4e, 0xdb, 0x12, 0x94, 0x63, 0xf3, 0x46, 0xc2, 0xb0, 0x1c, + 0x99, 0x3c, 0x14, 0x6a, 0xfa, 0xaf, 0x69, 0x30, 0x97, 0xf9, 0x6a, 0x88, 0x63, 0xe1, 0x04, 0xaf, + 0x45, 0xbf, 0x3c, 0x09, 0xec, 0x19, 0xe2, 0xd2, 0x5a, 0xbb, 0x43, 0xfc, 0x1d, 0xb9, 0x0b, 0xbf, + 0xaa, 0xc1, 0x6c, 0x7c, 0x81, 0x2f, 0x5a, 0xa1, 0x55, 0xf0, 0xdc, 0xbc, 0x9e, 0x42, 0xd6, 0x9c, + 0x17, 0x1d, 0x9f, 0x4d, 0xd7, 0xe0, 0x0c, 0x61, 0xf4, 0x4b, 0x1a, 0xcc, 0x1a, 0xc9, 0x67, 0x88, + 0x11, 0xd7, 0x2c, 0xe7, 0x63, 0x9f, 0x7a, 0xd3, 0x18, 0x37, 0x26, 0x55, 0x11, 0xe0, 0x0c, 0x5d, + 0xf4, 0x51, 0x98, 0x32, 0xfa, 0xf6, 0xd2, 0xc0, 0xb2, 0xa9, 0x5c, 0x10, 0xbd, 0x5d, 0x63, 0xc2, + 0xea, 0xd2, 0x5a, 0x5b, 0x96, 0xe3, 0x04, 0x94, 0x7c, 0x68, 0x28, 0x86, 0x72, 0xb4, 0xea, 0x43, + 0x43, 0x31, 0x8a, 0xf1, 0x43, 0x43, 0x31, 0x78, 0x2a, 0x15, 0xf4, 0x59, 0x78, 0x94, 0x1f, 0x38, + 0x4d, 0x23, 0xb0, 0xcd, 0xa5, 0x41, 0xb8, 0x45, 0xdc, 0x30, 0x52, 0x08, 0xb9, 0x51, 0x8a, 0x39, + 0x71, 0xad, 0x14, 0x01, 0xe1, 0xe2, 0xef, 0x91, 0x07, 0xe0, 0xd9, 0x96, 0x29, 0x3a, 0xc4, 0xfd, + 0x88, 0xca, 0x49, 0xdf, 0xb7, 0xda, 0xcb, 0x2d, 0xd1, 0x1f, 0xc6, 0x2b, 0xe2, 0xdf, 0x58, 0x21, + 0x81, 0xfe, 0xb6, 0x06, 0xd3, 0x62, 0xa1, 0x0b, 0xa2, 0xe3, 0x6c, 0x09, 0x7c, 0xb6, 0xf4, 0x82, + 0x4c, 0xad, 0xfa, 0x45, 0xac, 0x62, 0xe7, 0xcf, 0x06, 0xa4, 0x6f, 0x69, 0xa2, 0x0e, 0x27, 0x1b, + 0x82, 0xbe, 0xa6, 0xc1, 0x99, 0x80, 0xf8, 0x3b, 0xb6, 0x49, 0x96, 0x4c, 0xd3, 0x1b, 0xb8, 0xd1, + 0x3c, 0x37, 0x2a, 0xbc, 0xf9, 0xea, 0xe4, 0x20, 0xe4, 0x1e, 0x4d, 0x79, 0x35, 0x38, 0xb7, 0x01, + 0xe8, 0xe7, 0x34, 0x38, 0x75, 0xc7, 0x08, 0xcd, 0xad, 0x96, 0x61, 0x6e, 0x31, 0x0b, 0x0d, 0x77, + 0x62, 0x2a, 0xbb, 0x73, 0x5e, 0x4d, 0xe2, 0xe2, 0xd6, 0xd7, 0x54, 0x21, 0x4e, 0x53, 0x44, 0x21, + 0x34, 0x7c, 0xf2, 0xe6, 0x80, 0x04, 0x61, 0x30, 0x0f, 0x8c, 0xfa, 0xa7, 0xaa, 0x4f, 0x1a, 0x16, + 0x18, 0xb9, 0xb0, 0x11, 0xfd, 0xc2, 0x92, 0x12, 0xea, 0xc2, 0xe3, 0x7c, 0xf9, 0x2e, 0xb9, 0x9e, + 0xbb, 0xd7, 0xf3, 0x06, 0x41, 0x6a, 0x0b, 0x4c, 0xb2, 0x2d, 0xc0, 0xbc, 0xb9, 0x56, 0x0e, 0x03, + 0xc4, 0x87, 0xe3, 0x39, 0xff, 0x12, 0xa0, 0xec, 0xd2, 0x41, 0xb3, 0x30, 0xb2, 0x4d, 0xf8, 0x9b, + 0xe2, 0x09, 0x4c, 0xff, 0x45, 0x67, 0xa0, 0xbe, 0x63, 0x38, 0x03, 0x2e, 0xa0, 0x36, 0x30, 0xff, + 0xf1, 0x5c, 0xed, 0x19, 0x4d, 0xff, 0xae, 0x06, 0x67, 0x73, 0x3b, 0x87, 0x30, 0x9c, 0x63, 0xae, + 0x6a, 0xee, 0xea, 0x20, 0x34, 0x42, 0xdb, 0xed, 0xb6, 0xdd, 0x4d, 0xc7, 0xee, 0x6e, 0x71, 0x41, + 0xad, 0xce, 0xc5, 0x8a, 0xd5, 0x5c, 0x08, 0x5c, 0xf0, 0x25, 0x6a, 0xc3, 0xe9, 0x9e, 0xb1, 0x9b, + 0x41, 0x58, 0x63, 0x08, 0xd9, 0xd3, 0xf4, 0xd5, 0x6c, 0x35, 0xce, 0xfb, 0x46, 0xff, 0x66, 0x1d, + 0x1e, 0xa3, 0x0d, 0x8f, 0x0f, 0xb8, 0x55, 0xc3, 0x35, 0xba, 0xef, 0xd2, 0x83, 0xe4, 0x3b, 0x1a, + 0x3c, 0xb2, 0x95, 0x2f, 0x7e, 0x8a, 0x33, 0x16, 0x97, 0x93, 0xc2, 0x0f, 0x13, 0x69, 0xf9, 0x02, + 0x3b, 0x14, 0x04, 0x17, 0xb5, 0x0a, 0xbd, 0x04, 0xb3, 0xae, 0x67, 0x91, 0x56, 0x7b, 0x19, 0xaf, + 0x1a, 0xc1, 0x76, 0x27, 0x32, 0xbe, 0xd6, 0xf9, 0x3d, 0xc4, 0xcd, 0x54, 0x1d, 0xce, 0x40, 0xa3, + 0x1d, 0x40, 0x7d, 0xcf, 0x5a, 0xd9, 0xb1, 0xcd, 0xc8, 0x37, 0xad, 0xfc, 0xdd, 0x07, 0x7b, 0x7d, + 0xb7, 0x96, 0xc1, 0x86, 0x73, 0x28, 0x30, 0x01, 0x9a, 0x36, 0x66, 0xd5, 0x73, 0xed, 0xd0, 0xf3, + 0x99, 0x33, 0x64, 0x25, 0x39, 0x92, 0xad, 0xf4, 0x9b, 0xb9, 0x18, 0x71, 0x01, 0x25, 0xfd, 0x7f, + 0x6a, 0x70, 0x8a, 0xae, 0x8b, 0x35, 0xdf, 0xdb, 0xdd, 0x7b, 0x57, 0x2e, 0xc9, 0x27, 0x61, 0xb4, + 0xe7, 0x59, 0x91, 0xce, 0x7a, 0x96, 0x8a, 0x82, 0xab, 0x9e, 0x45, 0xee, 0xf1, 0x0b, 0x99, 0xdd, + 0x3d, 0xe6, 0x1f, 0xcb, 0x40, 0x54, 0xdd, 0x72, 0xa4, 0x58, 0xb7, 0xd4, 0xff, 0x58, 0xe3, 0x32, + 0x5d, 0xa4, 0xda, 0xbd, 0x3b, 0xb7, 0xe2, 0xc7, 0x61, 0x9a, 0x96, 0xad, 0x1a, 0xbb, 0x6b, 0xcb, + 0xaf, 0x78, 0x4e, 0xe4, 0xd9, 0xc9, 0x7c, 0x48, 0xae, 0xab, 0x15, 0x38, 0x09, 0xa7, 0xff, 0xa7, + 0x19, 0x60, 0x00, 0x0e, 0x09, 0xdf, 0x95, 0x1d, 0x7b, 0x0a, 0x26, 0xcd, 0xfe, 0xa0, 0x75, 0xa5, + 0xf3, 0xf2, 0xc0, 0x0b, 0x0d, 0x71, 0xa7, 0xc4, 0xe4, 0xb4, 0xd6, 0xda, 0x7a, 0x54, 0x8c, 0x55, + 0x18, 0xba, 0xc9, 0xcd, 0xfe, 0x40, 0x30, 0xce, 0x35, 0xd5, 0x05, 0x81, 0x6d, 0xf2, 0xd6, 0xda, + 0x7a, 0xa2, 0x0e, 0x67, 0xa0, 0xd1, 0x97, 0x34, 0x98, 0x22, 0x62, 0x03, 0x5e, 0x33, 0x7c, 0x4b, + 0xec, 0xef, 0xf2, 0xa7, 0xac, 0x1c, 0xdd, 0x68, 0x5b, 0x73, 0x09, 0x77, 0x45, 0xa1, 0x81, 0x13, + 0x14, 0x99, 0xb0, 0x29, 0x7e, 0xd3, 0xc9, 0xf2, 0xac, 0xf4, 0x8e, 0xaf, 0x0b, 0x61, 0xb3, 0x08, + 0x08, 0x17, 0x7f, 0x8f, 0xfe, 0x81, 0x06, 0xe7, 0x64, 0xad, 0xed, 0xda, 0xbd, 0x41, 0x0f, 0x13, + 0xd3, 0x31, 0xec, 0x9e, 0x90, 0x3c, 0x3f, 0x7d, 0xff, 0x7a, 0x9a, 0xc4, 0xcf, 0xd9, 0x4e, 0x7e, + 0x1d, 0x2e, 0x68, 0x13, 0xfa, 0x35, 0x0d, 0x2e, 0x45, 0x55, 0x6b, 0x54, 0xff, 0x1b, 0xf8, 0x24, + 0xf6, 0x0f, 0x16, 0x63, 0x32, 0x5e, 0x8a, 0x0b, 0xbe, 0xff, 0x60, 0x7f, 0xe1, 0xd2, 0xca, 0x11, + 0xb8, 0xf1, 0x91, 0xd4, 0x13, 0x2b, 0xa6, 0xe3, 0x6d, 0x86, 0x42, 0x54, 0x7d, 0x60, 0x2b, 0x86, + 0xd2, 0xc0, 0x09, 0x8a, 0xe8, 0x37, 0x35, 0x78, 0x44, 0x2d, 0x50, 0x17, 0x0c, 0x97, 0x51, 0x5f, + 0xbb, 0x7f, 0xad, 0x49, 0x11, 0xe0, 0x56, 0xa1, 0x82, 0x4a, 0x5c, 0xd4, 0x2c, 0xca, 0x82, 0x7b, + 0x6c, 0x71, 0x72, 0x39, 0xb6, 0xce, 0x59, 0x30, 0x5f, 0xaf, 0x01, 0x8e, 0xea, 0xa8, 0x8e, 0xd8, + 0xf7, 0xac, 0x35, 0xdb, 0x0a, 0x6e, 0xd8, 0x3d, 0x3b, 0x64, 0x82, 0xe6, 0x08, 0x1f, 0x8f, 0x35, + 0xcf, 0x5a, 0x6b, 0x2f, 0xf3, 0x72, 0x9c, 0x80, 0x62, 0x8f, 0x74, 0xec, 0x9e, 0xd1, 0x25, 0x6b, + 0x03, 0xc7, 0x59, 0xf3, 0x3d, 0x66, 0x39, 0x58, 0x26, 0x86, 0xe5, 0xd8, 0x2e, 0x99, 0x9f, 0x2a, + 0xff, 0x48, 0xa7, 0x5d, 0x84, 0x14, 0x17, 0xd3, 0x43, 0x8b, 0x00, 0x9b, 0x86, 0xed, 0x74, 0xee, + 0x18, 0xfd, 0x5b, 0xee, 0xfc, 0x34, 0x63, 0x63, 0x4c, 0x3d, 0xbb, 0x22, 0x4b, 0xb1, 0x02, 0xc1, + 0x16, 0x14, 0x65, 0x86, 0x98, 0xf0, 0x47, 0xbb, 0xf3, 0x33, 0xf7, 0x6b, 0x41, 0x45, 0x18, 0xf9, + 0x00, 0x5e, 0x57, 0x68, 0xe0, 0x04, 0x45, 0xf4, 0x15, 0x0d, 0x66, 0x82, 0xbd, 0x20, 0x24, 0x3d, + 0xd9, 0x88, 0x53, 0xf7, 0xbd, 0x11, 0xcc, 0xac, 0xd2, 0x49, 0x50, 0xc1, 0x29, 0xaa, 0xc8, 0x80, + 0xc7, 0xd8, 0xc0, 0x5e, 0x6d, 0x5d, 0xb3, 0xbb, 0x5b, 0xf2, 0xf5, 0xcd, 0x1a, 0xf1, 0x4d, 0xe2, + 0x86, 0xf3, 0xb3, 0x6c, 0xe9, 0x2c, 0x1c, 0xec, 0x2f, 0x3c, 0xd6, 0x2e, 0x06, 0xc3, 0x87, 0xe1, + 0x40, 0x9f, 0x83, 0xf3, 0xa2, 0xfa, 0x86, 0x77, 0x27, 0x43, 0x61, 0x8e, 0x51, 0x60, 0x4f, 0xa2, + 0xda, 0x85, 0x50, 0xf8, 0x10, 0x0c, 0xfa, 0x7e, 0x8d, 0x6b, 0x24, 0x99, 0x8d, 0x84, 0x5e, 0x80, + 0x53, 0x3d, 0xd2, 0xf3, 0xfc, 0xbd, 0xa5, 0x28, 0x20, 0x8f, 0xb0, 0x65, 0x31, 0x5d, 0x70, 0x35, + 0x59, 0x85, 0xd3, 0xb0, 0xf4, 0xb0, 0x63, 0x64, 0xaf, 0x74, 0xe2, 0xef, 0x6b, 0xf1, 0x61, 0xd7, + 0x4e, 0xd5, 0xe1, 0x0c, 0x34, 0x6a, 0xc1, 0x9c, 0x28, 0x6b, 0x53, 0xb1, 0x2f, 0xb8, 0xe2, 0x93, + 0xe8, 0x7a, 0x84, 0xca, 0x4f, 0x73, 0xed, 0x74, 0x25, 0xce, 0xc2, 0xd3, 0x5e, 0xd0, 0x1f, 0x6a, + 0x2b, 0x46, 0xe3, 0x5e, 0xdc, 0x4c, 0x56, 0xe1, 0x34, 0x6c, 0x24, 0x97, 0x27, 0x9a, 0x50, 0x8f, + 0x7b, 0x71, 0x33, 0x55, 0x87, 0x33, 0xd0, 0xfa, 0x1f, 0x8f, 0xc2, 0xfb, 0x86, 0x38, 0x7f, 0x50, + 0x2f, 0x7f, 0xb8, 0x8f, 0x60, 0x05, 0x8b, 0xd1, 0xdd, 0xd4, 0xe2, 0xcb, 0x03, 0xc3, 0x0d, 0xed, + 0x70, 0x6f, 0xc8, 0xe9, 0xe9, 0x17, 0x4c, 0xcf, 0xf1, 0xe9, 0x0d, 0x3b, 0x9d, 0x41, 0xd1, 0x74, + 0x1e, 0x9f, 0xe4, 0xf0, 0xd3, 0xdf, 0xcb, 0x9f, 0xfe, 0x92, 0xa3, 0x7a, 0xe4, 0x72, 0xe9, 0x17, + 0x2c, 0x97, 0x92, 0xa3, 0x3a, 0xc4, 0xf2, 0xfa, 0x93, 0x51, 0x78, 0xff, 0x30, 0x07, 0x61, 0xc9, + 0xf5, 0x95, 0x73, 0xd4, 0x3c, 0xd0, 0xf5, 0x55, 0xe4, 0x88, 0xf7, 0x00, 0xd7, 0x57, 0x0e, 0xc9, + 0x07, 0xbd, 0xbe, 0x8a, 0x46, 0xf5, 0x41, 0xad, 0xaf, 0xa2, 0x51, 0x1d, 0x62, 0x7d, 0xfd, 0x79, + 0xfa, 0x7c, 0x90, 0x87, 0x5f, 0x1b, 0x46, 0xcc, 0xfe, 0xa0, 0x24, 0x93, 0x62, 0x17, 0x8b, 0xad, + 0xb5, 0x75, 0x4c, 0x71, 0x20, 0x0c, 0x63, 0x7c, 0xfd, 0x94, 0x64, 0x41, 0xcc, 0x89, 0x92, 0x2f, + 0x49, 0x2c, 0x30, 0xd1, 0xa1, 0x22, 0xfd, 0x2d, 0xd2, 0x23, 0xbe, 0xe1, 0x74, 0x42, 0xcf, 0x37, + 0xba, 0x65, 0xb9, 0x0d, 0x1b, 0xaa, 0x95, 0x14, 0x2e, 0x9c, 0xc1, 0x4e, 0x07, 0xa4, 0x6f, 0x5b, + 0x25, 0xf9, 0x0b, 0x1b, 0x90, 0xb5, 0xf6, 0x32, 0xa6, 0x38, 0xf4, 0x1f, 0x34, 0x40, 0x79, 0x64, + 0x49, 0x75, 0x2e, 0xc3, 0x71, 0xbc, 0x3b, 0x6b, 0xbe, 0xbd, 0x63, 0x3b, 0xa4, 0x4b, 0x2c, 0xf9, + 0x0a, 0x2f, 0x10, 0xf7, 0xcf, 0x4c, 0x00, 0x5c, 0x2a, 0x02, 0xc2, 0xc5, 0xdf, 0x53, 0x71, 0x74, + 0xce, 0x4c, 0x3f, 0x67, 0xaf, 0x74, 0x85, 0x96, 0x79, 0x1c, 0xcf, 0x37, 0x54, 0xa6, 0x18, 0x67, + 0xe9, 0xa2, 0xbf, 0xa2, 0x71, 0x83, 0x81, 0xb4, 0x90, 0x8a, 0x49, 0xbb, 0x76, 0xbf, 0xac, 0xff, + 0xb1, 0xe9, 0x21, 0x36, 0xc2, 0x26, 0x29, 0xa2, 0x5f, 0xd7, 0xe0, 0xec, 0x76, 0x9e, 0xb1, 0x53, + 0xcc, 0xed, 0x5a, 0xe9, 0xb6, 0x14, 0x98, 0x4f, 0xf9, 0x8d, 0x6d, 0x2e, 0x00, 0xce, 0x6f, 0x89, + 0x1c, 0x27, 0x69, 0xfd, 0x11, 0x7c, 0xa0, 0xfc, 0x38, 0xa5, 0xec, 0x48, 0xf1, 0x38, 0xc9, 0x0a, + 0x9c, 0xa4, 0x88, 0xde, 0x84, 0x89, 0xed, 0xc8, 0xe8, 0x26, 0xf4, 0xf3, 0xe5, 0xd2, 0xe4, 0x15, + 0xd3, 0x1d, 0xbf, 0x1b, 0x96, 0x85, 0x38, 0xa6, 0x82, 0x6c, 0x18, 0xdf, 0xe6, 0xdc, 0x48, 0xe8, + 0xd5, 0xcd, 0xea, 0x22, 0x3f, 0x57, 0xee, 0x44, 0x11, 0x8e, 0xf0, 0xab, 0xbe, 0x2c, 0x8d, 0x23, + 0xdc, 0x3d, 0xbf, 0xa1, 0xc1, 0xd9, 0x1d, 0xe2, 0x87, 0xb6, 0x99, 0xb6, 0x36, 0x4f, 0x54, 0xd0, + 0x4b, 0x5e, 0xc9, 0xc3, 0xc8, 0x97, 0x4a, 0x6e, 0x15, 0xce, 0x6f, 0x83, 0xfe, 0x5f, 0x34, 0xc8, + 0x18, 0xb4, 0xd0, 0xdf, 0xd4, 0x60, 0x6a, 0x93, 0x18, 0xe1, 0xc0, 0x27, 0x57, 0x8d, 0x50, 0x3e, + 0x64, 0x78, 0xf5, 0xbe, 0x18, 0xd2, 0x16, 0xaf, 0x28, 0x98, 0xf9, 0x05, 0x9b, 0x0c, 0x9f, 0xa2, + 0x56, 0xe1, 0x44, 0x13, 0xce, 0x7f, 0x12, 0xe6, 0x32, 0x1f, 0x1e, 0xeb, 0x7a, 0xe5, 0xb7, 0x85, + 0x49, 0x34, 0x1d, 0x58, 0xf7, 0x75, 0xa8, 0x1b, 0x96, 0x25, 0x83, 0xf7, 0x3d, 0x57, 0xf2, 0x32, + 0xd9, 0x52, 0x5f, 0x8c, 0xb0, 0x9f, 0x98, 0xe3, 0x45, 0x57, 0x00, 0x19, 0x89, 0xbb, 0xa2, 0x55, + 0xcf, 0x8a, 0xd4, 0x25, 0x66, 0x4c, 0x5f, 0xca, 0xd4, 0xe2, 0x9c, 0x2f, 0xf4, 0x4f, 0xc0, 0x4c, + 0xf2, 0xcd, 0xfd, 0x31, 0x9c, 0x8e, 0xf5, 0x5f, 0xd4, 0x00, 0x65, 0x03, 0xf6, 0xa0, 0x00, 0x1a, + 0x02, 0x22, 0x9a, 0xe4, 0x95, 0xb2, 0x0e, 0xa4, 0x09, 0x7f, 0xe8, 0xd8, 0x65, 0x55, 0x14, 0x04, + 0x58, 0x12, 0xd2, 0xff, 0x42, 0x83, 0x38, 0x48, 0x18, 0xfa, 0x18, 0x4c, 0x5a, 0x24, 0x30, 0x7d, + 0xbb, 0x1f, 0xc6, 0x1d, 0x91, 0x1e, 0x98, 0xcb, 0x71, 0x15, 0x56, 0xe1, 0x90, 0x0e, 0x63, 0xa1, + 0x11, 0x6c, 0xb7, 0x97, 0x85, 0xe2, 0xc8, 0x8e, 0xf9, 0xdb, 0xac, 0x04, 0x8b, 0x9a, 0xf8, 0x01, + 0xfb, 0xc8, 0x10, 0x0f, 0xd8, 0xd1, 0xe6, 0x7d, 0x78, 0xad, 0x8f, 0x8e, 0x7e, 0xa9, 0xaf, 0xff, + 0xeb, 0x1a, 0x24, 0x03, 0xb3, 0x95, 0x1d, 0x82, 0x6c, 0x78, 0x81, 0xda, 0x03, 0x0b, 0x2f, 0xf0, + 0x61, 0x16, 0xc4, 0x94, 0x87, 0x9e, 0xe6, 0x77, 0x4f, 0x6a, 0xe4, 0x51, 0x1e, 0x37, 0x5a, 0x42, + 0xa0, 0x67, 0x55, 0xbf, 0xce, 0x89, 0xe6, 0xfb, 0xa2, 0x7d, 0xc1, 0x9c, 0x35, 0xef, 0x89, 0x00, + 0x0a, 0xb2, 0xff, 0x09, 0x17, 0xce, 0x8f, 0x09, 0xff, 0xbd, 0x7a, 0x22, 0xc8, 0x43, 0x14, 0x19, + 0x62, 0x2e, 0xf1, 0x61, 0xec, 0xd4, 0xa7, 0xff, 0x8a, 0x06, 0xe3, 0x22, 0xf8, 0xd2, 0x10, 0xee, + 0xb8, 0x5d, 0xa8, 0x33, 0x71, 0xbd, 0x92, 0x24, 0xd3, 0xd9, 0xf2, 0xbc, 0x30, 0x11, 0x84, 0x8a, + 0x39, 0xcc, 0xb1, 0x7f, 0x31, 0xc7, 0xaf, 0x7f, 0x63, 0x14, 0x2e, 0x09, 0x90, 0xcc, 0x31, 0x2d, + 0x37, 0xe1, 0x1e, 0x9c, 0x16, 0xd3, 0xb4, 0xec, 0x1b, 0xb6, 0xbc, 0x9e, 0x2b, 0xa7, 0x81, 0x89, + 0xab, 0xdb, 0x0c, 0x3a, 0x9c, 0x47, 0x83, 0x87, 0x5a, 0x61, 0xc5, 0xd7, 0x88, 0xe1, 0x84, 0x5b, + 0x11, 0xed, 0x5a, 0x95, 0x50, 0x2b, 0x59, 0x7c, 0x38, 0x97, 0x0a, 0xbb, 0x1e, 0x14, 0x15, 0x2d, + 0x9f, 0x18, 0xea, 0xdd, 0x64, 0x05, 0xff, 0xba, 0xd5, 0x5c, 0x8c, 0xb8, 0x80, 0x12, 0x33, 0x65, + 0x19, 0xbb, 0x4c, 0x33, 0xc6, 0x24, 0xf4, 0x6d, 0xc2, 0x1d, 0x68, 0xeb, 0x42, 0x97, 0x4d, 0x56, + 0xe1, 0x34, 0x2c, 0x7a, 0x0e, 0x66, 0xd8, 0x75, 0x6b, 0xfc, 0x62, 0xb9, 0x1e, 0x47, 0x22, 0xbf, + 0x99, 0xa8, 0xc1, 0x29, 0x48, 0xfd, 0xdb, 0x1a, 0x4c, 0xa9, 0x0b, 0x68, 0x08, 0xf7, 0xd6, 0x1d, + 0x85, 0x61, 0x57, 0xf1, 0x19, 0x55, 0xc9, 0x0e, 0xc9, 0xb3, 0x4f, 0xe7, 0x7c, 0xc3, 0xee, 0xdd, + 0x48, 0x8a, 0xf9, 0x57, 0xba, 0x77, 0xcb, 0x9c, 0x24, 0xf2, 0xde, 0x2d, 0x5d, 0x83, 0x33, 0x84, + 0xd1, 0xab, 0x30, 0x62, 0xfa, 0xb6, 0x18, 0x98, 0x67, 0xca, 0xe9, 0x27, 0xb8, 0x1d, 0x3f, 0x0f, + 0x6a, 0xe1, 0x36, 0xa6, 0x18, 0xf5, 0xef, 0x8d, 0xc0, 0xa4, 0x12, 0xdb, 0x0d, 0xad, 0x56, 0xd1, + 0x6f, 0x63, 0xf4, 0x91, 0x8e, 0xbb, 0x0a, 0x23, 0xdd, 0xfe, 0xa0, 0xa4, 0x82, 0x2b, 0xd1, 0x5d, + 0xa5, 0xe8, 0xba, 0xfd, 0x01, 0x7a, 0x45, 0xaa, 0xcc, 0xe5, 0x94, 0x5a, 0xe9, 0x48, 0x99, 0x52, + 0x9b, 0xa3, 0xe5, 0x39, 0x5a, 0xb8, 0x3c, 0x5d, 0x18, 0x0f, 0x84, 0x3e, 0x5d, 0xaf, 0x10, 0x5a, + 0x50, 0x19, 0x6a, 0xa1, 0x40, 0x73, 0x39, 0x3c, 0xd2, 0xaf, 0x23, 0x22, 0x54, 0x0a, 0x18, 0xb0, + 0xd7, 0x0c, 0x4c, 0xc5, 0x68, 0x70, 0x29, 0x60, 0x9d, 0x95, 0x60, 0x51, 0xa3, 0xff, 0x42, 0x0d, + 0x50, 0x16, 0x21, 0x7a, 0x1f, 0xd4, 0xd9, 0xdb, 0x26, 0xb1, 0xd9, 0x94, 0x70, 0x49, 0x46, 0x10, + 0x60, 0x5e, 0x87, 0x3a, 0xe2, 0xad, 0x5b, 0xb9, 0x99, 0x61, 0x37, 0xbe, 0x82, 0x9e, 0xf2, 0x30, + 0x2e, 0x3a, 0x9f, 0x46, 0x0a, 0xcf, 0xa7, 0x75, 0x18, 0xef, 0xd9, 0x2e, 0x73, 0xf4, 0x28, 0x67, + 0x31, 0xe0, 0x57, 0x52, 0x1c, 0x05, 0x8e, 0x70, 0xe9, 0x3f, 0xae, 0xd1, 0x55, 0x6c, 0xbb, 0x21, + 0x71, 0x0d, 0xd7, 0x24, 0xe8, 0x2e, 0x80, 0x31, 0x08, 0x3d, 0x7e, 0xcc, 0x8b, 0xc5, 0xfc, 0xa9, + 0x92, 0x13, 0x26, 0xb1, 0x2e, 0x49, 0x8c, 0xfc, 0xaa, 0x28, 0xfe, 0x8d, 0x15, 0x6a, 0x94, 0x76, + 0x68, 0xf7, 0xc8, 0xab, 0xb6, 0x6b, 0x79, 0x77, 0xc4, 0xf8, 0x56, 0xa6, 0x7d, 0x5b, 0x62, 0xe4, + 0xb4, 0xe3, 0xdf, 0x58, 0xa1, 0x86, 0x3e, 0x0d, 0xf3, 0x2c, 0x45, 0x82, 0xcb, 0x82, 0x67, 0x8a, + 0xc6, 0x79, 0x8e, 0x13, 0x1d, 0x3c, 0x0d, 0x16, 0xaa, 0x6c, 0xbe, 0x55, 0x00, 0x83, 0x0b, 0xbf, + 0xd6, 0xbf, 0xa3, 0xc1, 0xd9, 0xdc, 0xb1, 0x40, 0x57, 0x61, 0x2e, 0x76, 0x13, 0x50, 0x19, 0x65, + 0x23, 0x8e, 0x06, 0x7b, 0x3d, 0x0d, 0x80, 0xb3, 0xdf, 0xa0, 0x55, 0x29, 0x2d, 0xa8, 0x8c, 0x58, + 0xf8, 0x18, 0x3c, 0x26, 0x50, 0xe5, 0xf1, 0x6a, 0x9c, 0xf7, 0x9d, 0xfe, 0xd9, 0x44, 0x83, 0xe3, + 0x01, 0xa3, 0xfb, 0x63, 0x83, 0x74, 0xa5, 0x73, 0xb5, 0xdc, 0x1f, 0x4d, 0x5a, 0x88, 0x79, 0x1d, + 0x7a, 0x5c, 0x7d, 0x10, 0x20, 0x19, 0x51, 0xf4, 0x28, 0x40, 0x1f, 0x00, 0x08, 0x87, 0x1c, 0xdb, + 0xed, 0xa2, 0x2e, 0x34, 0x0c, 0x91, 0xc0, 0x43, 0x2c, 0xb6, 0x17, 0xca, 0x29, 0x5b, 0x02, 0x09, + 0x77, 0xfa, 0x8b, 0x7e, 0x61, 0x89, 0x5c, 0xff, 0x7b, 0x1a, 0x9c, 0xcb, 0x7f, 0xc2, 0x33, 0xc4, + 0x09, 0xdb, 0x83, 0x49, 0x3f, 0xfe, 0x4c, 0xac, 0xcc, 0x9f, 0x51, 0x63, 0x9f, 0x28, 0x09, 0x7d, + 0xa8, 0xf4, 0xd1, 0xf2, 0xbd, 0x20, 0x9a, 0x9d, 0x74, 0x38, 0x14, 0x29, 0xc4, 0x2b, 0x2d, 0xc1, + 0x2a, 0x7e, 0xfd, 0xed, 0x1a, 0xc0, 0x4d, 0x12, 0xde, 0xf1, 0xfc, 0x6d, 0x3a, 0x46, 0xef, 0xaa, + 0xa7, 0x64, 0x17, 0x60, 0xb4, 0xef, 0x59, 0x81, 0x60, 0x54, 0xec, 0x8d, 0x17, 0xbb, 0xe3, 0x66, + 0xa5, 0x68, 0x01, 0xea, 0xcc, 0x14, 0x2c, 0x8e, 0x03, 0x26, 0xfc, 0x52, 0x81, 0x27, 0xc0, 0xbc, + 0x9c, 0xc7, 0x69, 0x66, 0xfe, 0xa8, 0x81, 0x10, 0xe7, 0x45, 0x9c, 0x66, 0x5e, 0x86, 0x65, 0xad, + 0xfe, 0xf3, 0xa3, 0x90, 0x48, 0x41, 0x13, 0x2b, 0xe5, 0xa3, 0x0f, 0x48, 0x29, 0xff, 0x34, 0xcc, + 0x3b, 0x9e, 0x61, 0x35, 0x0d, 0x87, 0x2e, 0x7b, 0xbf, 0xc3, 0xe7, 0xc3, 0x70, 0xbb, 0x24, 0x4a, + 0x25, 0xc3, 0x58, 0xc0, 0x8d, 0x02, 0x18, 0x5c, 0xf8, 0x35, 0x1a, 0x28, 0x99, 0x6f, 0xa8, 0x18, + 0xb2, 0x5a, 0x39, 0x45, 0xcf, 0xa2, 0xea, 0x8c, 0x2c, 0xcf, 0xe6, 0x64, 0x76, 0x1c, 0xf4, 0x15, + 0x0d, 0xce, 0x92, 0xdd, 0x90, 0xf8, 0xae, 0xe1, 0xdc, 0xf6, 0x8d, 0xcd, 0x4d, 0xdb, 0x4c, 0x78, + 0x11, 0xad, 0x1d, 0xec, 0x2f, 0x9c, 0x5d, 0xc9, 0x03, 0xb8, 0xb7, 0xbf, 0xf0, 0x74, 0x36, 0x07, + 0x55, 0xe4, 0x7a, 0x9c, 0xfb, 0x09, 0x5b, 0x8e, 0xf9, 0xe4, 0xce, 0x3f, 0x0b, 0x93, 0xc7, 0xf0, + 0x80, 0x9d, 0x50, 0x4d, 0x34, 0xdf, 0x1a, 0x03, 0xc5, 0xf1, 0xfb, 0x18, 0x41, 0x8d, 0xff, 0x8e, + 0x06, 0x67, 0x4c, 0xc7, 0x26, 0x6e, 0x98, 0xf2, 0xee, 0xe5, 0x5b, 0xe3, 0x95, 0x72, 0x2e, 0xe9, + 0x7d, 0xe2, 0xb6, 0x97, 0x5b, 0x9e, 0xeb, 0x12, 0x33, 0x6c, 0xe5, 0x60, 0xe7, 0xfa, 0x4e, 0x5e, + 0x0d, 0xce, 0x6d, 0x0d, 0xeb, 0x10, 0x2b, 0x6f, 0x2f, 0xab, 0x6f, 0xa4, 0x5a, 0xa2, 0x0c, 0xcb, + 0x5a, 0xf4, 0x14, 0x4c, 0x76, 0x7d, 0x6f, 0xd0, 0x0f, 0x5a, 0xcc, 0xbf, 0x89, 0xef, 0x30, 0x26, + 0x4e, 0x5c, 0x8d, 0x8b, 0xb1, 0x0a, 0x83, 0x3e, 0x0a, 0x53, 0xfc, 0xe7, 0x9a, 0x4f, 0x36, 0xed, + 0x5d, 0xb1, 0xe3, 0x98, 0xbb, 0xc4, 0x55, 0xa5, 0x1c, 0x27, 0xa0, 0xd0, 0x87, 0x60, 0xc2, 0x0e, + 0x82, 0x01, 0xf1, 0xd7, 0xf1, 0x0d, 0x11, 0x10, 0x90, 0x19, 0x58, 0xdb, 0x51, 0x21, 0x8e, 0xeb, + 0xd1, 0x2f, 0x6b, 0x30, 0xe3, 0x93, 0x37, 0x07, 0xb6, 0x4f, 0x2c, 0x46, 0x34, 0x10, 0xee, 0xf7, + 0x9d, 0x8a, 0x3e, 0xff, 0x8b, 0x38, 0x81, 0x95, 0xaf, 0x74, 0x69, 0x9a, 0x48, 0x56, 0xe2, 0x54, + 0x13, 0xe8, 0x58, 0x05, 0x76, 0xd7, 0xb5, 0xdd, 0xee, 0x92, 0xd3, 0x0d, 0xe6, 0x1b, 0x6c, 0xf7, + 0x72, 0xd1, 0x2b, 0x2e, 0xc6, 0x2a, 0x0c, 0xfa, 0x38, 0x4c, 0x0f, 0x02, 0xba, 0x76, 0x7b, 0x84, + 0x0f, 0xf0, 0x44, 0xec, 0x78, 0xb8, 0xae, 0x56, 0xe0, 0x24, 0x1c, 0xd5, 0xf6, 0xa2, 0x02, 0x31, + 0xcc, 0xc0, 0xa3, 0x20, 0xd0, 0x76, 0xae, 0x27, 0x6a, 0x70, 0x0a, 0xf2, 0xfc, 0x12, 0x9c, 0xce, + 0xe9, 0xe6, 0xb1, 0x36, 0xc8, 0xb7, 0x6b, 0xf0, 0xde, 0x23, 0x97, 0x25, 0xfa, 0x96, 0x06, 0x93, + 0x64, 0x37, 0xf4, 0x0d, 0xe9, 0x06, 0x49, 0xe7, 0xa8, 0xfb, 0x60, 0x36, 0xc1, 0xe2, 0x4a, 0x4c, + 0x89, 0xcf, 0x9b, 0x3c, 0xf3, 0x94, 0x1a, 0xac, 0x36, 0x88, 0x4a, 0xed, 0x3c, 0x4a, 0x86, 0x6a, + 0xbb, 0x13, 0x39, 0x3b, 0x44, 0xcd, 0xf9, 0x17, 0x61, 0x36, 0x8d, 0xf9, 0x58, 0x43, 0xf5, 0x4f, + 0x6a, 0x50, 0x5f, 0x73, 0x8c, 0x13, 0x89, 0xee, 0xf8, 0xf9, 0x44, 0x54, 0xad, 0x72, 0xb1, 0xca, + 0x58, 0x5b, 0x0b, 0x63, 0xfa, 0x6d, 0xa5, 0x62, 0xfa, 0xbd, 0x54, 0x81, 0xc6, 0xe1, 0x21, 0xfc, + 0x7e, 0xa0, 0xc1, 0x04, 0x83, 0x3b, 0x81, 0xd8, 0x05, 0xaf, 0x27, 0x63, 0x17, 0x3c, 0x57, 0xbe, + 0x53, 0x05, 0x31, 0x0b, 0xfe, 0x30, 0xea, 0x0c, 0x8b, 0xcd, 0xf4, 0x9a, 0x9a, 0xa4, 0x88, 0xf7, + 0xe6, 0x89, 0xbc, 0x98, 0x76, 0x37, 0x3c, 0xd3, 0x70, 0x32, 0x81, 0xed, 0x0e, 0xcd, 0x54, 0xe4, + 0xc2, 0x04, 0x11, 0xb1, 0x48, 0xa2, 0xde, 0x94, 0x93, 0x6d, 0xa3, 0x88, 0x26, 0x31, 0xbd, 0xa8, + 0x24, 0xc0, 0x31, 0x09, 0xfd, 0xb7, 0x6b, 0x30, 0xa9, 0xcc, 0xe6, 0x3b, 0x12, 0x33, 0xef, 0x4a, + 0x6e, 0x4a, 0x8f, 0x1a, 0x73, 0x73, 0x3c, 0x77, 0x8c, 0x74, 0x1e, 0x01, 0x4c, 0x9a, 0x71, 0x18, + 0xe4, 0x4a, 0x0b, 0x5c, 0x09, 0xa7, 0x2c, 0xdc, 0xad, 0xe3, 0x02, 0xac, 0x52, 0xd1, 0xff, 0x79, + 0x0d, 0xc6, 0xd7, 0x7c, 0x8f, 0xce, 0xf1, 0x09, 0x30, 0x88, 0x8d, 0x04, 0x83, 0x28, 0xb9, 0x79, + 0x79, 0x6b, 0x0b, 0x59, 0xc4, 0x1b, 0x29, 0x16, 0xd1, 0xac, 0x44, 0xe5, 0x70, 0x26, 0xf1, 0x43, + 0x0d, 0x26, 0x05, 0xe4, 0x09, 0xb0, 0x09, 0x23, 0xc9, 0x26, 0x9e, 0xaf, 0xd2, 0xb1, 0x02, 0x46, + 0xf1, 0x75, 0x0d, 0xa6, 0x05, 0xc4, 0x2a, 0xe9, 0x6d, 0x10, 0x1f, 0x5d, 0x81, 0xf1, 0x60, 0xc0, + 0xe6, 0x52, 0xf4, 0xe8, 0x31, 0x95, 0x55, 0xf8, 0x1b, 0x86, 0xc9, 0x52, 0x53, 0x71, 0x10, 0x25, + 0x98, 0x26, 0x2f, 0xc0, 0xd1, 0xc7, 0x54, 0xa1, 0xf3, 0x3d, 0x27, 0x13, 0x8f, 0x00, 0x7b, 0x0e, + 0xc1, 0xac, 0x86, 0xea, 0x51, 0xf4, 0x6f, 0x74, 0x4b, 0xc5, 0xf4, 0x28, 0x5a, 0x1d, 0x60, 0x5e, + 0xae, 0xff, 0xc2, 0xa8, 0x1c, 0x6d, 0xc6, 0xc7, 0xae, 0xc1, 0x84, 0xe9, 0x13, 0x23, 0x24, 0x56, + 0x73, 0x6f, 0x98, 0xc6, 0x31, 0x81, 0xae, 0x15, 0x7d, 0x81, 0xe3, 0x8f, 0xa9, 0xe8, 0xa4, 0x5e, + 0x3c, 0xd5, 0x62, 0x31, 0xb3, 0xf0, 0xd2, 0xe9, 0x79, 0xa8, 0x7b, 0x77, 0x5c, 0xe9, 0x7a, 0x71, + 0x28, 0x61, 0xd6, 0x95, 0x5b, 0x14, 0x1a, 0xf3, 0x8f, 0xd4, 0x58, 0x16, 0xa3, 0x87, 0xc4, 0xb2, + 0xe8, 0xc1, 0x78, 0x8f, 0x4d, 0x43, 0xb5, 0x80, 0x86, 0x89, 0x19, 0x55, 0x03, 0x5d, 0x33, 0xd4, + 0x38, 0xa2, 0x41, 0x85, 0x60, 0x2a, 0xa7, 0x05, 0x7d, 0xc3, 0x24, 0xaa, 0x10, 0x7c, 0x33, 0x2a, + 0xc4, 0x71, 0x3d, 0xba, 0x9b, 0x0c, 0x39, 0x33, 0x5e, 0xc1, 0xcc, 0x29, 0xda, 0xa7, 0x44, 0x99, + 0xe1, 0x83, 0x5f, 0x18, 0x76, 0xe6, 0xab, 0xa3, 0x72, 0x99, 0x0a, 0xc6, 0x9f, 0x9f, 0x57, 0x49, + 0x2b, 0x95, 0x57, 0xe9, 0x69, 0xa8, 0xf7, 0xb7, 0x8c, 0x20, 0x5a, 0xab, 0x51, 0x54, 0xf6, 0xfa, + 0x1a, 0x2d, 0xbc, 0xb7, 0xbf, 0x30, 0x25, 0x48, 0xb3, 0xdf, 0x98, 0xc3, 0xa2, 0x01, 0x9c, 0x0e, + 0x42, 0xc3, 0x21, 0x1d, 0x5b, 0x98, 0x8f, 0x82, 0xd0, 0xe8, 0xf5, 0x4b, 0x04, 0x57, 0x67, 0x17, + 0x57, 0x9d, 0x2c, 0x2a, 0x9c, 0x87, 0x1f, 0xfd, 0xbc, 0x06, 0xf3, 0xac, 0x7c, 0x69, 0x10, 0x7a, + 0x3c, 0xa5, 0x44, 0x4c, 0xfc, 0xf8, 0xf7, 0xb6, 0x4c, 0xd9, 0xef, 0x14, 0xe0, 0xc3, 0x85, 0x94, + 0xd0, 0x5b, 0x70, 0xd6, 0x31, 0x82, 0x70, 0xc9, 0x0c, 0xed, 0x1d, 0x3b, 0xdc, 0x8b, 0x9b, 0x50, + 0x3f, 0x76, 0x13, 0x98, 0xef, 0xc6, 0x8d, 0x3c, 0x64, 0x38, 0x9f, 0x86, 0xfe, 0xbf, 0x34, 0x40, + 0xd9, 0x25, 0x84, 0x7a, 0xd0, 0xb0, 0xc8, 0xa6, 0x31, 0x70, 0xc2, 0x48, 0x12, 0xa8, 0x1c, 0x10, + 0x49, 0x72, 0xe7, 0x65, 0x81, 0x18, 0x4b, 0x12, 0xa8, 0x0f, 0x13, 0x77, 0xb6, 0xec, 0x90, 0x38, + 0x76, 0x10, 0xde, 0xaf, 0x00, 0x4c, 0x52, 0xf8, 0x79, 0x35, 0xc2, 0x8c, 0x63, 0x22, 0xfa, 0x5f, + 0x1d, 0x81, 0xc6, 0x31, 0x92, 0x77, 0x0e, 0x00, 0x89, 0x80, 0x0c, 0x54, 0x62, 0x22, 0x55, 0x8c, + 0x66, 0x4c, 0xac, 0x69, 0x65, 0x90, 0xe1, 0x1c, 0x02, 0xe8, 0x2d, 0x38, 0x63, 0xbb, 0x9b, 0xbe, + 0x11, 0x84, 0xfe, 0xc0, 0x0c, 0x07, 0x3e, 0xa9, 0x12, 0xd6, 0x9d, 0x59, 0x1a, 0xda, 0x39, 0xe8, + 0x70, 0x2e, 0x11, 0xb4, 0x09, 0xe3, 0x77, 0x3c, 0x7f, 0x9b, 0x32, 0xd0, 0xd1, 0x0a, 0x19, 0x80, + 0x5e, 0x65, 0x38, 0x62, 0xce, 0xc9, 0x7f, 0x07, 0x38, 0x42, 0xae, 0xff, 0xbe, 0x06, 0x75, 0xfe, + 0x7e, 0xed, 0xe1, 0xd0, 0xb2, 0x58, 0x5b, 0x0b, 0x43, 0x15, 0x53, 0xdd, 0x87, 0x41, 0x3c, 0x2c, + 0xba, 0x0f, 0x6b, 0x6c, 0x81, 0x48, 0xf3, 0xfb, 0x23, 0xa2, 0x33, 0x4c, 0x66, 0x68, 0xc3, 0x69, + 0x21, 0xfe, 0xde, 0xb0, 0x37, 0x09, 0x5d, 0x60, 0xcb, 0xc6, 0x5e, 0x20, 0xde, 0x8f, 0x33, 0xd6, + 0xdb, 0xca, 0x56, 0xe3, 0xbc, 0x6f, 0xd0, 0xbf, 0xd0, 0xe8, 0xe9, 0x1c, 0xfa, 0xb6, 0x59, 0x2d, + 0xec, 0xae, 0x6c, 0xdc, 0xe2, 0x2a, 0xc7, 0xc6, 0xcd, 0x07, 0xeb, 0xf1, 0x31, 0xcd, 0x4a, 0xef, + 0xed, 0x2f, 0x2c, 0xe4, 0x98, 0x27, 0x23, 0x83, 0x3a, 0x1d, 0xda, 0xb7, 0x7f, 0x7c, 0x28, 0x08, + 0x33, 0xee, 0x47, 0x4d, 0x46, 0xd7, 0xa0, 0x1e, 0x98, 0x5e, 0x9f, 0x1c, 0x27, 0xaa, 0xb9, 0x1c, + 0xe1, 0x0e, 0xfd, 0x12, 0x73, 0x04, 0xe7, 0xdf, 0x80, 0x29, 0xb5, 0xe5, 0x39, 0xe6, 0x89, 0x65, + 0xd5, 0x3c, 0x71, 0xec, 0x5b, 0x3c, 0xd5, 0x9c, 0xf1, 0x3b, 0x35, 0x10, 0xf9, 0xfb, 0x86, 0xb8, + 0xc2, 0x78, 0x23, 0x8a, 0x2c, 0x5a, 0x25, 0x69, 0x61, 0x3a, 0x67, 0x78, 0x3c, 0x08, 0x6a, 0x70, + 0x51, 0xe4, 0xc1, 0x98, 0x63, 0x6c, 0x10, 0x27, 0xca, 0xe5, 0x76, 0xb5, 0x42, 0xaa, 0x31, 0x1e, + 0xfe, 0x3a, 0x48, 0x19, 0xba, 0x79, 0x21, 0x16, 0x64, 0xce, 0x3f, 0x0b, 0x93, 0x0a, 0xd8, 0xb1, + 0x6c, 0x42, 0x3f, 0xd4, 0x60, 0x2a, 0x11, 0x4e, 0xac, 0x07, 0x23, 0xbe, 0xb4, 0x05, 0x94, 0xbd, + 0xe3, 0x89, 0xbc, 0x9b, 0x1e, 0x3b, 0x04, 0x08, 0x53, 0x3a, 0x32, 0xf2, 0x58, 0xed, 0x7e, 0x45, + 0x1e, 0xfb, 0x9a, 0x06, 0xe7, 0xa2, 0x0e, 0x25, 0x03, 0x70, 0xa0, 0x27, 0xa0, 0x61, 0xf4, 0x6d, + 0x66, 0xf9, 0x55, 0x8d, 0xe7, 0x4b, 0x6b, 0x6d, 0x56, 0x86, 0x65, 0x2d, 0xfa, 0x30, 0x34, 0xa2, + 0xa5, 0x27, 0x24, 0x3f, 0xc9, 0xb7, 0xe4, 0xad, 0x95, 0x84, 0x40, 0x1f, 0x50, 0xa2, 0xbf, 0xd6, + 0xe3, 0x83, 0x5a, 0x12, 0xe6, 0x77, 0xdc, 0xfa, 0xaf, 0xd4, 0x60, 0x9a, 0x5b, 0x4a, 0x9a, 0xb6, + 0x6b, 0xd9, 0x6e, 0xf7, 0x04, 0x0e, 0x88, 0x44, 0x12, 0xea, 0xda, 0xfd, 0x4a, 0x42, 0x7d, 0x1d, + 0xc6, 0xde, 0xa4, 0x9c, 0x2a, 0x5a, 0xe0, 0x43, 0x31, 0x0c, 0xb9, 0x78, 0x19, 0x93, 0x0b, 0xb0, + 0x40, 0xc1, 0x22, 0x84, 0x26, 0x86, 0xe5, 0x61, 0x89, 0x10, 0x9a, 0x68, 0x74, 0x71, 0x3a, 0x0c, + 0x96, 0xf2, 0xf6, 0x04, 0xa6, 0xfa, 0xf5, 0x84, 0x2c, 0xf0, 0x42, 0xf9, 0x40, 0xa3, 0x45, 0xd6, + 0x94, 0x6e, 0xca, 0x9a, 0xf2, 0xc9, 0xf2, 0x24, 0x0e, 0x37, 0xa5, 0xfc, 0x6a, 0x0d, 0x80, 0x82, + 0xf1, 0xe4, 0xc0, 0xc2, 0xcf, 0x32, 0x4e, 0x16, 0x3f, 0xf1, 0x6e, 0xc9, 0xf0, 0xae, 0xcb, 0xac, + 0xb2, 0x23, 0xb1, 0xcd, 0x3e, 0x99, 0x51, 0x36, 0xb9, 0x01, 0x47, 0xef, 0xd3, 0x06, 0xd4, 0x7f, + 0x4b, 0x03, 0x96, 0xa3, 0x64, 0xf9, 0x66, 0x07, 0x7d, 0x1c, 0xa6, 0x6d, 0x7e, 0x29, 0xba, 0xac, + 0x46, 0x7e, 0x63, 0x17, 0x37, 0x6d, 0xb5, 0x02, 0x27, 0xe1, 0x90, 0xab, 0x8c, 0x6b, 0x95, 0xcc, + 0xdc, 0xa2, 0x21, 0x32, 0x72, 0xfa, 0x54, 0xfe, 0xcc, 0xe8, 0x3f, 0xa9, 0xc1, 0xa9, 0x14, 0xec, + 0x10, 0xaa, 0xca, 0x83, 0xe1, 0x60, 0x4a, 0x30, 0xf5, 0x91, 0x13, 0x08, 0xa6, 0x2e, 0xe3, 0x9a, + 0x8f, 0x3e, 0xe0, 0xb8, 0xe6, 0xdf, 0xd7, 0x80, 0x25, 0x7d, 0x3e, 0x01, 0x1e, 0xfa, 0xb9, 0x24, + 0x0f, 0x7d, 0xb6, 0xf4, 0xda, 0x29, 0x60, 0x9d, 0x7f, 0xa1, 0x01, 0x0b, 0x73, 0x2c, 0x3c, 0x41, + 0x14, 0xe7, 0x0a, 0xad, 0xc0, 0xb9, 0xe2, 0x92, 0xf0, 0xcd, 0x48, 0xd9, 0x15, 0x15, 0xff, 0x8c, + 0x0f, 0x2b, 0xee, 0x17, 0x23, 0x49, 0x56, 0x92, 0x75, 0xc1, 0x40, 0x6f, 0xc1, 0x74, 0xb0, 0xe5, + 0x79, 0x61, 0xa4, 0xe1, 0x8b, 0xd9, 0x6b, 0x96, 0x77, 0x8d, 0x8e, 0xfa, 0xc2, 0x77, 0x67, 0x47, + 0x45, 0x8e, 0x93, 0xb4, 0xf4, 0xdf, 0x15, 0xdd, 0x3f, 0xc6, 0x56, 0x39, 0x41, 0xd6, 0xf7, 0xc1, + 0x14, 0xeb, 0x2b, 0x4a, 0xa8, 0xfd, 0x3d, 0xd1, 0x0b, 0x19, 0x9d, 0xba, 0x0f, 0xd3, 0x8e, 0x9a, + 0xd0, 0x45, 0x2c, 0xcc, 0x52, 0xb9, 0x60, 0x64, 0x10, 0xba, 0x44, 0x31, 0x4e, 0x12, 0xa0, 0xfc, + 0x31, 0x6a, 0x3c, 0x4f, 0x7c, 0xcb, 0x93, 0x2e, 0xb0, 0x19, 0x58, 0x53, 0x2b, 0x70, 0x12, 0x4e, + 0x7f, 0x19, 0xde, 0xcf, 0x9b, 0xce, 0x7c, 0xd2, 0x57, 0x76, 0x4d, 0x12, 0x04, 0x2d, 0xa3, 0x6f, + 0x98, 0x54, 0x0f, 0x61, 0xaf, 0x3a, 0xb9, 0x8d, 0xf0, 0xc9, 0x74, 0x6c, 0x5b, 0x69, 0x1b, 0xc8, + 0xc4, 0x20, 0xfa, 0x52, 0x0d, 0x16, 0x14, 0x9c, 0x09, 0x57, 0x9a, 0x68, 0xd5, 0x7d, 0x53, 0x83, + 0x49, 0xc3, 0x75, 0xbd, 0xd0, 0x50, 0x6f, 0xae, 0x48, 0x85, 0xc0, 0xe1, 0x85, 0xb4, 0x16, 0x97, + 0x62, 0x3a, 0xa9, 0x8b, 0x6a, 0xa5, 0x06, 0xab, 0xcd, 0x39, 0xff, 0x22, 0xcc, 0xa6, 0xbf, 0x3a, + 0x96, 0xc2, 0xd1, 0x84, 0xb3, 0x4a, 0xab, 0x94, 0x80, 0xe9, 0x4f, 0xc2, 0xf8, 0x8e, 0x1d, 0xd8, + 0xd1, 0x43, 0x6b, 0x65, 0x18, 0x5f, 0xe1, 0xc5, 0x38, 0xaa, 0xd7, 0x5f, 0x82, 0xd3, 0x2a, 0x0e, + 0xb6, 0x6f, 0x6e, 0x76, 0x8e, 0x33, 0x11, 0xab, 0x70, 0x49, 0xc1, 0x90, 0xfb, 0x3c, 0xec, 0x38, + 0xe8, 0xbe, 0x3c, 0x16, 0x2d, 0x73, 0xf1, 0x7e, 0xe1, 0xbb, 0x1a, 0x3c, 0x4a, 0x8a, 0x56, 0x8c, + 0x58, 0xf3, 0xaf, 0x55, 0x9d, 0xd2, 0xc2, 0x25, 0x29, 0x22, 0x0a, 0x15, 0x55, 0xe3, 0xe2, 0xa6, + 0xa1, 0xbb, 0x89, 0x6c, 0x01, 0x55, 0x7c, 0x50, 0x73, 0x67, 0xf9, 0xb0, 0x5c, 0x01, 0xc8, 0x87, + 0x46, 0x20, 0xe6, 0xb2, 0xd2, 0x2b, 0xd6, 0x9c, 0xb5, 0x21, 0xdc, 0xec, 0xc4, 0x2f, 0x2c, 0xe9, + 0xa0, 0xdf, 0xd0, 0xe0, 0x8c, 0x93, 0xb3, 0x35, 0x04, 0xaf, 0xbf, 0xfd, 0x20, 0xb6, 0x1d, 0x37, + 0x5d, 0xe6, 0xd5, 0xe0, 0xdc, 0xb6, 0xa0, 0xbf, 0x5b, 0xf8, 0x5e, 0xb2, 0x5e, 0x21, 0xa5, 0xd1, + 0x51, 0x1b, 0xa0, 0xc4, 0xd3, 0xc9, 0x7f, 0x35, 0xce, 0xc5, 0x0f, 0x66, 0x5f, 0x33, 0x61, 0x6c, + 0x83, 0x49, 0xf0, 0x62, 0xbd, 0x97, 0xd7, 0x17, 0xb8, 0x22, 0xc0, 0xe5, 0x6b, 0xfe, 0x3f, 0x16, + 0xa8, 0xd1, 0x22, 0xc0, 0x86, 0xe3, 0x99, 0xdb, 0xad, 0xf6, 0x32, 0x8e, 0x58, 0x3b, 0x5b, 0x63, + 0x4d, 0x59, 0x8a, 0x15, 0x08, 0xf4, 0x59, 0x18, 0xb1, 0xa4, 0xd0, 0xf7, 0x7c, 0x15, 0x79, 0x37, + 0xf6, 0xed, 0xa5, 0x2b, 0x8a, 0x62, 0x45, 0x1e, 0x34, 0x5c, 0x71, 0xc2, 0x8b, 0xf5, 0x53, 0x3e, + 0xdf, 0x83, 0x14, 0x15, 0xa4, 0x84, 0x12, 0x95, 0x60, 0x49, 0x84, 0x12, 0x94, 0x22, 0x7c, 0xbd, + 0x22, 0x41, 0x29, 0xbf, 0x1f, 0xa6, 0x5d, 0xad, 0xa9, 0xd2, 0xf8, 0xd8, 0xf0, 0xd2, 0xf8, 0x74, + 0xa1, 0x24, 0xbe, 0x09, 0x63, 0xa1, 0xc1, 0x7c, 0x44, 0xc6, 0x2b, 0xb8, 0x68, 0xd0, 0x0e, 0xdc, + 0xa6, 0x68, 0x62, 0x49, 0x84, 0xfd, 0x0c, 0xb0, 0xc0, 0x4e, 0x57, 0x23, 0x4f, 0x4a, 0x2f, 0x22, + 0x7a, 0x95, 0x5f, 0x8d, 0x3c, 0xab, 0x0f, 0x5f, 0x8d, 0xfc, 0x7f, 0x2c, 0x50, 0xa3, 0x6d, 0x2a, + 0x5f, 0xf2, 0x23, 0x40, 0x3c, 0x65, 0x5e, 0xaa, 0xba, 0x35, 0x83, 0xc8, 0x43, 0x98, 0xff, 0xc2, + 0x92, 0x00, 0x32, 0x61, 0x5c, 0x28, 0x74, 0x22, 0x78, 0xec, 0xf3, 0x55, 0x02, 0x78, 0x47, 0xc9, + 0xaa, 0xf8, 0xbb, 0xc5, 0x08, 0xb3, 0xfe, 0xbd, 0x11, 0xae, 0x8b, 0xbf, 0x83, 0x4e, 0x35, 0x5d, + 0x68, 0x44, 0xc8, 0x2a, 0x19, 0x37, 0xa2, 0xec, 0x09, 0x7c, 0x40, 0x65, 0x2e, 0x05, 0x89, 0x1c, + 0xb5, 0xf2, 0xde, 0x23, 0x28, 0x01, 0x94, 0x86, 0x7a, 0x8b, 0x90, 0x7f, 0xfb, 0x3c, 0x5a, 0xea, + 0xf6, 0xf9, 0x05, 0x38, 0x15, 0x39, 0xe8, 0x58, 0x84, 0xd9, 0xbf, 0x85, 0x0b, 0x2b, 0x7b, 0x87, + 0xd7, 0x4a, 0x56, 0xe1, 0x34, 0xac, 0x7e, 0x1d, 0x26, 0xe4, 0xbe, 0x40, 0x8f, 0x2b, 0x32, 0x5a, + 0xcc, 0xba, 0xae, 0x93, 0x3d, 0x2e, 0xb0, 0x2d, 0x24, 0x04, 0x36, 0xae, 0x5c, 0xbd, 0x42, 0x0b, + 0x84, 0xec, 0xa6, 0xff, 0x57, 0x8d, 0x2f, 0x04, 0x91, 0x31, 0xcb, 0x80, 0xc9, 0x1e, 0x0f, 0xc8, + 0xc4, 0x9e, 0xe4, 0x68, 0xe5, 0x1f, 0x03, 0xad, 0xc6, 0x68, 0xb0, 0x8a, 0x13, 0xed, 0x66, 0xd3, + 0xba, 0x5d, 0xad, 0xb8, 0x69, 0x87, 0xce, 0xee, 0x86, 0xb2, 0xdf, 0xa8, 0xf9, 0xb0, 0xb4, 0xc3, + 0xf3, 0x61, 0x1d, 0x9d, 0xf9, 0x43, 0xff, 0xdf, 0x35, 0xc8, 0x8d, 0x57, 0x8d, 0x74, 0x18, 0xe3, + 0xde, 0xc5, 0x6a, 0xc2, 0x3b, 0xee, 0x7a, 0x8c, 0x45, 0x0d, 0xf2, 0xe1, 0x8c, 0x70, 0xdd, 0xbd, + 0x4e, 0xf6, 0xe2, 0x44, 0x6b, 0x62, 0x77, 0x0c, 0xef, 0xc0, 0xc7, 0x22, 0xb5, 0x74, 0x52, 0x98, + 0x70, 0x2e, 0x6e, 0x74, 0x8b, 0xfb, 0xd2, 0xbb, 0xd6, 0x6d, 0x6f, 0x9b, 0xb8, 0x71, 0x9e, 0x2d, + 0xf1, 0x3a, 0xe8, 0xd1, 0xc8, 0x97, 0x3e, 0x03, 0x80, 0xf3, 0xbf, 0x43, 0x3b, 0x80, 0x7a, 0xc6, + 0x6e, 0x1a, 0x5b, 0x85, 0x00, 0xbc, 0xab, 0x19, 0x6c, 0x38, 0x87, 0x02, 0xf3, 0x82, 0x65, 0x82, + 0xe0, 0x43, 0x72, 0x3f, 0xcb, 0xda, 0xfa, 0x80, 0xbd, 0x60, 0x39, 0x8d, 0xc3, 0xad, 0xb2, 0xaf, + 0xc1, 0x39, 0x06, 0xb6, 0x64, 0x31, 0xd9, 0x2f, 0x20, 0xd6, 0x92, 0x65, 0xb1, 0x97, 0x29, 0x55, + 0x33, 0xcd, 0xe9, 0x7f, 0xa6, 0xc1, 0x19, 0x86, 0x3b, 0x9d, 0x2b, 0xe8, 0xc1, 0xcf, 0x10, 0xd5, + 0x39, 0x18, 0x2d, 0x52, 0x2d, 0x75, 0x42, 0xaa, 0xe5, 0x8a, 0x5d, 0x49, 0x60, 0xc7, 0x92, 0x0e, + 0x4b, 0x34, 0x9f, 0xd7, 0xdd, 0x87, 0x25, 0xd1, 0x7c, 0x5e, 0xdb, 0x0b, 0x8c, 0x78, 0x3f, 0xd0, + 0x60, 0x82, 0x81, 0x3f, 0x2c, 0xee, 0x03, 0xac, 0xb1, 0x05, 0x9d, 0xf9, 0x3d, 0x0d, 0xe6, 0x32, + 0x11, 0x0e, 0x86, 0x58, 0xfd, 0x27, 0x68, 0x97, 0xfb, 0x40, 0x3a, 0xa1, 0xd4, 0x64, 0x6e, 0xe8, + 0x93, 0x57, 0x61, 0x3a, 0x61, 0x8f, 0x94, 0xcf, 0xda, 0xb4, 0xdc, 0x67, 0x6d, 0xea, 0xab, 0xb5, + 0xda, 0xa1, 0xaf, 0xd6, 0xfe, 0xf1, 0xb4, 0x98, 0x6f, 0xa6, 0x01, 0xbe, 0x0e, 0x63, 0xec, 0x69, + 0x59, 0x94, 0xb1, 0xf4, 0x13, 0xe5, 0xdf, 0xac, 0x05, 0xfc, 0x20, 0xe4, 0xff, 0x63, 0x81, 0x16, + 0x2d, 0xc3, 0xac, 0xe9, 0x78, 0x03, 0xaa, 0xbb, 0x6c, 0xda, 0x0e, 0xb9, 0x19, 0x9f, 0xb9, 0xf2, + 0x89, 0x7c, 0x2b, 0x55, 0x8f, 0x33, 0x5f, 0xa0, 0x8e, 0xaa, 0x13, 0x3e, 0x53, 0xd6, 0x36, 0xcf, + 0x43, 0x92, 0x49, 0x5d, 0xd0, 0x07, 0x20, 0xd1, 0xd4, 0x45, 0x1e, 0x47, 0x2f, 0x56, 0x63, 0x2d, + 0x31, 0x2b, 0x93, 0x45, 0x01, 0x56, 0xa8, 0xa0, 0x00, 0x26, 0xb7, 0xe2, 0x1c, 0x56, 0x42, 0x23, + 0x7c, 0xa9, 0x6a, 0x02, 0x2d, 0x2e, 0xa6, 0x29, 0x05, 0x58, 0xa5, 0x82, 0x02, 0x80, 0x58, 0x0a, + 0xae, 0x94, 0xf0, 0x24, 0x96, 0xaf, 0xe3, 0x9e, 0xc6, 0x65, 0x58, 0x21, 0x43, 0x89, 0xba, 0xf2, + 0x85, 0xa8, 0x70, 0x38, 0x2d, 0x47, 0x34, 0x7e, 0x68, 0x1a, 0x13, 0x8d, 0xcb, 0xb0, 0x42, 0x86, + 0x0e, 0x6f, 0x2f, 0x7e, 0x17, 0x2c, 0xf4, 0xc8, 0x97, 0xaa, 0x3e, 0xd0, 0x16, 0x52, 0x70, 0x5c, + 0x80, 0x55, 0x2a, 0xc8, 0x03, 0xe8, 0xc9, 0xf7, 0xc2, 0x42, 0xa9, 0x2c, 0xd7, 0xd3, 0xf8, 0xd9, + 0x31, 0xb7, 0x90, 0xc4, 0xbf, 0xb1, 0x42, 0x82, 0xea, 0xb0, 0xd2, 0xa6, 0x00, 0x15, 0xd4, 0xad, + 0xa1, 0xec, 0x09, 0x1f, 0x8b, 0x65, 0xea, 0x49, 0xb6, 0x6f, 0x1f, 0x53, 0xe4, 0xe9, 0x7b, 0xfb, + 0x0b, 0x53, 0x8c, 0x99, 0x64, 0xe4, 0xeb, 0xf8, 0xfa, 0x61, 0xea, 0xb0, 0xeb, 0x07, 0x74, 0x15, + 0xe6, 0x02, 0xf5, 0x96, 0x9e, 0x31, 0x88, 0x69, 0xf6, 0x89, 0x7c, 0x61, 0xde, 0x49, 0x03, 0xe0, + 0xec, 0x37, 0x9c, 0x03, 0x12, 0x8b, 0x7d, 0x3f, 0xa3, 0x72, 0x40, 0x5e, 0x86, 0x65, 0x6d, 0x26, + 0xef, 0xe7, 0xa9, 0x93, 0xca, 0xfb, 0xf9, 0x05, 0x35, 0xd1, 0xe3, 0x6c, 0x05, 0x27, 0xb4, 0x32, + 0x99, 0x1e, 0xd3, 0x59, 0x47, 0xe7, 0x4e, 0x28, 0xeb, 0x28, 0xd5, 0xd9, 0x89, 0x9a, 0x81, 0x95, + 0xcd, 0x10, 0x8a, 0x75, 0xf6, 0x95, 0x74, 0x25, 0xce, 0xc2, 0xeb, 0xff, 0x8e, 0xea, 0xb6, 0x91, + 0x08, 0x4c, 0x4e, 0x40, 0xea, 0x24, 0x09, 0xbd, 0xa0, 0x55, 0x4d, 0x66, 0x27, 0x85, 0xce, 0x9b, + 0xff, 0x56, 0x83, 0x99, 0x18, 0xec, 0x04, 0x44, 0x30, 0x2b, 0x29, 0x82, 0x7d, 0xb2, 0x62, 0xc7, + 0x0a, 0xe4, 0xb0, 0xff, 0x5b, 0x53, 0xbb, 0xc5, 0x24, 0x8d, 0x3b, 0x8a, 0x8d, 0x48, 0xab, 0x20, + 0xda, 0xe6, 0x65, 0xd8, 0x8c, 0x7b, 0x9c, 0x63, 0x33, 0xfa, 0x62, 0xe2, 0x98, 0xaf, 0xe2, 0xfb, + 0x99, 0x9f, 0x76, 0xf6, 0xc8, 0x33, 0xdf, 0x57, 0xb7, 0x3d, 0x77, 0xc7, 0x5a, 0x2a, 0xe9, 0x6f, + 0xa8, 0x74, 0xf9, 0xf0, 0xb4, 0xae, 0xff, 0x08, 0x60, 0x52, 0x51, 0x19, 0xdf, 0x11, 0xab, 0xe0, + 0x00, 0x26, 0x4d, 0xcf, 0x0d, 0x42, 0xdf, 0x50, 0x1e, 0x18, 0x56, 0x25, 0x2a, 0xf9, 0x4d, 0x2b, + 0x46, 0x8d, 0x55, 0x3a, 0xf4, 0x74, 0x94, 0x0b, 0x6d, 0xe4, 0x7e, 0x18, 0x23, 0x0f, 0x5b, 0x5c, + 0x1f, 0x05, 0x88, 0x24, 0x2d, 0x99, 0x2f, 0x5e, 0x06, 0x86, 0x6c, 0x07, 0xd7, 0x64, 0x1d, 0x56, + 0xe0, 0xd0, 0x5b, 0x30, 0xed, 0xa8, 0x21, 0xe1, 0x84, 0x1c, 0x58, 0xce, 0x6d, 0x21, 0x11, 0x5c, + 0x8e, 0x5f, 0x9a, 0x27, 0x8a, 0x70, 0x92, 0x16, 0xda, 0x86, 0x09, 0x27, 0x8a, 0x63, 0x28, 0x84, + 0xc1, 0x17, 0x4b, 0x13, 0x66, 0x58, 0xf8, 0xdd, 0x81, 0xfc, 0x89, 0x63, 0xfc, 0x74, 0xdd, 0xc9, + 0x1f, 0xd5, 0xee, 0x0f, 0x62, 0x6a, 0x72, 0xdd, 0xc9, 0xa2, 0x00, 0x2b, 0x54, 0x0a, 0xec, 0xbb, + 0x8d, 0x52, 0xf6, 0xdd, 0x01, 0x9c, 0xf6, 0x49, 0xe8, 0xef, 0xb5, 0xf6, 0x4c, 0x96, 0xe2, 0xd4, + 0x0f, 0x59, 0xc8, 0xc2, 0x89, 0x72, 0x0f, 0x85, 0x70, 0x16, 0x15, 0xce, 0xc3, 0x4f, 0x95, 0x3d, + 0x2a, 0x39, 0x88, 0x77, 0xfa, 0x4c, 0xd9, 0xa3, 0x72, 0x05, 0x66, 0xa5, 0xe8, 0x63, 0x30, 0x19, + 0x12, 0x73, 0xcb, 0xb5, 0x4d, 0xc3, 0x69, 0x2f, 0x0b, 0xb1, 0x2c, 0x3e, 0x88, 0xe3, 0x2a, 0xac, + 0xc2, 0xa1, 0x26, 0x8c, 0x0c, 0x6c, 0x4b, 0xc8, 0x63, 0x3f, 0x2d, 0x4d, 0x3c, 0xed, 0xe5, 0x7b, + 0xfb, 0x0b, 0xef, 0x8d, 0x3d, 0xd1, 0x65, 0x4f, 0x2e, 0xf7, 0xb7, 0xbb, 0x97, 0xc3, 0xbd, 0x3e, + 0x09, 0x16, 0xd7, 0xdb, 0xcb, 0x98, 0x7e, 0x9c, 0x67, 0xef, 0x9e, 0x1e, 0xde, 0xde, 0x8d, 0xbe, + 0xae, 0xc1, 0x69, 0x23, 0x6d, 0x9d, 0x22, 0xc1, 0xfc, 0x4c, 0x05, 0xae, 0x9c, 0x6f, 0xf2, 0x8a, + 0x83, 0x0a, 0x2d, 0x65, 0xe9, 0xe1, 0xbc, 0x46, 0xe8, 0x37, 0x00, 0x62, 0x21, 0xa6, 0xb2, 0x35, + 0xfe, 0x3f, 0xd7, 0xe1, 0x6c, 0x55, 0xaf, 0x05, 0x16, 0x6b, 0x90, 0x65, 0x74, 0x59, 0xda, 0x0c, + 0x89, 0x7f, 0xeb, 0xd6, 0xaa, 0xcc, 0x76, 0x51, 0x32, 0xd8, 0x61, 0x9c, 0x13, 0x28, 0x83, 0x11, + 0x17, 0x50, 0x62, 0x02, 0x9c, 0x08, 0xc1, 0x8f, 0xe9, 0x79, 0x37, 0xf0, 0x83, 0x50, 0x78, 0x52, + 0x73, 0x01, 0x2e, 0x5d, 0x89, 0xb3, 0xf0, 0x69, 0x24, 0x3c, 0xbb, 0xcc, 0x28, 0xcb, 0x9b, 0x9b, + 0x41, 0xc2, 0x53, 0xcc, 0x64, 0xe1, 0x55, 0x24, 0x32, 0xcf, 0x2e, 0xe3, 0x9d, 0x29, 0x24, 0x71, + 0x12, 0xde, 0x2c, 0x3c, 0xb2, 0xe0, 0x82, 0x4f, 0x4c, 0xaf, 0xd7, 0x23, 0xae, 0xc5, 0xe3, 0xd4, + 0x1a, 0x7e, 0xd7, 0x76, 0xaf, 0xf8, 0x06, 0x03, 0x14, 0xc9, 0x7c, 0x2f, 0x1d, 0xec, 0x2f, 0x5c, + 0xc0, 0x87, 0xc0, 0xe1, 0x43, 0xb1, 0xa0, 0x1e, 0x9c, 0x1a, 0xb0, 0x18, 0x5a, 0x7e, 0xdb, 0x0d, + 0x89, 0xbf, 0x63, 0x38, 0x25, 0xd3, 0x26, 0xb1, 0x8d, 0xb5, 0x9e, 0x44, 0x85, 0xd3, 0xb8, 0xd1, + 0x1e, 0xe5, 0x53, 0xa2, 0x39, 0x0a, 0xc9, 0x46, 0xf9, 0x68, 0x9c, 0x38, 0x8b, 0x0e, 0xe7, 0xd1, + 0xd0, 0xff, 0x96, 0x06, 0xe2, 0x92, 0x55, 0xa6, 0xd7, 0xd7, 0x72, 0xd3, 0xeb, 0x5f, 0x48, 0x24, + 0x39, 0x6f, 0xa4, 0x5c, 0xe3, 0x3e, 0xa8, 0xb8, 0xe8, 0x4f, 0xc4, 0x3c, 0x9e, 0x63, 0x56, 0xe2, + 0xd0, 0xfd, 0x7f, 0x30, 0xde, 0xf7, 0xed, 0x9e, 0xe1, 0xef, 0x89, 0xe3, 0x76, 0x9a, 0xc7, 0x1b, + 0x30, 0xfd, 0xbd, 0x3e, 0x3d, 0x67, 0xa3, 0x5a, 0xfd, 0x87, 0x1a, 0x88, 0xaf, 0x59, 0xf0, 0xc3, + 0xa1, 0x22, 0xe7, 0x1d, 0x9d, 0x0f, 0x3e, 0x8e, 0xdd, 0x37, 0x52, 0x14, 0xbb, 0xef, 0x41, 0x05, + 0xc2, 0xfb, 0xae, 0x06, 0xe9, 0x84, 0xa5, 0xe8, 0x03, 0x30, 0x2e, 0xde, 0x34, 0x8a, 0x57, 0x51, + 0xdc, 0xbb, 0x95, 0x17, 0xe1, 0xa8, 0x2e, 0xa9, 0x79, 0x56, 0x11, 0x81, 0xf3, 0xdf, 0x6d, 0x1c, + 0x21, 0x8c, 0xee, 0xcf, 0xc0, 0x18, 0x7f, 0x84, 0x87, 0x7e, 0x2e, 0xd7, 0x75, 0xee, 0x46, 0x85, + 0x77, 0x7e, 0x25, 0x3c, 0xe4, 0x12, 0x31, 0x9a, 0x6a, 0x87, 0xc6, 0x68, 0xea, 0xf0, 0xd8, 0x9c, + 0x55, 0x0c, 0x8f, 0x2d, 0xdc, 0x16, 0xc9, 0x21, 0x44, 0x5c, 0x4e, 0x34, 0x48, 0xd8, 0xe3, 0x46, + 0x2b, 0xc4, 0x1d, 0xe5, 0x43, 0xa0, 0x58, 0xe5, 0x66, 0x0e, 0xb1, 0xc8, 0xc5, 0x8f, 0x9e, 0xea, + 0x15, 0xae, 0x6a, 0xc5, 0xa8, 0x0f, 0xf1, 0xe8, 0x49, 0xee, 0xa6, 0xb1, 0xc2, 0xdd, 0xd4, 0x85, + 0x71, 0xb1, 0x1f, 0x04, 0x77, 0x7c, 0xbe, 0x4a, 0xe4, 0x4d, 0xe5, 0xb1, 0x3c, 0x2f, 0xc0, 0x11, + 0x76, 0x7a, 0xe6, 0xf6, 0x8c, 0x5d, 0xbb, 0x37, 0xe8, 0x31, 0x9e, 0x58, 0x57, 0x41, 0x59, 0x31, + 0x8e, 0xea, 0x19, 0x28, 0xbf, 0xe3, 0x66, 0x62, 0x9e, 0x0a, 0x2a, 0xf2, 0x1b, 0x45, 0xf5, 0xe8, + 0x33, 0xd0, 0xe8, 0x19, 0xbb, 0x9d, 0x81, 0xdf, 0x25, 0xc2, 0x10, 0x57, 0x6c, 0x86, 0x18, 0x84, + 0xb6, 0xb3, 0x48, 0x15, 0x94, 0xd0, 0x5f, 0x6c, 0xbb, 0xe1, 0x2d, 0xbf, 0x13, 0xfa, 0x32, 0x1c, + 0xe0, 0xaa, 0xc0, 0x82, 0x25, 0x3e, 0xe4, 0xc0, 0x4c, 0xcf, 0xd8, 0x5d, 0x77, 0x0d, 0x99, 0x86, + 0x65, 0xb2, 0x24, 0x05, 0x76, 0x2b, 0xb1, 0x9a, 0xc0, 0x85, 0x53, 0xb8, 0x73, 0x2e, 0x40, 0xa6, + 0x1e, 0xd4, 0x05, 0xc8, 0x92, 0x74, 0x27, 0x9a, 0x66, 0xcb, 0xf0, 0xd1, 0xbc, 0xcb, 0xf0, 0xc3, + 0x3d, 0x85, 0x5e, 0x97, 0x9e, 0x42, 0x33, 0x15, 0x6e, 0x2d, 0x0e, 0xf1, 0x12, 0xda, 0x81, 0x49, + 0xcb, 0x08, 0x0d, 0x5e, 0x1a, 0xcc, 0x9f, 0xaa, 0x60, 0x2b, 0x59, 0x96, 0x78, 0x94, 0xe0, 0xe8, + 0x31, 0x6e, 0xac, 0x12, 0x42, 0xb7, 0x78, 0x9a, 0x0e, 0x87, 0x84, 0x31, 0x08, 0xb3, 0x97, 0xcd, + 0x72, 0x8b, 0x68, 0x94, 0x54, 0x23, 0x03, 0x80, 0xf3, 0xbf, 0xa3, 0x62, 0x2a, 0x7f, 0xd6, 0x30, + 0x17, 0x87, 0xe9, 0x48, 0xbc, 0x84, 0xfc, 0x6b, 0x1a, 0xcc, 0xf2, 0x1c, 0x70, 0x2d, 0xaf, 0xd7, + 0xf7, 0x5c, 0x42, 0x27, 0x06, 0xb1, 0x51, 0xbd, 0x5e, 0x81, 0x3f, 0x74, 0x52, 0x28, 0x85, 0x23, + 0x43, 0xaa, 0x14, 0x67, 0x48, 0xa3, 0x7f, 0xaa, 0xc1, 0x7c, 0xaf, 0x20, 0xf6, 0xf8, 0xfc, 0xe9, + 0x0a, 0xbe, 0x94, 0x47, 0x05, 0x34, 0xe7, 0xf9, 0x29, 0x8f, 0x82, 0xc2, 0x85, 0x8d, 0xab, 0xea, + 0x76, 0x5d, 0xe5, 0x89, 0xe8, 0x5f, 0x82, 0xd9, 0xf4, 0x49, 0xa0, 0xe6, 0x15, 0xd1, 0x1e, 0x6c, + 0x5e, 0x11, 0xfd, 0x05, 0x38, 0x97, 0x3f, 0xeb, 0x54, 0xe8, 0x62, 0x69, 0x7a, 0x84, 0xa2, 0x13, + 0x47, 0xb5, 0xa4, 0x85, 0x98, 0xd7, 0x35, 0x17, 0xbf, 0xff, 0x93, 0x8b, 0xef, 0xf9, 0x83, 0x9f, + 0x5c, 0x7c, 0xcf, 0x8f, 0x7e, 0x72, 0xf1, 0x3d, 0x5f, 0x3a, 0xb8, 0xa8, 0x7d, 0xff, 0xe0, 0xa2, + 0xf6, 0x07, 0x07, 0x17, 0xb5, 0x1f, 0x1d, 0x5c, 0xd4, 0xfe, 0xc3, 0xc1, 0x45, 0xed, 0x6f, 0xfc, + 0xc7, 0x8b, 0xef, 0xf9, 0x4c, 0x23, 0x6a, 0xd2, 0xff, 0x0b, 0x00, 0x00, 0xff, 0xff, 0xec, 0x78, + 0xc4, 0x8a, 0x94, 0xbd, 0x00, 0x00, } func (m *Addon) Marshal() (dAtA []byte, err error) { @@ -5975,6 +5980,11 @@ func (m *ClusterAutoscaler) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.MaxGracefulTerminationSeconds != nil { + i = encodeVarintGenerated(dAtA, i, uint64(*m.MaxGracefulTerminationSeconds)) + i-- + dAtA[i] = 0x48 + } if m.MaxNodeProvisionTime != nil { { size, err := m.MaxNodeProvisionTime.MarshalToSizedBuffer(dAtA[:i]) @@ -11853,6 +11863,28 @@ func (m *ServiceAccountConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.MaxTokenExpiration != nil { + { + size, err := m.MaxTokenExpiration.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + if m.ExtendTokenExpiration != nil { + i-- + if *m.ExtendTokenExpiration { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } if m.SigningKeySecret != nil { { size, err := m.SigningKeySecret.MarshalToSizedBuffer(dAtA[:i]) @@ -13721,6 +13753,9 @@ func (m *ClusterAutoscaler) Size() (n int) { l = m.MaxNodeProvisionTime.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.MaxGracefulTerminationSeconds != nil { + n += 1 + sovGenerated(uint64(*m.MaxGracefulTerminationSeconds)) + } return n } @@ -15881,6 +15916,13 @@ func (m *ServiceAccountConfig) Size() (n int) { l = m.SigningKeySecret.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.ExtendTokenExpiration != nil { + n += 2 + } + if m.MaxTokenExpiration != nil { + l = m.MaxTokenExpiration.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -16716,6 +16758,7 @@ func (this *ClusterAutoscaler) String() string { `ScanInterval:` + strings.Replace(fmt.Sprintf("%v", this.ScanInterval), "Duration", "v11.Duration", 1) + `,`, `Expander:` + valueToStringGenerated(this.Expander) + `,`, `MaxNodeProvisionTime:` + strings.Replace(fmt.Sprintf("%v", this.MaxNodeProvisionTime), "Duration", "v11.Duration", 1) + `,`, + `MaxGracefulTerminationSeconds:` + valueToStringGenerated(this.MaxGracefulTerminationSeconds) + `,`, `}`, }, "") return s @@ -18244,6 +18287,8 @@ func (this *ServiceAccountConfig) String() string { s := strings.Join([]string{`&ServiceAccountConfig{`, `Issuer:` + valueToStringGenerated(this.Issuer) + `,`, `SigningKeySecret:` + strings.Replace(fmt.Sprintf("%v", this.SigningKeySecret), "LocalObjectReference", "v1.LocalObjectReference", 1) + `,`, + `ExtendTokenExpiration:` + valueToStringGenerated(this.ExtendTokenExpiration) + `,`, + `MaxTokenExpiration:` + strings.Replace(fmt.Sprintf("%v", this.MaxTokenExpiration), "Duration", "v11.Duration", 1) + `,`, `}`, }, "") return s @@ -21789,6 +21834,26 @@ func (m *ClusterAutoscaler) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MaxGracefulTerminationSeconds", wireType) + } + var v int32 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.MaxGracefulTerminationSeconds = &v default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -39042,6 +39107,63 @@ func (m *ServiceAccountConfig) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ExtendTokenExpiration", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + b := bool(v != 0) + m.ExtendTokenExpiration = &b + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MaxTokenExpiration", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.MaxTokenExpiration == nil { + m.MaxTokenExpiration = &v11.Duration{} + } + if err := m.MaxTokenExpiration.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.proto b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.proto index e53f6afcf..91759243f 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.proto +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/generated.proto @@ -345,6 +345,10 @@ message ClusterAutoscaler { // MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins). // +optional optional k8s.io.apimachinery.pkg.apis.meta.v1.Duration maxNodeProvisionTime = 8; + + // MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600). + // +optional + optional int32 maxGracefulTerminationSeconds = 9; } // ClusterInfo contains information about the Plant cluster @@ -558,12 +562,13 @@ message DNS { repeated DNSProvider providers = 2; } +// DNSIncludeExclude contains information about which domains shall be included/excluded. message DNSIncludeExclude { - // Include is a list of resources that shall be included. + // Include is a list of domains that shall be included. // +optional repeated string include = 1; - // Exclude is a list of resources that shall be excluded. + // Exclude is a list of domains that shall be excluded. // +optional repeated string exclude = 2; } @@ -1489,6 +1494,7 @@ message OpenIDConnectClientAuthentication { optional string secret = 2; } +// Plant represents an external kubernetes cluster. message Plant { // Standard object metadata. // +optional @@ -1683,6 +1689,7 @@ message Provider { repeated Worker workers = 4; } +// Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret. message Quota { // Standard object metadata. // +optional @@ -1757,6 +1764,7 @@ message ResourceWatchCacheSize { optional int32 size = 3; } +// SecretBinding represents a binding to a secret in the same or another namespace. message SecretBinding { // Standard object metadata. // +optional @@ -2069,8 +2077,22 @@ message ServiceAccountConfig { // Only useful if service account tokens are also issued by another external system. // +optional optional k8s.io.api.core.v1.LocalObjectReference signingKeySecretName = 2; + + // ExtendTokenExpiration turns on projected service account expiration extension during token generation, which + // helps safe transition from legacy token to bound service account token feature. If this flag is enabled, + // admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, + // ignoring value of service-account-max-token-expiration. + // +optional + optional bool extendTokenExpiration = 3; + + // MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an + // otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued + // with a validity duration of this value. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.Duration maxTokenExpiration = 4; } +// Shoot represents a Shoot cluster created and managed by Gardener. message Shoot { // Standard object metadata. // +optional diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/helper/helper.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/helper/helper.go index 457869af3..49ba49a83 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/helper/helper.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/helper/helper.go @@ -204,6 +204,7 @@ func TaintsHave(taints []gardencorev1alpha1.SeedTaint, key string) bool { return false } +// ShootedSeed contains the configuration of a shooted seed. type ShootedSeed struct { DisableDNS *bool DisableCapacityReservation *bool @@ -219,11 +220,13 @@ type ShootedSeed struct { WithSecretRef bool } +// ShootedSeedAPIServer contains the configuration of a shooted seed API server. type ShootedSeedAPIServer struct { Replicas *int32 Autoscaler *ShootedSeedAPIServerAutoscaler } +// ShootedSeedAPIServerAutoscaler contains the configuration of a shooted seed API server autoscaler. type ShootedSeedAPIServerAutoscaler struct { MinReplicas *int32 MaxReplicas int32 diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_cloudprofile.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_cloudprofile.go index abf3dd241..30689a56b 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_cloudprofile.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_cloudprofile.go @@ -217,7 +217,7 @@ const ( VolumeClassPremium string = "premium" ) -// VersionClassification is the logical state of a version according to https://github.com/gardener/gardener/blob/master/docs/operations/versioning.md +// VersionClassification is the logical state of a version. type VersionClassification string const ( @@ -225,7 +225,7 @@ const ( // ClassificationPreview versions will not be considered for automatic Kubernetes and Machine Image patch version updates. ClassificationPreview VersionClassification = "preview" // ClassificationSupported indicates that a patch version is the recommended version for a shoot. - // Using VersionMaintenance (see: https://github.com/gardener/gardener/docs/operation/versioning.md) there is one supported version per maintained minor version. + // Only one "supported" version is allowed per minor version. // Supported versions are eligible for the automated Kubernetes and Machine image patch version update for shoot clusters in Gardener. ClassificationSupported VersionClassification = "supported" // ClassificationDeprecated indicates that a patch version should not be used anymore, should be updated to a new version diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_plant.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_plant.go index 26d891e28..fcaeb9153 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_plant.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_plant.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Plant represents an external kubernetes cluster. type Plant struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_quota.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_quota.go index 07269b294..646fd19ee 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_quota.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_quota.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret. type Quota struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_secretbinding.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_secretbinding.go index a391b5cba..8528c6c83 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_secretbinding.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_secretbinding.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// SecretBinding represents a binding to a secret in the same or another namespace. type SecretBinding struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_shoot.go index a2dfa1297..ac7a36b19 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/types_shoot.go @@ -30,6 +30,7 @@ import ( // +genclient:method=CreateAdminKubeconfigRequest,verb=create,subresource=adminkubeconfig,input=github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.AdminKubeconfigRequest,result=github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.AdminKubeconfigRequest // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Shoot represents a Shoot cluster created and managed by Gardener. type Shoot struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. @@ -263,11 +264,12 @@ type DNSProvider struct { Zones *DNSIncludeExclude `json:"zones,omitempty" protobuf:"bytes,5,opt,name=zones"` } +// DNSIncludeExclude contains information about which domains shall be included/excluded. type DNSIncludeExclude struct { - // Include is a list of resources that shall be included. + // Include is a list of domains that shall be included. // +optional Include []string `json:"include,omitempty" protobuf:"bytes,1,rep,name=include"` - // Exclude is a list of resources that shall be excluded. + // Exclude is a list of domains that shall be excluded. // +optional Exclude []string `json:"exclude,omitempty" protobuf:"bytes,2,rep,name=exclude"` } @@ -394,6 +396,9 @@ type ClusterAutoscaler struct { // MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins). // +optional MaxNodeProvisionTime *metav1.Duration `json:"maxNodeProvisionTime,omitempty" protobuf:"bytes,8,opt,name=maxNodeProvisionTime"` + // MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600). + // +optional + MaxGracefulTerminationSeconds *int32 `json:"maxGracefulTerminationSeconds,omitempty" protobuf:"varint,9,opt,name=maxGracefulTerminationSeconds"` } // ExpanderMode is type used for Expander values @@ -548,6 +553,17 @@ type ServiceAccountConfig struct { // Only useful if service account tokens are also issued by another external system. // +optional SigningKeySecret *corev1.LocalObjectReference `json:"signingKeySecretName,omitempty" protobuf:"bytes,2,opt,name=signingKeySecretName"` + // ExtendTokenExpiration turns on projected service account expiration extension during token generation, which + // helps safe transition from legacy token to bound service account token feature. If this flag is enabled, + // admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, + // ignoring value of service-account-max-token-expiration. + // +optional + ExtendTokenExpiration *bool `json:"extendTokenExpiration,omitempty" protobuf:"bytes,3,opt,name=extendTokenExpiration"` + // MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an + // otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued + // with a validity duration of this value. + // +optional + MaxTokenExpiration *metav1.Duration `json:"maxTokenExpiration,omitempty" protobuf:"bytes,4,opt,name=maxTokenExpiration"` } // AuditConfig contains settings for audit of the api server @@ -1164,8 +1180,10 @@ type CRI struct { type CRIName string const ( + // CRINameContainerD is a constant for ContainerD CRI name. CRINameContainerD CRIName = "containerd" - CRINameDocker CRIName = "docker" + // CRINameDocker is a constant for Docker CRI name. + CRINameDocker CRIName = "docker" ) // ContainerRuntime contains information about worker's available container runtime diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.conversion.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.conversion.go index c5c15d4fe..7072a83a2 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.conversion.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.conversion.go @@ -2040,6 +2040,7 @@ func autoConvert_v1alpha1_ClusterAutoscaler_To_core_ClusterAutoscaler(in *Cluste out.ScanInterval = (*metav1.Duration)(unsafe.Pointer(in.ScanInterval)) out.Expander = (*core.ExpanderMode)(unsafe.Pointer(in.Expander)) out.MaxNodeProvisionTime = (*metav1.Duration)(unsafe.Pointer(in.MaxNodeProvisionTime)) + out.MaxGracefulTerminationSeconds = (*int32)(unsafe.Pointer(in.MaxGracefulTerminationSeconds)) return nil } @@ -2057,6 +2058,7 @@ func autoConvert_core_ClusterAutoscaler_To_v1alpha1_ClusterAutoscaler(in *core.C out.ScanInterval = (*metav1.Duration)(unsafe.Pointer(in.ScanInterval)) out.Expander = (*ExpanderMode)(unsafe.Pointer(in.Expander)) out.MaxNodeProvisionTime = (*metav1.Duration)(unsafe.Pointer(in.MaxNodeProvisionTime)) + out.MaxGracefulTerminationSeconds = (*int32)(unsafe.Pointer(in.MaxGracefulTerminationSeconds)) return nil } @@ -4798,6 +4800,8 @@ func Convert_core_SeedVolumeProvider_To_v1alpha1_SeedVolumeProvider(in *core.See func autoConvert_v1alpha1_ServiceAccountConfig_To_core_ServiceAccountConfig(in *ServiceAccountConfig, out *core.ServiceAccountConfig, s conversion.Scope) error { out.Issuer = (*string)(unsafe.Pointer(in.Issuer)) out.SigningKeySecret = (*v1.LocalObjectReference)(unsafe.Pointer(in.SigningKeySecret)) + out.ExtendTokenExpiration = (*bool)(unsafe.Pointer(in.ExtendTokenExpiration)) + out.MaxTokenExpiration = (*metav1.Duration)(unsafe.Pointer(in.MaxTokenExpiration)) return nil } @@ -4809,6 +4813,8 @@ func Convert_v1alpha1_ServiceAccountConfig_To_core_ServiceAccountConfig(in *Serv func autoConvert_core_ServiceAccountConfig_To_v1alpha1_ServiceAccountConfig(in *core.ServiceAccountConfig, out *ServiceAccountConfig, s conversion.Scope) error { out.Issuer = (*string)(unsafe.Pointer(in.Issuer)) out.SigningKeySecret = (*v1.LocalObjectReference)(unsafe.Pointer(in.SigningKeySecret)) + out.ExtendTokenExpiration = (*bool)(unsafe.Pointer(in.ExtendTokenExpiration)) + out.MaxTokenExpiration = (*metav1.Duration)(unsafe.Pointer(in.MaxTokenExpiration)) return nil } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go index af9fc90bf..8c270a06e 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go @@ -637,6 +637,11 @@ func (in *ClusterAutoscaler) DeepCopyInto(out *ClusterAutoscaler) { *out = new(metav1.Duration) **out = **in } + if in.MaxGracefulTerminationSeconds != nil { + in, out := &in.MaxGracefulTerminationSeconds, &out.MaxGracefulTerminationSeconds + *out = new(int32) + **out = **in + } return } @@ -3700,6 +3705,16 @@ func (in *ServiceAccountConfig) DeepCopyInto(out *ServiceAccountConfig) { *out = new(v1.LocalObjectReference) **out = **in } + if in.ExtendTokenExpiration != nil { + in, out := &in.ExtendTokenExpiration, &out.ExtendTokenExpiration + *out = new(bool) + **out = **in + } + if in.MaxTokenExpiration != nil { + in, out := &in.MaxTokenExpiration, &out.MaxTokenExpiration + *out = new(metav1.Duration) + **out = **in + } return } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go index 193666dbd..66cf9a03a 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go @@ -309,6 +309,8 @@ const ( LabelNetworkPolicyFromPrometheus = "networking.gardener.cloud/from-prometheus" // LabelNetworkPolicyToAggregatePrometheus allows Egress traffic to the aggregate Prometheus. LabelNetworkPolicyToAggregatePrometheus = "networking.gardener.cloud/to-aggregate-prometheus" + // LabelNetworkPolicyToSeedPrometheus allows Egress traffic to the seed Prometheus. + LabelNetworkPolicyToSeedPrometheus = "networking.gardener.cloud/to-seed-prometheus" // LabelNetworkPolicyShootFromSeed allows Ingress traffic from the seed cluster (where the shoot's kube-apiserver // runs). LabelNetworkPolicyShootFromSeed = "networking.gardener.cloud/from-seed" @@ -448,6 +450,8 @@ const ( // SeedNginxIngressClass defines the ingress class for the seed nginx ingress controller SeedNginxIngressClass = "nginx-gardener" + // SeedNginxIngressClass122 defines the ingress class for the seed nginx ingress controller for K8s >= 1.22 + SeedNginxIngressClass122 = "nginx-ingress-gardener" // IngressKindNginx defines nginx as kind as managed Seed ingress IngressKindNginx = "nginx" // ShootNginxIngressClass defines the ingress class for the seed nginx ingress controller diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go index 621ae3f21..9db970b7a 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//nolint:revive package v1beta1 import ( diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go index aec568e89..dd8b473a0 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go @@ -348,6 +348,9 @@ func SetDefaults_ClusterAutoscaler(obj *ClusterAutoscaler) { if obj.MaxNodeProvisionTime == nil { obj.MaxNodeProvisionTime = &metav1.Duration{Duration: 20 * time.Minute} } + if obj.MaxGracefulTerminationSeconds == nil { + obj.MaxGracefulTerminationSeconds = pointer.Int32(600) + } } // SetDefaults_NginxIngress sets default values for NginxIngress objects. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.pb.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.pb.go index f42cf9062..e32cfc59b 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.pb.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.pb.go @@ -4046,585 +4046,590 @@ func init() { } var fileDescriptor_ca37af0df9a5bbd2 = []byte{ - // 9246 bytes of a gzipped FileDescriptorProto + // 9322 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x7d, 0x6d, 0x6c, 0x24, 0xc9, - 0x75, 0x98, 0x7a, 0xc8, 0x21, 0x87, 0x6f, 0x48, 0x2e, 0x59, 0xfb, 0x71, 0x3c, 0xde, 0xdd, 0xce, - 0xaa, 0xa5, 0x13, 0xee, 0x22, 0x89, 0xeb, 0x3b, 0x49, 0x3e, 0xdd, 0x9d, 0x4e, 0x77, 0x9c, 0x19, - 0xee, 0xee, 0x68, 0x97, 0xdc, 0xb9, 0x9a, 0xe5, 0x9d, 0x74, 0x76, 0x2e, 0x6a, 0x76, 0x17, 0x87, - 0x7d, 0xec, 0xe9, 0x9e, 0xeb, 0xee, 0xe1, 0x92, 0x2b, 0x07, 0x92, 0x05, 0xcb, 0x8e, 0xe3, 0x24, - 0x30, 0x9c, 0x38, 0x82, 0x25, 0x07, 0x96, 0x11, 0x24, 0x42, 0xe0, 0x40, 0x76, 0x12, 0xd8, 0x88, - 0xf3, 0x81, 0x18, 0x36, 0x02, 0x2b, 0x42, 0x12, 0x08, 0x06, 0x84, 0x28, 0x89, 0x4d, 0x45, 0x0c, - 0xa0, 0x24, 0x48, 0x7e, 0x24, 0x30, 0xf2, 0x67, 0xe1, 0x20, 0x46, 0x7d, 0x74, 0x75, 0x75, 0x4f, - 0x37, 0x77, 0xd8, 0xb3, 0xe4, 0xdd, 0xfd, 0x22, 0xa7, 0xde, 0xab, 0xf7, 0xaa, 0xeb, 0xe3, 0xd5, - 0x7b, 0xaf, 0x5e, 0xbd, 0x82, 0x7a, 0xd7, 0x0e, 0x77, 0x06, 0x5b, 0x2b, 0xa6, 0xd7, 0xbb, 0xda, - 0x35, 0x7c, 0x8b, 0xb8, 0xc4, 0x8f, 0xff, 0xe9, 0xef, 0x76, 0xaf, 0x1a, 0x7d, 0x3b, 0xb8, 0x6a, - 0x7a, 0x3e, 0xb9, 0xba, 0xf7, 0xcc, 0x16, 0x09, 0x8d, 0x67, 0xae, 0x76, 0x29, 0xcc, 0x08, 0x89, - 0xb5, 0xd2, 0xf7, 0xbd, 0xd0, 0x43, 0xcf, 0xc6, 0x34, 0x56, 0xa2, 0xaa, 0xf1, 0x3f, 0xfd, 0xdd, - 0xee, 0x0a, 0xa5, 0xb1, 0x42, 0x69, 0xac, 0x08, 0x1a, 0xcb, 0x1f, 0x55, 0xf9, 0x7a, 0x5d, 0xef, - 0x2a, 0x23, 0xb5, 0x35, 0xd8, 0x66, 0xbf, 0xd8, 0x0f, 0xf6, 0x1f, 0x67, 0xb1, 0xfc, 0xf4, 0xee, - 0x27, 0x83, 0x15, 0xdb, 0xa3, 0x8d, 0xb9, 0x6a, 0x0c, 0x42, 0x2f, 0x30, 0x0d, 0xc7, 0x76, 0xbb, - 0x57, 0xf7, 0x86, 0x5a, 0xb3, 0xac, 0x2b, 0xa8, 0xa2, 0xd9, 0xc7, 0xe2, 0xf8, 0x5b, 0x86, 0x99, - 0x85, 0xf3, 0xf1, 0x18, 0xa7, 0x67, 0x98, 0x3b, 0xb6, 0x4b, 0xfc, 0x83, 0xa8, 0x43, 0xae, 0xfa, - 0x24, 0xf0, 0x06, 0xbe, 0x49, 0x4e, 0x54, 0x2b, 0xb8, 0xda, 0x23, 0xa1, 0x91, 0xc5, 0xeb, 0x6a, - 0x5e, 0x2d, 0x7f, 0xe0, 0x86, 0x76, 0x6f, 0x98, 0xcd, 0x8f, 0x3f, 0xa8, 0x42, 0x60, 0xee, 0x90, - 0x9e, 0x31, 0x54, 0xef, 0x63, 0x79, 0xf5, 0x06, 0xa1, 0xed, 0x5c, 0xb5, 0xdd, 0x30, 0x08, 0xfd, - 0x74, 0x25, 0xfd, 0x59, 0x28, 0xaf, 0x5a, 0x96, 0xe7, 0xa2, 0xa7, 0x61, 0x9a, 0xb8, 0xc6, 0x96, - 0x43, 0xac, 0x25, 0xed, 0x8a, 0xf6, 0x54, 0xa5, 0x7e, 0xee, 0xdb, 0x87, 0xb5, 0xf7, 0x1d, 0x1d, - 0xd6, 0xa6, 0xd7, 0x78, 0x31, 0x8e, 0xe0, 0xfa, 0x2f, 0x97, 0x60, 0x8a, 0x55, 0x0a, 0xd0, 0x2f, - 0x69, 0x70, 0x7e, 0x77, 0xb0, 0x45, 0x7c, 0x97, 0x84, 0x24, 0x68, 0x1a, 0xc1, 0xce, 0x96, 0x67, - 0xf8, 0x9c, 0x44, 0xf5, 0xd9, 0xeb, 0x2b, 0x27, 0x9f, 0x3d, 0x2b, 0x37, 0x87, 0xc9, 0xd5, 0x1f, - 0x39, 0x3a, 0xac, 0x9d, 0xcf, 0x00, 0xe0, 0x2c, 0xe6, 0x68, 0x0f, 0x66, 0xdd, 0xae, 0xed, 0xee, - 0xb7, 0xdc, 0xae, 0x4f, 0x82, 0x60, 0xa9, 0xc4, 0x1a, 0xf3, 0x4a, 0x91, 0xc6, 0x6c, 0x28, 0x74, - 0xea, 0x0b, 0x47, 0x87, 0xb5, 0x59, 0xb5, 0x04, 0x27, 0xf8, 0xe8, 0x3f, 0xab, 0xc1, 0xb9, 0x55, - 0xab, 0x67, 0x07, 0x81, 0xed, 0xb9, 0x6d, 0x67, 0xd0, 0xb5, 0x5d, 0x74, 0x05, 0x26, 0x5d, 0xa3, - 0x47, 0x58, 0x87, 0xcc, 0xd4, 0x67, 0x45, 0x9f, 0x4e, 0x6e, 0x18, 0x3d, 0x82, 0x19, 0x04, 0xbd, - 0x0a, 0x53, 0xa6, 0xe7, 0x6e, 0xdb, 0x5d, 0xd1, 0xce, 0x8f, 0xae, 0xf0, 0x71, 0x5c, 0x51, 0xc7, - 0x91, 0x35, 0x4f, 0x8c, 0xff, 0x0a, 0x36, 0xee, 0xae, 0xed, 0x87, 0xc4, 0xa5, 0x6c, 0xea, 0x70, - 0x74, 0x58, 0x9b, 0x6a, 0x30, 0x02, 0x58, 0x10, 0xd2, 0xaf, 0x41, 0x65, 0xd5, 0x21, 0x7e, 0x68, - 0xbb, 0x5d, 0xf4, 0x02, 0xcc, 0x93, 0x9e, 0x61, 0x3b, 0x98, 0x98, 0xc4, 0xde, 0x23, 0x7e, 0xb0, - 0xa4, 0x5d, 0x99, 0x78, 0x6a, 0xa6, 0x8e, 0x8e, 0x0e, 0x6b, 0xf3, 0x6b, 0x09, 0x08, 0x4e, 0x61, - 0xea, 0x3f, 0xad, 0x41, 0x75, 0x75, 0x60, 0xd9, 0x21, 0xa7, 0x8f, 0x7c, 0xa8, 0x1a, 0xf4, 0x67, - 0xdb, 0x73, 0x6c, 0xf3, 0x40, 0x0c, 0xf2, 0xcb, 0x45, 0xfa, 0x75, 0x35, 0x26, 0x53, 0x3f, 0x77, - 0x74, 0x58, 0xab, 0x2a, 0x05, 0x58, 0x65, 0xa2, 0xef, 0x80, 0x0a, 0x43, 0x9f, 0x83, 0x59, 0xfe, - 0x91, 0xeb, 0x46, 0x1f, 0x93, 0x6d, 0xd1, 0x86, 0x0f, 0x28, 0x7d, 0x16, 0x31, 0x5a, 0xb9, 0xbd, - 0xf5, 0x16, 0x31, 0x43, 0x4c, 0xb6, 0x89, 0x4f, 0x5c, 0x93, 0xf0, 0xe1, 0x6b, 0x28, 0x95, 0x71, - 0x82, 0x94, 0xfe, 0x03, 0x0d, 0x16, 0x56, 0xf7, 0x0c, 0xdb, 0x31, 0xb6, 0x6c, 0xc7, 0x0e, 0x0f, - 0xde, 0xf0, 0x5c, 0x32, 0xc2, 0xf8, 0x6d, 0xc2, 0x23, 0x03, 0xd7, 0xe0, 0xf5, 0x1c, 0xb2, 0xce, - 0x47, 0xec, 0xce, 0x41, 0x9f, 0xd0, 0x89, 0x47, 0x7b, 0xfa, 0xb1, 0xa3, 0xc3, 0xda, 0x23, 0x9b, - 0xd9, 0x28, 0x38, 0xaf, 0x2e, 0xc2, 0x70, 0x49, 0x01, 0xbd, 0xe6, 0x39, 0x83, 0x9e, 0xa0, 0x3a, - 0xc1, 0xa8, 0x2e, 0x1f, 0x1d, 0xd6, 0x2e, 0x6d, 0x66, 0x62, 0xe0, 0x9c, 0x9a, 0xfa, 0xb7, 0x4b, - 0x30, 0x5b, 0x37, 0xcc, 0xdd, 0x41, 0xbf, 0x3e, 0x30, 0x77, 0x49, 0x88, 0x3e, 0x0f, 0x15, 0x2a, - 0xb6, 0x2c, 0x23, 0x34, 0x44, 0x4f, 0xfe, 0x58, 0xee, 0xec, 0x63, 0x83, 0x48, 0xb1, 0xe3, 0xbe, - 0x5d, 0x27, 0xa1, 0x51, 0x47, 0xa2, 0x4f, 0x20, 0x2e, 0xc3, 0x92, 0x2a, 0xda, 0x86, 0xc9, 0xa0, - 0x4f, 0x4c, 0x31, 0xb7, 0x9b, 0x45, 0xe6, 0x8a, 0xda, 0xe2, 0x4e, 0x9f, 0x98, 0xf1, 0x28, 0xd0, - 0x5f, 0x98, 0xd1, 0x47, 0x2e, 0x4c, 0x05, 0xa1, 0x11, 0x0e, 0x68, 0xf7, 0x50, 0x4e, 0xd7, 0xc6, - 0xe6, 0xc4, 0xa8, 0xd5, 0xe7, 0x05, 0xaf, 0x29, 0xfe, 0x1b, 0x0b, 0x2e, 0xfa, 0x7f, 0xd0, 0x60, - 0x41, 0x45, 0xbf, 0x65, 0x07, 0x21, 0xfa, 0xc9, 0xa1, 0xee, 0x5c, 0x19, 0xad, 0x3b, 0x69, 0x6d, - 0xd6, 0x99, 0x0b, 0x82, 0x5d, 0x25, 0x2a, 0x51, 0xba, 0x92, 0x40, 0xd9, 0x0e, 0x49, 0x8f, 0x4f, - 0xab, 0x82, 0xf2, 0x4c, 0x6d, 0x72, 0x7d, 0x4e, 0x30, 0x2b, 0xb7, 0x28, 0x59, 0xcc, 0xa9, 0xeb, - 0x9f, 0x87, 0x0b, 0x2a, 0x56, 0xdb, 0xf7, 0xf6, 0x6c, 0x8b, 0xf8, 0x74, 0x25, 0x84, 0x07, 0xfd, - 0xa1, 0x95, 0x40, 0x67, 0x16, 0x66, 0x10, 0xf4, 0x21, 0x98, 0xf2, 0x49, 0xd7, 0xf6, 0x5c, 0x36, - 0xda, 0x33, 0x71, 0xdf, 0x61, 0x56, 0x8a, 0x05, 0x54, 0xff, 0xbf, 0xa5, 0x64, 0xdf, 0xd1, 0x61, - 0x44, 0x7b, 0x50, 0xe9, 0x0b, 0x56, 0xa2, 0xef, 0x6e, 0x8c, 0xfb, 0x81, 0x51, 0xd3, 0xe3, 0x5e, - 0x8d, 0x4a, 0xb0, 0xe4, 0x85, 0x6c, 0x98, 0x8f, 0xfe, 0x6f, 0x8c, 0x21, 0x86, 0x99, 0x38, 0x6d, - 0x27, 0x08, 0xe1, 0x14, 0x61, 0x74, 0x07, 0x66, 0x02, 0x62, 0xfa, 0x84, 0xca, 0x24, 0x31, 0x4d, - 0x33, 0x05, 0x57, 0x27, 0x42, 0x12, 0x82, 0x6b, 0x51, 0x34, 0x7f, 0x46, 0x02, 0x70, 0x4c, 0x08, - 0x3d, 0x05, 0x95, 0x80, 0x10, 0x8b, 0x4a, 0xa4, 0xa5, 0x49, 0x3e, 0x36, 0xf4, 0x53, 0x3b, 0xa2, - 0x0c, 0x4b, 0xa8, 0xfe, 0x8d, 0x49, 0x40, 0xc3, 0x53, 0x5c, 0xed, 0x01, 0x5e, 0x22, 0xfa, 0x7f, - 0x9c, 0x1e, 0x10, 0xab, 0x25, 0x45, 0x18, 0xdd, 0x83, 0x39, 0xc7, 0x08, 0xc2, 0xdb, 0x7d, 0xaa, - 0x83, 0x44, 0x13, 0xa5, 0xfa, 0xec, 0x6a, 0x91, 0x91, 0xbe, 0xa5, 0x12, 0xaa, 0x2f, 0x1e, 0x1d, - 0xd6, 0xe6, 0x12, 0x45, 0x38, 0xc9, 0x0a, 0xbd, 0x05, 0x33, 0xb4, 0x60, 0xcd, 0xf7, 0x3d, 0x5f, - 0xf4, 0xfe, 0x4b, 0x45, 0xf9, 0x32, 0x22, 0xf5, 0x39, 0x3a, 0x26, 0xf2, 0x27, 0x8e, 0xc9, 0xa3, - 0xcf, 0x00, 0xf2, 0xb6, 0x02, 0xe2, 0xef, 0x11, 0xeb, 0x3a, 0x57, 0xb8, 0xe8, 0xc7, 0xd2, 0xd1, - 0x99, 0xa8, 0x2f, 0x8b, 0xd1, 0x44, 0xb7, 0x87, 0x30, 0x70, 0x46, 0x2d, 0xb4, 0x0b, 0x48, 0x2a, - 0x6d, 0x72, 0x02, 0x2c, 0x95, 0x47, 0x9f, 0x3e, 0x97, 0x28, 0xb3, 0xeb, 0x43, 0x24, 0x70, 0x06, - 0x59, 0xfd, 0x5f, 0x97, 0xa0, 0xca, 0xa7, 0xc8, 0x9a, 0x1b, 0xfa, 0x07, 0x67, 0xb0, 0x41, 0x90, - 0xc4, 0x06, 0xd1, 0x28, 0xbe, 0xe6, 0x59, 0x83, 0x73, 0xf7, 0x87, 0x5e, 0x6a, 0x7f, 0x58, 0x1b, - 0x97, 0xd1, 0xf1, 0xdb, 0xc3, 0xf7, 0x34, 0x38, 0xa7, 0x60, 0x9f, 0xc1, 0xee, 0x60, 0x25, 0x77, - 0x87, 0x97, 0xc7, 0xfc, 0xbe, 0x9c, 0xcd, 0xc1, 0x4b, 0x7c, 0x16, 0x13, 0xdc, 0xcf, 0x02, 0x6c, - 0x31, 0x71, 0xb2, 0x11, 0xeb, 0x49, 0x72, 0xc8, 0xeb, 0x12, 0x82, 0x15, 0xac, 0x84, 0xcc, 0x2a, - 0x1d, 0x2b, 0xb3, 0xfe, 0x4f, 0x09, 0x16, 0x87, 0xba, 0x7d, 0x58, 0x8e, 0x68, 0xef, 0x90, 0x1c, - 0x29, 0xbd, 0x13, 0x72, 0x64, 0xa2, 0x90, 0x1c, 0x19, 0x7d, 0x9f, 0xf8, 0x7d, 0x0d, 0x26, 0x1a, - 0xb8, 0x85, 0x3e, 0x9c, 0xd0, 0x7d, 0x1f, 0x51, 0x75, 0xdf, 0xfb, 0x87, 0xb5, 0xe9, 0x06, 0x6e, - 0x29, 0x6a, 0xf0, 0x5f, 0xd7, 0x60, 0xd1, 0xf4, 0xdc, 0xd0, 0xa0, 0x93, 0x18, 0xf3, 0x0d, 0x22, - 0x9a, 0x8c, 0x85, 0xd4, 0xbe, 0x46, 0x8a, 0x58, 0xfd, 0x51, 0xd1, 0x80, 0xc5, 0x34, 0x24, 0xc0, - 0xc3, 0x9c, 0xf5, 0x4d, 0x98, 0x69, 0x38, 0xde, 0xc0, 0x6a, 0xb9, 0xdb, 0xde, 0x43, 0xd4, 0x5d, - 0xbe, 0xaf, 0xc1, 0x2c, 0xa3, 0xdb, 0xf6, 0xbd, 0x6d, 0xdb, 0x21, 0xef, 0x0d, 0x15, 0x5a, 0x6d, - 0x71, 0x9e, 0x88, 0x64, 0x2a, 0xad, 0x8a, 0xf8, 0x1e, 0x51, 0x69, 0xd5, 0x26, 0xe7, 0x48, 0xad, - 0x5f, 0x9e, 0x4e, 0x7e, 0x19, 0x93, 0x5b, 0x4f, 0x41, 0xc5, 0x34, 0xea, 0x03, 0xd7, 0x72, 0xe4, - 0xbc, 0xa0, 0xad, 0x6c, 0xac, 0xf2, 0x32, 0x2c, 0xa1, 0xe8, 0x1e, 0x40, 0xec, 0x66, 0x10, 0xc3, - 0x70, 0x6d, 0x3c, 0xd7, 0x46, 0x87, 0x84, 0xd4, 0x3a, 0x0f, 0xe2, 0xa1, 0x8f, 0x61, 0x58, 0xe1, - 0x86, 0xfe, 0x32, 0xcc, 0x89, 0x4e, 0x6e, 0xf5, 0x8c, 0xae, 0xb0, 0xfe, 0x0a, 0xf6, 0xd4, 0xba, - 0x42, 0xa8, 0x7e, 0x51, 0x30, 0x9e, 0x53, 0x4b, 0x03, 0x9c, 0xe4, 0x86, 0x0e, 0x60, 0xb6, 0xa7, - 0x5a, 0xb4, 0x93, 0xc5, 0x37, 0x17, 0xc5, 0xba, 0xad, 0x5f, 0x10, 0xcc, 0x67, 0x13, 0xb6, 0x70, - 0x82, 0x55, 0x86, 0x62, 0x5e, 0x3e, 0x2d, 0xc5, 0x9c, 0xc0, 0x34, 0x5f, 0xde, 0xc1, 0xd2, 0x14, - 0xfb, 0xc0, 0x17, 0x8a, 0x7c, 0x20, 0x97, 0x14, 0xb1, 0xdf, 0x8c, 0xff, 0x0e, 0x70, 0x44, 0x1b, - 0xed, 0xc1, 0x2c, 0x95, 0xb1, 0x1d, 0xe2, 0x10, 0x33, 0xf4, 0xfc, 0xa5, 0xe9, 0xe2, 0x7e, 0xa9, - 0x8e, 0x42, 0x87, 0x3b, 0x36, 0xd4, 0x12, 0x9c, 0xe0, 0x23, 0xa5, 0x5f, 0x25, 0x57, 0xfa, 0x0d, - 0xa0, 0xba, 0xa7, 0x78, 0x18, 0x66, 0x58, 0x27, 0x7c, 0xba, 0x48, 0xc3, 0x62, 0x77, 0x43, 0xfd, - 0xbc, 0x60, 0x54, 0x55, 0x5d, 0x13, 0x2a, 0x1f, 0xfd, 0x5f, 0x4d, 0xc3, 0x62, 0xc3, 0x19, 0x04, - 0x21, 0xf1, 0x57, 0x85, 0xe3, 0x97, 0xf8, 0xe8, 0xcb, 0x1a, 0x5c, 0x62, 0xff, 0x36, 0xbd, 0xbb, - 0x6e, 0x93, 0x38, 0xc6, 0xc1, 0xea, 0x36, 0xc5, 0xb0, 0xac, 0x93, 0x49, 0xa0, 0xe6, 0x40, 0xec, - 0xe9, 0xcc, 0x55, 0xd2, 0xc9, 0xa4, 0x88, 0x73, 0x38, 0xa1, 0x5f, 0xd0, 0xe0, 0xd1, 0x0c, 0x50, - 0x93, 0x38, 0x24, 0x24, 0x42, 0x06, 0x9c, 0xb4, 0x1d, 0x4f, 0x1c, 0x1d, 0xd6, 0x1e, 0xed, 0xe4, - 0x11, 0xc5, 0xf9, 0xfc, 0xd0, 0xdf, 0xd0, 0x60, 0x39, 0x03, 0x7a, 0xcd, 0xb0, 0x9d, 0x81, 0x4f, - 0x84, 0x4a, 0x7b, 0xd2, 0xe6, 0x5c, 0x3e, 0x3a, 0xac, 0x2d, 0x77, 0x72, 0xa9, 0xe2, 0x63, 0x38, - 0xa2, 0x2f, 0xc2, 0x45, 0x09, 0xdd, 0x74, 0x5d, 0x42, 0x2c, 0x62, 0xdd, 0xb1, 0x85, 0x66, 0x71, - 0xf2, 0xa6, 0x3c, 0x7a, 0x74, 0x58, 0xbb, 0xd8, 0xc9, 0x22, 0x88, 0xb3, 0xf9, 0xa0, 0x2e, 0x3c, - 0x11, 0x03, 0x42, 0xdb, 0xb1, 0xef, 0x31, 0x4a, 0x77, 0x76, 0x7c, 0x12, 0xec, 0x78, 0x8e, 0xc5, - 0x84, 0x85, 0x56, 0x7f, 0xff, 0xd1, 0x61, 0xed, 0x89, 0xce, 0x71, 0x88, 0xf8, 0x78, 0x3a, 0xc8, - 0x82, 0xd9, 0xc0, 0x34, 0xdc, 0x96, 0x1b, 0x12, 0x7f, 0xcf, 0x70, 0x96, 0xa6, 0x0a, 0x7d, 0x20, - 0x5f, 0xa2, 0x0a, 0x1d, 0x9c, 0xa0, 0x8a, 0x3e, 0x09, 0x15, 0xb2, 0xdf, 0x37, 0x5c, 0x8b, 0x70, - 0xb1, 0x30, 0x53, 0x7f, 0x9c, 0x6e, 0x46, 0x6b, 0xa2, 0xec, 0xfe, 0x61, 0x6d, 0x36, 0xfa, 0x7f, - 0xdd, 0xb3, 0x08, 0x96, 0xd8, 0xe8, 0xa7, 0xe0, 0x42, 0xcf, 0xd8, 0xdf, 0xf0, 0x2c, 0xc2, 0x84, - 0x1c, 0x95, 0x79, 0x6c, 0x20, 0x2a, 0x85, 0xda, 0xb9, 0x74, 0x74, 0x58, 0xbb, 0xb0, 0x9e, 0x41, - 0x0f, 0x67, 0x72, 0xd1, 0xff, 0x87, 0x06, 0x55, 0xb1, 0x82, 0x99, 0xa2, 0xb5, 0x05, 0x65, 0x93, - 0x6e, 0xb4, 0x62, 0xa5, 0xbe, 0x54, 0x78, 0x43, 0xa7, 0xd4, 0xe2, 0xdd, 0x9c, 0x15, 0x61, 0x4e, - 0x1a, 0xed, 0x65, 0x6c, 0xc7, 0xf5, 0xf1, 0xb6, 0x63, 0xc6, 0xed, 0x01, 0x5b, 0xb1, 0x7e, 0x38, - 0x01, 0x33, 0x0d, 0xcf, 0xb5, 0x6c, 0xa6, 0x4e, 0x3f, 0x93, 0x50, 0x29, 0x9f, 0x50, 0x85, 0xea, - 0xfd, 0xc3, 0xda, 0x9c, 0x44, 0x54, 0xa4, 0xec, 0xf3, 0xd2, 0x06, 0xe5, 0x3a, 0xe6, 0xfb, 0x93, - 0xc6, 0xe3, 0xfd, 0xc3, 0xda, 0x39, 0x59, 0x2d, 0x69, 0x4f, 0xa2, 0x3d, 0x40, 0xd4, 0x2a, 0xb8, - 0xe3, 0x1b, 0x6e, 0xc0, 0xc9, 0xd2, 0x31, 0xe6, 0xeb, 0xfe, 0x2f, 0x8c, 0x36, 0xc6, 0xb4, 0x46, - 0x6c, 0x34, 0xdc, 0x1a, 0xa2, 0x86, 0x33, 0x38, 0xa0, 0xb7, 0x60, 0x9e, 0x96, 0x6e, 0xf6, 0x2d, - 0x23, 0x24, 0xca, 0x02, 0x3f, 0x09, 0xcf, 0x4b, 0x82, 0xe7, 0xfc, 0xad, 0x04, 0x25, 0x9c, 0xa2, - 0xcc, 0x55, 0x70, 0x23, 0xf0, 0x5c, 0xb6, 0x76, 0x13, 0x2a, 0x38, 0x2d, 0xc5, 0x02, 0x8a, 0x9e, - 0x86, 0xe9, 0x1e, 0x09, 0x02, 0xa3, 0x4b, 0xd8, 0x62, 0x9c, 0x89, 0x77, 0xdc, 0x75, 0x5e, 0x8c, - 0x23, 0x38, 0xfa, 0x08, 0x94, 0x4d, 0xcf, 0x22, 0xc1, 0xd2, 0x34, 0xf3, 0x99, 0x5f, 0x62, 0x73, - 0x89, 0x16, 0xdc, 0x3f, 0xac, 0xcd, 0x30, 0x13, 0x8b, 0xfe, 0xc2, 0x1c, 0x49, 0xff, 0x35, 0xaa, - 0x00, 0xa7, 0x0c, 0x89, 0x11, 0x4c, 0x87, 0xb3, 0xf3, 0x20, 0xea, 0x3f, 0x5f, 0x82, 0x0b, 0xb4, - 0x85, 0xbe, 0xe7, 0x38, 0x74, 0x73, 0xe8, 0x3b, 0xde, 0x41, 0x8f, 0xb8, 0x67, 0xe1, 0xc8, 0x8f, - 0xfa, 0xa1, 0x94, 0xdb, 0x0f, 0xbd, 0xa1, 0x7e, 0x98, 0x28, 0xd2, 0x0f, 0x72, 0xba, 0x3c, 0xa0, - 0x2f, 0xfe, 0x9b, 0x06, 0x4b, 0x59, 0x7d, 0x71, 0x06, 0x66, 0x4b, 0x2f, 0x69, 0xb6, 0xdc, 0x28, - 0x6a, 0xde, 0xa6, 0x9b, 0x9e, 0x63, 0xbe, 0xfc, 0xa8, 0x04, 0x97, 0x62, 0xf4, 0x96, 0x1b, 0x84, - 0x86, 0xe3, 0x70, 0xa3, 0xfe, 0xf4, 0xc7, 0xbd, 0x9f, 0xb0, 0x3e, 0x37, 0xc6, 0xfb, 0x54, 0xb5, - 0xed, 0xb9, 0xae, 0xba, 0xfd, 0x94, 0xab, 0xae, 0xfd, 0x10, 0x79, 0x1e, 0xef, 0xb5, 0xfb, 0x9f, - 0x1a, 0x2c, 0x67, 0x57, 0x3c, 0x83, 0x49, 0xe5, 0x25, 0x27, 0xd5, 0x67, 0x1e, 0xde, 0x57, 0xe7, - 0x4c, 0xab, 0x7f, 0x5c, 0xca, 0xfb, 0x5a, 0x66, 0x1f, 0x6f, 0xc3, 0x39, 0x6a, 0xb8, 0x04, 0xa1, - 0xf0, 0x29, 0x9d, 0xec, 0xb0, 0x35, 0xf2, 0x16, 0x9d, 0xc3, 0x49, 0x1a, 0x38, 0x4d, 0x14, 0x6d, - 0xc0, 0x34, 0xb5, 0x56, 0x28, 0xfd, 0xd2, 0xe8, 0xf4, 0xa5, 0xcc, 0xef, 0xf0, 0xba, 0x38, 0x22, - 0x82, 0x7e, 0x12, 0xe6, 0x2c, 0xb9, 0xa2, 0x1e, 0x70, 0xd2, 0x92, 0xa6, 0xca, 0xbc, 0x7f, 0x4d, - 0xb5, 0x36, 0x4e, 0x12, 0xd3, 0xff, 0x4c, 0x83, 0xc7, 0x8f, 0x9b, 0x5b, 0xe8, 0x6d, 0x00, 0x33, - 0xda, 0xc4, 0xf9, 0x59, 0x7b, 0x51, 0x35, 0x28, 0xa2, 0x12, 0x2f, 0x50, 0x59, 0x14, 0x60, 0x85, - 0x49, 0xc6, 0x01, 0x4e, 0xe9, 0x94, 0x0e, 0x70, 0xf4, 0xff, 0xa5, 0xa9, 0xa2, 0x48, 0x1d, 0xdb, - 0xf7, 0x9a, 0x28, 0x52, 0xdb, 0x9e, 0xeb, 0x12, 0xfb, 0xe3, 0x09, 0xb8, 0x92, 0x5d, 0x45, 0xd9, - 0x7b, 0x1f, 0x4f, 0x68, 0x08, 0x95, 0x77, 0x4c, 0x3b, 0x40, 0xaf, 0xc0, 0x54, 0x9f, 0x47, 0x66, - 0x4c, 0xb0, 0xa6, 0x3c, 0x45, 0x45, 0x1c, 0x8f, 0x9b, 0xb8, 0x7f, 0x58, 0x5b, 0xce, 0xda, 0x71, - 0x44, 0xc4, 0x85, 0xa8, 0x87, 0xec, 0x94, 0x87, 0x82, 0x2b, 0x7b, 0x1f, 0x1b, 0x51, 0xca, 0x19, - 0x5b, 0xc4, 0x19, 0xd9, 0x29, 0xf1, 0xd3, 0x1a, 0xcc, 0x27, 0x96, 0x56, 0xb0, 0x54, 0x66, 0x8b, - 0xa5, 0x90, 0x13, 0x3f, 0xb1, 0x66, 0x63, 0x15, 0x22, 0x51, 0x1c, 0xe0, 0x14, 0xc3, 0x94, 0xbc, - 0x57, 0x87, 0xf7, 0x3d, 0x27, 0xef, 0xd5, 0xc6, 0xe7, 0xc8, 0xfb, 0x5f, 0x2d, 0xe5, 0x7d, 0x2d, - 0x93, 0xf7, 0x77, 0x61, 0x26, 0x8a, 0x7c, 0x8b, 0xe4, 0xd6, 0xb5, 0x71, 0xdb, 0xc4, 0xc9, 0xc5, - 0x07, 0xd8, 0x51, 0x49, 0x80, 0x63, 0x5e, 0xe8, 0x67, 0x34, 0x80, 0x78, 0x60, 0xc4, 0xf2, 0xb8, - 0xf3, 0xf0, 0xba, 0x43, 0xd1, 0xaf, 0xe6, 0xa9, 0x6c, 0x51, 0x26, 0x85, 0xc2, 0x57, 0xff, 0xad, - 0x12, 0xa0, 0xe1, 0xb6, 0x53, 0xbd, 0x77, 0xd7, 0x76, 0xad, 0xb4, 0xfe, 0x7f, 0xd3, 0x76, 0x2d, - 0xcc, 0x20, 0x23, 0x68, 0xc6, 0x2f, 0xc1, 0xb9, 0xae, 0xe3, 0x6d, 0x19, 0x8e, 0x73, 0x20, 0x82, - 0xe9, 0xd8, 0x0a, 0xad, 0xd4, 0xcf, 0xd3, 0x1d, 0xf2, 0x7a, 0x12, 0x84, 0xd3, 0xb8, 0xa8, 0x0f, - 0x0b, 0x3e, 0x31, 0x3d, 0xd7, 0xb4, 0x1d, 0x66, 0x29, 0x79, 0x83, 0xb0, 0xa0, 0x9f, 0xe5, 0xc2, - 0xd1, 0x61, 0x6d, 0x01, 0xa7, 0x68, 0xe1, 0x21, 0xea, 0xe8, 0x49, 0x98, 0xee, 0xfb, 0x76, 0xcf, - 0xf0, 0x0f, 0x98, 0x2d, 0x56, 0xa9, 0x57, 0xe9, 0x56, 0xdb, 0xe6, 0x45, 0x38, 0x82, 0xe9, 0x5f, - 0xd7, 0x60, 0xa2, 0xb9, 0xd1, 0x41, 0x3a, 0x4c, 0x59, 0x5e, 0xcf, 0xb0, 0x5d, 0xd1, 0x4b, 0x2c, - 0x26, 0xad, 0xc9, 0x4a, 0xb0, 0x80, 0xa0, 0x3e, 0xcc, 0x44, 0xe2, 0x6a, 0xac, 0x33, 0xca, 0xe6, - 0x46, 0x47, 0xc6, 0x75, 0xc8, 0x79, 0x15, 0x95, 0x04, 0x38, 0x66, 0xa2, 0x1b, 0xb0, 0xd8, 0xdc, - 0xe8, 0xb4, 0x5c, 0xd3, 0x19, 0x58, 0x64, 0x6d, 0x9f, 0xfd, 0xa1, 0x5f, 0x66, 0xf3, 0x12, 0x11, - 0x07, 0xc7, 0xbe, 0x4c, 0x20, 0xe1, 0x08, 0x46, 0xd1, 0x08, 0xaf, 0x21, 0x82, 0xb8, 0x18, 0x9a, - 0x20, 0x82, 0x23, 0x98, 0xfe, 0xfd, 0x12, 0x54, 0x95, 0x06, 0x21, 0x07, 0xa6, 0xf9, 0xe7, 0x46, - 0x31, 0x14, 0x6b, 0x05, 0x3f, 0x31, 0xd9, 0x6a, 0xce, 0x9d, 0x77, 0x68, 0x80, 0x23, 0x16, 0xea, - 0x28, 0x95, 0xf2, 0x47, 0x09, 0xad, 0x00, 0xf0, 0x68, 0x11, 0x76, 0xf4, 0xc7, 0xb7, 0x06, 0xb6, - 0x10, 0x3a, 0xb2, 0x14, 0x2b, 0x18, 0x72, 0x3f, 0x9b, 0xcc, 0xdc, 0xcf, 0xb6, 0xa1, 0x7c, 0xcf, - 0x73, 0x49, 0x20, 0xbc, 0xf1, 0x0f, 0xe9, 0x03, 0x67, 0xa8, 0xb4, 0x7a, 0x83, 0xd2, 0xc5, 0x9c, - 0xbc, 0xfe, 0xeb, 0x1a, 0x40, 0xd3, 0x08, 0x0d, 0xee, 0x3c, 0x1e, 0x21, 0x0e, 0xef, 0xf1, 0xc4, - 0x32, 0xac, 0x0c, 0x9d, 0xef, 0x4d, 0x06, 0xf6, 0xbd, 0xe8, 0xf3, 0xa5, 0x9e, 0xc1, 0xa9, 0x77, - 0xec, 0x7b, 0x04, 0x33, 0x38, 0xfa, 0x30, 0xcc, 0x10, 0xd7, 0xf4, 0x0f, 0xfa, 0x21, 0xb1, 0x58, - 0x0f, 0x54, 0xf8, 0xf1, 0xec, 0x5a, 0x54, 0x88, 0x63, 0xb8, 0xfe, 0x0c, 0x24, 0x95, 0xc5, 0x07, - 0xb7, 0x52, 0xdf, 0x83, 0xca, 0x9a, 0x6b, 0xf5, 0x3d, 0xdb, 0x0d, 0x47, 0xf8, 0xa6, 0x27, 0x60, - 0x62, 0xe0, 0x3b, 0xe2, 0x93, 0xaa, 0x02, 0x61, 0x62, 0x13, 0xdf, 0xc2, 0xb4, 0x1c, 0x3d, 0x0d, - 0xd3, 0xfd, 0x81, 0xdf, 0xf7, 0x82, 0xe8, 0xbb, 0xa4, 0x56, 0xdc, 0xe6, 0xc5, 0x38, 0x82, 0xeb, - 0xf7, 0x35, 0x58, 0x58, 0xdb, 0xef, 0xdb, 0x3e, 0x8b, 0x09, 0x24, 0x3e, 0x55, 0x2a, 0x68, 0xfd, - 0x3d, 0xfe, 0xaf, 0x68, 0x83, 0xac, 0x2f, 0x30, 0x70, 0x04, 0x47, 0xdb, 0x30, 0x4f, 0x58, 0x75, - 0x26, 0x51, 0x0d, 0xe9, 0x03, 0x3f, 0x89, 0x23, 0x88, 0x87, 0x9c, 0x26, 0xa8, 0xe0, 0x14, 0x55, - 0xd4, 0x81, 0x79, 0xd3, 0x31, 0x82, 0xc0, 0xde, 0xb6, 0xcd, 0xf8, 0xb4, 0x7b, 0xa6, 0xfe, 0x61, - 0x5a, 0xb7, 0x91, 0x80, 0xdc, 0x3f, 0xac, 0x5d, 0x14, 0xed, 0x4c, 0x02, 0x70, 0x8a, 0x84, 0xfe, - 0xfb, 0x1a, 0xcc, 0x48, 0x55, 0xea, 0x5d, 0xe5, 0xd1, 0x41, 0x4f, 0x41, 0xc5, 0xb2, 0x03, 0x75, - 0x4f, 0x60, 0xa7, 0x90, 0x4d, 0x51, 0x86, 0x25, 0x54, 0x0f, 0xa0, 0x72, 0x5d, 0x2c, 0x2b, 0xb4, - 0x0c, 0x25, 0x3b, 0xda, 0x92, 0x40, 0x7c, 0x40, 0xa9, 0xd5, 0xc4, 0x25, 0xdb, 0x92, 0xb3, 0xaa, - 0x94, 0x3b, 0xab, 0x94, 0x61, 0x9f, 0x38, 0x7e, 0xd8, 0xf5, 0x6f, 0x69, 0x50, 0xbd, 0x61, 0x6f, - 0x11, 0xdf, 0xe5, 0x4a, 0xfe, 0x93, 0xe9, 0x28, 0xf1, 0x6a, 0x56, 0x84, 0x38, 0xda, 0x87, 0x99, - 0xc0, 0xdc, 0x21, 0xd6, 0xc0, 0x91, 0x31, 0x00, 0x85, 0x62, 0xc1, 0x15, 0xd6, 0x1d, 0x41, 0x4f, - 0x89, 0x86, 0x8b, 0x38, 0xe0, 0x98, 0x99, 0xfe, 0x05, 0x38, 0x9f, 0x51, 0x09, 0xd5, 0xa0, 0x1c, - 0x84, 0x86, 0x1f, 0x8a, 0x3e, 0x63, 0xe2, 0xa6, 0x43, 0x0b, 0x30, 0x2f, 0x47, 0x8f, 0xc2, 0x04, - 0x71, 0x2d, 0xd1, 0x69, 0xd3, 0x74, 0x95, 0xad, 0xb9, 0x16, 0xa6, 0x65, 0x74, 0x88, 0x1c, 0x2f, - 0x31, 0x19, 0xd9, 0x10, 0xdd, 0x12, 0x65, 0x58, 0x42, 0xf5, 0x7f, 0x36, 0x09, 0x4f, 0xdc, 0xf0, - 0x7c, 0xfb, 0x9e, 0xe7, 0x86, 0x86, 0xd3, 0xf6, 0xac, 0xf8, 0x54, 0x4b, 0x0c, 0xf7, 0x57, 0x34, - 0x78, 0xc4, 0xec, 0x0f, 0x5a, 0xae, 0x1d, 0xda, 0x46, 0x74, 0xd8, 0xd0, 0x26, 0xbe, 0xed, 0x15, - 0x3d, 0xdc, 0x62, 0xd1, 0xc5, 0x8d, 0xf6, 0x66, 0x16, 0x49, 0x9c, 0xc7, 0x8b, 0x9d, 0xb1, 0x59, - 0xde, 0x5d, 0x97, 0x35, 0xae, 0x13, 0xb2, 0x88, 0xe7, 0x7b, 0xf1, 0x27, 0x16, 0x3c, 0x63, 0x6b, - 0x66, 0x52, 0xc4, 0x39, 0x9c, 0xd0, 0x17, 0xe1, 0xa2, 0xcd, 0x1b, 0x87, 0x89, 0x61, 0xd9, 0x2e, - 0x09, 0x02, 0x76, 0xd2, 0x34, 0xce, 0x21, 0x52, 0x2b, 0x8b, 0x20, 0xce, 0xe6, 0x83, 0xde, 0x04, - 0x08, 0x0e, 0x5c, 0x53, 0xf4, 0x7f, 0xb9, 0x10, 0x57, 0xbe, 0x93, 0x4a, 0x2a, 0x58, 0xa1, 0x48, - 0x37, 0x93, 0xd0, 0x73, 0x88, 0x6f, 0xb8, 0x26, 0xf7, 0x55, 0x6b, 0x7c, 0x33, 0xb9, 0x13, 0x15, - 0xe2, 0x18, 0xae, 0xff, 0x43, 0x0d, 0xa6, 0xc5, 0x4d, 0x02, 0xf4, 0xa1, 0x94, 0x42, 0x25, 0x1d, - 0x56, 0x29, 0xa5, 0xea, 0x80, 0x39, 0x1b, 0x84, 0xca, 0x2a, 0x84, 0x54, 0xa1, 0x1d, 0x59, 0x30, - 0x8e, 0xf5, 0xdf, 0x84, 0xd3, 0x21, 0xd2, 0x89, 0x15, 0x66, 0xfa, 0x37, 0x34, 0x58, 0x1c, 0xaa, - 0x35, 0x82, 0xb6, 0x7c, 0x86, 0xde, 0xf2, 0xff, 0x07, 0xc0, 0x2e, 0x8d, 0xac, 0xb6, 0x5b, 0x1d, - 0xe2, 0xef, 0xc9, 0x45, 0xf8, 0x57, 0x35, 0x58, 0x88, 0xcf, 0x75, 0x44, 0x2b, 0xb4, 0xe2, 0xd1, - 0x35, 0x37, 0x53, 0xb4, 0xea, 0x4b, 0xe2, 0xbb, 0x17, 0xd2, 0x10, 0x3c, 0xc4, 0x17, 0xfd, 0xbc, - 0x06, 0x0b, 0x46, 0xf2, 0xd2, 0x48, 0x24, 0x32, 0x0b, 0x05, 0x43, 0xa6, 0x2e, 0xa0, 0xc4, 0x6d, - 0x49, 0x01, 0x02, 0x3c, 0xc4, 0x16, 0x7d, 0x1c, 0x66, 0x8d, 0xbe, 0xbd, 0x3a, 0xb0, 0x6c, 0xe2, - 0x9a, 0xf2, 0xa6, 0x01, 0xb3, 0xe4, 0x57, 0xdb, 0x2d, 0x59, 0x8e, 0x13, 0x58, 0xf2, 0x56, 0x88, - 0xe8, 0xc8, 0xc9, 0x31, 0x6f, 0x85, 0x88, 0x3e, 0x8c, 0x6f, 0x85, 0x88, 0xae, 0x53, 0x99, 0xa0, - 0x9f, 0x80, 0x47, 0xf9, 0x5e, 0x53, 0x37, 0x02, 0xdb, 0x5c, 0x1d, 0x84, 0x3b, 0xc4, 0x0d, 0x23, - 0x8d, 0x81, 0x9b, 0x2c, 0xec, 0xb4, 0x7d, 0x2d, 0x0f, 0x09, 0xe7, 0xd7, 0x47, 0x2e, 0x80, 0x67, - 0x5b, 0xa6, 0xf8, 0x1e, 0x7e, 0xe0, 0x5b, 0x28, 0x18, 0xe2, 0x76, 0xab, 0xd9, 0x10, 0x9f, 0xc3, - 0xc4, 0x44, 0xfc, 0x1b, 0x2b, 0x1c, 0xd0, 0x57, 0x35, 0x98, 0x13, 0x93, 0x5c, 0xf0, 0x9c, 0x66, - 0xe3, 0xff, 0x46, 0xd1, 0xc9, 0x98, 0x9a, 0xf0, 0x2b, 0x58, 0x25, 0xce, 0xc3, 0x3b, 0x65, 0xf8, - 0x4f, 0x02, 0x86, 0x93, 0xed, 0x40, 0x7f, 0x5b, 0x83, 0x0b, 0x01, 0xf1, 0xf7, 0x6c, 0x93, 0xac, - 0x9a, 0xa6, 0x37, 0x70, 0xa3, 0x41, 0xae, 0x14, 0x8f, 0xd0, 0xef, 0x64, 0xd0, 0xe3, 0xe7, 0xce, - 0x59, 0x10, 0x9c, 0xc9, 0x9f, 0xee, 0x5f, 0xe7, 0xee, 0x1a, 0xa1, 0xb9, 0xd3, 0x30, 0xcc, 0x1d, - 0xa6, 0xbf, 0x07, 0x4b, 0x33, 0xc5, 0x23, 0x88, 0x5f, 0x4f, 0x92, 0xe2, 0x76, 0x79, 0xaa, 0x10, - 0xa7, 0x19, 0xa2, 0x00, 0x2a, 0x3e, 0x79, 0x7b, 0x40, 0x82, 0x30, 0x58, 0x02, 0xc6, 0xbc, 0x35, - 0xf6, 0x88, 0x61, 0x41, 0x90, 0xeb, 0x18, 0xd1, 0x2f, 0x2c, 0x19, 0xa1, 0x2e, 0x3c, 0xc1, 0x67, - 0xee, 0xaa, 0xeb, 0xb9, 0x07, 0x3d, 0x6f, 0x10, 0xa4, 0x66, 0x7f, 0x95, 0xcd, 0x7e, 0x16, 0xf8, - 0xb0, 0x76, 0x1c, 0x22, 0x3e, 0x9e, 0xce, 0xf2, 0x2b, 0x80, 0x86, 0xe7, 0x0d, 0x5a, 0x80, 0x89, - 0x5d, 0xc2, 0xaf, 0x7e, 0xcd, 0x60, 0xfa, 0x2f, 0xba, 0x00, 0xe5, 0x3d, 0xc3, 0x19, 0x70, 0x85, - 0xb3, 0x82, 0xf9, 0x8f, 0x17, 0x4a, 0x9f, 0xd4, 0xf4, 0xdf, 0xd1, 0xe0, 0x62, 0xe6, 0xc7, 0x21, - 0x0c, 0x97, 0x58, 0x38, 0x81, 0xbb, 0x3e, 0x08, 0x8d, 0xd0, 0x76, 0xbb, 0x2d, 0x77, 0xdb, 0xb1, - 0xbb, 0x3b, 0x5c, 0x3f, 0x2b, 0x73, 0x6d, 0x62, 0x3d, 0x13, 0x03, 0xe7, 0xd4, 0x44, 0x2d, 0x38, - 0xdf, 0x33, 0xf6, 0x87, 0x08, 0x96, 0x18, 0x41, 0x76, 0x81, 0x70, 0x7d, 0x18, 0x8c, 0xb3, 0xea, - 0xe8, 0x5f, 0x2b, 0xc3, 0x63, 0xb4, 0xe1, 0xf1, 0xc6, 0xb6, 0x6e, 0xb8, 0x46, 0xf7, 0xdd, 0xb9, - 0x81, 0x7c, 0x4b, 0x83, 0x47, 0x76, 0xb2, 0x95, 0x4e, 0xb1, 0xb5, 0xbe, 0x5a, 0x48, 0xf5, 0x3e, - 0x4e, 0x8f, 0xe5, 0xd3, 0xeb, 0x58, 0x14, 0x9c, 0xd7, 0x28, 0xf4, 0x0a, 0x2c, 0xb8, 0x9e, 0x45, - 0x1a, 0xad, 0x26, 0x5e, 0x37, 0x82, 0xdd, 0x4e, 0x64, 0x96, 0x97, 0xb9, 0x7b, 0x6a, 0x23, 0x05, - 0xc3, 0x43, 0xd8, 0x68, 0x0f, 0x50, 0xdf, 0xb3, 0xd6, 0xf6, 0x6c, 0x33, 0x0a, 0x54, 0x28, 0xee, - 0x12, 0x63, 0xb7, 0x23, 0xda, 0x43, 0xd4, 0x70, 0x06, 0x07, 0xa6, 0x35, 0xd3, 0xc6, 0xac, 0x7b, - 0xae, 0x1d, 0x7a, 0xfe, 0x75, 0xdf, 0x30, 0xc9, 0x58, 0xca, 0x23, 0x9b, 0xe7, 0x1b, 0x99, 0x14, - 0x71, 0x0e, 0x27, 0xfd, 0x7f, 0x6b, 0x70, 0x8e, 0x4e, 0x8b, 0xb6, 0xef, 0xed, 0x1f, 0xbc, 0x1b, - 0x27, 0xe4, 0xd3, 0x30, 0xd9, 0xf3, 0xac, 0xc8, 0x00, 0xbd, 0x48, 0xf5, 0xbf, 0x75, 0xcf, 0x22, - 0xf7, 0xb9, 0x9f, 0x6e, 0xff, 0x80, 0x05, 0x30, 0x31, 0x14, 0xd5, 0x9c, 0x9c, 0xc8, 0x37, 0x27, - 0xf5, 0xff, 0xac, 0x71, 0x45, 0x2e, 0x32, 0xe7, 0xde, 0x95, 0xeb, 0xf0, 0x39, 0x98, 0xa3, 0x65, - 0xeb, 0xc6, 0x7e, 0xbb, 0xf9, 0x9a, 0xe7, 0x44, 0x41, 0x3e, 0xec, 0x48, 0xf1, 0xa6, 0x0a, 0xc0, - 0x49, 0x3c, 0xfd, 0x3f, 0xcd, 0x03, 0x43, 0x70, 0x48, 0xf8, 0x6e, 0xfc, 0xae, 0x67, 0xa0, 0x6a, - 0xf6, 0x07, 0x8d, 0x6b, 0x9d, 0x57, 0x07, 0x5e, 0x68, 0x08, 0x4f, 0x23, 0xd3, 0xce, 0x1a, 0xed, - 0xcd, 0xa8, 0x18, 0xab, 0x38, 0x74, 0x85, 0x9b, 0xfd, 0x81, 0x90, 0x99, 0x6d, 0xf5, 0x48, 0x8a, - 0xad, 0xf0, 0x46, 0x7b, 0x33, 0x01, 0xc3, 0x43, 0xd8, 0xe8, 0x8b, 0x30, 0x4b, 0xc4, 0xe2, 0xbb, - 0x61, 0xf8, 0x96, 0x58, 0xdb, 0x85, 0xb7, 0x57, 0xd9, 0xb5, 0xd1, 0x8a, 0xe6, 0x4a, 0xed, 0x9a, - 0xc2, 0x02, 0x27, 0x18, 0x32, 0x05, 0x53, 0xfc, 0xa6, 0x23, 0xe5, 0x59, 0xe9, 0xc5, 0x5e, 0x16, - 0x0a, 0x66, 0x1e, 0x12, 0xce, 0xaf, 0x8f, 0x7e, 0x43, 0x83, 0x4b, 0x12, 0x6a, 0xbb, 0x76, 0x6f, - 0xd0, 0xc3, 0xc4, 0x74, 0x0c, 0xbb, 0x27, 0xb4, 0xcd, 0xd7, 0x1f, 0xda, 0x87, 0x26, 0xc9, 0x73, - 0x81, 0x93, 0x0d, 0xc3, 0x39, 0x4d, 0x42, 0xdf, 0xd0, 0xe0, 0x4a, 0x04, 0x6a, 0x53, 0x7b, 0x6f, - 0xe0, 0x93, 0x38, 0x4c, 0x4c, 0x74, 0xc9, 0x74, 0x21, 0xf9, 0xf7, 0xc1, 0xa3, 0xc3, 0xda, 0x95, - 0xb5, 0x07, 0xd0, 0xc6, 0x0f, 0xe4, 0xae, 0x4e, 0x97, 0x8e, 0xb7, 0x1d, 0x0a, 0xf5, 0xf4, 0xb4, - 0xa6, 0x0b, 0x65, 0x81, 0x13, 0x0c, 0xd1, 0x6f, 0x6a, 0xf0, 0x88, 0x5a, 0xa0, 0xce, 0x16, 0xae, - 0x97, 0x7e, 0xf6, 0xa1, 0x35, 0x26, 0x45, 0x9f, 0x7b, 0x80, 0x72, 0x80, 0x38, 0xaf, 0x55, 0x54, - 0xf4, 0xf6, 0xd8, 0xc4, 0xe4, 0xba, 0x6b, 0x99, 0x8b, 0x5e, 0x3e, 0x57, 0x03, 0x1c, 0xc1, 0xa8, - 0x49, 0xd8, 0xf7, 0xac, 0xb6, 0x6d, 0x05, 0xb7, 0xec, 0x9e, 0x1d, 0x32, 0xed, 0x72, 0x82, 0x77, - 0x47, 0xdb, 0xb3, 0xda, 0xad, 0x26, 0x2f, 0xc7, 0x09, 0x2c, 0x16, 0x3d, 0x6d, 0xf7, 0x8c, 0x2e, - 0x69, 0x0f, 0x1c, 0xa7, 0xed, 0x7b, 0xcc, 0x4d, 0xd0, 0x24, 0x86, 0xe5, 0xd8, 0x2e, 0x59, 0x9a, - 0x2d, 0x1e, 0x3d, 0xdd, 0xca, 0x23, 0x8a, 0xf3, 0xf9, 0xa1, 0x15, 0x80, 0x6d, 0xc3, 0x76, 0x3a, - 0x77, 0x8d, 0xfe, 0x6d, 0x77, 0x69, 0x8e, 0x09, 0x30, 0x66, 0x8f, 0x5d, 0x93, 0xa5, 0x58, 0xc1, - 0xa0, 0xb3, 0x89, 0x4a, 0x41, 0x4c, 0xf8, 0x1d, 0xaa, 0xa5, 0xf9, 0x87, 0x34, 0x9b, 0x22, 0x82, - 0xbc, 0xfb, 0x6e, 0x2a, 0x2c, 0x70, 0x82, 0x21, 0xfa, 0x8a, 0x06, 0xf3, 0xc1, 0x41, 0x10, 0x92, - 0x9e, 0x6c, 0xc3, 0xb9, 0x87, 0xdd, 0x06, 0xe6, 0x40, 0xe9, 0x24, 0x98, 0xe0, 0x14, 0x53, 0x64, - 0xc0, 0x63, 0xac, 0x57, 0xaf, 0x37, 0x6e, 0xd8, 0xdd, 0x1d, 0x19, 0x13, 0xdd, 0x26, 0xbe, 0x49, - 0xdc, 0x70, 0x69, 0x81, 0xcd, 0x9b, 0xda, 0xd1, 0x61, 0xed, 0xb1, 0x56, 0x3e, 0x1a, 0x3e, 0x8e, - 0x06, 0x7a, 0x13, 0x96, 0x05, 0xf8, 0x96, 0x77, 0x77, 0x88, 0xc3, 0x22, 0xe3, 0xc0, 0x02, 0xd5, - 0x5b, 0xb9, 0x58, 0xf8, 0x18, 0x0a, 0xfa, 0x61, 0x89, 0xdb, 0x20, 0x43, 0xab, 0x08, 0xbd, 0x04, - 0xe7, 0x7a, 0xa4, 0xe7, 0xf9, 0x07, 0xab, 0x51, 0xaa, 0x04, 0xe1, 0xb5, 0x62, 0xc6, 0xdf, 0x7a, - 0x12, 0x84, 0xd3, 0xb8, 0x74, 0x8f, 0x63, 0x6c, 0xaf, 0x75, 0xe2, 0xfa, 0xa5, 0x78, 0x8f, 0x6b, - 0xa5, 0x60, 0x78, 0x08, 0x1b, 0x35, 0x60, 0x51, 0x94, 0xb5, 0xa8, 0xaa, 0x17, 0x5c, 0xf3, 0x49, - 0x74, 0x8e, 0x43, 0x95, 0xa6, 0xc5, 0x56, 0x1a, 0x88, 0x87, 0xf1, 0xe9, 0x57, 0xd0, 0x1f, 0x6a, - 0x2b, 0x26, 0xe3, 0xaf, 0xd8, 0x48, 0x82, 0x70, 0x1a, 0x37, 0xd2, 0xc5, 0x13, 0x4d, 0x28, 0xc7, - 0x5f, 0xb1, 0x91, 0x82, 0xe1, 0x21, 0x6c, 0xfd, 0x8f, 0x27, 0xe1, 0x03, 0x23, 0xec, 0x3c, 0xa8, - 0x97, 0xdd, 0xdd, 0x0f, 0x90, 0x03, 0x2b, 0x51, 0x98, 0xc0, 0xca, 0xab, 0x03, 0xc3, 0x0d, 0xed, - 0xf0, 0x60, 0xc4, 0xe1, 0xe9, 0xe7, 0x0c, 0xcf, 0xc9, 0xf9, 0x8d, 0x3a, 0x9c, 0x41, 0xde, 0x70, - 0x9e, 0x9c, 0xe5, 0xe8, 0xc3, 0xdf, 0xcb, 0x1e, 0xfe, 0x82, 0xbd, 0xfa, 0xc0, 0xe9, 0xd2, 0xcf, - 0x99, 0x2e, 0x05, 0x7b, 0x75, 0x84, 0xe9, 0xf5, 0x27, 0x93, 0xf0, 0xc1, 0x51, 0x76, 0xc1, 0x82, - 0xf3, 0x2b, 0x63, 0x9f, 0x39, 0xd5, 0xf9, 0x95, 0x17, 0x93, 0x71, 0x8a, 0xf3, 0x2b, 0x83, 0xe5, - 0x69, 0xcf, 0xaf, 0xbc, 0x5e, 0x3d, 0xad, 0xf9, 0x95, 0xd7, 0xab, 0x23, 0xcc, 0xaf, 0x3f, 0x4d, - 0xef, 0x0f, 0x72, 0xf3, 0x6b, 0xc1, 0x84, 0xd9, 0x1f, 0x14, 0x14, 0x52, 0xec, 0x04, 0xb1, 0xd1, - 0xde, 0xc4, 0x94, 0x06, 0xc2, 0x30, 0xc5, 0xe7, 0x4f, 0x41, 0x11, 0xc4, 0xe2, 0x69, 0xf8, 0x94, - 0xc4, 0x82, 0x12, 0xed, 0x2a, 0xd2, 0xdf, 0x21, 0x3d, 0xe2, 0x1b, 0x4e, 0x27, 0xf4, 0x7c, 0xa3, - 0x5b, 0x54, 0xda, 0xb0, 0xae, 0x5a, 0x4b, 0xd1, 0xc2, 0x43, 0xd4, 0x69, 0x87, 0xf4, 0x6d, 0xab, - 0xa0, 0x7c, 0x61, 0x1d, 0xd2, 0x6e, 0x35, 0x31, 0xa5, 0xa1, 0xff, 0x41, 0x05, 0x94, 0x5b, 0x36, - 0xd4, 0xd8, 0x32, 0x1c, 0xc7, 0xbb, 0xdb, 0xf6, 0xed, 0x3d, 0xdb, 0x21, 0x5d, 0x62, 0xc9, 0x6b, - 0x18, 0x81, 0x38, 0x67, 0x66, 0xda, 0xdf, 0x6a, 0x1e, 0x12, 0xce, 0xaf, 0x4f, 0x8d, 0xe9, 0x45, - 0x33, 0x7d, 0xc9, 0x70, 0x9c, 0xb3, 0xb2, 0xa1, 0x1b, 0x8b, 0x7c, 0x3d, 0x0d, 0x15, 0xe3, 0x61, - 0xb6, 0xe8, 0x4b, 0x1a, 0xf7, 0x12, 0x48, 0x97, 0xa8, 0x18, 0xb3, 0xeb, 0x0f, 0xc9, 0xd5, 0x1f, - 0xbb, 0x1b, 0x62, 0xa7, 0x6b, 0x92, 0x21, 0x35, 0xe7, 0x2e, 0xee, 0x66, 0x39, 0x37, 0xc5, 0xc8, - 0xde, 0x2e, 0xda, 0x94, 0x1c, 0x6f, 0x29, 0x3f, 0x97, 0xcd, 0x44, 0xc0, 0xd9, 0x0d, 0x91, 0xbd, - 0x24, 0xfd, 0x3d, 0x42, 0x08, 0x14, 0xee, 0xa5, 0x94, 0xe3, 0x28, 0xee, 0x25, 0x09, 0xc0, 0x49, - 0x86, 0xa8, 0x0f, 0x33, 0xbb, 0x91, 0x93, 0x4d, 0x18, 0xe5, 0x8d, 0xa2, 0xdc, 0x15, 0x4f, 0x1d, - 0x3f, 0xff, 0x95, 0x85, 0x38, 0x66, 0x82, 0x76, 0x60, 0x7a, 0x97, 0x0b, 0x22, 0x61, 0x4c, 0xaf, - 0x8e, 0xad, 0xec, 0x73, 0x9b, 0x4e, 0x14, 0xe1, 0x88, 0xbc, 0x1a, 0xff, 0x51, 0x79, 0x40, 0xd8, - 0xcf, 0xd7, 0x34, 0xb8, 0xb8, 0x47, 0xfc, 0xd0, 0x36, 0xd3, 0xae, 0xe5, 0x99, 0xe2, 0x06, 0xc9, - 0x6b, 0x59, 0x04, 0xf9, 0x34, 0xc9, 0x04, 0xe1, 0xec, 0x26, 0xe8, 0x3f, 0xd2, 0x60, 0xc8, 0x81, - 0x85, 0x7e, 0x51, 0x83, 0xd9, 0x6d, 0x62, 0x84, 0x03, 0x9f, 0x5c, 0x37, 0x42, 0x19, 0xca, 0xfa, - 0xda, 0xc3, 0xf0, 0x9b, 0xad, 0x5c, 0x53, 0x08, 0xf3, 0x73, 0x34, 0x79, 0x93, 0x5d, 0x05, 0xe1, - 0x44, 0x0b, 0x96, 0x5f, 0x86, 0xc5, 0xa1, 0x8a, 0x27, 0x3a, 0x48, 0xf9, 0x97, 0xc2, 0xff, 0x99, - 0x4e, 0x74, 0xf8, 0x26, 0x94, 0x0d, 0xcb, 0x92, 0x69, 0x94, 0x9e, 0x2f, 0x76, 0x5e, 0x6c, 0xa9, - 0x11, 0xc3, 0xec, 0x27, 0xe6, 0x64, 0xd1, 0x35, 0x40, 0x46, 0xe2, 0x50, 0x68, 0xdd, 0xb3, 0x22, - 0x2b, 0x89, 0xf9, 0xcd, 0x57, 0x87, 0xa0, 0x38, 0xa3, 0x86, 0xfe, 0x22, 0xcc, 0x27, 0xef, 0x5a, - 0x9e, 0x20, 0xf2, 0x4c, 0xff, 0x2b, 0x1a, 0xa0, 0xe1, 0xc4, 0x09, 0xc8, 0x87, 0x8a, 0xc0, 0x88, - 0x86, 0xb8, 0x90, 0x6b, 0x34, 0x1d, 0x13, 0x17, 0x87, 0x6c, 0x8b, 0x82, 0x00, 0x4b, 0x3e, 0xfa, - 0x9f, 0x69, 0x10, 0xe7, 0x69, 0x41, 0x9f, 0x80, 0xaa, 0x45, 0x02, 0xd3, 0xb7, 0xfb, 0x61, 0xfc, - 0x1d, 0xf2, 0xd2, 0x7b, 0x33, 0x06, 0x61, 0x15, 0x0f, 0xe9, 0x30, 0x15, 0x1a, 0xc1, 0x6e, 0xab, - 0x29, 0xcc, 0x45, 0xb6, 0xb9, 0xdf, 0x61, 0x25, 0x58, 0x40, 0xe2, 0x7b, 0x8b, 0x13, 0x23, 0xdc, - 0x5b, 0x44, 0xdb, 0x0f, 0xe1, 0x92, 0x26, 0x7a, 0xf0, 0x05, 0x4d, 0xfd, 0x8f, 0x4a, 0x90, 0x4c, - 0x8d, 0x53, 0xb4, 0x0b, 0x86, 0x6f, 0x95, 0x96, 0x4e, 0xed, 0x56, 0xe9, 0x47, 0x58, 0x5e, 0x39, - 0x9e, 0x08, 0x94, 0x9f, 0x32, 0xa9, 0xd9, 0xe0, 0x78, 0x1a, 0x4f, 0x89, 0x81, 0x9e, 0x67, 0x71, - 0x62, 0x61, 0x64, 0x44, 0x7f, 0x20, 0x5a, 0x16, 0x1d, 0x5a, 0x78, 0x5f, 0xdc, 0x9b, 0x95, 0xdf, - 0xcf, 0x4a, 0x31, 0xaf, 0x81, 0x3e, 0x21, 0xc2, 0x0a, 0xcb, 0x89, 0xbb, 0xbd, 0xd1, 0x85, 0xe0, - 0xc5, 0x44, 0xc5, 0x38, 0xd6, 0x50, 0xff, 0x9b, 0x1a, 0x4c, 0x8b, 0x2c, 0x18, 0x23, 0x44, 0x26, - 0x6e, 0x43, 0x99, 0x29, 0xe9, 0xe3, 0xe8, 0x2f, 0x9d, 0x1d, 0xcf, 0x0b, 0x13, 0xb9, 0x40, 0x58, - 0x38, 0x1c, 0xfb, 0x17, 0x73, 0xf2, 0xfa, 0xd7, 0x27, 0xe1, 0x8a, 0x40, 0x19, 0xda, 0x9e, 0xe5, - 0x12, 0x3c, 0x80, 0xf3, 0x62, 0x94, 0x9a, 0xbe, 0x61, 0xcb, 0x73, 0xb8, 0x62, 0x66, 0x97, 0x38, - 0xa1, 0x1d, 0x22, 0x87, 0xb3, 0x78, 0xf0, 0x5b, 0xef, 0xac, 0xf8, 0x06, 0x31, 0x9c, 0x70, 0x27, - 0xe2, 0x5d, 0x1a, 0xe7, 0xd6, 0xfb, 0x30, 0x3d, 0x9c, 0xc9, 0x85, 0x9d, 0x03, 0x0a, 0x40, 0xc3, - 0x27, 0x86, 0x7a, 0x08, 0x39, 0x46, 0xf4, 0xdc, 0x7a, 0x26, 0x45, 0x9c, 0xc3, 0x89, 0xf9, 0xaf, - 0x8c, 0x7d, 0x66, 0x0e, 0x63, 0x12, 0xfa, 0x36, 0xcb, 0xce, 0x42, 0xe7, 0x37, 0x37, 0x60, 0x93, - 0x20, 0x9c, 0xc6, 0x45, 0x2f, 0xc0, 0x3c, 0x3b, 0x57, 0x8d, 0xef, 0xaa, 0x95, 0xe3, 0xbc, 0xb0, - 0x1b, 0x09, 0x08, 0x4e, 0x61, 0xea, 0xdf, 0xd4, 0x60, 0x56, 0x9d, 0x40, 0x23, 0x44, 0x32, 0x0f, - 0x14, 0x71, 0x3d, 0x46, 0x40, 0xa8, 0xca, 0x75, 0x14, 0x89, 0x7d, 0x5f, 0x83, 0xf3, 0x19, 0x75, - 0xd8, 0x09, 0x1b, 0x49, 0x89, 0xfe, 0x71, 0x4e, 0xd8, 0x86, 0xb6, 0x11, 0x79, 0xc2, 0x96, 0x86, - 0xe0, 0x21, 0xbe, 0xe8, 0x35, 0x98, 0x30, 0x7d, 0x5b, 0x74, 0xcb, 0x73, 0x85, 0x4c, 0x12, 0xdc, - 0x8a, 0xc3, 0xc3, 0x1b, 0xb8, 0x85, 0x29, 0x41, 0xfd, 0x9f, 0x4e, 0x40, 0x55, 0x49, 0xb0, 0x83, - 0xd6, 0xc7, 0xb1, 0x68, 0x63, 0xf2, 0x91, 0x55, 0xbb, 0x0e, 0x13, 0xdd, 0xfe, 0xa0, 0xa0, 0x49, - 0x2b, 0xc9, 0x5d, 0xa7, 0xe4, 0xba, 0xfd, 0x01, 0x7a, 0x4d, 0x1a, 0xc9, 0xc5, 0xcc, 0x58, 0x19, - 0x23, 0x99, 0x32, 0x94, 0xa3, 0xb9, 0x39, 0x99, 0x3b, 0x37, 0x7b, 0x30, 0x1d, 0x08, 0x0b, 0xba, - 0x5c, 0x3c, 0xb9, 0x93, 0xd2, 0xd3, 0xc2, 0x62, 0xe6, 0xea, 0x77, 0x64, 0x50, 0x47, 0x3c, 0xa8, - 0x02, 0x30, 0x60, 0x31, 0xdd, 0xcc, 0xae, 0xa8, 0x70, 0x05, 0x60, 0x93, 0x95, 0x60, 0x01, 0xd1, - 0x7f, 0xae, 0x04, 0x68, 0x98, 0x20, 0xfa, 0x00, 0x94, 0x59, 0x68, 0xbb, 0x58, 0x68, 0x4a, 0x7e, - 0x0c, 0x23, 0x08, 0x30, 0x87, 0xa1, 0x8e, 0xb8, 0xea, 0x50, 0x6c, 0x60, 0xd8, 0xc9, 0xae, 0xe0, - 0xa7, 0xdc, 0x8b, 0x88, 0xb6, 0xa6, 0x89, 0xdc, 0xad, 0x69, 0x13, 0xa6, 0x7b, 0xb6, 0xcb, 0xa2, - 0x39, 0x8a, 0xb9, 0x08, 0xf8, 0x01, 0x14, 0x27, 0x81, 0x23, 0x5a, 0xfa, 0x9f, 0x94, 0xe8, 0x24, - 0xb6, 0xdd, 0x90, 0xb8, 0x86, 0x6b, 0x12, 0x74, 0x00, 0x60, 0x0c, 0x42, 0x8f, 0xef, 0xf0, 0x62, - 0x2e, 0xb7, 0x8a, 0x8d, 0x97, 0x24, 0xba, 0x2a, 0x09, 0xf2, 0x73, 0xa1, 0xf8, 0x37, 0x56, 0x98, - 0x51, 0xd6, 0xa1, 0xdd, 0x23, 0xaf, 0xdb, 0xae, 0xe5, 0xdd, 0x15, 0xdd, 0x3b, 0x2e, 0xeb, 0x3b, - 0x92, 0x20, 0x67, 0x1d, 0xff, 0xc6, 0x0a, 0x33, 0xf4, 0x59, 0x58, 0x62, 0xb9, 0xaa, 0x5d, 0x96, - 0xbb, 0x4c, 0xb4, 0xcd, 0x73, 0x9c, 0x68, 0xcb, 0xa9, 0xb0, 0x7c, 0x31, 0x4b, 0x8d, 0x1c, 0x1c, - 0x9c, 0x5b, 0x5b, 0xff, 0x4d, 0x0d, 0x2e, 0x66, 0x76, 0x05, 0xba, 0x0e, 0x8b, 0x71, 0x30, 0x80, - 0x2a, 0x23, 0x2b, 0x71, 0x2a, 0xbe, 0x9b, 0x69, 0x04, 0x3c, 0x5c, 0x07, 0xad, 0x4b, 0x3d, 0x41, - 0x95, 0xc1, 0x22, 0x92, 0xe0, 0x31, 0x41, 0x2a, 0x4b, 0x4c, 0xe3, 0xac, 0x7a, 0xfa, 0x4f, 0x24, - 0x1a, 0x1c, 0x77, 0x18, 0x5d, 0x1d, 0x5b, 0xa4, 0x2b, 0x83, 0xa6, 0xe5, 0xea, 0xa8, 0xd3, 0x42, - 0xcc, 0x61, 0xe8, 0x09, 0x35, 0xd0, 0x5f, 0x4a, 0xa1, 0x28, 0xd8, 0x5f, 0x0f, 0x01, 0x44, 0xcc, - 0x8d, 0xed, 0x76, 0xd1, 0x36, 0x54, 0x0c, 0x91, 0x48, 0x5d, 0x4c, 0xb5, 0x4f, 0x15, 0xb2, 0xb1, - 0x04, 0x0d, 0x1e, 0xd4, 0x17, 0xfd, 0xc2, 0x92, 0xb6, 0xfe, 0x0f, 0x34, 0xb8, 0x44, 0x05, 0x92, - 0x15, 0x5d, 0x3b, 0x94, 0x57, 0xd2, 0x47, 0xd8, 0x5a, 0x7b, 0x50, 0xf5, 0xe3, 0x6a, 0x62, 0x5e, - 0xfe, 0xb8, 0x7a, 0xdd, 0x5d, 0x79, 0x55, 0x81, 0xaa, 0x1d, 0x0d, 0xdf, 0x0b, 0xa2, 0xc1, 0x49, - 0xdf, 0x80, 0x97, 0xca, 0xbb, 0xd2, 0x12, 0xac, 0xd2, 0xd7, 0xbf, 0x5c, 0x02, 0xd8, 0x20, 0xe1, - 0x5d, 0xcf, 0xdf, 0xa5, 0x5d, 0xf4, 0xae, 0xba, 0x4d, 0xf3, 0x38, 0x4c, 0xf6, 0x3d, 0x2b, 0x10, - 0x52, 0x8a, 0xdd, 0x01, 0x63, 0xc7, 0xd9, 0xac, 0x14, 0xd5, 0xa0, 0xcc, 0x1c, 0xbf, 0x62, 0x2b, - 0x60, 0x5a, 0x2f, 0xd5, 0x74, 0x02, 0xcc, 0xcb, 0x79, 0x8a, 0x4c, 0x16, 0x6d, 0x1a, 0x08, 0x35, - 0x5e, 0xa4, 0xc8, 0xe4, 0x65, 0x58, 0x42, 0xf5, 0x2f, 0x4f, 0x42, 0xe2, 0x25, 0x80, 0xd8, 0x14, - 0xd7, 0x4e, 0xc7, 0x14, 0xff, 0x2c, 0x2c, 0x39, 0x9e, 0x61, 0xd5, 0x0d, 0x87, 0x4e, 0x7a, 0xbf, - 0xc3, 0x87, 0xc3, 0x70, 0xbb, 0x32, 0xcd, 0x3c, 0x13, 0x00, 0xb7, 0x72, 0x70, 0x70, 0x6e, 0x6d, - 0x14, 0xca, 0xf7, 0x07, 0x78, 0x6a, 0xc1, 0x5b, 0xe3, 0xbe, 0x93, 0xb0, 0xa2, 0xc6, 0x19, 0xcb, - 0x5d, 0x39, 0xf9, 0x44, 0x01, 0xfa, 0x59, 0x0d, 0x2e, 0x92, 0xfd, 0x90, 0xf8, 0xae, 0xe1, 0xdc, - 0xf1, 0x8d, 0xed, 0x6d, 0xdb, 0x14, 0x81, 0x42, 0x7c, 0x70, 0xda, 0x47, 0x87, 0xb5, 0x8b, 0x6b, - 0x59, 0x08, 0xf7, 0x0f, 0x6b, 0x1f, 0x1b, 0x7e, 0x06, 0x24, 0x0a, 0x2b, 0xce, 0xac, 0xc2, 0x26, - 0x63, 0x36, 0xbb, 0xe5, 0xe7, 0xa1, 0x7a, 0x82, 0xf8, 0xd6, 0x19, 0xd5, 0x2d, 0xf3, 0xab, 0x53, - 0xa0, 0x84, 0x74, 0x9f, 0x20, 0xa1, 0xe4, 0xdf, 0xd5, 0xe0, 0x82, 0xe9, 0xd8, 0xc4, 0x0d, 0x53, - 0xb1, 0xbb, 0x7c, 0x61, 0x6c, 0x16, 0x8a, 0x35, 0xef, 0x13, 0xb7, 0xd5, 0x6c, 0x78, 0xae, 0x4b, - 0xcc, 0xb0, 0x91, 0x41, 0x9c, 0x5b, 0x39, 0x59, 0x10, 0x9c, 0xd9, 0x18, 0xf6, 0x3d, 0xac, 0xbc, - 0xd5, 0x54, 0xef, 0x3d, 0x35, 0x44, 0x19, 0x96, 0x50, 0xf4, 0x0c, 0x54, 0xbb, 0xbe, 0x37, 0xe8, - 0x07, 0x0d, 0x16, 0xc3, 0xc4, 0x47, 0x90, 0x29, 0x12, 0xd7, 0xe3, 0x62, 0xac, 0xe2, 0xa0, 0x8f, - 0xc3, 0x2c, 0xff, 0xd9, 0xf6, 0xc9, 0xb6, 0xbd, 0x2f, 0x96, 0x1b, 0x0b, 0x8c, 0xb8, 0xae, 0x94, - 0xe3, 0x04, 0x16, 0xfa, 0x30, 0xcc, 0xd8, 0x41, 0x30, 0x20, 0xfe, 0x26, 0xbe, 0x25, 0x92, 0x3f, - 0x31, 0x87, 0x6a, 0x2b, 0x2a, 0xc4, 0x31, 0x1c, 0xfd, 0x92, 0x06, 0xf3, 0x3e, 0x79, 0x7b, 0x60, - 0xfb, 0xc4, 0x62, 0x4c, 0x03, 0x11, 0x57, 0x8f, 0xc7, 0x8b, 0xe5, 0x5f, 0xc1, 0x09, 0xa2, 0x7c, - 0x9e, 0x4b, 0x77, 0x44, 0x12, 0x88, 0x53, 0x2d, 0xa0, 0x5d, 0x15, 0xd8, 0x5d, 0xd7, 0x76, 0xbb, - 0xab, 0x4e, 0x37, 0x58, 0xaa, 0xb0, 0xa5, 0xcb, 0x75, 0xae, 0xb8, 0x18, 0xab, 0x38, 0xe8, 0x39, - 0x98, 0x1b, 0x04, 0x74, 0xe6, 0xf6, 0x08, 0xef, 0xdf, 0x99, 0x38, 0xb0, 0x70, 0x53, 0x05, 0xe0, - 0x24, 0x1e, 0x35, 0xf1, 0xa2, 0x02, 0xd1, 0xcb, 0xc0, 0x6f, 0xbf, 0xd2, 0x76, 0x6e, 0x26, 0x20, - 0x38, 0x85, 0xb9, 0xbc, 0x0a, 0xe7, 0x33, 0x3e, 0xf3, 0x44, 0xcb, 0xe3, 0x9b, 0x25, 0x78, 0xff, - 0x03, 0x67, 0x25, 0xfa, 0x3b, 0x1a, 0x54, 0xc9, 0x7e, 0xe8, 0x1b, 0x32, 0xcc, 0x91, 0x0e, 0xd1, - 0xf6, 0xa9, 0x2c, 0x81, 0x95, 0xb5, 0x98, 0x11, 0x1f, 0x36, 0xb9, 0xdd, 0x29, 0x10, 0xac, 0xb6, - 0x87, 0x6a, 0xeb, 0xfc, 0x6e, 0xb4, 0xea, 0xae, 0x13, 0x09, 0xd3, 0x05, 0x64, 0xf9, 0xd3, 0xb0, - 0x90, 0xa6, 0x7c, 0xa2, 0x9e, 0xfa, 0x27, 0x25, 0x28, 0xb7, 0x1d, 0xe3, 0x4c, 0xf2, 0x78, 0xfd, - 0xa5, 0x44, 0x12, 0x95, 0x42, 0x99, 0x69, 0x58, 0x53, 0x73, 0xd3, 0x37, 0x75, 0x53, 0xe9, 0x9b, - 0x5e, 0x2e, 0xce, 0xe2, 0xf8, 0x6c, 0x4d, 0xff, 0x46, 0x83, 0x19, 0x86, 0x77, 0x06, 0xc9, 0x3a, - 0xde, 0x4c, 0x26, 0xeb, 0x78, 0xbe, 0xf0, 0x37, 0xe5, 0xe4, 0xe6, 0xf8, 0x5e, 0xf4, 0x2d, 0x2c, - 0x15, 0xc7, 0xe7, 0xd4, 0x87, 0x22, 0xf8, 0xc7, 0x3c, 0x95, 0x95, 0xbe, 0xe8, 0x96, 0x67, 0x1a, - 0xce, 0x50, 0x0e, 0xa3, 0x63, 0x5f, 0x8b, 0xe8, 0xc1, 0x0c, 0x11, 0xf7, 0xcf, 0xa3, 0x8f, 0x29, - 0xa4, 0xd2, 0x46, 0x97, 0xd8, 0x63, 0x76, 0x51, 0x49, 0x80, 0x63, 0x0e, 0xfa, 0xbf, 0x28, 0x41, - 0x55, 0x19, 0xcb, 0x77, 0x22, 0x3b, 0xd2, 0xb5, 0xcc, 0x1c, 0xea, 0x25, 0x16, 0xc7, 0x78, 0xe9, - 0x04, 0xf9, 0xd3, 0x7d, 0xa8, 0x9a, 0x71, 0xa6, 0xcb, 0x71, 0x26, 0xb7, 0x92, 0x30, 0x53, 0x04, - 0x52, 0xc7, 0x05, 0x58, 0x65, 0xa2, 0xff, 0x6e, 0x09, 0xa6, 0xdb, 0xbe, 0x47, 0x07, 0xf8, 0x0c, - 0x44, 0x83, 0x91, 0x10, 0x0d, 0xc5, 0xd6, 0x2d, 0x6f, 0x6c, 0xae, 0x70, 0xb0, 0x53, 0xc2, 0x61, - 0x75, 0x1c, 0x26, 0xc7, 0x8b, 0x87, 0x7f, 0xa7, 0x41, 0x55, 0x60, 0x9e, 0x81, 0x80, 0xf8, 0x7c, - 0x52, 0x40, 0xbc, 0x38, 0xc6, 0x77, 0xe5, 0x88, 0x88, 0xaf, 0x69, 0x30, 0x27, 0x30, 0xd6, 0x49, - 0x6f, 0x8b, 0xf8, 0xe8, 0x1a, 0x4c, 0x07, 0x03, 0x36, 0x90, 0xe2, 0x83, 0x1e, 0x53, 0x85, 0x84, - 0xbf, 0x65, 0x98, 0xec, 0x39, 0x10, 0x8e, 0xa2, 0x64, 0x4c, 0xe3, 0x05, 0x38, 0xaa, 0x4c, 0x4d, - 0x38, 0xdf, 0x73, 0x86, 0x32, 0x06, 0x60, 0xcf, 0x21, 0x98, 0x41, 0xa8, 0xe5, 0x44, 0xff, 0x46, - 0xe7, 0x51, 0xcc, 0x72, 0xa2, 0xe0, 0x00, 0xf3, 0x72, 0xfd, 0x2b, 0x93, 0xb2, 0xb3, 0x99, 0x04, - 0xbb, 0x01, 0x33, 0xa6, 0x4f, 0x8c, 0x90, 0x58, 0xf5, 0x83, 0x51, 0x1a, 0xc7, 0xb4, 0xb8, 0x46, - 0x54, 0x03, 0xc7, 0x95, 0xa9, 0xc2, 0xa4, 0x1e, 0x31, 0x95, 0x62, 0xdd, 0x32, 0xf7, 0x78, 0xe9, - 0x53, 0x50, 0xf6, 0xee, 0xba, 0x32, 0xb6, 0xe2, 0x58, 0xc6, 0xec, 0x53, 0x6e, 0x53, 0x6c, 0xcc, - 0x2b, 0xb1, 0xac, 0x2a, 0x22, 0xa9, 0x06, 0x57, 0x64, 0xab, 0x59, 0x09, 0x35, 0x90, 0x03, 0xd3, - 0x3d, 0x36, 0x0c, 0x63, 0xe5, 0xad, 0x4a, 0x0c, 0xa8, 0x9a, 0xc8, 0x94, 0x51, 0xc6, 0x11, 0x0b, - 0xaa, 0xf8, 0x52, 0xe5, 0x2c, 0xe8, 0x1b, 0x26, 0x51, 0x15, 0xdf, 0x8d, 0xa8, 0x10, 0xc7, 0x70, - 0x74, 0x00, 0x55, 0x7e, 0xad, 0x9c, 0x4b, 0xd9, 0xe9, 0xe2, 0x3e, 0x4d, 0xd1, 0xbc, 0x3b, 0x31, - 0x35, 0xde, 0xf5, 0x4a, 0x01, 0x56, 0x79, 0xe9, 0xbf, 0x30, 0x29, 0x27, 0xa9, 0x90, 0xf8, 0xd9, - 0x4f, 0x58, 0x68, 0x85, 0x9e, 0xb0, 0xf8, 0x18, 0x94, 0xfb, 0x3b, 0x46, 0x10, 0xcd, 0xd4, 0x28, - 0xe9, 0x6e, 0xb9, 0x4d, 0x0b, 0xef, 0x1f, 0xd6, 0x66, 0x05, 0x6b, 0xf6, 0x1b, 0x73, 0x5c, 0x34, - 0x80, 0xf3, 0x41, 0x68, 0x38, 0xa4, 0x63, 0x0b, 0x6f, 0x51, 0x10, 0x1a, 0xbd, 0x7e, 0x81, 0xdc, - 0xb9, 0xec, 0x84, 0xaa, 0x33, 0x4c, 0x0a, 0x67, 0xd1, 0x47, 0x3f, 0xa3, 0xc1, 0x12, 0x2b, 0x5f, - 0x1d, 0x84, 0x1e, 0x4f, 0xe3, 0x1d, 0x33, 0x3f, 0xf9, 0xf9, 0x2c, 0xb3, 0xee, 0x3b, 0x39, 0xf4, - 0x70, 0x2e, 0x27, 0xf4, 0x05, 0xb8, 0xe8, 0x18, 0x41, 0xb8, 0x6a, 0x86, 0xf6, 0x9e, 0x1d, 0x1e, - 0xc4, 0x4d, 0x28, 0x9f, 0xb8, 0x09, 0x2c, 0x40, 0xe3, 0x56, 0x16, 0x31, 0x9c, 0xcd, 0x43, 0xff, - 0x53, 0x0d, 0xd0, 0xf0, 0x14, 0x42, 0x0e, 0x54, 0x2c, 0xb2, 0x6d, 0x0c, 0x9c, 0x30, 0x52, 0x01, - 0x0a, 0xdd, 0xae, 0x8e, 0x49, 0xc6, 0x92, 0xb9, 0x29, 0xe8, 0x62, 0xc9, 0x01, 0x79, 0x30, 0x73, - 0x77, 0xc7, 0x0e, 0x89, 0x63, 0x07, 0xa1, 0x90, 0xce, 0xe3, 0xb2, 0x93, 0x3a, 0xcf, 0xeb, 0x11, - 0x61, 0x1c, 0xf3, 0xd0, 0x7f, 0x6e, 0x02, 0x2a, 0x27, 0x78, 0x35, 0x6d, 0x00, 0x48, 0xa4, 0x55, - 0xa0, 0x8a, 0x12, 0x19, 0xc7, 0x45, 0xc6, 0xd4, 0x99, 0xc6, 0x10, 0x31, 0x9c, 0xc1, 0x00, 0x7d, - 0x01, 0x2e, 0xd8, 0xee, 0xb6, 0x6f, 0x04, 0xa1, 0x3f, 0x30, 0xc3, 0x81, 0x4f, 0xc6, 0xc9, 0xd9, - 0xcb, 0x5c, 0x0b, 0xad, 0x0c, 0x72, 0x38, 0x93, 0x09, 0x22, 0x30, 0x7d, 0xd7, 0xf3, 0x77, 0xa9, - 0xf0, 0x9c, 0x2c, 0xfe, 0xe0, 0xc2, 0xeb, 0x8c, 0x44, 0x2c, 0x35, 0xf9, 0xef, 0x00, 0x47, 0xb4, - 0xf5, 0xef, 0x68, 0x50, 0xe6, 0x37, 0xd2, 0xde, 0x13, 0x76, 0x15, 0x6b, 0x6a, 0x6e, 0x2e, 0x4a, - 0x6a, 0xee, 0x30, 0x8c, 0xf7, 0x88, 0xb9, 0xc3, 0xda, 0x9a, 0xa3, 0xcb, 0x7c, 0x67, 0x42, 0x7c, - 0x0b, 0x53, 0x16, 0x5a, 0x70, 0x5e, 0x28, 0xbd, 0xb7, 0xec, 0x6d, 0x42, 0x67, 0x57, 0xd3, 0x38, - 0x08, 0xc4, 0x55, 0x70, 0x26, 0x75, 0x1b, 0xc3, 0x60, 0x9c, 0x55, 0x07, 0xfd, 0x73, 0x8d, 0x6e, - 0xcb, 0xa1, 0x6f, 0x9b, 0x63, 0xe5, 0x55, 0x94, 0x6d, 0x5b, 0x59, 0xe7, 0xc4, 0xb8, 0xb7, 0x60, - 0x33, 0xde, 0x9f, 0x59, 0xe9, 0xfd, 0xc3, 0x5a, 0x2d, 0xc3, 0x15, 0x19, 0xb9, 0xce, 0x69, 0xc7, - 0x7e, 0xf9, 0x07, 0xc7, 0xa2, 0x30, 0x37, 0x7e, 0xd4, 0x62, 0x74, 0x03, 0xca, 0x81, 0xe9, 0xf5, - 0xc9, 0x49, 0x52, 0xd6, 0xca, 0x0e, 0xee, 0xd0, 0x9a, 0x98, 0x13, 0x58, 0x7e, 0x0b, 0x66, 0xd5, - 0x96, 0x67, 0x78, 0x23, 0x9a, 0xaa, 0x37, 0xe2, 0xc4, 0x87, 0x75, 0xaa, 0xf7, 0xe2, 0xf7, 0x4a, - 0x20, 0x5e, 0x49, 0x1a, 0xe1, 0xb0, 0xc2, 0x8e, 0xd2, 0xc7, 0x8d, 0xf1, 0x32, 0x54, 0xfa, 0x91, - 0xd6, 0xb8, 0x0f, 0xd4, 0x0c, 0x72, 0xc8, 0x85, 0x29, 0xc7, 0xd8, 0x22, 0x4e, 0xf4, 0x66, 0xce, - 0xb5, 0xe2, 0x8f, 0xba, 0xf0, 0xdc, 0xa6, 0x41, 0xca, 0xa5, 0xcd, 0x0b, 0xb1, 0xe0, 0xb2, 0xfc, - 0x3c, 0x54, 0x15, 0xb4, 0x13, 0x39, 0x80, 0xbe, 0xaa, 0xc1, 0xa5, 0x68, 0x4a, 0x24, 0xd3, 0x4e, - 0xa0, 0xa7, 0xa0, 0x62, 0xf4, 0x6d, 0xe6, 0x13, 0x55, 0xbd, 0xca, 0xab, 0xed, 0x16, 0x2b, 0xc3, - 0x12, 0x8a, 0x3e, 0x02, 0x95, 0x68, 0x9c, 0x84, 0x82, 0x24, 0x97, 0xb8, 0x3c, 0xcc, 0x91, 0x18, - 0xe8, 0x49, 0x25, 0x21, 0x5e, 0x39, 0xde, 0xd1, 0x24, 0x63, 0x7e, 0xee, 0xab, 0xff, 0xad, 0x12, - 0xcc, 0x71, 0x47, 0x42, 0xdd, 0x76, 0x2d, 0xdb, 0xed, 0x9e, 0x81, 0x28, 0x4d, 0xbc, 0x93, 0x59, - 0x7a, 0x58, 0xef, 0x64, 0xde, 0x84, 0xa9, 0xb7, 0xe9, 0xb2, 0x8e, 0xa6, 0xc3, 0x48, 0xab, 0x4b, - 0x8e, 0x35, 0x93, 0x08, 0x01, 0x16, 0x24, 0xf4, 0xff, 0xa8, 0xc1, 0x62, 0xa2, 0x5b, 0xce, 0x40, - 0x28, 0x6f, 0x27, 0x85, 0xf2, 0x6a, 0xb1, 0xe4, 0x2b, 0x4a, 0x9b, 0x73, 0x84, 0xf3, 0x6f, 0x95, - 0x60, 0xb2, 0x43, 0x88, 0x75, 0x06, 0x23, 0xfd, 0x66, 0x62, 0xd3, 0xfc, 0x54, 0xe1, 0x97, 0x90, - 0xf2, 0xdc, 0x0d, 0xdb, 0x29, 0x77, 0xc3, 0xa7, 0x0b, 0x73, 0x38, 0xde, 0xd7, 0xf0, 0x6b, 0x25, - 0x00, 0x8a, 0xc6, 0x5f, 0x2a, 0x14, 0x31, 0x87, 0xf1, 0x5b, 0xb6, 0x33, 0xef, 0x96, 0x17, 0x68, - 0x75, 0xf9, 0xca, 0xdd, 0x44, 0xec, 0xcc, 0x4e, 0xbe, 0x70, 0x97, 0x5c, 0x7d, 0x93, 0x0f, 0x69, - 0xf5, 0xe9, 0xff, 0x48, 0x03, 0x96, 0xaa, 0xbd, 0xb9, 0xd1, 0x41, 0xcf, 0xc1, 0x9c, 0xcd, 0x8f, - 0x0a, 0x9b, 0x6a, 0x92, 0x33, 0x76, 0xa0, 0xd1, 0x52, 0x01, 0x38, 0x89, 0x87, 0x7a, 0x4a, 0xbf, - 0x8e, 0xf1, 0x5e, 0xa8, 0x68, 0x87, 0x4c, 0x23, 0x3b, 0x9b, 0x3d, 0x30, 0xfa, 0x0f, 0x4a, 0x70, - 0x2e, 0x85, 0x3b, 0x82, 0x3e, 0x7f, 0x3a, 0xd2, 0x4b, 0xc9, 0x2c, 0x3b, 0x71, 0xfa, 0x99, 0x65, - 0x65, 0x92, 0xd7, 0xc9, 0xd3, 0x4d, 0xf2, 0xfa, 0x87, 0x1a, 0xb0, 0x07, 0x28, 0xcf, 0x40, 0x7a, - 0xfe, 0xc5, 0xa4, 0xf4, 0xfc, 0x64, 0xd1, 0x89, 0x93, 0x23, 0x34, 0x7f, 0xa3, 0x04, 0x2c, 0xdb, - 0xb9, 0x88, 0x8c, 0x50, 0x82, 0x0d, 0xb4, 0x9c, 0x60, 0x83, 0x2b, 0x22, 0x56, 0x21, 0xe5, 0x75, - 0x53, 0xe2, 0x15, 0x3e, 0xa2, 0x84, 0x23, 0x4c, 0x24, 0xc5, 0xc8, 0x70, 0x48, 0x02, 0xba, 0x07, - 0x73, 0xc1, 0x8e, 0xe7, 0x85, 0x91, 0x09, 0x2c, 0xc6, 0x6e, 0xb5, 0x70, 0x88, 0x70, 0xf4, 0x29, - 0x7c, 0x61, 0x76, 0x54, 0xda, 0x38, 0xc9, 0x0a, 0xad, 0x00, 0x6c, 0x39, 0x9e, 0xb9, 0xdb, 0x68, - 0x35, 0x71, 0x14, 0x48, 0xca, 0xc2, 0x99, 0xea, 0xb2, 0x14, 0x2b, 0x18, 0xfa, 0x1f, 0x68, 0xbc, - 0xb7, 0x4e, 0xb0, 0xac, 0xce, 0x50, 0x4a, 0x7e, 0x28, 0x25, 0x25, 0xf3, 0xde, 0x02, 0xfd, 0x5d, - 0xf1, 0x15, 0x32, 0xa7, 0x7d, 0x1f, 0xe6, 0x1c, 0x35, 0x09, 0xbe, 0x98, 0xc6, 0x85, 0xf2, 0xe7, - 0xcb, 0x04, 0x6d, 0x89, 0x62, 0x9c, 0x64, 0x40, 0x45, 0x69, 0xd4, 0x78, 0xfe, 0x74, 0x1f, 0x8f, - 0x05, 0x61, 0x23, 0xd6, 0x56, 0x01, 0x38, 0x89, 0xa7, 0xbf, 0x0a, 0x1f, 0xe4, 0x4d, 0x67, 0xb1, - 0xdc, 0x6b, 0xfb, 0x26, 0x09, 0x82, 0x86, 0xd1, 0x37, 0x4c, 0xaa, 0xdc, 0xb3, 0x2b, 0x90, 0xdc, - 0xe5, 0xf6, 0x74, 0x3a, 0xe1, 0xab, 0xb4, 0xb6, 0x87, 0xb2, 0xf4, 0xfc, 0x7f, 0x0d, 0x6a, 0x0a, - 0xcd, 0x44, 0x28, 0x4a, 0x34, 0x49, 0xbf, 0xae, 0x41, 0xd5, 0x70, 0x5d, 0x2f, 0x34, 0xd4, 0x13, - 0x20, 0xab, 0xf8, 0x13, 0x88, 0xb9, 0xac, 0x56, 0x56, 0x63, 0x36, 0xa9, 0xb3, 0x5e, 0x05, 0x82, - 0xd5, 0xd6, 0x2c, 0x7f, 0x1a, 0x16, 0xd2, 0xb5, 0x4e, 0xa4, 0xc6, 0xd7, 0xe1, 0xa2, 0xd2, 0x2a, - 0x71, 0x99, 0x8c, 0xea, 0xcc, 0x4f, 0xc3, 0xf4, 0x9e, 0x1d, 0xd8, 0xd1, 0xa5, 0x64, 0xa5, 0x17, - 0x5f, 0xe3, 0xc5, 0x38, 0x82, 0xeb, 0xaf, 0xc0, 0x79, 0x95, 0x06, 0x5b, 0x66, 0x1b, 0x9d, 0x93, - 0x8c, 0xc3, 0x3a, 0x5c, 0x51, 0x28, 0x64, 0xde, 0xa8, 0x3a, 0x09, 0xb9, 0x2f, 0x4d, 0x45, 0xb3, - 0x5c, 0x84, 0xfd, 0xff, 0xb6, 0x06, 0x8f, 0x92, 0xbc, 0x09, 0x23, 0xa6, 0xfc, 0x67, 0xc7, 0x1c, - 0xd1, 0xdc, 0x09, 0x29, 0xb2, 0xee, 0xe4, 0x81, 0x71, 0x7e, 0xcb, 0xd0, 0x01, 0x40, 0x20, 0x87, - 0x64, 0x9c, 0xf0, 0xcd, 0xcc, 0x31, 0x16, 0x89, 0x60, 0xe5, 0x6f, 0xac, 0x30, 0x43, 0x6f, 0x43, - 0x25, 0x10, 0x23, 0x39, 0xce, 0x85, 0xcf, 0x8c, 0x89, 0x21, 0x22, 0xd4, 0xc4, 0x2f, 0x2c, 0xd9, - 0xa0, 0x5f, 0xd7, 0xe0, 0x82, 0x93, 0xb1, 0x2e, 0xc4, 0xb6, 0xd0, 0x39, 0x85, 0x25, 0xc7, 0xdd, - 0x80, 0x59, 0x10, 0x9c, 0xd9, 0x14, 0xf4, 0xf7, 0x72, 0x6f, 0x17, 0x96, 0x8b, 0x3f, 0x02, 0xf1, - 0xa0, 0xb9, 0x5f, 0xe0, 0xa2, 0xe1, 0x57, 0xa7, 0xb9, 0x9a, 0xc2, 0xbc, 0x55, 0x5b, 0x30, 0xb5, - 0xc5, 0xd4, 0x7c, 0x31, 0xd5, 0x0b, 0xdb, 0x14, 0xdc, 0x58, 0xe0, 0x3a, 0x38, 0xff, 0x1f, 0x0b, - 0xca, 0xe8, 0x0d, 0x98, 0xb0, 0xdc, 0xe8, 0x19, 0x9f, 0x17, 0xc7, 0xd0, 0x71, 0xe3, 0x08, 0x57, - 0x3a, 0x3b, 0x28, 0x51, 0xe4, 0x42, 0xc5, 0x15, 0x3b, 0xbb, 0x98, 0x8b, 0x85, 0x5f, 0xa0, 0x95, - 0x1a, 0x82, 0xd4, 0x4b, 0xa2, 0x12, 0x2c, 0x79, 0x50, 0x7e, 0x52, 0x69, 0x9f, 0x1c, 0x8f, 0x9f, - 0xd4, 0xd8, 0x8f, 0x33, 0xa7, 0xda, 0xaa, 0xfe, 0x5d, 0x1e, 0x5d, 0xff, 0x9e, 0xcb, 0xd5, 0xbd, - 0x09, 0x4c, 0x85, 0x06, 0x0b, 0x98, 0x98, 0x2a, 0x1e, 0xb0, 0x40, 0xdb, 0x7f, 0x87, 0x52, 0x89, - 0xd5, 0x09, 0xf6, 0x33, 0xc0, 0x82, 0x38, 0x9d, 0x58, 0xfc, 0x71, 0x5c, 0x71, 0x62, 0x57, 0x78, - 0x62, 0xf1, 0x47, 0x0d, 0xf8, 0xc4, 0xe2, 0xff, 0x63, 0x41, 0x19, 0xbd, 0x45, 0x55, 0x4a, 0x2e, - 0xc7, 0x45, 0x92, 0xac, 0x57, 0xc6, 0x5c, 0x63, 0x41, 0x14, 0x23, 0xcb, 0x7f, 0x61, 0x49, 0x1f, - 0x6d, 0xc1, 0xb4, 0x30, 0xdf, 0xc4, 0x65, 0xe1, 0x17, 0xc7, 0xc8, 0x4c, 0x1d, 0xbd, 0xd3, 0xc1, - 0x2f, 0xec, 0x45, 0x84, 0xf5, 0xbf, 0x5f, 0xe1, 0x86, 0xb7, 0x38, 0x6c, 0xdc, 0x86, 0x4a, 0x44, - 0x6e, 0x9c, 0x78, 0xed, 0x28, 0xcf, 0x3e, 0xff, 0xb4, 0xe8, 0x17, 0x96, 0xb4, 0x51, 0x23, 0x2b, - 0x34, 0x3e, 0xce, 0x77, 0x38, 0x5a, 0x58, 0x7c, 0x32, 0x16, 0x66, 0xe2, 0x2c, 0x62, 0x61, 0xb2, - 0x0f, 0x63, 0x27, 0x0b, 0x1d, 0xc6, 0xbe, 0x04, 0xe7, 0xa2, 0x50, 0x15, 0x8b, 0x30, 0xa7, 0xb0, - 0x08, 0xe2, 0x64, 0xf7, 0xcf, 0x1a, 0x49, 0x10, 0x4e, 0xe3, 0xa2, 0xdf, 0xd3, 0xa0, 0x62, 0x8a, - 0x5d, 0x5a, 0xac, 0xab, 0x5b, 0xe3, 0x79, 0x67, 0x56, 0xa2, 0x4d, 0x9f, 0xab, 0x7b, 0xaf, 0x45, - 0x32, 0x22, 0x2a, 0x7e, 0x48, 0xde, 0x7a, 0xd9, 0x6a, 0xf4, 0x6f, 0xa9, 0x32, 0xeb, 0xb0, 0xec, - 0xff, 0xec, 0x3a, 0x0f, 0x8f, 0x2e, 0xbd, 0x3d, 0xe6, 0x57, 0xac, 0xc6, 0x14, 0xf9, 0x87, 0x7c, - 0x4e, 0xea, 0xad, 0x31, 0xe4, 0x21, 0x7d, 0x8b, 0xda, 0xfc, 0xe5, 0x5d, 0x98, 0x4b, 0xf4, 0xe0, - 0x69, 0x1e, 0x1a, 0x2c, 0xbb, 0xb0, 0x90, 0xfe, 0xd0, 0x53, 0x3d, 0xa4, 0xb8, 0x09, 0x33, 0x52, - 0x02, 0xa3, 0x27, 0x14, 0x46, 0xf1, 0x0e, 0x79, 0x93, 0x1c, 0x70, 0xae, 0xb5, 0x84, 0x82, 0xcf, - 0x4d, 0xf7, 0xd7, 0x68, 0x81, 0x20, 0xa8, 0x7f, 0x57, 0x18, 0x7e, 0x77, 0x48, 0xaf, 0xef, 0x18, - 0x21, 0x79, 0xef, 0x7b, 0x4a, 0xf5, 0xff, 0xae, 0x71, 0x41, 0x2a, 0x9e, 0xdb, 0x31, 0xa0, 0xda, - 0xe3, 0xf9, 0xbb, 0xd8, 0x85, 0x2e, 0xad, 0xf8, 0x55, 0xb2, 0xf5, 0x98, 0x0c, 0x56, 0x69, 0xa2, - 0xbb, 0xc3, 0x0f, 0x42, 0x5d, 0x1b, 0x6f, 0xc7, 0x1b, 0xf9, 0x5d, 0x28, 0x34, 0x5c, 0x47, 0x7d, - 0x4b, 0x47, 0x3b, 0xfe, 0x2d, 0x9d, 0x07, 0xbf, 0xb0, 0xa2, 0x7f, 0x4b, 0x83, 0xcc, 0x6c, 0xe6, - 0x48, 0x87, 0x29, 0x1e, 0xa0, 0xae, 0xbe, 0x94, 0xc5, 0xa3, 0xd7, 0xb1, 0x80, 0x20, 0x1f, 0x2e, - 0x88, 0xf0, 0xef, 0x9b, 0xe4, 0x20, 0x7e, 0xa3, 0x49, 0x0c, 0xfd, 0xe8, 0x81, 0xa0, 0x2c, 0xaf, - 0x4f, 0x27, 0x45, 0x09, 0x67, 0xd2, 0x66, 0x11, 0xc8, 0xcc, 0x88, 0x78, 0x6f, 0x9c, 0x94, 0xb3, - 0xa6, 0x9e, 0x6e, 0x04, 0x32, 0x67, 0x71, 0xbc, 0xdb, 0xff, 0x73, 0x70, 0x89, 0xa1, 0xad, 0x5a, - 0xcc, 0x6e, 0x08, 0x88, 0xb5, 0x6a, 0x59, 0xec, 0x3a, 0xd0, 0xb8, 0x4f, 0x3b, 0xb1, 0xd3, 0x7e, - 0x46, 0xfb, 0x3d, 0x72, 0xda, 0xcf, 0xda, 0x9a, 0xe3, 0x1b, 0xfd, 0x43, 0x0d, 0x16, 0x87, 0x92, - 0x0e, 0x8c, 0x74, 0x56, 0x7c, 0x66, 0x2e, 0xbf, 0x27, 0xd3, 0x4f, 0x22, 0x55, 0x33, 0x73, 0x91, - 0xbc, 0x0e, 0x73, 0x09, 0xd7, 0xa8, 0xbc, 0x70, 0xa6, 0x65, 0x5e, 0x38, 0x53, 0xef, 0x93, 0x95, - 0x8e, 0xbd, 0x4f, 0xf6, 0xcd, 0x39, 0x31, 0xdc, 0xcc, 0xc4, 0x7c, 0x13, 0xa6, 0xd8, 0xad, 0xaf, - 0xe8, 0x15, 0xb9, 0x17, 0x0a, 0xdf, 0x26, 0x0b, 0xb8, 0x84, 0xe1, 0xff, 0x63, 0x41, 0x15, 0x35, - 0x61, 0x81, 0x3d, 0xa5, 0xdf, 0xf6, 0xbd, 0x6d, 0xdb, 0x21, 0x1b, 0xb1, 0x30, 0x93, 0xd7, 0xd6, - 0x1b, 0x29, 0x38, 0x1e, 0xaa, 0x81, 0x30, 0x37, 0x52, 0xf9, 0x1a, 0x7b, 0xae, 0xe0, 0x11, 0x01, - 0x4f, 0x0c, 0x26, 0x8d, 0xd3, 0xb7, 0x01, 0x48, 0x34, 0x70, 0x51, 0x6c, 0xd0, 0x4b, 0xc5, 0x2e, - 0xe4, 0xcb, 0xe1, 0x8f, 0x84, 0x91, 0x2c, 0x0a, 0xb0, 0xc2, 0x04, 0xf9, 0x50, 0xdd, 0x89, 0x5f, - 0x8c, 0x12, 0x16, 0xe3, 0xcb, 0x63, 0xbe, 0x56, 0xc5, 0xf7, 0x3e, 0xa5, 0x00, 0xab, 0x4c, 0x90, - 0x0f, 0x10, 0xdb, 0x03, 0xe3, 0xbc, 0x30, 0x12, 0x1b, 0x1a, 0xf1, 0x77, 0xc6, 0x65, 0x58, 0xe1, - 0x42, 0x79, 0xba, 0xf2, 0xda, 0xe6, 0x38, 0x26, 0x66, 0x7c, 0xf9, 0x33, 0xe6, 0x19, 0x97, 0x61, - 0x85, 0x0b, 0xed, 0xdb, 0x5e, 0x7c, 0x55, 0x57, 0x58, 0x9c, 0x2f, 0x8f, 0x79, 0x65, 0x5a, 0xe8, - 0x15, 0x71, 0x01, 0x56, 0x99, 0x20, 0x17, 0xa0, 0x27, 0x6f, 0xf0, 0x0a, 0xcb, 0xb3, 0xd0, 0x77, - 0xc6, 0xf7, 0x80, 0xb9, 0x6f, 0x2f, 0xfe, 0x8d, 0x15, 0x0e, 0xd4, 0xa4, 0x96, 0xfe, 0x0d, 0x28, - 0xae, 0x9d, 0x8d, 0xe4, 0xdb, 0xf8, 0x44, 0xac, 0xa4, 0x54, 0xd9, 0x7a, 0x7d, 0x4c, 0x51, 0x50, - 0xee, 0x1f, 0xd6, 0x66, 0x99, 0x0c, 0x19, 0x52, 0x58, 0xe2, 0x03, 0x8d, 0xd9, 0xe3, 0x0e, 0x34, - 0xd0, 0x75, 0x58, 0x0c, 0xd4, 0x00, 0x01, 0x26, 0x18, 0xe6, 0x58, 0x15, 0x79, 0xe3, 0xbb, 0x93, - 0x46, 0xc0, 0xc3, 0x75, 0xb8, 0xe0, 0x23, 0x16, 0xab, 0x3f, 0xaf, 0x0a, 0x3e, 0x5e, 0x86, 0x25, - 0x14, 0xed, 0xa5, 0x5e, 0x1c, 0x3e, 0x37, 0xae, 0x53, 0x62, 0xc4, 0xe7, 0x87, 0xbf, 0xa0, 0xbe, - 0x76, 0xbb, 0x50, 0x3c, 0x52, 0x2c, 0xfb, 0xd6, 0xf6, 0x03, 0x5e, 0xbc, 0x1d, 0x24, 0x03, 0xb4, - 0x17, 0x1f, 0x4a, 0x50, 0xaa, 0x3c, 0xde, 0xc8, 0x0b, 0xce, 0x46, 0x0d, 0x58, 0x24, 0xfb, 0x7d, - 0x2f, 0x18, 0xf8, 0x84, 0x25, 0x8c, 0x60, 0xc3, 0x83, 0x62, 0xaf, 0xc5, 0x5a, 0x1a, 0x88, 0x87, - 0xf1, 0xf5, 0xef, 0xcc, 0x40, 0x55, 0xd1, 0x8d, 0xde, 0x89, 0x1b, 0x3d, 0x21, 0x54, 0x4d, 0xcf, - 0x0d, 0x42, 0xdf, 0x50, 0x6e, 0x31, 0x8d, 0xc9, 0x53, 0xf6, 0x5e, 0x23, 0xa6, 0x8c, 0x55, 0x36, - 0x74, 0x9d, 0x4b, 0xdf, 0xd2, 0xc4, 0x43, 0xf0, 0x2d, 0xc9, 0x75, 0x9e, 0xe1, 0x5f, 0xfa, 0x38, - 0x40, 0xb4, 0x5d, 0xc8, 0x67, 0x48, 0x65, 0xa6, 0xb9, 0x56, 0x70, 0x43, 0xc2, 0xb0, 0x82, 0x87, - 0xee, 0xc1, 0x9c, 0xa3, 0x66, 0x99, 0x12, 0x7b, 0x59, 0xa1, 0x13, 0xe0, 0x44, 0xba, 0x2a, 0x7e, - 0x9e, 0x98, 0x28, 0xc2, 0x49, 0x56, 0x74, 0x1a, 0x38, 0x51, 0x66, 0xb4, 0xb1, 0xfc, 0xa4, 0x32, - 0xbf, 0x5a, 0x3c, 0x0d, 0x64, 0x51, 0x80, 0x15, 0x26, 0x39, 0xce, 0xac, 0xe9, 0x42, 0xce, 0xac, - 0x01, 0x9c, 0xf7, 0x49, 0xe8, 0x1f, 0x34, 0x0e, 0x4c, 0xf6, 0x4a, 0xa1, 0x1f, 0xb2, 0xb4, 0x64, - 0x95, 0x62, 0x97, 0x04, 0xf0, 0x30, 0x29, 0x9c, 0x45, 0x3f, 0x21, 0x27, 0x67, 0x8e, 0x95, 0x93, - 0x9f, 0x80, 0x6a, 0x48, 0xcc, 0x1d, 0xd7, 0x36, 0x0d, 0xa7, 0xd5, 0x14, 0x17, 0x79, 0xe3, 0x25, - 0x1f, 0x83, 0xb0, 0x8a, 0x87, 0xea, 0x30, 0x31, 0xb0, 0x2d, 0xb1, 0x59, 0xfc, 0x98, 0xb4, 0x32, - 0x5a, 0xcd, 0xfb, 0x87, 0xb5, 0xf7, 0xc7, 0xde, 0x21, 0xf9, 0x55, 0x57, 0xfb, 0xbb, 0xdd, 0xab, - 0xe1, 0x41, 0x9f, 0x04, 0x2b, 0x9b, 0xad, 0x26, 0xa6, 0x95, 0xb3, 0x1c, 0x7d, 0xb3, 0x27, 0x70, - 0xf4, 0xfd, 0x8a, 0x06, 0xe7, 0x8d, 0xb4, 0x81, 0x44, 0x82, 0xa5, 0xb9, 0xe2, 0x42, 0x37, 0xdb, - 0xe8, 0x8a, 0x53, 0x89, 0xac, 0x0e, 0xb3, 0xc3, 0x59, 0x6d, 0xd0, 0xff, 0x48, 0x13, 0x0a, 0xfd, - 0x19, 0x7a, 0x72, 0x4e, 0xdb, 0xfc, 0xd5, 0x6f, 0x01, 0xc4, 0x5b, 0xc0, 0xd8, 0xbe, 0xae, 0x1f, - 0x95, 0xe1, 0xe2, 0xb8, 0x67, 0xc8, 0x2c, 0x61, 0x1a, 0x7b, 0x88, 0x62, 0x75, 0x3b, 0x24, 0xfe, - 0xed, 0xdb, 0xeb, 0x32, 0x4f, 0x7f, 0xc1, 0x8c, 0x6d, 0xf1, 0x3b, 0x26, 0x43, 0x14, 0x71, 0x0e, - 0x27, 0xb6, 0xfd, 0x89, 0xe4, 0xe1, 0xd8, 0x08, 0x49, 0x7d, 0xe0, 0x07, 0xa1, 0x08, 0x7f, 0xe5, - 0xdb, 0x5f, 0x1a, 0x88, 0x87, 0xf1, 0xd3, 0x44, 0xf8, 0xa3, 0x18, 0x93, 0xec, 0x69, 0xcf, 0x21, - 0x22, 0xfc, 0x65, 0x8c, 0x61, 0x7c, 0x95, 0x88, 0x7c, 0x0a, 0x94, 0x09, 0xeb, 0x14, 0x91, 0xf8, - 0x9d, 0xd0, 0x61, 0x7c, 0x64, 0xc1, 0xe3, 0x3e, 0x31, 0xbd, 0x5e, 0x8f, 0xb8, 0x16, 0x4f, 0xb5, - 0x69, 0xf8, 0x5d, 0xdb, 0xbd, 0xe6, 0x1b, 0x0c, 0x51, 0xbc, 0x37, 0x7a, 0xe5, 0xe8, 0xb0, 0xf6, - 0x38, 0x3e, 0x06, 0x0f, 0x1f, 0x4b, 0x05, 0xf5, 0xe0, 0xdc, 0x80, 0xa5, 0x03, 0xf2, 0x5b, 0x6e, - 0x48, 0xfc, 0x3d, 0xc3, 0x29, 0xf8, 0xd4, 0x0b, 0x13, 0x16, 0x9b, 0x49, 0x52, 0x38, 0x4d, 0x1b, - 0x1d, 0x50, 0x39, 0x2c, 0x9a, 0xa3, 0xb0, 0xac, 0x14, 0x4f, 0x29, 0x88, 0x87, 0xc9, 0xe1, 0x2c, - 0x1e, 0xfa, 0xaf, 0x68, 0x20, 0x4e, 0xcb, 0xa8, 0x55, 0xaf, 0xb8, 0x26, 0x2a, 0xef, 0xfc, 0x43, - 0xe3, 0xff, 0x5e, 0x03, 0x41, 0x81, 0x25, 0x72, 0x1b, 0x29, 0x0d, 0xd8, 0x83, 0xdf, 0x81, 0x8e, - 0x13, 0x91, 0x4d, 0xe4, 0x25, 0x22, 0x3b, 0xad, 0xac, 0x5e, 0xbf, 0xad, 0x41, 0xfa, 0x7d, 0x45, - 0xf4, 0x24, 0x4c, 0x8b, 0x4b, 0x5b, 0xe2, 0xea, 0x07, 0x8f, 0x4d, 0xe4, 0x45, 0x38, 0x82, 0x25, - 0x35, 0xf7, 0x31, 0xee, 0x78, 0x64, 0xc7, 0xdb, 0x1f, 0xaf, 0xb9, 0xeb, 0xdf, 0x9b, 0x87, 0x29, - 0x7e, 0xcd, 0x88, 0xca, 0xb4, 0x8c, 0x50, 0xa6, 0x9b, 0xc5, 0x2f, 0x32, 0x15, 0x88, 0x58, 0x4a, - 0xe4, 0x9c, 0x29, 0x1d, 0x9b, 0x73, 0x06, 0xf3, 0x24, 0x83, 0x63, 0x78, 0x6b, 0x1a, 0xb8, 0x25, - 0xf2, 0xda, 0x8b, 0x04, 0x83, 0x28, 0x4c, 0xb8, 0x31, 0x26, 0x8b, 0xa7, 0x4f, 0xe4, 0x1d, 0xa0, - 0x38, 0x33, 0xe6, 0x8f, 0x71, 0x64, 0xc4, 0xf7, 0x3a, 0xca, 0xc5, 0x4f, 0x0d, 0x44, 0x97, 0x8f, - 0x70, 0xaf, 0x43, 0x2e, 0xa4, 0xa9, 0xdc, 0x85, 0xb4, 0x0d, 0xd3, 0x62, 0x29, 0x08, 0xe1, 0xf8, - 0xe2, 0x18, 0x09, 0x04, 0x95, 0x5b, 0xc0, 0xbc, 0x00, 0x47, 0xc4, 0xe9, 0x8e, 0xdb, 0x33, 0xf6, - 0xed, 0xde, 0xa0, 0xc7, 0x24, 0x62, 0x59, 0x45, 0x65, 0xc5, 0x38, 0x82, 0x33, 0x54, 0x7e, 0xd8, - 0xc2, 0x14, 0x4b, 0x15, 0x55, 0xbc, 0xcb, 0x12, 0xc1, 0xd1, 0x1b, 0x50, 0xe9, 0x19, 0xfb, 0x9d, - 0x81, 0xdf, 0x25, 0xc2, 0x81, 0x91, 0xaf, 0xf2, 0x0c, 0x42, 0xdb, 0x59, 0xa1, 0xe6, 0x50, 0xe8, - 0xaf, 0xb4, 0xdc, 0xf0, 0xb6, 0xdf, 0x09, 0x7d, 0x99, 0xd8, 0x6c, 0x5d, 0x50, 0xc1, 0x92, 0x1e, - 0x72, 0x60, 0xbe, 0x67, 0xec, 0x6f, 0xba, 0x86, 0x7c, 0x3e, 0xa2, 0x5a, 0x90, 0x03, 0xf3, 0xe2, - 0xae, 0x27, 0x68, 0xe1, 0x14, 0xed, 0x0c, 0x87, 0xf1, 0xec, 0x69, 0x39, 0x8c, 0x57, 0x65, 0x4c, - 0x08, 0xd7, 0x63, 0x1f, 0xcd, 0x3a, 0x96, 0x39, 0x3e, 0xde, 0xe3, 0x4d, 0x19, 0xef, 0x31, 0x5f, - 0xdc, 0xcb, 0x7b, 0x4c, 0xac, 0xc7, 0x00, 0xaa, 0x54, 0xe1, 0xe4, 0xa5, 0xc1, 0xd2, 0xb9, 0xe2, - 0x5e, 0x86, 0xa6, 0x24, 0xa3, 0x24, 0x77, 0x8e, 0x49, 0x63, 0x95, 0x0f, 0xba, 0xcd, 0x9f, 0x17, - 0x70, 0x48, 0x18, 0xa3, 0x30, 0x03, 0x67, 0x81, 0x3b, 0x92, 0xa2, 0xd7, 0x00, 0x86, 0x10, 0x70, - 0x76, 0x3d, 0xaa, 0xa2, 0xf2, 0x60, 0xf4, 0xc5, 0x38, 0xf9, 0x40, 0xe2, 0xa2, 0xd7, 0x5f, 0xd3, - 0x60, 0x81, 0xbf, 0x5c, 0xd5, 0xf0, 0x7a, 0x7d, 0xcf, 0x25, 0x74, 0x58, 0x10, 0xeb, 0xd3, 0xcf, - 0x14, 0x97, 0x0d, 0x9d, 0x14, 0x45, 0x71, 0x9e, 0x96, 0x2a, 0xc5, 0x43, 0x9c, 0xd1, 0xef, 0x68, - 0xb0, 0xd4, 0xcb, 0xc9, 0x9d, 0xbc, 0x74, 0xbe, 0x78, 0x60, 0xdb, 0x83, 0xf2, 0x31, 0xf3, 0xd7, - 0xf4, 0x1e, 0x84, 0x85, 0x73, 0xdb, 0x36, 0x6e, 0xf8, 0xeb, 0x38, 0x17, 0xe0, 0x7e, 0x0a, 0x16, - 0xd2, 0x7b, 0x80, 0xfa, 0x20, 0x82, 0x76, 0xaa, 0x0f, 0x22, 0xe8, 0x2f, 0xc1, 0xa5, 0xec, 0x31, - 0xa7, 0x9a, 0x16, 0x7b, 0x59, 0x44, 0x58, 0x38, 0x71, 0x6e, 0x3e, 0x5a, 0x88, 0x39, 0xac, 0xfe, - 0xd1, 0x6f, 0xff, 0xf0, 0xf2, 0xfb, 0xbe, 0xfb, 0xc3, 0xcb, 0xef, 0xfb, 0xfe, 0x0f, 0x2f, 0xbf, - 0xef, 0x4b, 0x47, 0x97, 0xb5, 0x6f, 0x1f, 0x5d, 0xd6, 0xbe, 0x7b, 0x74, 0x59, 0xfb, 0xfe, 0xd1, - 0x65, 0xed, 0xbf, 0x1c, 0x5d, 0xd6, 0x7e, 0xf1, 0xbf, 0x5e, 0x7e, 0xdf, 0x1b, 0xd3, 0xa2, 0x45, - 0x7f, 0x1e, 0x00, 0x00, 0xff, 0xff, 0x41, 0x5c, 0xf3, 0xd2, 0x97, 0xb3, 0x00, 0x00, + 0x75, 0xd8, 0xf5, 0x90, 0x43, 0x0e, 0xdf, 0x90, 0x5c, 0xb2, 0xf6, 0xe3, 0x78, 0xbc, 0xbb, 0x9d, + 0x55, 0xeb, 0x03, 0x77, 0x91, 0xc4, 0xf5, 0x9d, 0x24, 0x9f, 0xee, 0x4e, 0xa7, 0x3b, 0xce, 0x90, + 0xbb, 0x3b, 0xda, 0x25, 0x97, 0x57, 0xb3, 0xbc, 0x93, 0xce, 0xce, 0x45, 0xcd, 0xee, 0xe2, 0xb0, + 0x8f, 0x3d, 0xdd, 0x73, 0xdd, 0x3d, 0x5c, 0x72, 0xe5, 0x40, 0xb2, 0x60, 0xd9, 0x71, 0x9c, 0x04, + 0x86, 0x13, 0x47, 0xb0, 0xe4, 0xc0, 0x32, 0x82, 0x44, 0x09, 0x1c, 0xd8, 0x4e, 0x02, 0x1b, 0x71, + 0x3e, 0x00, 0xc3, 0x46, 0x60, 0x45, 0x48, 0x02, 0xc1, 0x80, 0x10, 0x25, 0xb1, 0xa9, 0x88, 0x01, + 0x94, 0x04, 0xc9, 0x8f, 0x04, 0x46, 0x10, 0x60, 0xa1, 0x20, 0x41, 0x7d, 0x74, 0x75, 0xf5, 0x17, + 0x77, 0xd8, 0xb3, 0xe4, 0xdd, 0xfd, 0x22, 0xa7, 0xde, 0xab, 0xf7, 0xaa, 0xeb, 0xe3, 0xd5, 0x7b, + 0xaf, 0x5e, 0xbd, 0x82, 0x66, 0xd7, 0x0e, 0x77, 0x06, 0x5b, 0x4b, 0xa6, 0xd7, 0xbb, 0xda, 0x35, + 0x7c, 0x8b, 0xb8, 0xc4, 0x8f, 0xff, 0xe9, 0xef, 0x76, 0xaf, 0x1a, 0x7d, 0x3b, 0xb8, 0x6a, 0x7a, + 0x3e, 0xb9, 0xba, 0xf7, 0xcc, 0x16, 0x09, 0x8d, 0x67, 0xae, 0x76, 0x29, 0xcc, 0x08, 0x89, 0xb5, + 0xd4, 0xf7, 0xbd, 0xd0, 0x43, 0xcf, 0xc6, 0x34, 0x96, 0xa2, 0xaa, 0xf1, 0x3f, 0xfd, 0xdd, 0xee, + 0x12, 0xa5, 0xb1, 0x44, 0x69, 0x2c, 0x09, 0x1a, 0x8b, 0x1f, 0x55, 0xf9, 0x7a, 0x5d, 0xef, 0x2a, + 0x23, 0xb5, 0x35, 0xd8, 0x66, 0xbf, 0xd8, 0x0f, 0xf6, 0x1f, 0x67, 0xb1, 0xf8, 0xf4, 0xee, 0x27, + 0x83, 0x25, 0xdb, 0xa3, 0x8d, 0xb9, 0x6a, 0x0c, 0x42, 0x2f, 0x30, 0x0d, 0xc7, 0x76, 0xbb, 0x57, + 0xf7, 0x32, 0xad, 0x59, 0xd4, 0x15, 0x54, 0xd1, 0xec, 0x63, 0x71, 0xfc, 0x2d, 0xc3, 0xcc, 0xc3, + 0xf9, 0x78, 0x8c, 0xd3, 0x33, 0xcc, 0x1d, 0xdb, 0x25, 0xfe, 0x41, 0xd4, 0x21, 0x57, 0x7d, 0x12, + 0x78, 0x03, 0xdf, 0x24, 0x27, 0xaa, 0x15, 0x5c, 0xed, 0x91, 0xd0, 0xc8, 0xe3, 0x75, 0xb5, 0xa8, + 0x96, 0x3f, 0x70, 0x43, 0xbb, 0x97, 0x65, 0xf3, 0xe3, 0x0f, 0xaa, 0x10, 0x98, 0x3b, 0xa4, 0x67, + 0x64, 0xea, 0x7d, 0xac, 0xa8, 0xde, 0x20, 0xb4, 0x9d, 0xab, 0xb6, 0x1b, 0x06, 0xa1, 0x9f, 0xae, + 0xa4, 0x3f, 0x0b, 0xd5, 0x65, 0xcb, 0xf2, 0x5c, 0xf4, 0x34, 0x4c, 0x12, 0xd7, 0xd8, 0x72, 0x88, + 0xb5, 0xa0, 0x5d, 0xd1, 0x9e, 0xaa, 0x35, 0xcf, 0x7d, 0xeb, 0xb0, 0xf1, 0xc8, 0xd1, 0x61, 0x63, + 0x72, 0x95, 0x17, 0xe3, 0x08, 0xae, 0xff, 0x72, 0x05, 0x26, 0x58, 0xa5, 0x00, 0xfd, 0x92, 0x06, + 0xe7, 0x77, 0x07, 0x5b, 0xc4, 0x77, 0x49, 0x48, 0x82, 0x15, 0x23, 0xd8, 0xd9, 0xf2, 0x0c, 0x9f, + 0x93, 0xa8, 0x3f, 0x7b, 0x7d, 0xe9, 0xe4, 0xb3, 0x67, 0xe9, 0x66, 0x96, 0x5c, 0xf3, 0xd1, 0xa3, + 0xc3, 0xc6, 0xf9, 0x1c, 0x00, 0xce, 0x63, 0x8e, 0xf6, 0x60, 0xda, 0xed, 0xda, 0xee, 0x7e, 0xdb, + 0xed, 0xfa, 0x24, 0x08, 0x16, 0x2a, 0xac, 0x31, 0xaf, 0x94, 0x69, 0xcc, 0xba, 0x42, 0xa7, 0x39, + 0x77, 0x74, 0xd8, 0x98, 0x56, 0x4b, 0x70, 0x82, 0x8f, 0xfe, 0xb3, 0x1a, 0x9c, 0x5b, 0xb6, 0x7a, + 0x76, 0x10, 0xd8, 0x9e, 0xbb, 0xe1, 0x0c, 0xba, 0xb6, 0x8b, 0xae, 0xc0, 0xb8, 0x6b, 0xf4, 0x08, + 0xeb, 0x90, 0xa9, 0xe6, 0xb4, 0xe8, 0xd3, 0xf1, 0x75, 0xa3, 0x47, 0x30, 0x83, 0xa0, 0x57, 0x61, + 0xc2, 0xf4, 0xdc, 0x6d, 0xbb, 0x2b, 0xda, 0xf9, 0xd1, 0x25, 0x3e, 0x8e, 0x4b, 0xea, 0x38, 0xb2, + 0xe6, 0x89, 0xf1, 0x5f, 0xc2, 0xc6, 0xdd, 0xd5, 0xfd, 0x90, 0xb8, 0x94, 0x4d, 0x13, 0x8e, 0x0e, + 0x1b, 0x13, 0x2d, 0x46, 0x00, 0x0b, 0x42, 0xfa, 0x35, 0xa8, 0x2d, 0x3b, 0xc4, 0x0f, 0x6d, 0xb7, + 0x8b, 0x5e, 0x80, 0x59, 0xd2, 0x33, 0x6c, 0x07, 0x13, 0x93, 0xd8, 0x7b, 0xc4, 0x0f, 0x16, 0xb4, + 0x2b, 0x63, 0x4f, 0x4d, 0x35, 0xd1, 0xd1, 0x61, 0x63, 0x76, 0x35, 0x01, 0xc1, 0x29, 0x4c, 0xfd, + 0xa7, 0x35, 0xa8, 0x2f, 0x0f, 0x2c, 0x3b, 0xe4, 0xf4, 0x91, 0x0f, 0x75, 0x83, 0xfe, 0xdc, 0xf0, + 0x1c, 0xdb, 0x3c, 0x10, 0x83, 0xfc, 0x72, 0x99, 0x7e, 0x5d, 0x8e, 0xc9, 0x34, 0xcf, 0x1d, 0x1d, + 0x36, 0xea, 0x4a, 0x01, 0x56, 0x99, 0xe8, 0x3b, 0xa0, 0xc2, 0xd0, 0xe7, 0x60, 0x9a, 0x7f, 0xe4, + 0x9a, 0xd1, 0xc7, 0x64, 0x5b, 0xb4, 0xe1, 0xfd, 0x4a, 0x9f, 0x45, 0x8c, 0x96, 0x6e, 0x6f, 0xbd, + 0x45, 0xcc, 0x10, 0x93, 0x6d, 0xe2, 0x13, 0xd7, 0x24, 0x7c, 0xf8, 0x5a, 0x4a, 0x65, 0x9c, 0x20, + 0xa5, 0x7f, 0x5f, 0x83, 0xb9, 0xe5, 0x3d, 0xc3, 0x76, 0x8c, 0x2d, 0xdb, 0xb1, 0xc3, 0x83, 0x37, + 0x3c, 0x97, 0x0c, 0x31, 0x7e, 0x9b, 0xf0, 0xe8, 0xc0, 0x35, 0x78, 0x3d, 0x87, 0xac, 0xf1, 0x11, + 0xbb, 0x73, 0xd0, 0x27, 0x74, 0xe2, 0xd1, 0x9e, 0x7e, 0xfc, 0xe8, 0xb0, 0xf1, 0xe8, 0x66, 0x3e, + 0x0a, 0x2e, 0xaa, 0x8b, 0x30, 0x5c, 0x52, 0x40, 0xaf, 0x79, 0xce, 0xa0, 0x27, 0xa8, 0x8e, 0x31, + 0xaa, 0x8b, 0x47, 0x87, 0x8d, 0x4b, 0x9b, 0xb9, 0x18, 0xb8, 0xa0, 0xa6, 0xfe, 0xad, 0x0a, 0x4c, + 0x37, 0x0d, 0x73, 0x77, 0xd0, 0x6f, 0x0e, 0xcc, 0x5d, 0x12, 0xa2, 0xcf, 0x43, 0x8d, 0x8a, 0x2d, + 0xcb, 0x08, 0x0d, 0xd1, 0x93, 0x3f, 0x56, 0x38, 0xfb, 0xd8, 0x20, 0x52, 0xec, 0xb8, 0x6f, 0xd7, + 0x48, 0x68, 0x34, 0x91, 0xe8, 0x13, 0x88, 0xcb, 0xb0, 0xa4, 0x8a, 0xb6, 0x61, 0x3c, 0xe8, 0x13, + 0x53, 0xcc, 0xed, 0x95, 0x32, 0x73, 0x45, 0x6d, 0x71, 0xa7, 0x4f, 0xcc, 0x78, 0x14, 0xe8, 0x2f, + 0xcc, 0xe8, 0x23, 0x17, 0x26, 0x82, 0xd0, 0x08, 0x07, 0xb4, 0x7b, 0x28, 0xa7, 0x6b, 0x23, 0x73, + 0x62, 0xd4, 0x9a, 0xb3, 0x82, 0xd7, 0x04, 0xff, 0x8d, 0x05, 0x17, 0xfd, 0xdf, 0x69, 0x30, 0xa7, + 0xa2, 0xdf, 0xb2, 0x83, 0x10, 0xfd, 0x64, 0xa6, 0x3b, 0x97, 0x86, 0xeb, 0x4e, 0x5a, 0x9b, 0x75, + 0xe6, 0x9c, 0x60, 0x57, 0x8b, 0x4a, 0x94, 0xae, 0x24, 0x50, 0xb5, 0x43, 0xd2, 0xe3, 0xd3, 0xaa, + 0xa4, 0x3c, 0x53, 0x9b, 0xdc, 0x9c, 0x11, 0xcc, 0xaa, 0x6d, 0x4a, 0x16, 0x73, 0xea, 0xfa, 0xe7, + 0xe1, 0x82, 0x8a, 0xb5, 0xe1, 0x7b, 0x7b, 0xb6, 0x45, 0x7c, 0xba, 0x12, 0xc2, 0x83, 0x7e, 0x66, + 0x25, 0xd0, 0x99, 0x85, 0x19, 0x04, 0x7d, 0x08, 0x26, 0x7c, 0xd2, 0xb5, 0x3d, 0x97, 0x8d, 0xf6, + 0x54, 0xdc, 0x77, 0x98, 0x95, 0x62, 0x01, 0xd5, 0xff, 0x77, 0x25, 0xd9, 0x77, 0x74, 0x18, 0xd1, + 0x1e, 0xd4, 0xfa, 0x82, 0x95, 0xe8, 0xbb, 0x1b, 0xa3, 0x7e, 0x60, 0xd4, 0xf4, 0xb8, 0x57, 0xa3, + 0x12, 0x2c, 0x79, 0x21, 0x1b, 0x66, 0xa3, 0xff, 0x5b, 0x23, 0x88, 0x61, 0x26, 0x4e, 0x37, 0x12, + 0x84, 0x70, 0x8a, 0x30, 0xba, 0x03, 0x53, 0x01, 0x31, 0x7d, 0x42, 0x65, 0x92, 0x98, 0xa6, 0xb9, + 0x82, 0xab, 0x13, 0x21, 0x09, 0xc1, 0x35, 0x2f, 0x9a, 0x3f, 0x25, 0x01, 0x38, 0x26, 0x84, 0x9e, + 0x82, 0x5a, 0x40, 0x88, 0x45, 0x25, 0xd2, 0xc2, 0x38, 0x1f, 0x1b, 0xfa, 0xa9, 0x1d, 0x51, 0x86, + 0x25, 0x54, 0xff, 0xc6, 0x38, 0xa0, 0xec, 0x14, 0x57, 0x7b, 0x80, 0x97, 0x88, 0xfe, 0x1f, 0xa5, + 0x07, 0xc4, 0x6a, 0x49, 0x11, 0x46, 0xf7, 0x60, 0xc6, 0x31, 0x82, 0xf0, 0x76, 0x9f, 0xea, 0x20, + 0xd1, 0x44, 0xa9, 0x3f, 0xbb, 0x5c, 0x66, 0xa4, 0x6f, 0xa9, 0x84, 0x9a, 0xf3, 0x47, 0x87, 0x8d, + 0x99, 0x44, 0x11, 0x4e, 0xb2, 0x42, 0x6f, 0xc1, 0x14, 0x2d, 0x58, 0xf5, 0x7d, 0xcf, 0x17, 0xbd, + 0xff, 0x52, 0x59, 0xbe, 0x8c, 0x48, 0x73, 0x86, 0x8e, 0x89, 0xfc, 0x89, 0x63, 0xf2, 0xe8, 0x33, + 0x80, 0xbc, 0xad, 0x80, 0xf8, 0x7b, 0xc4, 0xba, 0xce, 0x15, 0x2e, 0xfa, 0xb1, 0x74, 0x74, 0xc6, + 0x9a, 0x8b, 0x62, 0x34, 0xd1, 0xed, 0x0c, 0x06, 0xce, 0xa9, 0x85, 0x76, 0x01, 0x49, 0xa5, 0x4d, + 0x4e, 0x80, 0x85, 0xea, 0xf0, 0xd3, 0xe7, 0x12, 0x65, 0x76, 0x3d, 0x43, 0x02, 0xe7, 0x90, 0xd5, + 0xff, 0x65, 0x05, 0xea, 0x7c, 0x8a, 0xac, 0xba, 0xa1, 0x7f, 0x70, 0x06, 0x1b, 0x04, 0x49, 0x6c, + 0x10, 0xad, 0xf2, 0x6b, 0x9e, 0x35, 0xb8, 0x70, 0x7f, 0xe8, 0xa5, 0xf6, 0x87, 0xd5, 0x51, 0x19, + 0x1d, 0xbf, 0x3d, 0x7c, 0x57, 0x83, 0x73, 0x0a, 0xf6, 0x19, 0xec, 0x0e, 0x56, 0x72, 0x77, 0x78, + 0x79, 0xc4, 0xef, 0x2b, 0xd8, 0x1c, 0xbc, 0xc4, 0x67, 0x31, 0xc1, 0xfd, 0x2c, 0xc0, 0x16, 0x13, + 0x27, 0xeb, 0xb1, 0x9e, 0x24, 0x87, 0xbc, 0x29, 0x21, 0x58, 0xc1, 0x4a, 0xc8, 0xac, 0xca, 0xb1, + 0x32, 0xeb, 0x7f, 0x55, 0x60, 0x3e, 0xd3, 0xed, 0x59, 0x39, 0xa2, 0xbd, 0x43, 0x72, 0xa4, 0xf2, + 0x4e, 0xc8, 0x91, 0xb1, 0x52, 0x72, 0x64, 0xf8, 0x7d, 0xe2, 0x0f, 0x34, 0x18, 0x6b, 0xe1, 0x36, + 0xfa, 0x70, 0x42, 0xf7, 0x7d, 0x54, 0xd5, 0x7d, 0xef, 0x1f, 0x36, 0x26, 0x5b, 0xb8, 0xad, 0xa8, + 0xc1, 0x7f, 0x55, 0x83, 0x79, 0xd3, 0x73, 0x43, 0x83, 0x4e, 0x62, 0xcc, 0x37, 0x88, 0x68, 0x32, + 0x96, 0x52, 0xfb, 0x5a, 0x29, 0x62, 0xcd, 0xc7, 0x44, 0x03, 0xe6, 0xd3, 0x90, 0x00, 0x67, 0x39, + 0xeb, 0x9b, 0x30, 0xd5, 0x72, 0xbc, 0x81, 0xd5, 0x76, 0xb7, 0xbd, 0x87, 0xa8, 0xbb, 0x7c, 0x4f, + 0x83, 0x69, 0x46, 0x77, 0xc3, 0xf7, 0xb6, 0x6d, 0x87, 0xbc, 0x37, 0x54, 0x68, 0xb5, 0xc5, 0x45, + 0x22, 0x92, 0xa9, 0xb4, 0x2a, 0xe2, 0x7b, 0x44, 0xa5, 0x55, 0x9b, 0x5c, 0x20, 0xb5, 0x7e, 0x79, + 0x32, 0xf9, 0x65, 0x4c, 0x6e, 0x3d, 0x05, 0x35, 0xd3, 0x68, 0x0e, 0x5c, 0xcb, 0x91, 0xf3, 0x82, + 0xb6, 0xb2, 0xb5, 0xcc, 0xcb, 0xb0, 0x84, 0xa2, 0x7b, 0x00, 0xb1, 0x9b, 0x41, 0x0c, 0xc3, 0xb5, + 0xd1, 0x5c, 0x1b, 0x1d, 0x12, 0x52, 0xeb, 0x3c, 0x88, 0x87, 0x3e, 0x86, 0x61, 0x85, 0x1b, 0xfa, + 0x8b, 0x30, 0x23, 0x3a, 0xb9, 0xdd, 0x33, 0xba, 0xc2, 0xfa, 0x2b, 0xd9, 0x53, 0x6b, 0x0a, 0xa1, + 0xe6, 0x45, 0xc1, 0x78, 0x46, 0x2d, 0x0d, 0x70, 0x92, 0x1b, 0x3a, 0x80, 0xe9, 0x9e, 0x6a, 0xd1, + 0x8e, 0x97, 0xdf, 0x5c, 0x14, 0xeb, 0xb6, 0x79, 0x41, 0x30, 0x9f, 0x4e, 0xd8, 0xc2, 0x09, 0x56, + 0x39, 0x8a, 0x79, 0xf5, 0xb4, 0x14, 0x73, 0x02, 0x93, 0x7c, 0x79, 0x07, 0x0b, 0x13, 0xec, 0x03, + 0x5f, 0x28, 0xf3, 0x81, 0x5c, 0x52, 0xc4, 0x7e, 0x33, 0xfe, 0x3b, 0xc0, 0x11, 0x6d, 0xb4, 0x07, + 0xd3, 0x54, 0xc6, 0x76, 0x88, 0x43, 0xcc, 0xd0, 0xf3, 0x17, 0x26, 0xcb, 0xfb, 0xa5, 0x3a, 0x0a, + 0x1d, 0xee, 0xd8, 0x50, 0x4b, 0x70, 0x82, 0x8f, 0x94, 0x7e, 0xb5, 0x42, 0xe9, 0x37, 0x80, 0xfa, + 0x9e, 0xe2, 0x61, 0x98, 0x62, 0x9d, 0xf0, 0xe9, 0x32, 0x0d, 0x8b, 0xdd, 0x0d, 0xcd, 0xf3, 0x82, + 0x51, 0x5d, 0x75, 0x4d, 0xa8, 0x7c, 0xf4, 0xbf, 0x57, 0x83, 0xf9, 0x96, 0x33, 0x08, 0x42, 0xe2, + 0x2f, 0x0b, 0xc7, 0x2f, 0xf1, 0xd1, 0x97, 0x35, 0xb8, 0xc4, 0xfe, 0x5d, 0xf1, 0xee, 0xba, 0x2b, + 0xc4, 0x31, 0x0e, 0x96, 0xb7, 0x29, 0x86, 0x65, 0x9d, 0x4c, 0x02, 0xad, 0x0c, 0xc4, 0x9e, 0xce, + 0x5c, 0x25, 0x9d, 0x5c, 0x8a, 0xb8, 0x80, 0x13, 0xfa, 0x05, 0x0d, 0x1e, 0xcb, 0x01, 0xad, 0x10, + 0x87, 0x84, 0x44, 0xc8, 0x80, 0x93, 0xb6, 0xe3, 0xc9, 0xa3, 0xc3, 0xc6, 0x63, 0x9d, 0x22, 0xa2, + 0xb8, 0x98, 0x1f, 0xfa, 0x6b, 0x1a, 0x2c, 0xe6, 0x40, 0xaf, 0x19, 0xb6, 0x33, 0xf0, 0x89, 0x50, + 0x69, 0x4f, 0xda, 0x9c, 0xcb, 0x47, 0x87, 0x8d, 0xc5, 0x4e, 0x21, 0x55, 0x7c, 0x0c, 0x47, 0xf4, + 0x45, 0xb8, 0x28, 0xa1, 0x9b, 0xae, 0x4b, 0x88, 0x45, 0xac, 0x3b, 0xb6, 0xd0, 0x2c, 0x4e, 0xde, + 0x94, 0xc7, 0x8e, 0x0e, 0x1b, 0x17, 0x3b, 0x79, 0x04, 0x71, 0x3e, 0x1f, 0xd4, 0x85, 0x27, 0x63, + 0x40, 0x68, 0x3b, 0xf6, 0x3d, 0x46, 0xe9, 0xce, 0x8e, 0x4f, 0x82, 0x1d, 0xcf, 0xb1, 0x98, 0xb0, + 0xd0, 0x9a, 0xef, 0x3b, 0x3a, 0x6c, 0x3c, 0xd9, 0x39, 0x0e, 0x11, 0x1f, 0x4f, 0x07, 0x59, 0x30, + 0x1d, 0x98, 0x86, 0xdb, 0x76, 0x43, 0xe2, 0xef, 0x19, 0xce, 0xc2, 0x44, 0xa9, 0x0f, 0xe4, 0x4b, + 0x54, 0xa1, 0x83, 0x13, 0x54, 0xd1, 0x27, 0xa1, 0x46, 0xf6, 0xfb, 0x86, 0x6b, 0x11, 0x2e, 0x16, + 0xa6, 0x9a, 0x4f, 0xd0, 0xcd, 0x68, 0x55, 0x94, 0xdd, 0x3f, 0x6c, 0x4c, 0x47, 0xff, 0xaf, 0x79, + 0x16, 0xc1, 0x12, 0x1b, 0xfd, 0x14, 0x5c, 0xe8, 0x19, 0xfb, 0xeb, 0x9e, 0x45, 0x98, 0x90, 0xa3, + 0x32, 0x8f, 0x0d, 0x44, 0xad, 0x54, 0x3b, 0x17, 0x8e, 0x0e, 0x1b, 0x17, 0xd6, 0x72, 0xe8, 0xe1, + 0x5c, 0x2e, 0x74, 0x18, 0x7a, 0xc6, 0xfe, 0x75, 0xdf, 0x30, 0xc9, 0xf6, 0xc0, 0xb9, 0x43, 0xfc, + 0x9e, 0xed, 0x32, 0x4a, 0x1d, 0x62, 0x7a, 0xae, 0x45, 0x45, 0x89, 0xf6, 0x54, 0x95, 0x0f, 0xc3, + 0xda, 0x71, 0x88, 0xf8, 0x78, 0x3a, 0xfa, 0x7f, 0xd3, 0xa0, 0x2e, 0x44, 0x05, 0xd3, 0xe8, 0xb6, + 0xa0, 0x6a, 0xd2, 0x1d, 0x5d, 0x88, 0x84, 0x97, 0x4a, 0x6b, 0x0e, 0x94, 0x5a, 0xac, 0x36, 0xb0, + 0x22, 0xcc, 0x49, 0xa3, 0xbd, 0x9c, 0x7d, 0xbf, 0x39, 0xda, 0xbe, 0xcf, 0xb8, 0x3d, 0x60, 0xcf, + 0xd7, 0x0f, 0xc7, 0x60, 0xaa, 0xe5, 0xb9, 0x96, 0xcd, 0xf4, 0xf6, 0x67, 0x12, 0xba, 0xeb, 0x93, + 0xaa, 0xf4, 0xbe, 0x7f, 0xd8, 0x98, 0x91, 0x88, 0x8a, 0x38, 0x7f, 0x5e, 0x1a, 0xbb, 0x5c, 0x99, + 0x7d, 0x5f, 0xd2, 0x4a, 0xbd, 0x7f, 0xd8, 0x38, 0x27, 0xab, 0x25, 0x0d, 0x57, 0xb4, 0x07, 0x88, + 0x9a, 0x1f, 0x77, 0x7c, 0xc3, 0x0d, 0x38, 0x59, 0x3a, 0x99, 0xb8, 0x80, 0xf9, 0x73, 0xc3, 0x4d, + 0x26, 0x5a, 0x23, 0xb6, 0x4e, 0x6e, 0x65, 0xa8, 0xe1, 0x1c, 0x0e, 0xe8, 0x2d, 0x98, 0xa5, 0xa5, + 0x9b, 0x7d, 0xcb, 0x08, 0x89, 0x22, 0x49, 0x4e, 0xc2, 0xf3, 0x92, 0xe0, 0x39, 0x7b, 0x2b, 0x41, + 0x09, 0xa7, 0x28, 0x73, 0x5d, 0xdf, 0x08, 0x3c, 0x97, 0x09, 0x89, 0x84, 0xae, 0x4f, 0x4b, 0xb1, + 0x80, 0xa2, 0xa7, 0x61, 0xb2, 0x47, 0x82, 0xc0, 0xe8, 0x12, 0xb6, 0xea, 0xa7, 0xe2, 0xad, 0x7d, + 0x8d, 0x17, 0xe3, 0x08, 0x8e, 0x3e, 0x02, 0x55, 0xd3, 0xb3, 0x48, 0xb0, 0x30, 0xc9, 0x9c, 0xf3, + 0x97, 0xd8, 0x5c, 0xa2, 0x05, 0xf7, 0x0f, 0x1b, 0x53, 0xcc, 0x96, 0xa3, 0xbf, 0x30, 0x47, 0xd2, + 0x7f, 0x8d, 0x6a, 0xda, 0x29, 0x8b, 0x65, 0x08, 0x1b, 0xe5, 0xec, 0x5c, 0x95, 0xfa, 0xcf, 0x57, + 0xe0, 0x02, 0x6d, 0xa1, 0xef, 0x39, 0x0e, 0xdd, 0x85, 0xfa, 0x8e, 0x77, 0xd0, 0x23, 0xee, 0x59, + 0x9c, 0x18, 0x44, 0xfd, 0x50, 0x29, 0xec, 0x87, 0x5e, 0xa6, 0x1f, 0xc6, 0xca, 0xf4, 0x83, 0x9c, + 0x2e, 0x0f, 0xe8, 0x8b, 0xff, 0xa2, 0xc1, 0x42, 0x5e, 0x5f, 0x9c, 0x81, 0x7d, 0xd4, 0x4b, 0xda, + 0x47, 0x37, 0xca, 0xda, 0xd1, 0xe9, 0xa6, 0x17, 0xd8, 0x49, 0x3f, 0xac, 0xc0, 0xa5, 0x18, 0xbd, + 0xed, 0x06, 0xa1, 0xe1, 0x38, 0xdc, 0x7b, 0x70, 0xfa, 0xe3, 0xde, 0x4f, 0x98, 0xb9, 0xeb, 0xa3, + 0x7d, 0xaa, 0xda, 0xf6, 0x42, 0x9f, 0xe0, 0x7e, 0xca, 0x27, 0xb8, 0xf1, 0x10, 0x79, 0x1e, 0xef, + 0x1e, 0xfc, 0xef, 0x1a, 0x2c, 0xe6, 0x57, 0x3c, 0x83, 0x49, 0xe5, 0x25, 0x27, 0xd5, 0x67, 0x1e, + 0xde, 0x57, 0x17, 0x4c, 0xab, 0x7f, 0x54, 0x29, 0xfa, 0x5a, 0x66, 0x88, 0x6f, 0xc3, 0x39, 0x6a, + 0x21, 0x05, 0xa1, 0x70, 0x5e, 0x9d, 0xec, 0x54, 0x37, 0x72, 0x4b, 0x9d, 0xc3, 0x49, 0x1a, 0x38, + 0x4d, 0x14, 0xad, 0xc3, 0x24, 0x35, 0x8b, 0x28, 0xfd, 0xca, 0xf0, 0xf4, 0xa5, 0xcc, 0xef, 0xf0, + 0xba, 0x38, 0x22, 0x82, 0x7e, 0x12, 0x66, 0x2c, 0xb9, 0xa2, 0x1e, 0x70, 0xa4, 0x93, 0xa6, 0xca, + 0xdc, 0x8c, 0x2b, 0x6a, 0x6d, 0x9c, 0x24, 0xa6, 0xff, 0x48, 0x83, 0x27, 0x8e, 0x9b, 0x5b, 0xe8, + 0x6d, 0x00, 0x33, 0xda, 0xc4, 0xf9, 0xa1, 0x7e, 0x59, 0x35, 0x28, 0xa2, 0x12, 0x2f, 0x50, 0x59, + 0x14, 0x60, 0x85, 0x49, 0xce, 0x49, 0x51, 0xe5, 0x94, 0x4e, 0x8a, 0xf4, 0xff, 0xa1, 0xa9, 0xa2, + 0x48, 0x1d, 0xdb, 0xf7, 0x9a, 0x28, 0x52, 0xdb, 0x5e, 0xe8, 0x7b, 0xfb, 0x93, 0x31, 0xb8, 0x92, + 0x5f, 0x45, 0xd9, 0x7b, 0x9f, 0x48, 0x68, 0x08, 0xb5, 0x77, 0x4c, 0x3b, 0x40, 0xaf, 0xc0, 0x44, + 0x9f, 0x87, 0x80, 0x8c, 0xb1, 0xa6, 0x3c, 0x45, 0x45, 0x1c, 0x0f, 0xd0, 0xb8, 0x7f, 0xd8, 0x58, + 0xcc, 0xdb, 0x71, 0x44, 0x68, 0x87, 0xa8, 0x87, 0xec, 0x94, 0x2b, 0x84, 0x2b, 0x7b, 0x1f, 0x1b, + 0x52, 0xca, 0x19, 0x5b, 0xc4, 0x19, 0xda, 0xfb, 0xf1, 0xd3, 0x1a, 0xcc, 0x26, 0x96, 0x56, 0xb0, + 0x50, 0x65, 0x8b, 0xa5, 0xd4, 0x69, 0x41, 0x62, 0xcd, 0xc6, 0x2a, 0x44, 0xa2, 0x38, 0xc0, 0x29, + 0x86, 0x29, 0x79, 0xaf, 0x0e, 0xef, 0x7b, 0x4e, 0xde, 0xab, 0x8d, 0x2f, 0x90, 0xf7, 0xbf, 0x5a, + 0x29, 0xfa, 0x5a, 0x26, 0xef, 0xef, 0xc2, 0x54, 0x14, 0x62, 0x17, 0xc9, 0xad, 0x6b, 0xa3, 0xb6, + 0x89, 0x93, 0x8b, 0x4f, 0xca, 0xa3, 0x92, 0x00, 0xc7, 0xbc, 0xd0, 0xcf, 0x68, 0x00, 0xf1, 0xc0, + 0x88, 0xe5, 0x71, 0xe7, 0xe1, 0x75, 0x87, 0xa2, 0x5f, 0xcd, 0x52, 0xd9, 0xa2, 0x4c, 0x0a, 0x85, + 0xaf, 0xfe, 0xdb, 0x15, 0x40, 0xd9, 0xb6, 0x53, 0xbd, 0x77, 0xd7, 0x76, 0xad, 0xb4, 0xfe, 0x7f, + 0xd3, 0x76, 0x2d, 0xcc, 0x20, 0x43, 0x68, 0xc6, 0x2f, 0xc1, 0xb9, 0xae, 0xe3, 0x6d, 0x19, 0x8e, + 0x73, 0x20, 0xa2, 0xf6, 0xd8, 0x0a, 0xad, 0x35, 0xcf, 0xd3, 0x1d, 0xf2, 0x7a, 0x12, 0x84, 0xd3, + 0xb8, 0xa8, 0x0f, 0x73, 0x3e, 0xb5, 0xb7, 0x4d, 0xdb, 0x61, 0x96, 0x92, 0x37, 0x08, 0x4b, 0x3a, + 0x74, 0x2e, 0x1c, 0x1d, 0x36, 0xe6, 0x70, 0x8a, 0x16, 0xce, 0x50, 0x47, 0x1f, 0x84, 0xc9, 0xbe, + 0x6f, 0xf7, 0x0c, 0xff, 0x80, 0xd9, 0x62, 0xb5, 0x66, 0x9d, 0x6e, 0xb5, 0x1b, 0xbc, 0x08, 0x47, + 0x30, 0xfd, 0xeb, 0x1a, 0x8c, 0xad, 0xac, 0x77, 0x90, 0x0e, 0x13, 0x96, 0xd7, 0x33, 0x6c, 0x57, + 0xf4, 0x12, 0x0b, 0x7e, 0x5b, 0x61, 0x25, 0x58, 0x40, 0x50, 0x1f, 0xa6, 0x22, 0x71, 0x35, 0xd2, + 0x61, 0xe8, 0xca, 0x7a, 0x47, 0x06, 0x90, 0xc8, 0x79, 0x15, 0x95, 0x04, 0x38, 0x66, 0xa2, 0x1b, + 0x30, 0xbf, 0xb2, 0xde, 0x69, 0xbb, 0xa6, 0x33, 0xb0, 0xc8, 0xea, 0x3e, 0xfb, 0x43, 0xbf, 0xcc, + 0xe6, 0x25, 0x22, 0xe0, 0x8e, 0x7d, 0x99, 0x40, 0xc2, 0x11, 0x8c, 0xa2, 0x11, 0x5e, 0x43, 0x44, + 0x8b, 0x31, 0x34, 0x41, 0x04, 0x47, 0x30, 0xfd, 0x7b, 0x15, 0xa8, 0x2b, 0x0d, 0x42, 0x0e, 0x4c, + 0xf2, 0xcf, 0x8d, 0x82, 0x35, 0x56, 0x4b, 0x7e, 0x62, 0xb2, 0xd5, 0x9c, 0x3b, 0xef, 0xd0, 0x00, + 0x47, 0x2c, 0xd4, 0x51, 0xaa, 0x14, 0x8f, 0x12, 0x5a, 0x02, 0xe0, 0x61, 0x29, 0xec, 0x8c, 0x91, + 0x6f, 0x0d, 0x6c, 0x21, 0x74, 0x64, 0x29, 0x56, 0x30, 0xe4, 0x7e, 0x36, 0x9e, 0xbb, 0x9f, 0x6d, + 0x43, 0xf5, 0x9e, 0xe7, 0x92, 0x40, 0xb8, 0xfd, 0x1f, 0xd2, 0x07, 0x4e, 0x51, 0x69, 0xf5, 0x06, + 0xa5, 0x8b, 0x39, 0x79, 0xfd, 0xd7, 0x35, 0x80, 0x15, 0x23, 0x34, 0xb8, 0x97, 0x7a, 0x88, 0x80, + 0xbf, 0x27, 0x12, 0xcb, 0xb0, 0x96, 0x39, 0x48, 0x1c, 0x0f, 0xec, 0x7b, 0xd1, 0xe7, 0x4b, 0x3d, + 0x83, 0x53, 0xef, 0xd8, 0xf7, 0x08, 0x66, 0x70, 0xf4, 0x61, 0x98, 0x22, 0xae, 0xe9, 0x1f, 0xf4, + 0x43, 0x62, 0xb1, 0x1e, 0xa8, 0xf1, 0x73, 0xe0, 0xd5, 0xa8, 0x10, 0xc7, 0x70, 0xfd, 0x19, 0x48, + 0x2a, 0x8b, 0x0f, 0x6e, 0xa5, 0xbe, 0x07, 0xb5, 0x55, 0xd7, 0xea, 0x7b, 0xb6, 0x1b, 0x0e, 0xf1, + 0x4d, 0x4f, 0xc2, 0xd8, 0xc0, 0x77, 0xc4, 0x27, 0xd5, 0x05, 0xc2, 0xd8, 0x26, 0xbe, 0x85, 0x69, + 0x39, 0x7a, 0x1a, 0x26, 0xfb, 0x03, 0xbf, 0xef, 0x05, 0xd1, 0x77, 0x49, 0xad, 0x78, 0x83, 0x17, + 0xe3, 0x08, 0xae, 0xdf, 0xd7, 0x60, 0x6e, 0x75, 0xbf, 0x6f, 0xfb, 0x2c, 0xf8, 0x90, 0xf8, 0x54, + 0xa9, 0xa0, 0xf5, 0xf7, 0xf8, 0xbf, 0xa2, 0x0d, 0xb2, 0xbe, 0xc0, 0xc0, 0x11, 0x1c, 0x6d, 0xc3, + 0x2c, 0x61, 0xd5, 0x99, 0x44, 0x35, 0xa4, 0xb3, 0xfd, 0x24, 0x8e, 0x20, 0x1e, 0xdb, 0x9a, 0xa0, + 0x82, 0x53, 0x54, 0x51, 0x07, 0x66, 0x4d, 0xc7, 0x08, 0x02, 0x7b, 0xdb, 0x36, 0xe3, 0x63, 0xf5, + 0xa9, 0xe6, 0x87, 0x69, 0xdd, 0x56, 0x02, 0x72, 0xff, 0xb0, 0x71, 0x51, 0xb4, 0x33, 0x09, 0xc0, + 0x29, 0x12, 0xfa, 0x1f, 0x68, 0x30, 0x25, 0x55, 0xa9, 0x77, 0x95, 0x47, 0x07, 0x3d, 0x05, 0x35, + 0xcb, 0x0e, 0xd4, 0x3d, 0x81, 0x1d, 0x77, 0xae, 0x88, 0x32, 0x2c, 0xa1, 0x7a, 0x00, 0xb5, 0xeb, + 0x62, 0x59, 0xa1, 0x45, 0xa8, 0xd8, 0xd1, 0x96, 0x04, 0xe2, 0x03, 0x2a, 0xed, 0x15, 0x5c, 0xb1, + 0x2d, 0x39, 0xab, 0x2a, 0x85, 0xb3, 0x4a, 0x19, 0xf6, 0xb1, 0xe3, 0x87, 0x5d, 0xff, 0x4d, 0x0d, + 0xea, 0x37, 0xec, 0x2d, 0xe2, 0x73, 0xb7, 0x2f, 0x93, 0x8b, 0x89, 0x70, 0xf4, 0x7a, 0x5e, 0x28, + 0x3a, 0xda, 0x87, 0xa9, 0xc0, 0xdc, 0x21, 0xd6, 0xc0, 0x91, 0xc1, 0x06, 0xa5, 0x82, 0xce, 0x15, + 0xd6, 0x1d, 0x41, 0x4f, 0x09, 0xbb, 0x8b, 0x38, 0xe0, 0x98, 0x99, 0xfe, 0x05, 0x38, 0x9f, 0x53, + 0x09, 0x35, 0xa0, 0x1a, 0x84, 0x86, 0x1f, 0x8a, 0x3e, 0x63, 0xe2, 0xa6, 0x43, 0x0b, 0x30, 0x2f, + 0x47, 0x8f, 0xc1, 0x18, 0x71, 0x2d, 0xd1, 0x69, 0x93, 0x74, 0x95, 0xad, 0xba, 0x16, 0xa6, 0x65, + 0x74, 0x88, 0x1c, 0x2f, 0x31, 0x19, 0xd9, 0x10, 0xdd, 0x12, 0x65, 0x58, 0x42, 0xf5, 0x7f, 0x3a, + 0x0e, 0x4f, 0xde, 0xf0, 0x7c, 0xfb, 0x9e, 0xe7, 0x86, 0x86, 0xb3, 0xe1, 0x59, 0xf1, 0xf1, 0x99, + 0x18, 0xee, 0xaf, 0x68, 0xf0, 0xa8, 0xd9, 0x1f, 0xb4, 0x5d, 0x3b, 0xb4, 0x8d, 0xe8, 0x54, 0x63, + 0x83, 0xf8, 0xb6, 0x57, 0xf6, 0x14, 0x8d, 0x85, 0x31, 0xb7, 0x36, 0x36, 0xf3, 0x48, 0xe2, 0x22, + 0x5e, 0xec, 0x30, 0xcf, 0xf2, 0xee, 0xba, 0xac, 0x71, 0x9d, 0x90, 0x85, 0x56, 0xdf, 0x8b, 0x3f, + 0xb1, 0xe4, 0x61, 0xde, 0x4a, 0x2e, 0x45, 0x5c, 0xc0, 0x09, 0x7d, 0x11, 0x2e, 0xda, 0xbc, 0x71, + 0x98, 0x18, 0x96, 0xed, 0x92, 0x20, 0x60, 0x47, 0x5a, 0xa3, 0x9c, 0x56, 0xb5, 0xf3, 0x08, 0xe2, + 0x7c, 0x3e, 0xe8, 0x4d, 0x80, 0xe0, 0xc0, 0x35, 0x45, 0xff, 0x57, 0x4b, 0x71, 0xe5, 0x3b, 0xa9, + 0xa4, 0x82, 0x15, 0x8a, 0x74, 0x33, 0x09, 0x3d, 0x87, 0xf8, 0x86, 0x6b, 0x72, 0x5f, 0xb5, 0xc6, + 0x37, 0x93, 0x3b, 0x51, 0x21, 0x8e, 0xe1, 0xfa, 0x3f, 0xd0, 0x60, 0x52, 0x5c, 0x59, 0x40, 0x1f, + 0x4a, 0x29, 0x54, 0xd2, 0x61, 0x95, 0x52, 0xaa, 0x0e, 0x98, 0xb3, 0x41, 0xa8, 0xac, 0x42, 0x48, + 0x95, 0xda, 0x91, 0x05, 0xe3, 0x58, 0xff, 0x4d, 0x38, 0x1d, 0x22, 0x9d, 0x58, 0x61, 0xa6, 0x7f, + 0x43, 0x83, 0xf9, 0x4c, 0xad, 0x21, 0xb4, 0xe5, 0x33, 0xf4, 0x96, 0xff, 0x5f, 0x00, 0x76, 0x3b, + 0x65, 0x79, 0xa3, 0xdd, 0x21, 0xfe, 0x9e, 0x5c, 0x84, 0x7f, 0x59, 0x83, 0xb9, 0xf8, 0x5c, 0x47, + 0xb4, 0x42, 0x2b, 0x1f, 0xc6, 0x73, 0x33, 0x45, 0xab, 0xb9, 0x20, 0xbe, 0x7b, 0x2e, 0x0d, 0xc1, + 0x19, 0xbe, 0xe8, 0xe7, 0x35, 0x98, 0x33, 0x92, 0xb7, 0x53, 0x22, 0x91, 0x59, 0x2a, 0xea, 0x32, + 0x75, 0xd3, 0x25, 0x6e, 0x4b, 0x0a, 0x10, 0xe0, 0x0c, 0x5b, 0xf4, 0x71, 0x98, 0x36, 0xfa, 0xf6, + 0xf2, 0xc0, 0xb2, 0x89, 0x6b, 0xca, 0x2b, 0x0d, 0xcc, 0x92, 0x5f, 0xde, 0x68, 0xcb, 0x72, 0x9c, + 0xc0, 0x92, 0xd7, 0x4f, 0x44, 0x47, 0x8e, 0x8f, 0x78, 0xfd, 0x44, 0xf4, 0x61, 0x7c, 0xfd, 0x44, + 0x74, 0x9d, 0xca, 0x04, 0xfd, 0x04, 0x3c, 0xc6, 0xf7, 0x9a, 0xa6, 0x11, 0xd8, 0xe6, 0xf2, 0x20, + 0xdc, 0x21, 0x6e, 0x18, 0x69, 0x0c, 0xdc, 0x64, 0x61, 0xc7, 0xfa, 0xab, 0x45, 0x48, 0xb8, 0xb8, + 0x3e, 0x72, 0x01, 0x3c, 0xdb, 0x32, 0xc5, 0xf7, 0xf0, 0x93, 0xe5, 0x52, 0x51, 0x17, 0xb7, 0xdb, + 0x2b, 0x2d, 0xf1, 0x39, 0x4c, 0x4c, 0xc4, 0xbf, 0xb1, 0xc2, 0x01, 0x7d, 0x55, 0x83, 0x19, 0x31, + 0xc9, 0x05, 0xcf, 0x49, 0x36, 0xfe, 0x6f, 0x94, 0x9d, 0x8c, 0xa9, 0x09, 0xbf, 0x84, 0x55, 0xe2, + 0x3c, 0x8e, 0x54, 0xc6, 0x19, 0x25, 0x60, 0x38, 0xd9, 0x0e, 0xf4, 0x37, 0x35, 0xb8, 0x10, 0x10, + 0x7f, 0xcf, 0x36, 0xc9, 0xb2, 0x69, 0x7a, 0x03, 0x37, 0x1a, 0xe4, 0x5a, 0xf9, 0xab, 0x00, 0x9d, + 0x1c, 0x7a, 0xfc, 0x80, 0x3b, 0x0f, 0x82, 0x73, 0xf9, 0xd3, 0xfd, 0xeb, 0xdc, 0x5d, 0x23, 0x34, + 0x77, 0x5a, 0x86, 0xb9, 0xc3, 0xf4, 0x77, 0x7e, 0xa6, 0x5d, 0x72, 0xd1, 0xbc, 0x9e, 0x24, 0xc5, + 0xed, 0xf2, 0x54, 0x21, 0x4e, 0x33, 0x44, 0x01, 0xd4, 0x7c, 0xf2, 0xf6, 0x80, 0x04, 0x61, 0xb0, + 0x00, 0x8c, 0x79, 0x7b, 0xe4, 0x11, 0xc3, 0x82, 0x20, 0xd7, 0x31, 0xa2, 0x5f, 0x58, 0x32, 0x42, + 0x5d, 0x78, 0x92, 0xcf, 0xdc, 0x65, 0xd7, 0x73, 0x0f, 0x7a, 0xde, 0x20, 0x48, 0xcd, 0xfe, 0x3a, + 0x9b, 0xfd, 0xec, 0x68, 0x7f, 0xf5, 0x38, 0x44, 0x7c, 0x3c, 0x9d, 0xc5, 0x57, 0x00, 0x65, 0xe7, + 0x0d, 0x9a, 0x83, 0xb1, 0x5d, 0xc2, 0xef, 0x98, 0x4d, 0x61, 0xfa, 0x2f, 0xba, 0x00, 0xd5, 0x3d, + 0xc3, 0x19, 0x70, 0x85, 0xb3, 0x86, 0xf9, 0x8f, 0x17, 0x2a, 0x9f, 0xd4, 0xf4, 0xdf, 0xd5, 0xe0, + 0x62, 0xee, 0xc7, 0x21, 0x0c, 0x97, 0x58, 0xdc, 0x82, 0xbb, 0x36, 0x08, 0x8d, 0xd0, 0x76, 0xbb, + 0x6d, 0x77, 0xdb, 0xb1, 0xbb, 0x3b, 0x5c, 0x3f, 0xab, 0x72, 0x6d, 0x62, 0x2d, 0x17, 0x03, 0x17, + 0xd4, 0x44, 0x6d, 0x38, 0xdf, 0x33, 0xf6, 0x33, 0x04, 0x2b, 0x8c, 0x20, 0xbb, 0xa9, 0xb8, 0x96, + 0x05, 0xe3, 0xbc, 0x3a, 0xfa, 0xd7, 0xaa, 0xf0, 0x38, 0x6d, 0x78, 0xbc, 0xb1, 0xad, 0x19, 0xae, + 0xd1, 0x7d, 0x77, 0x6e, 0x20, 0xbf, 0xa9, 0xc1, 0xa3, 0x3b, 0xf9, 0x4a, 0xa7, 0xd8, 0x5a, 0x5f, + 0x2d, 0xa5, 0x7a, 0x1f, 0xa7, 0xc7, 0xf2, 0xe9, 0x75, 0x2c, 0x0a, 0x2e, 0x6a, 0x14, 0x7a, 0x05, + 0xe6, 0x5c, 0xcf, 0x22, 0xad, 0xf6, 0x0a, 0x5e, 0x33, 0x82, 0xdd, 0x4e, 0x64, 0x96, 0x57, 0xb9, + 0x7b, 0x6a, 0x3d, 0x05, 0xc3, 0x19, 0x6c, 0xb4, 0x07, 0xa8, 0xef, 0x59, 0xab, 0x7b, 0xb6, 0x19, + 0x05, 0x2a, 0x94, 0x77, 0x89, 0xb1, 0x6b, 0x18, 0x1b, 0x19, 0x6a, 0x38, 0x87, 0x03, 0xd3, 0x9a, + 0x69, 0x63, 0xd6, 0x3c, 0xd7, 0x0e, 0x3d, 0x9f, 0xc5, 0xc5, 0x8c, 0xa4, 0x3c, 0xb2, 0x79, 0xbe, + 0x9e, 0x4b, 0x11, 0x17, 0x70, 0xd2, 0xff, 0xa7, 0x06, 0xe7, 0xe8, 0xb4, 0xd8, 0xf0, 0xbd, 0xfd, + 0x83, 0x77, 0xe3, 0x84, 0x7c, 0x1a, 0xc6, 0x7b, 0x9e, 0x15, 0x19, 0xa0, 0x17, 0xa9, 0xfe, 0xb7, + 0xe6, 0x59, 0xe4, 0x3e, 0xf7, 0xd3, 0xed, 0x1f, 0xb0, 0x48, 0x29, 0x86, 0xa2, 0x9a, 0x93, 0x63, + 0xc5, 0xe6, 0xa4, 0xfe, 0x1f, 0x35, 0xae, 0xc8, 0x45, 0xe6, 0xdc, 0xbb, 0x72, 0x1d, 0x3e, 0x07, + 0x33, 0xb4, 0x6c, 0xcd, 0xd8, 0xdf, 0x58, 0x79, 0xcd, 0x73, 0xa2, 0x20, 0x1f, 0x76, 0xa4, 0x78, + 0x53, 0x05, 0xe0, 0x24, 0x9e, 0xfe, 0x1f, 0x66, 0x81, 0x21, 0x38, 0x24, 0x7c, 0x37, 0x7e, 0xd7, + 0x33, 0x50, 0x37, 0xfb, 0x83, 0xd6, 0xb5, 0xce, 0xab, 0x03, 0x2f, 0x34, 0x84, 0xa7, 0x91, 0x69, + 0x67, 0xad, 0x8d, 0xcd, 0xa8, 0x18, 0xab, 0x38, 0x74, 0x85, 0x9b, 0xfd, 0x81, 0x90, 0x99, 0x1b, + 0xea, 0x91, 0x14, 0x5b, 0xe1, 0xad, 0x8d, 0xcd, 0x04, 0x0c, 0x67, 0xb0, 0xd1, 0x17, 0x61, 0x9a, + 0x88, 0xc5, 0x77, 0xc3, 0xf0, 0x2d, 0xb1, 0xb6, 0x4b, 0x6f, 0xaf, 0xb2, 0x6b, 0xa3, 0x15, 0xcd, + 0x95, 0xda, 0x55, 0x85, 0x05, 0x4e, 0x30, 0x64, 0x0a, 0xa6, 0xf8, 0x4d, 0x47, 0xca, 0xb3, 0xd2, + 0x8b, 0xbd, 0x2a, 0x14, 0xcc, 0x22, 0x24, 0x5c, 0x5c, 0x1f, 0xfd, 0x86, 0x06, 0x97, 0x24, 0xd4, + 0x76, 0xed, 0xde, 0xa0, 0x87, 0x89, 0xe9, 0x18, 0x76, 0x4f, 0x68, 0x9b, 0xaf, 0x3f, 0xb4, 0x0f, + 0x4d, 0x92, 0xe7, 0x02, 0x27, 0x1f, 0x86, 0x0b, 0x9a, 0x84, 0xbe, 0xa1, 0xc1, 0x95, 0x08, 0xb4, + 0x41, 0xed, 0xbd, 0x81, 0x4f, 0xe2, 0x30, 0x31, 0xd1, 0x25, 0x93, 0xa5, 0xe4, 0xdf, 0x07, 0x8e, + 0x0e, 0x1b, 0x57, 0x56, 0x1f, 0x40, 0x1b, 0x3f, 0x90, 0xbb, 0x3a, 0x5d, 0x3a, 0xde, 0x76, 0x28, + 0xd4, 0xd3, 0xd3, 0x9a, 0x2e, 0x94, 0x05, 0x4e, 0x30, 0x44, 0xbf, 0xa5, 0xc1, 0xa3, 0x6a, 0x81, + 0x3a, 0x5b, 0xb8, 0x5e, 0xfa, 0xd9, 0x87, 0xd6, 0x98, 0x14, 0x7d, 0xee, 0x01, 0x2a, 0x00, 0xe2, + 0xa2, 0x56, 0x51, 0xd1, 0xdb, 0x63, 0x13, 0x93, 0xeb, 0xae, 0x55, 0x2e, 0x7a, 0xf9, 0x5c, 0x0d, + 0x70, 0x04, 0xa3, 0x26, 0x61, 0xdf, 0xb3, 0x36, 0x6c, 0x2b, 0xb8, 0x65, 0xf7, 0xec, 0x90, 0x69, + 0x97, 0x63, 0xbc, 0x3b, 0x36, 0x3c, 0x6b, 0xa3, 0xbd, 0xc2, 0xcb, 0x71, 0x02, 0x8b, 0x85, 0x69, + 0xdb, 0x3d, 0xa3, 0x4b, 0x36, 0x06, 0x8e, 0xb3, 0xe1, 0x7b, 0xcc, 0x4d, 0xb0, 0x42, 0x0c, 0xcb, + 0xb1, 0x5d, 0xb2, 0x30, 0x5d, 0x3e, 0x4c, 0xbb, 0x5d, 0x44, 0x14, 0x17, 0xf3, 0x43, 0x4b, 0x00, + 0xdb, 0x86, 0xed, 0x74, 0xee, 0x1a, 0xfd, 0xdb, 0xee, 0xc2, 0x0c, 0x13, 0x60, 0xcc, 0x1e, 0xbb, + 0x26, 0x4b, 0xb1, 0x82, 0x41, 0x67, 0x13, 0x95, 0x82, 0x98, 0xf0, 0xcb, 0x5a, 0x0b, 0xb3, 0x0f, + 0x69, 0x36, 0x45, 0x04, 0x79, 0xf7, 0xdd, 0x54, 0x58, 0xe0, 0x04, 0x43, 0xf4, 0x15, 0x0d, 0x66, + 0x83, 0x83, 0x20, 0x24, 0x3d, 0xd9, 0x86, 0x73, 0x0f, 0xbb, 0x0d, 0xcc, 0x81, 0xd2, 0x49, 0x30, + 0xc1, 0x29, 0xa6, 0xc8, 0x80, 0xc7, 0x59, 0xaf, 0x5e, 0x6f, 0xdd, 0xb0, 0xbb, 0x3b, 0x32, 0xf8, + 0x7a, 0x83, 0xf8, 0x26, 0x71, 0xc3, 0x85, 0x39, 0x36, 0x6f, 0x1a, 0x47, 0x87, 0x8d, 0xc7, 0xdb, + 0xc5, 0x68, 0xf8, 0x38, 0x1a, 0xe8, 0x4d, 0x58, 0x14, 0xe0, 0x5b, 0xde, 0xdd, 0x0c, 0x87, 0x79, + 0xc6, 0x81, 0x45, 0xc4, 0xb7, 0x0b, 0xb1, 0xf0, 0x31, 0x14, 0xf4, 0xc3, 0x0a, 0xb7, 0x41, 0x32, + 0xab, 0x08, 0xbd, 0x04, 0xe7, 0x7a, 0xa4, 0xe7, 0xf9, 0x07, 0xcb, 0x51, 0x4e, 0x06, 0xe1, 0xb5, + 0x62, 0xc6, 0xdf, 0x5a, 0x12, 0x84, 0xd3, 0xb8, 0x74, 0x8f, 0x63, 0x6c, 0xaf, 0x75, 0xe2, 0xfa, + 0x95, 0x78, 0x8f, 0x6b, 0xa7, 0x60, 0x38, 0x83, 0x8d, 0x5a, 0x30, 0x2f, 0xca, 0xda, 0x54, 0xd5, + 0x0b, 0xae, 0xf9, 0x24, 0x3a, 0xc7, 0xa1, 0x4a, 0xd3, 0x7c, 0x3b, 0x0d, 0xc4, 0x59, 0x7c, 0xfa, + 0x15, 0xf4, 0x87, 0xda, 0x8a, 0xf1, 0xf8, 0x2b, 0xd6, 0x93, 0x20, 0x9c, 0xc6, 0x8d, 0x74, 0xf1, + 0x44, 0x13, 0xaa, 0xf1, 0x57, 0xac, 0xa7, 0x60, 0x38, 0x83, 0xad, 0xff, 0xc9, 0x38, 0xbc, 0x7f, + 0x88, 0x9d, 0x07, 0xf5, 0xf2, 0xbb, 0xfb, 0x01, 0x72, 0x60, 0x29, 0x0a, 0x13, 0x58, 0x7a, 0x75, + 0x60, 0xb8, 0xa1, 0x1d, 0x1e, 0x0c, 0x39, 0x3c, 0xfd, 0x82, 0xe1, 0x39, 0x39, 0xbf, 0x61, 0x87, + 0x33, 0x28, 0x1a, 0xce, 0x93, 0xb3, 0x1c, 0x7e, 0xf8, 0x7b, 0xf9, 0xc3, 0x5f, 0xb2, 0x57, 0x1f, + 0x38, 0x5d, 0xfa, 0x05, 0xd3, 0xa5, 0x64, 0xaf, 0x0e, 0x31, 0xbd, 0xfe, 0x74, 0x1c, 0x3e, 0x30, + 0xcc, 0x2e, 0x58, 0x72, 0x7e, 0xe5, 0xec, 0x33, 0xa7, 0x3a, 0xbf, 0x8a, 0x62, 0x32, 0x4e, 0x71, + 0x7e, 0xe5, 0xb0, 0x3c, 0xed, 0xf9, 0x55, 0xd4, 0xab, 0xa7, 0x35, 0xbf, 0x8a, 0x7a, 0x75, 0x88, + 0xf9, 0xf5, 0x67, 0xe9, 0xfd, 0x41, 0x6e, 0x7e, 0x6d, 0x18, 0x33, 0xfb, 0x83, 0x92, 0x42, 0x8a, + 0x9d, 0x20, 0xb6, 0x36, 0x36, 0x31, 0xa5, 0x81, 0x30, 0x4c, 0xf0, 0xf9, 0x53, 0x52, 0x04, 0xb1, + 0x78, 0x1a, 0x3e, 0x25, 0xb1, 0xa0, 0x44, 0xbb, 0x8a, 0xf4, 0x77, 0x48, 0x8f, 0xf8, 0x86, 0xd3, + 0x09, 0x3d, 0xdf, 0xe8, 0x96, 0x95, 0x36, 0xac, 0xab, 0x56, 0x53, 0xb4, 0x70, 0x86, 0x3a, 0xed, + 0x90, 0xbe, 0x6d, 0x95, 0x94, 0x2f, 0xac, 0x43, 0x36, 0xda, 0x2b, 0x98, 0xd2, 0xd0, 0xff, 0xb0, + 0x06, 0xca, 0x2d, 0x1b, 0x6a, 0x6c, 0x19, 0x8e, 0xe3, 0xdd, 0xdd, 0xf0, 0xed, 0x3d, 0xdb, 0x21, + 0x5d, 0x62, 0xc9, 0x6b, 0x18, 0x81, 0x38, 0x67, 0x66, 0xda, 0xdf, 0x72, 0x11, 0x12, 0x2e, 0xae, + 0x4f, 0x8d, 0xe9, 0x79, 0x33, 0x7d, 0x9b, 0x71, 0x94, 0xb3, 0xb2, 0xcc, 0xd5, 0x48, 0xbe, 0x9e, + 0x32, 0xc5, 0x38, 0xcb, 0x16, 0x7d, 0x49, 0xe3, 0x5e, 0x02, 0xe9, 0x12, 0x15, 0x63, 0x76, 0xfd, + 0x21, 0xb9, 0xfa, 0x63, 0x77, 0x43, 0xec, 0x74, 0x4d, 0x32, 0xa4, 0xe6, 0xdc, 0xc5, 0xdd, 0x3c, + 0xe7, 0xa6, 0x18, 0xd9, 0xdb, 0x65, 0x9b, 0x52, 0xe0, 0x2d, 0xe5, 0xe7, 0xb2, 0xb9, 0x08, 0x38, + 0xbf, 0x21, 0xb2, 0x97, 0xa4, 0xbf, 0x47, 0x08, 0x81, 0xd2, 0xbd, 0x94, 0x72, 0x1c, 0xc5, 0xbd, + 0x24, 0x01, 0x38, 0xc9, 0x10, 0xf5, 0x61, 0x6a, 0x37, 0x72, 0xb2, 0x09, 0xa3, 0xbc, 0x55, 0x96, + 0xbb, 0xe2, 0xa9, 0xe3, 0xe7, 0xbf, 0xb2, 0x10, 0xc7, 0x4c, 0xd0, 0x0e, 0x4c, 0xee, 0x72, 0x41, + 0x24, 0x8c, 0xe9, 0xe5, 0x91, 0x95, 0x7d, 0x6e, 0xd3, 0x89, 0x22, 0x1c, 0x91, 0x57, 0xe3, 0x3f, + 0x6a, 0x0f, 0x08, 0xfb, 0xf9, 0x9a, 0x06, 0x17, 0xf7, 0x88, 0x1f, 0xda, 0x66, 0xda, 0xb5, 0x3c, + 0x55, 0xde, 0x20, 0x79, 0x2d, 0x8f, 0x20, 0x9f, 0x26, 0xb9, 0x20, 0x9c, 0xdf, 0x04, 0xfd, 0x87, + 0x1a, 0x64, 0x1c, 0x58, 0xe8, 0x17, 0x35, 0x98, 0xde, 0x26, 0x46, 0x38, 0xf0, 0xc9, 0x75, 0x23, + 0x94, 0xa1, 0xac, 0xaf, 0x3d, 0x0c, 0xbf, 0xd9, 0xd2, 0x35, 0x85, 0x30, 0x3f, 0x47, 0x93, 0x57, + 0xe6, 0x55, 0x10, 0x4e, 0xb4, 0x60, 0xf1, 0x65, 0x98, 0xcf, 0x54, 0x3c, 0xd1, 0x41, 0xca, 0xbf, + 0x10, 0xfe, 0xcf, 0x74, 0x46, 0xc5, 0x37, 0xa1, 0x6a, 0x58, 0x96, 0xcc, 0xd7, 0xf4, 0x7c, 0xb9, + 0xf3, 0x62, 0x4b, 0x8d, 0x18, 0x66, 0x3f, 0x31, 0x27, 0x8b, 0xae, 0x01, 0x32, 0x12, 0x87, 0x42, + 0x6b, 0x9e, 0x15, 0x59, 0x49, 0xcc, 0x6f, 0xbe, 0x9c, 0x81, 0xe2, 0x9c, 0x1a, 0xfa, 0x8b, 0x30, + 0x9b, 0xbc, 0x6b, 0x79, 0x82, 0xc8, 0x33, 0xfd, 0x2f, 0x69, 0x80, 0xb2, 0x19, 0x1a, 0x90, 0x0f, + 0x35, 0x81, 0x11, 0x0d, 0x71, 0x29, 0xd7, 0x68, 0x3a, 0x26, 0x2e, 0x0e, 0xd9, 0x16, 0x05, 0x01, + 0x96, 0x7c, 0xf4, 0x1f, 0x69, 0x10, 0x27, 0x84, 0x41, 0x9f, 0x80, 0xba, 0x45, 0x02, 0xd3, 0xb7, + 0xfb, 0x61, 0xfc, 0x1d, 0xf2, 0x76, 0xfd, 0x4a, 0x0c, 0xc2, 0x2a, 0x1e, 0xd2, 0x61, 0x22, 0x34, + 0x82, 0xdd, 0xf6, 0x8a, 0x30, 0x17, 0xd9, 0xe6, 0x7e, 0x87, 0x95, 0x60, 0x01, 0x89, 0xef, 0x2d, + 0x8e, 0x0d, 0x71, 0x6f, 0x11, 0x6d, 0x3f, 0x84, 0x4b, 0x9a, 0xe8, 0xc1, 0x17, 0x34, 0xf5, 0x3f, + 0xae, 0x40, 0x32, 0x07, 0x4f, 0xd9, 0x2e, 0xc8, 0xde, 0x2a, 0xad, 0x9c, 0xda, 0xad, 0xd2, 0x8f, + 0xb0, 0x04, 0x76, 0x3c, 0xe3, 0x28, 0x3f, 0x65, 0x52, 0xd3, 0xce, 0xf1, 0x7c, 0xa1, 0x12, 0x03, + 0x3d, 0xcf, 0xe2, 0xc4, 0xc2, 0xc8, 0x88, 0x7e, 0x7f, 0xb4, 0x2c, 0x3a, 0xb4, 0xf0, 0xbe, 0xb8, + 0x37, 0x2b, 0xbf, 0x9f, 0x95, 0x62, 0x5e, 0x03, 0x7d, 0x42, 0x84, 0x15, 0x56, 0x13, 0x77, 0x7b, + 0xa3, 0x0b, 0xc1, 0xf3, 0x89, 0x8a, 0x71, 0xac, 0xa1, 0xfe, 0xd7, 0x35, 0x98, 0x14, 0xe9, 0x36, + 0x86, 0x88, 0x4c, 0xdc, 0x86, 0x2a, 0x53, 0xd2, 0x47, 0xd1, 0x5f, 0x3a, 0x3b, 0x9e, 0x17, 0x26, + 0x92, 0x8e, 0xb0, 0x70, 0x38, 0xf6, 0x2f, 0xe6, 0xe4, 0xf5, 0xaf, 0x8f, 0xc3, 0x15, 0x81, 0x92, + 0xd9, 0x9e, 0xe5, 0x12, 0x3c, 0x80, 0xf3, 0x62, 0x94, 0x56, 0x7c, 0xc3, 0x96, 0xe7, 0x70, 0xe5, + 0xcc, 0x2e, 0x71, 0x42, 0x9b, 0x21, 0x87, 0xf3, 0x78, 0xf0, 0xeb, 0xf5, 0xac, 0xf8, 0x06, 0x31, + 0x9c, 0x70, 0x27, 0xe2, 0x5d, 0x19, 0xe5, 0x7a, 0x7d, 0x96, 0x1e, 0xce, 0xe5, 0xc2, 0xce, 0x01, + 0x05, 0xa0, 0xe5, 0x13, 0x43, 0x3d, 0x84, 0x1c, 0x21, 0x7a, 0x6e, 0x2d, 0x97, 0x22, 0x2e, 0xe0, + 0xc4, 0xfc, 0x57, 0xc6, 0x3e, 0x33, 0x87, 0x31, 0x09, 0x7d, 0x9b, 0xa5, 0x81, 0xa1, 0xf3, 0x9b, + 0x1b, 0xb0, 0x49, 0x10, 0x4e, 0xe3, 0xa2, 0x17, 0x60, 0x96, 0x9d, 0xab, 0xc6, 0x77, 0xd5, 0xaa, + 0x71, 0x02, 0xda, 0xf5, 0x04, 0x04, 0xa7, 0x30, 0xf5, 0x6f, 0x6a, 0x30, 0xad, 0x4e, 0xa0, 0x21, + 0x22, 0x99, 0x07, 0x8a, 0xb8, 0x1e, 0x21, 0x20, 0x54, 0xe5, 0x3a, 0x8c, 0xc4, 0xbe, 0xaf, 0xc1, + 0xf9, 0x9c, 0x3a, 0xec, 0x84, 0x8d, 0xa4, 0x44, 0xff, 0x28, 0x27, 0x6c, 0x99, 0x6d, 0x44, 0x9e, + 0xb0, 0xa5, 0x21, 0x38, 0xc3, 0x17, 0xbd, 0x06, 0x63, 0xa6, 0x6f, 0x8b, 0x6e, 0x79, 0xae, 0x94, + 0x49, 0x82, 0xdb, 0x71, 0x78, 0x78, 0x0b, 0xb7, 0x31, 0x25, 0xa8, 0xff, 0x93, 0x31, 0xa8, 0x2b, + 0x99, 0x7c, 0xd0, 0xda, 0x28, 0x16, 0x6d, 0x4c, 0x3e, 0xb2, 0x6a, 0xd7, 0x60, 0xac, 0xdb, 0x1f, + 0x94, 0x34, 0x69, 0x25, 0xb9, 0xeb, 0x94, 0x5c, 0xb7, 0x3f, 0x40, 0xaf, 0x49, 0x23, 0xb9, 0x9c, + 0x19, 0x2b, 0x63, 0x24, 0x53, 0x86, 0x72, 0x34, 0x37, 0xc7, 0x0b, 0xe7, 0x66, 0x0f, 0x26, 0x03, + 0x61, 0x41, 0x57, 0xcb, 0x67, 0x91, 0x52, 0x7a, 0x5a, 0x58, 0xcc, 0x5c, 0xfd, 0x8e, 0x0c, 0xea, + 0x88, 0x07, 0x55, 0x00, 0x06, 0x2c, 0xa6, 0x9b, 0xd9, 0x15, 0x35, 0xae, 0x00, 0x6c, 0xb2, 0x12, + 0x2c, 0x20, 0xfa, 0xcf, 0x55, 0x00, 0x65, 0x09, 0xa2, 0xf7, 0x43, 0x95, 0x85, 0xb6, 0x8b, 0x85, + 0xa6, 0xe4, 0xc7, 0x30, 0x82, 0x00, 0x73, 0x18, 0xea, 0x88, 0xab, 0x0e, 0xe5, 0x06, 0x86, 0x9d, + 0xec, 0x0a, 0x7e, 0xca, 0xbd, 0x88, 0x68, 0x6b, 0x1a, 0x2b, 0xdc, 0x9a, 0x36, 0x61, 0xb2, 0x67, + 0xbb, 0x2c, 0x9a, 0xa3, 0x9c, 0x8b, 0x80, 0x1f, 0x40, 0x71, 0x12, 0x38, 0xa2, 0xa5, 0xff, 0x69, + 0x85, 0x4e, 0x62, 0xdb, 0x0d, 0x89, 0x6b, 0xb8, 0x26, 0x41, 0x07, 0x00, 0xc6, 0x20, 0xf4, 0xf8, + 0x0e, 0x2f, 0xe6, 0x72, 0xbb, 0xdc, 0x78, 0x49, 0xa2, 0xcb, 0x92, 0x20, 0x3f, 0x17, 0x8a, 0x7f, + 0x63, 0x85, 0x19, 0x65, 0x1d, 0xda, 0x3d, 0xf2, 0xba, 0xed, 0x5a, 0xde, 0x5d, 0xd1, 0xbd, 0xa3, + 0xb2, 0xbe, 0x23, 0x09, 0x72, 0xd6, 0xf1, 0x6f, 0xac, 0x30, 0x43, 0x9f, 0x85, 0x05, 0x96, 0x14, + 0xdb, 0x65, 0x49, 0xd2, 0x44, 0xdb, 0x3c, 0xc7, 0x89, 0xb6, 0x9c, 0x1a, 0x4b, 0x4c, 0xb3, 0xd0, + 0x2a, 0xc0, 0xc1, 0x85, 0xb5, 0xf5, 0xdf, 0xd2, 0xe0, 0x62, 0x6e, 0x57, 0xa0, 0xeb, 0x30, 0x1f, + 0x07, 0x03, 0xa8, 0x32, 0xb2, 0x16, 0xe7, 0xfc, 0xbb, 0x99, 0x46, 0xc0, 0xd9, 0x3a, 0x68, 0x4d, + 0xea, 0x09, 0xaa, 0x0c, 0x16, 0x91, 0x04, 0x8f, 0x0b, 0x52, 0x79, 0x62, 0x1a, 0xe7, 0xd5, 0xd3, + 0x7f, 0x22, 0xd1, 0xe0, 0xb8, 0xc3, 0xe8, 0xea, 0xd8, 0x22, 0x5d, 0x19, 0x34, 0x2d, 0x57, 0x47, + 0x93, 0x16, 0x62, 0x0e, 0x43, 0x4f, 0xaa, 0x81, 0xfe, 0x52, 0x0a, 0x45, 0xc1, 0xfe, 0x7a, 0x08, + 0x20, 0x62, 0x6e, 0x6c, 0xb7, 0x8b, 0xb6, 0xa1, 0x66, 0x88, 0x8c, 0xed, 0x62, 0xaa, 0x7d, 0xaa, + 0x94, 0x8d, 0x25, 0x68, 0xf0, 0xa0, 0xbe, 0xe8, 0x17, 0x96, 0xb4, 0xf5, 0xbf, 0xaf, 0xc1, 0x25, + 0x2a, 0x90, 0xac, 0xe8, 0xda, 0xa1, 0xbc, 0x92, 0x3e, 0xc4, 0xd6, 0xda, 0x83, 0xba, 0x1f, 0x57, + 0x13, 0xf3, 0xf2, 0xc7, 0xd5, 0xeb, 0xee, 0xca, 0xf3, 0x0d, 0x54, 0xed, 0x68, 0xf9, 0x5e, 0x10, + 0x0d, 0x4e, 0xfa, 0x06, 0xbc, 0x54, 0xde, 0x95, 0x96, 0x60, 0x95, 0xbe, 0xfe, 0xe5, 0x0a, 0xc0, + 0x3a, 0x09, 0xef, 0x7a, 0xfe, 0x2e, 0xed, 0xa2, 0x77, 0xd5, 0x6d, 0x9a, 0x27, 0x60, 0xbc, 0xef, + 0x59, 0x81, 0x90, 0x52, 0xec, 0x0e, 0x18, 0x3b, 0xce, 0x66, 0xa5, 0xa8, 0x01, 0x55, 0xe6, 0xf8, + 0x15, 0x5b, 0x01, 0xd3, 0x7a, 0xa9, 0xa6, 0x13, 0x60, 0x5e, 0xce, 0x73, 0x71, 0xb2, 0x68, 0xd3, + 0x40, 0xa8, 0xf1, 0x22, 0x17, 0x27, 0x2f, 0xc3, 0x12, 0xaa, 0x7f, 0x79, 0x1c, 0x12, 0x4f, 0x0e, + 0xc4, 0xa6, 0xb8, 0x76, 0x3a, 0xa6, 0xf8, 0x67, 0x61, 0xc1, 0xf1, 0x0c, 0xab, 0x69, 0x38, 0x74, + 0xd2, 0xfb, 0x1d, 0x3e, 0x1c, 0x86, 0xdb, 0x95, 0xf9, 0xec, 0x99, 0x00, 0xb8, 0x55, 0x80, 0x83, + 0x0b, 0x6b, 0xa3, 0x50, 0x3e, 0x74, 0xc0, 0x73, 0x18, 0xde, 0x1a, 0xf5, 0x41, 0x86, 0x25, 0x35, + 0xce, 0x58, 0xee, 0xca, 0xc9, 0xb7, 0x10, 0xd0, 0xcf, 0x6a, 0x70, 0x91, 0xec, 0x87, 0xc4, 0x77, + 0x0d, 0xe7, 0x8e, 0x6f, 0x6c, 0x6f, 0xdb, 0xa6, 0x08, 0x14, 0xe2, 0x83, 0xb3, 0x71, 0x74, 0xd8, + 0xb8, 0xb8, 0x9a, 0x87, 0x70, 0xff, 0xb0, 0xf1, 0xb1, 0xec, 0x7b, 0x23, 0x51, 0x58, 0x71, 0x6e, + 0x15, 0x36, 0x19, 0xf3, 0xd9, 0x2d, 0x3e, 0x0f, 0xf5, 0x13, 0xc4, 0xb7, 0x4e, 0xa9, 0x6e, 0x99, + 0x5f, 0x9d, 0x00, 0x25, 0xa4, 0xfb, 0x04, 0x99, 0x2b, 0xff, 0xb6, 0x06, 0x17, 0x4c, 0xc7, 0x26, + 0x6e, 0x98, 0x8a, 0xdd, 0xe5, 0x0b, 0x63, 0xb3, 0x54, 0xac, 0x79, 0x9f, 0xb8, 0xed, 0x95, 0x96, + 0xe7, 0xba, 0xc4, 0x0c, 0x5b, 0x39, 0xc4, 0xb9, 0x95, 0x93, 0x07, 0xc1, 0xb9, 0x8d, 0x61, 0xdf, + 0xc3, 0xca, 0xdb, 0x2b, 0xea, 0xbd, 0xa7, 0x96, 0x28, 0xc3, 0x12, 0x8a, 0x9e, 0x81, 0x7a, 0xd7, + 0xf7, 0x06, 0xfd, 0xa0, 0xc5, 0x62, 0x98, 0xf8, 0x08, 0x32, 0x45, 0xe2, 0x7a, 0x5c, 0x8c, 0x55, + 0x1c, 0xf4, 0x71, 0x98, 0xe6, 0x3f, 0x37, 0x7c, 0xb2, 0x6d, 0xef, 0x8b, 0xe5, 0xc6, 0x02, 0x23, + 0xae, 0x2b, 0xe5, 0x38, 0x81, 0x85, 0x3e, 0x0c, 0x53, 0x76, 0x10, 0x0c, 0x88, 0xbf, 0x89, 0x6f, + 0x89, 0xe4, 0x4f, 0xcc, 0xa1, 0xda, 0x8e, 0x0a, 0x71, 0x0c, 0x47, 0xbf, 0xa4, 0xc1, 0xac, 0x4f, + 0xde, 0x1e, 0xd8, 0x3e, 0xb1, 0x18, 0xd3, 0x40, 0xc4, 0xd5, 0xe3, 0xd1, 0x62, 0xf9, 0x97, 0x70, + 0x82, 0x28, 0x9f, 0xe7, 0xd2, 0x1d, 0x91, 0x04, 0xe2, 0x54, 0x0b, 0x68, 0x57, 0x05, 0x76, 0xd7, + 0xb5, 0xdd, 0xee, 0xb2, 0xd3, 0x0d, 0x16, 0x6a, 0x6c, 0xe9, 0x72, 0x9d, 0x2b, 0x2e, 0xc6, 0x2a, + 0x0e, 0x7a, 0x0e, 0x66, 0x06, 0x01, 0x9d, 0xb9, 0x3d, 0xc2, 0xfb, 0x77, 0x2a, 0x0e, 0x2c, 0xdc, + 0x54, 0x01, 0x38, 0x89, 0x47, 0x4d, 0xbc, 0xa8, 0x40, 0xf4, 0x32, 0xf0, 0xdb, 0xaf, 0xb4, 0x9d, + 0x9b, 0x09, 0x08, 0x4e, 0x61, 0x2e, 0x2e, 0xc3, 0xf9, 0x9c, 0xcf, 0x3c, 0xd1, 0xf2, 0xf8, 0x66, + 0x05, 0xde, 0xf7, 0xc0, 0x59, 0x89, 0xfe, 0x96, 0x06, 0x75, 0xb2, 0x1f, 0xfa, 0x86, 0x0c, 0x73, + 0xa4, 0x43, 0xb4, 0x7d, 0x2a, 0x4b, 0x60, 0x69, 0x35, 0x66, 0xc4, 0x87, 0x4d, 0x6e, 0x77, 0x0a, + 0x04, 0xab, 0xed, 0xa1, 0xda, 0x3a, 0xbf, 0x1b, 0xad, 0xba, 0xeb, 0x44, 0x66, 0x76, 0x01, 0x59, + 0xfc, 0x34, 0xcc, 0xa5, 0x29, 0x9f, 0xa8, 0xa7, 0xfe, 0x71, 0x05, 0xaa, 0x1b, 0x8e, 0x71, 0x26, + 0x79, 0xbc, 0xfe, 0x42, 0x22, 0x89, 0x4a, 0xa9, 0xcc, 0x34, 0xac, 0xa9, 0x85, 0xe9, 0x9b, 0xba, + 0xa9, 0xf4, 0x4d, 0x2f, 0x97, 0x67, 0x71, 0x7c, 0xb6, 0xa6, 0x7f, 0xa5, 0xc1, 0x14, 0xc3, 0x3b, + 0x83, 0x64, 0x1d, 0x6f, 0x26, 0x93, 0x75, 0x3c, 0x5f, 0xfa, 0x9b, 0x0a, 0x72, 0x73, 0x7c, 0x37, + 0xfa, 0x16, 0x96, 0x8a, 0xe3, 0x73, 0xea, 0x8b, 0x14, 0xfc, 0x63, 0x9e, 0xca, 0x4b, 0x5f, 0x74, + 0xcb, 0x33, 0x0d, 0x27, 0x93, 0xc3, 0xe8, 0xd8, 0x67, 0x29, 0x7a, 0x30, 0x45, 0xc4, 0xfd, 0xf3, + 0xe8, 0x63, 0x4a, 0xa9, 0xb4, 0xd1, 0x25, 0xf6, 0x98, 0x5d, 0x54, 0x12, 0xe0, 0x98, 0x83, 0xfe, + 0xcf, 0x2b, 0x50, 0x57, 0xc6, 0xf2, 0x9d, 0xc8, 0x8e, 0x74, 0x2d, 0x37, 0x59, 0x7b, 0x85, 0xc5, + 0x31, 0x5e, 0x3a, 0x41, 0xa2, 0x76, 0x1f, 0xea, 0x66, 0x9c, 0xe9, 0x72, 0x94, 0xc9, 0xad, 0x24, + 0xcc, 0x14, 0x81, 0xd4, 0x71, 0x01, 0x56, 0x99, 0xe8, 0xbf, 0x57, 0x81, 0xc9, 0x0d, 0xdf, 0xa3, + 0x03, 0x7c, 0x06, 0xa2, 0xc1, 0x48, 0x88, 0x86, 0x72, 0xeb, 0x96, 0x37, 0xb6, 0x50, 0x38, 0xd8, + 0x29, 0xe1, 0xb0, 0x3c, 0x0a, 0x93, 0xe3, 0xc5, 0xc3, 0xbf, 0xd1, 0xa0, 0x2e, 0x30, 0xcf, 0x40, + 0x40, 0x7c, 0x3e, 0x29, 0x20, 0x5e, 0x1c, 0xe1, 0xbb, 0x0a, 0x44, 0xc4, 0xd7, 0x34, 0x98, 0x11, + 0x18, 0x6b, 0xa4, 0xb7, 0x45, 0x7c, 0x74, 0x0d, 0x26, 0x83, 0x01, 0x1b, 0x48, 0xf1, 0x41, 0x8f, + 0xab, 0x42, 0xc2, 0xdf, 0x32, 0x4c, 0xf6, 0xee, 0x08, 0x47, 0x51, 0x32, 0xa6, 0xf1, 0x02, 0x1c, + 0x55, 0xa6, 0x26, 0x9c, 0xef, 0x39, 0x99, 0x8c, 0x01, 0xd8, 0x73, 0x08, 0x66, 0x10, 0x6a, 0x39, + 0xd1, 0xbf, 0xd1, 0x79, 0x14, 0xb3, 0x9c, 0x28, 0x38, 0xc0, 0xbc, 0x5c, 0xff, 0xca, 0xb8, 0xec, + 0x6c, 0x26, 0xc1, 0x6e, 0xc0, 0x94, 0xe9, 0x13, 0x23, 0x24, 0x56, 0xf3, 0x60, 0x98, 0xc6, 0x31, + 0x2d, 0xae, 0x15, 0xd5, 0xc0, 0x71, 0x65, 0xaa, 0x30, 0xa9, 0x47, 0x4c, 0x95, 0x58, 0xb7, 0x2c, + 0x3c, 0x5e, 0xfa, 0x14, 0x54, 0xbd, 0xbb, 0xae, 0x8c, 0xad, 0x38, 0x96, 0x31, 0xfb, 0x94, 0xdb, + 0x14, 0x1b, 0xf3, 0x4a, 0x2c, 0xab, 0x8a, 0x48, 0xaa, 0xc1, 0x15, 0xd9, 0x7a, 0x5e, 0x42, 0x0d, + 0xe4, 0xc0, 0x64, 0x8f, 0x0d, 0xc3, 0x48, 0x79, 0xab, 0x12, 0x03, 0xaa, 0x26, 0x32, 0x65, 0x94, + 0x71, 0xc4, 0x82, 0x2a, 0xbe, 0x54, 0x39, 0x0b, 0xfa, 0x86, 0x49, 0x54, 0xc5, 0x77, 0x3d, 0x2a, + 0xc4, 0x31, 0x1c, 0x1d, 0x40, 0x9d, 0x5f, 0x2b, 0xe7, 0x52, 0x76, 0xb2, 0xbc, 0x4f, 0x53, 0x34, + 0xef, 0x4e, 0x4c, 0x8d, 0x77, 0xbd, 0x52, 0x80, 0x55, 0x5e, 0xfa, 0x2f, 0x8c, 0xcb, 0x49, 0x2a, + 0x24, 0x7e, 0xfe, 0x5b, 0x19, 0x5a, 0xa9, 0xb7, 0x32, 0x3e, 0x06, 0xd5, 0xfe, 0x8e, 0x11, 0x44, + 0x33, 0x35, 0x4a, 0xba, 0x5b, 0xdd, 0xa0, 0x85, 0xf7, 0x0f, 0x1b, 0xd3, 0x82, 0x35, 0xfb, 0x8d, + 0x39, 0x2e, 0x1a, 0xc0, 0xf9, 0x20, 0x34, 0x1c, 0xd2, 0xb1, 0x85, 0xb7, 0x28, 0x08, 0x8d, 0x5e, + 0xbf, 0x44, 0xee, 0x5c, 0x76, 0x42, 0xd5, 0xc9, 0x92, 0xc2, 0x79, 0xf4, 0xd1, 0xcf, 0x68, 0xb0, + 0xc0, 0xca, 0x97, 0x07, 0xa1, 0xc7, 0xf3, 0x85, 0xc7, 0xcc, 0x4f, 0x7e, 0x3e, 0xcb, 0xac, 0xfb, + 0x4e, 0x01, 0x3d, 0x5c, 0xc8, 0x09, 0x7d, 0x01, 0x2e, 0x3a, 0x46, 0x10, 0x2e, 0x9b, 0xa1, 0xbd, + 0x67, 0x87, 0x07, 0x71, 0x13, 0xaa, 0x27, 0x6e, 0x02, 0x0b, 0xd0, 0xb8, 0x95, 0x47, 0x0c, 0xe7, + 0xf3, 0xd0, 0xff, 0x4c, 0x03, 0x94, 0x9d, 0x42, 0xc8, 0x81, 0x9a, 0x45, 0xb6, 0x8d, 0x81, 0x13, + 0x46, 0x2a, 0x40, 0xa9, 0xdb, 0xd5, 0x31, 0xc9, 0x58, 0x32, 0xaf, 0x08, 0xba, 0x58, 0x72, 0x40, + 0x1e, 0x4c, 0xdd, 0xdd, 0xb1, 0x43, 0xe2, 0xd8, 0x41, 0x28, 0xa4, 0xf3, 0xa8, 0xec, 0xa4, 0xce, + 0xf3, 0x7a, 0x44, 0x18, 0xc7, 0x3c, 0xf4, 0x9f, 0x1b, 0x83, 0xda, 0x09, 0x9e, 0x67, 0x1b, 0x00, + 0x12, 0x69, 0x15, 0xa8, 0xa2, 0x44, 0x46, 0x71, 0x91, 0x31, 0x75, 0xa6, 0x95, 0x21, 0x86, 0x73, + 0x18, 0xa0, 0x2f, 0xc0, 0x05, 0xdb, 0xdd, 0xf6, 0x8d, 0x20, 0xf4, 0x07, 0x66, 0x38, 0xf0, 0xc9, + 0x28, 0x39, 0x7b, 0x99, 0x6b, 0xa1, 0x9d, 0x43, 0x0e, 0xe7, 0x32, 0x41, 0x04, 0x26, 0xef, 0x7a, + 0xfe, 0x2e, 0x15, 0x9e, 0xe3, 0xe5, 0x5f, 0x76, 0x78, 0x9d, 0x91, 0x88, 0xa5, 0x26, 0xff, 0x1d, + 0xe0, 0x88, 0xb6, 0xfe, 0x6d, 0x0d, 0xaa, 0xfc, 0x46, 0xda, 0x7b, 0xc2, 0xae, 0x62, 0x4d, 0x2d, + 0xcc, 0x45, 0x49, 0xcd, 0x1d, 0x86, 0xf1, 0x1e, 0x31, 0x77, 0x58, 0x5b, 0x0b, 0x74, 0x99, 0x6f, + 0x8f, 0x89, 0x6f, 0x61, 0xca, 0x42, 0x1b, 0xce, 0x0b, 0xa5, 0xf7, 0x96, 0xbd, 0x4d, 0xe8, 0xec, + 0x5a, 0x31, 0x0e, 0x02, 0x71, 0x15, 0x9c, 0x49, 0xdd, 0x56, 0x16, 0x8c, 0xf3, 0xea, 0xa0, 0x7f, + 0xa6, 0xd1, 0x6d, 0x39, 0xf4, 0x6d, 0x73, 0xa4, 0xbc, 0x8a, 0xb2, 0x6d, 0x4b, 0x6b, 0x9c, 0x18, + 0xf7, 0x16, 0x6c, 0xc6, 0xfb, 0x33, 0x2b, 0xbd, 0x7f, 0xd8, 0x68, 0xe4, 0xb8, 0x22, 0x23, 0xd7, + 0x39, 0xed, 0xd8, 0x2f, 0x7f, 0xff, 0x58, 0x14, 0xe6, 0xc6, 0x8f, 0x5a, 0x8c, 0x6e, 0x40, 0x35, + 0x30, 0xbd, 0x3e, 0x39, 0x49, 0xca, 0x5a, 0xd9, 0xc1, 0x1d, 0x5a, 0x13, 0x73, 0x02, 0x8b, 0x6f, + 0xc1, 0xb4, 0xda, 0xf2, 0x1c, 0x6f, 0xc4, 0x8a, 0xea, 0x8d, 0x38, 0xf1, 0x61, 0x9d, 0xea, 0xbd, + 0xf8, 0xfd, 0x0a, 0x88, 0xe7, 0x98, 0x86, 0x38, 0xac, 0xb0, 0xa3, 0xf4, 0x71, 0x23, 0x3c, 0x41, + 0x95, 0x7e, 0x0d, 0x36, 0xee, 0x03, 0x35, 0x83, 0x1c, 0x72, 0x61, 0xc2, 0x31, 0xb6, 0x88, 0x13, + 0x3d, 0xce, 0x73, 0xad, 0xfc, 0xeb, 0x31, 0x3c, 0xb7, 0x69, 0x90, 0x72, 0x69, 0xf3, 0x42, 0x2c, + 0xb8, 0x2c, 0x3e, 0x0f, 0x75, 0x05, 0xed, 0x44, 0x0e, 0xa0, 0xaf, 0x6a, 0x70, 0x29, 0x9a, 0x12, + 0xc9, 0xb4, 0x13, 0xe8, 0x29, 0xa8, 0x19, 0x7d, 0x9b, 0xf9, 0x44, 0x55, 0xaf, 0xf2, 0xf2, 0x46, + 0x9b, 0x95, 0x61, 0x09, 0x45, 0x1f, 0x81, 0x5a, 0x34, 0x4e, 0x42, 0x41, 0x92, 0x4b, 0x5c, 0x1e, + 0xe6, 0x48, 0x0c, 0xf4, 0x41, 0x25, 0x21, 0x5e, 0x35, 0xde, 0xd1, 0x24, 0x63, 0x7e, 0xee, 0xab, + 0xff, 0x8d, 0x0a, 0xcc, 0x70, 0x47, 0x42, 0xd3, 0x76, 0x2d, 0xdb, 0xed, 0x9e, 0x81, 0x28, 0x4d, + 0x3c, 0xc8, 0x59, 0x79, 0x58, 0x0f, 0x72, 0xde, 0x84, 0x89, 0xb7, 0xe9, 0xb2, 0x8e, 0xa6, 0xc3, + 0x50, 0xab, 0x4b, 0x8e, 0x35, 0x93, 0x08, 0x01, 0x16, 0x24, 0xf4, 0x7f, 0xaf, 0xc1, 0x7c, 0xa2, + 0x5b, 0xce, 0x40, 0x28, 0x6f, 0x27, 0x85, 0xf2, 0x72, 0xb9, 0xe4, 0x2b, 0x4a, 0x9b, 0x0b, 0x84, + 0xf3, 0x6f, 0x57, 0x60, 0xbc, 0x43, 0x88, 0x75, 0x06, 0x23, 0xfd, 0x66, 0x62, 0xd3, 0xfc, 0x54, + 0xe9, 0x27, 0x97, 0x8a, 0xdc, 0x0d, 0xdb, 0x29, 0x77, 0xc3, 0xa7, 0x4b, 0x73, 0x38, 0xde, 0xd7, + 0xf0, 0x6b, 0x15, 0x00, 0x8a, 0xc6, 0x9f, 0x44, 0x14, 0x31, 0x87, 0xf1, 0xa3, 0xb9, 0x53, 0xef, + 0x96, 0xa7, 0x6e, 0x75, 0xf9, 0x9c, 0xde, 0x58, 0xec, 0xcc, 0x4e, 0x3e, 0xa5, 0x97, 0x5c, 0x7d, + 0xe3, 0x0f, 0x69, 0xf5, 0xe9, 0xff, 0x50, 0x03, 0x96, 0xaa, 0x7d, 0x65, 0xbd, 0x83, 0x9e, 0x83, + 0x19, 0x9b, 0x1f, 0x15, 0xae, 0xa8, 0x49, 0xce, 0xd8, 0x81, 0x46, 0x5b, 0x05, 0xe0, 0x24, 0x1e, + 0xea, 0x29, 0xfd, 0x3a, 0xc2, 0xc3, 0xa4, 0xa2, 0x1d, 0x32, 0x8d, 0xec, 0x74, 0xfe, 0xc0, 0xe8, + 0xdf, 0xaf, 0xc0, 0xb9, 0x14, 0xee, 0x10, 0xfa, 0xfc, 0xe9, 0x48, 0x2f, 0x25, 0xb3, 0xec, 0xd8, + 0xe9, 0x67, 0x96, 0x95, 0x49, 0x5e, 0xc7, 0x4f, 0x37, 0xc9, 0xeb, 0x1f, 0x69, 0xc0, 0x5e, 0xba, + 0x3c, 0x03, 0xe9, 0xf9, 0xe7, 0x93, 0xd2, 0xf3, 0x93, 0x65, 0x27, 0x4e, 0x81, 0xd0, 0xfc, 0x8d, + 0x0a, 0xb0, 0x6c, 0xe7, 0x22, 0x32, 0x42, 0x09, 0x36, 0xd0, 0x0a, 0x82, 0x0d, 0xae, 0x88, 0x58, + 0x85, 0x94, 0xd7, 0x4d, 0x89, 0x57, 0xf8, 0x88, 0x12, 0x8e, 0x30, 0x96, 0x14, 0x23, 0xd9, 0x90, + 0x04, 0x74, 0x0f, 0x66, 0x82, 0x1d, 0xcf, 0x0b, 0x23, 0x13, 0x58, 0x8c, 0xdd, 0x72, 0xe9, 0x10, + 0xe1, 0xe8, 0x53, 0xf8, 0xc2, 0xec, 0xa8, 0xb4, 0x71, 0x92, 0x15, 0x5a, 0x02, 0xd8, 0x72, 0x3c, + 0x73, 0xb7, 0xd5, 0x5e, 0xc1, 0x51, 0x20, 0x29, 0x0b, 0x67, 0x6a, 0xca, 0x52, 0xac, 0x60, 0xe8, + 0x7f, 0xa8, 0xf1, 0xde, 0x3a, 0xc1, 0xb2, 0x3a, 0x43, 0x29, 0xf9, 0xa1, 0x94, 0x94, 0x2c, 0x7a, + 0x74, 0xf4, 0xf7, 0xc4, 0x57, 0xc8, 0x9c, 0xf6, 0x7d, 0x98, 0x71, 0xd4, 0x24, 0xf8, 0x62, 0x1a, + 0x97, 0xca, 0x9f, 0x2f, 0x13, 0xb4, 0x25, 0x8a, 0x71, 0x92, 0x01, 0x15, 0xa5, 0x51, 0xe3, 0xf9, + 0x1b, 0x81, 0x3c, 0x16, 0x84, 0x8d, 0xd8, 0x86, 0x0a, 0xc0, 0x49, 0x3c, 0xfd, 0x55, 0xf8, 0x00, + 0x6f, 0x3a, 0x8b, 0xe5, 0x5e, 0xdd, 0x37, 0x49, 0x10, 0xb4, 0x8c, 0xbe, 0x61, 0x52, 0xe5, 0x9e, + 0x5d, 0x81, 0xe4, 0x2e, 0xb7, 0xa7, 0xd3, 0x09, 0x5f, 0xa5, 0xb5, 0x9d, 0xc9, 0xd2, 0xf3, 0xff, + 0x34, 0x68, 0x28, 0x34, 0x13, 0xa1, 0x28, 0xd1, 0x24, 0xfd, 0xba, 0x06, 0x75, 0xc3, 0x75, 0xbd, + 0xd0, 0x50, 0x4f, 0x80, 0xac, 0xf2, 0x6f, 0x2d, 0x16, 0xb2, 0x5a, 0x5a, 0x8e, 0xd9, 0xa4, 0xce, + 0x7a, 0x15, 0x08, 0x56, 0x5b, 0xb3, 0xf8, 0x69, 0x98, 0x4b, 0xd7, 0x3a, 0x91, 0x1a, 0xdf, 0x84, + 0x8b, 0x4a, 0xab, 0xc4, 0x65, 0x32, 0xaa, 0x33, 0x3f, 0x0d, 0x93, 0x7b, 0x76, 0x60, 0x47, 0x97, + 0x92, 0x95, 0x5e, 0x7c, 0x8d, 0x17, 0xe3, 0x08, 0xae, 0xbf, 0x02, 0xe7, 0x55, 0x1a, 0x6c, 0x99, + 0xad, 0x77, 0x4e, 0x32, 0x0e, 0x6b, 0x70, 0x45, 0xa1, 0x90, 0x7b, 0xa3, 0xea, 0x24, 0xe4, 0xbe, + 0x34, 0x11, 0xcd, 0x72, 0x11, 0xf6, 0xff, 0x3b, 0x1a, 0x3c, 0x46, 0x8a, 0x26, 0x8c, 0x98, 0xf2, + 0x9f, 0x1d, 0x71, 0x44, 0x0b, 0x27, 0xa4, 0xc8, 0xba, 0x53, 0x04, 0xc6, 0xc5, 0x2d, 0x43, 0x07, + 0x00, 0x81, 0x1c, 0x92, 0x51, 0xc2, 0x37, 0x73, 0xc7, 0x58, 0x24, 0x82, 0x95, 0xbf, 0xb1, 0xc2, + 0x0c, 0xbd, 0x0d, 0xb5, 0x40, 0x8c, 0xe4, 0x28, 0x17, 0x3e, 0x73, 0x26, 0x86, 0x88, 0x50, 0x13, + 0xbf, 0xb0, 0x64, 0x83, 0x7e, 0x5d, 0x83, 0x0b, 0x4e, 0xce, 0xba, 0x10, 0xdb, 0x42, 0xe7, 0x14, + 0x96, 0x1c, 0x77, 0x03, 0xe6, 0x41, 0x70, 0x6e, 0x53, 0xd0, 0xdf, 0x29, 0xbc, 0x5d, 0x58, 0x2d, + 0xff, 0x08, 0xc4, 0x83, 0xe6, 0x7e, 0x89, 0x8b, 0x86, 0x5f, 0x9d, 0xe4, 0x6a, 0x0a, 0xf3, 0x56, + 0x6d, 0xc1, 0xc4, 0x16, 0x53, 0xf3, 0xc5, 0x54, 0x2f, 0x6d, 0x53, 0x70, 0x63, 0x81, 0xeb, 0xe0, + 0xfc, 0x7f, 0x2c, 0x28, 0xa3, 0x37, 0x60, 0xcc, 0x72, 0xa3, 0x67, 0x7c, 0x5e, 0x1c, 0x41, 0xc7, + 0x8d, 0x23, 0x5c, 0xe9, 0xec, 0xa0, 0x44, 0x91, 0x0b, 0x35, 0x57, 0xec, 0xec, 0x62, 0x2e, 0x96, + 0x7e, 0xea, 0x56, 0x6a, 0x08, 0x52, 0x2f, 0x89, 0x4a, 0xb0, 0xe4, 0x41, 0xf9, 0x49, 0xa5, 0x7d, + 0x7c, 0x34, 0x7e, 0x52, 0x63, 0x3f, 0xce, 0x9c, 0xda, 0x50, 0xf5, 0xef, 0xea, 0xf0, 0xfa, 0xf7, + 0x4c, 0xa1, 0xee, 0x4d, 0x60, 0x22, 0x34, 0x58, 0xc0, 0xc4, 0x44, 0xf9, 0x80, 0x05, 0xda, 0xfe, + 0x3b, 0x94, 0x4a, 0xac, 0x4e, 0xb0, 0x9f, 0x01, 0x16, 0xc4, 0xe9, 0xc4, 0xe2, 0xaf, 0xf0, 0x8a, + 0x13, 0xbb, 0xd2, 0x13, 0x8b, 0x3f, 0x6a, 0xc0, 0x27, 0x16, 0xff, 0x1f, 0x0b, 0xca, 0xe8, 0x2d, + 0xaa, 0x52, 0x72, 0x39, 0x2e, 0x92, 0x64, 0xbd, 0x32, 0xe2, 0x1a, 0x0b, 0xa2, 0x18, 0x59, 0xfe, + 0x0b, 0x4b, 0xfa, 0x68, 0x0b, 0x26, 0x85, 0xf9, 0x26, 0x2e, 0x0b, 0xbf, 0x38, 0x42, 0x66, 0xea, + 0xe8, 0x9d, 0x0e, 0x7e, 0x61, 0x2f, 0x22, 0xac, 0xff, 0xdd, 0x1a, 0x37, 0xbc, 0xc5, 0x61, 0xe3, + 0x36, 0xd4, 0x22, 0x72, 0xa3, 0xc4, 0x6b, 0x47, 0x79, 0xf6, 0xf9, 0xa7, 0x45, 0xbf, 0xb0, 0xa4, + 0x8d, 0x5a, 0x79, 0xa1, 0xf1, 0x71, 0xbe, 0xc3, 0xe1, 0xc2, 0xe2, 0x93, 0xb1, 0x30, 0x63, 0x67, + 0x11, 0x0b, 0x93, 0x7f, 0x18, 0x3b, 0x5e, 0xea, 0x30, 0xf6, 0x25, 0x38, 0x17, 0x85, 0xaa, 0x58, + 0x84, 0x39, 0x85, 0x45, 0x10, 0x27, 0xbb, 0x7f, 0xd6, 0x4a, 0x82, 0x70, 0x1a, 0x17, 0xfd, 0xbe, + 0x06, 0x35, 0x53, 0xec, 0xd2, 0x62, 0x5d, 0xdd, 0x1a, 0xcd, 0x3b, 0xb3, 0x14, 0x6d, 0xfa, 0x5c, + 0xdd, 0x7b, 0x2d, 0x92, 0x11, 0x51, 0xf1, 0x43, 0xf2, 0xd6, 0xcb, 0x56, 0xa3, 0x7f, 0x4d, 0x95, + 0x59, 0x87, 0x65, 0xff, 0x67, 0xd7, 0x79, 0x78, 0x74, 0xe9, 0xed, 0x11, 0xbf, 0x62, 0x39, 0xa6, + 0xc8, 0x3f, 0xe4, 0x73, 0x52, 0x6f, 0x8d, 0x21, 0x0f, 0xe9, 0x5b, 0xd4, 0xe6, 0x2f, 0xee, 0xc2, + 0x4c, 0xa2, 0x07, 0x4f, 0xf3, 0xd0, 0x60, 0xd1, 0x85, 0xb9, 0xf4, 0x87, 0x9e, 0xea, 0x21, 0xc5, + 0x4d, 0x98, 0x92, 0x12, 0x18, 0x3d, 0xa9, 0x30, 0x8a, 0x77, 0xc8, 0x9b, 0xe4, 0x80, 0x73, 0x6d, + 0x24, 0x14, 0x7c, 0x6e, 0xba, 0xbf, 0x46, 0x0b, 0x04, 0x41, 0xfd, 0x3b, 0xc2, 0xf0, 0xbb, 0x43, + 0x7a, 0x7d, 0xc7, 0x08, 0xc9, 0x7b, 0xdf, 0x53, 0xaa, 0xff, 0x57, 0x8d, 0x0b, 0x52, 0xf1, 0xdc, + 0x8e, 0x01, 0xf5, 0x1e, 0xcf, 0xdf, 0xc5, 0x2e, 0x74, 0x69, 0xe5, 0xaf, 0x92, 0xad, 0xc5, 0x64, + 0xb0, 0x4a, 0x13, 0xdd, 0xcd, 0x3e, 0x08, 0x75, 0x6d, 0xb4, 0x1d, 0x6f, 0xe8, 0x77, 0xa1, 0x50, + 0xb6, 0x8e, 0xfa, 0x96, 0x8e, 0x76, 0xfc, 0x5b, 0x3a, 0x0f, 0x7e, 0x61, 0x45, 0xff, 0x3f, 0x15, + 0xc8, 0xcd, 0x66, 0x8e, 0x74, 0x98, 0xe0, 0x01, 0xea, 0xea, 0x4b, 0x59, 0x3c, 0x7a, 0x1d, 0x0b, + 0x08, 0xf2, 0xe1, 0x82, 0x08, 0xff, 0xbe, 0x49, 0x0e, 0xe2, 0x37, 0x9a, 0xc4, 0xd0, 0x0f, 0x1f, + 0x08, 0xca, 0xf2, 0xfa, 0x74, 0x52, 0x94, 0x70, 0x2e, 0x6d, 0x74, 0x9b, 0xdf, 0xc6, 0x70, 0xad, + 0x3b, 0xde, 0x2e, 0x71, 0xe3, 0x37, 0x7a, 0xc4, 0xe5, 0xb2, 0xc7, 0xa2, 0xdb, 0x18, 0x19, 0x04, + 0x9c, 0x5f, 0x0f, 0xed, 0x01, 0xea, 0x19, 0xfb, 0x69, 0x6a, 0x23, 0xa4, 0x68, 0x5e, 0xcb, 0x50, + 0xc3, 0x39, 0x1c, 0x58, 0x28, 0x35, 0xb3, 0x86, 0xde, 0x1b, 0x47, 0xfe, 0xac, 0xa9, 0xa7, 0x1b, + 0x4a, 0xcd, 0x59, 0x1c, 0x7f, 0x7e, 0xf1, 0x39, 0xb8, 0xc4, 0xd0, 0x96, 0x2d, 0x66, 0x00, 0x05, + 0xc4, 0x5a, 0xb6, 0x2c, 0x76, 0xaf, 0x69, 0xd4, 0x37, 0xaa, 0x58, 0xd8, 0x02, 0xa3, 0xfd, 0x1e, + 0x09, 0x5b, 0x60, 0x6d, 0x2d, 0x70, 0xf2, 0xfe, 0x91, 0x06, 0xf3, 0x99, 0xec, 0x09, 0x43, 0x1d, + 0x7a, 0x9f, 0x99, 0xef, 0xf2, 0x83, 0xe9, 0xb7, 0x9d, 0xea, 0xb9, 0x49, 0x55, 0x5e, 0x87, 0x99, + 0x84, 0x8f, 0x57, 0xde, 0x9c, 0xd3, 0x72, 0x6f, 0xce, 0xa9, 0x17, 0xe3, 0x2a, 0xc7, 0x5e, 0x8c, + 0xfb, 0xe6, 0x8c, 0x18, 0x6e, 0x66, 0x2b, 0xbf, 0x09, 0x13, 0xec, 0xfa, 0x5a, 0xf4, 0x1c, 0xde, + 0x0b, 0xa5, 0xaf, 0xc5, 0x05, 0x5c, 0x54, 0xf2, 0xff, 0xb1, 0xa0, 0x8a, 0x56, 0x60, 0xce, 0x74, + 0xbc, 0x01, 0x35, 0x0c, 0xb7, 0x6d, 0x87, 0xac, 0xc7, 0x52, 0x59, 0xde, 0xbf, 0x6f, 0xa5, 0xe0, + 0x38, 0x53, 0x03, 0x61, 0x6e, 0x6d, 0xf3, 0x35, 0xf6, 0x5c, 0xc9, 0xb3, 0x0e, 0x9e, 0xe1, 0x4c, + 0x5a, 0xd9, 0x6f, 0x03, 0x90, 0x68, 0xe0, 0xa2, 0x20, 0xa7, 0x97, 0xca, 0x65, 0x16, 0x90, 0xc3, + 0x1f, 0x09, 0x23, 0x59, 0x14, 0x60, 0x85, 0x09, 0xf2, 0xa1, 0xbe, 0x13, 0x3f, 0x7d, 0x25, 0x4c, + 0xdf, 0x97, 0x47, 0x7c, 0x76, 0x8b, 0x6f, 0xe2, 0x4a, 0x01, 0x56, 0x99, 0x20, 0x1f, 0x20, 0x36, + 0x6c, 0x46, 0x79, 0x2a, 0x25, 0xb6, 0x98, 0xe2, 0xef, 0x8c, 0xcb, 0xb0, 0xc2, 0x85, 0xf2, 0x74, + 0xe5, 0xfd, 0xd3, 0x51, 0x6c, 0xe5, 0xf8, 0x16, 0x6b, 0xcc, 0x33, 0x2e, 0xc3, 0x0a, 0x17, 0xda, + 0xb7, 0xbd, 0xf8, 0xce, 0xb1, 0x30, 0x9d, 0x5f, 0x1e, 0xf1, 0xee, 0xb7, 0x50, 0x90, 0xe2, 0x02, + 0xac, 0x32, 0x41, 0x2e, 0x40, 0x4f, 0x5e, 0x45, 0x16, 0x26, 0x74, 0xa9, 0xef, 0x8c, 0x2f, 0x34, + 0x73, 0x27, 0x65, 0xfc, 0x1b, 0x2b, 0x1c, 0xd0, 0x5b, 0x8a, 0xa3, 0x06, 0xca, 0xab, 0x99, 0x43, + 0x39, 0x69, 0x3e, 0x11, 0x6b, 0x5b, 0x75, 0xb6, 0x5e, 0x1f, 0x57, 0x34, 0xad, 0xfb, 0x87, 0x8d, + 0x69, 0x26, 0x43, 0x32, 0x9a, 0x57, 0x7c, 0x32, 0x33, 0x7d, 0xdc, 0xc9, 0x0c, 0xba, 0x0e, 0xf3, + 0x81, 0x1a, 0xe9, 0xc0, 0x04, 0xc3, 0x0c, 0xab, 0x22, 0xaf, 0xae, 0x77, 0xd2, 0x08, 0x38, 0x5b, + 0x87, 0x0b, 0x3e, 0x62, 0xb1, 0xfa, 0xb3, 0xaa, 0xe0, 0xe3, 0x65, 0x58, 0x42, 0xd1, 0x5e, 0xea, + 0xe9, 0xe4, 0x73, 0xa3, 0x7a, 0x57, 0x86, 0x7c, 0x47, 0xf9, 0x0b, 0xea, 0xb3, 0xbd, 0x73, 0xe5, + 0x43, 0xde, 0xf2, 0xaf, 0x9f, 0x3f, 0xe0, 0xe9, 0xde, 0x41, 0x32, 0xd2, 0x7c, 0xfe, 0xa1, 0x44, + 0xd7, 0xca, 0x73, 0x9a, 0xa2, 0x28, 0x73, 0xd4, 0x82, 0x79, 0xb2, 0xdf, 0xf7, 0x82, 0x81, 0x4f, + 0x58, 0xe6, 0x0b, 0x36, 0x3c, 0x28, 0x76, 0xbf, 0xac, 0xa6, 0x81, 0x38, 0x8b, 0xaf, 0x7f, 0x7b, + 0x0a, 0xea, 0x8a, 0x6e, 0xf4, 0x4e, 0x5c, 0x4d, 0x0a, 0xa1, 0x6e, 0x7a, 0x6e, 0x10, 0xfa, 0x86, + 0x72, 0x1d, 0x6b, 0x44, 0x9e, 0xb2, 0xf7, 0x5a, 0x31, 0x65, 0xac, 0xb2, 0xa1, 0xeb, 0x5c, 0x3a, + 0xc9, 0xc6, 0x1e, 0x82, 0x93, 0x4c, 0xae, 0xf3, 0x1c, 0x47, 0xd9, 0xc7, 0x01, 0xa2, 0xed, 0x42, + 0xbe, 0xa7, 0x2a, 0x53, 0xe6, 0xb5, 0x83, 0x1b, 0x12, 0x86, 0x15, 0x3c, 0x74, 0x0f, 0x66, 0x1c, + 0x35, 0x5d, 0x96, 0xd8, 0xcb, 0x4a, 0x1d, 0x65, 0x27, 0xf2, 0x6e, 0xf1, 0x83, 0xd1, 0x44, 0x11, + 0x4e, 0xb2, 0xa2, 0xd3, 0xc0, 0x89, 0x52, 0xbc, 0x8d, 0xe4, 0xf0, 0x95, 0x89, 0xe2, 0xe2, 0x69, + 0x20, 0x8b, 0x02, 0xac, 0x30, 0x29, 0xf0, 0xca, 0x4d, 0x96, 0xf2, 0xca, 0x0d, 0xe0, 0xbc, 0x4f, + 0x42, 0xff, 0xa0, 0x75, 0x60, 0xb2, 0xe7, 0x16, 0xfd, 0x90, 0xe5, 0x57, 0xab, 0x95, 0xbb, 0xed, + 0x80, 0xb3, 0xa4, 0x70, 0x1e, 0xfd, 0x84, 0x9c, 0x9c, 0x3a, 0x56, 0x4e, 0x7e, 0x02, 0xea, 0x21, + 0x31, 0x77, 0x5c, 0xdb, 0x34, 0x9c, 0xf6, 0x8a, 0xb8, 0x91, 0x1c, 0x2f, 0xf9, 0x18, 0x84, 0x55, + 0x3c, 0xd4, 0x84, 0xb1, 0x81, 0x6d, 0x89, 0xcd, 0xe2, 0xc7, 0xa4, 0x95, 0xd1, 0x5e, 0xb9, 0x7f, + 0xd8, 0x78, 0x5f, 0xec, 0xe6, 0x92, 0x5f, 0x75, 0xb5, 0xbf, 0xdb, 0xbd, 0x1a, 0x1e, 0xf4, 0x49, + 0xb0, 0xb4, 0xd9, 0x5e, 0xc1, 0xb4, 0x72, 0x9e, 0xc7, 0x72, 0xfa, 0x04, 0x1e, 0xcb, 0x5f, 0xd1, + 0xe0, 0xbc, 0x91, 0x36, 0x90, 0x48, 0xb0, 0x30, 0x53, 0x5e, 0xe8, 0xe6, 0x1b, 0x5d, 0x71, 0x4e, + 0x94, 0xe5, 0x2c, 0x3b, 0x9c, 0xd7, 0x06, 0xfd, 0x8f, 0x35, 0xa1, 0xd0, 0x9f, 0xa1, 0x4b, 0xea, + 0xb4, 0xcd, 0x5f, 0xfd, 0x16, 0x40, 0xbc, 0x05, 0x8c, 0xec, 0xb4, 0xfb, 0x61, 0x15, 0x2e, 0x8e, + 0x7a, 0x18, 0xce, 0x32, 0xbf, 0xb1, 0x17, 0x35, 0x96, 0xb7, 0x43, 0xe2, 0xdf, 0xbe, 0xbd, 0x26, + 0x1f, 0x1c, 0x28, 0x99, 0x7a, 0x2e, 0x7e, 0x90, 0x25, 0x43, 0x11, 0x17, 0x70, 0x62, 0xdb, 0x9f, + 0xc8, 0x82, 0x8e, 0x8d, 0x90, 0x34, 0x07, 0x7e, 0x10, 0x8a, 0x38, 0x5e, 0xbe, 0xfd, 0xa5, 0x81, + 0x38, 0x8b, 0x9f, 0x26, 0xc2, 0x5f, 0xf7, 0x18, 0x67, 0x6f, 0x94, 0x66, 0x88, 0xf0, 0x27, 0x3e, + 0xb2, 0xf8, 0x2a, 0x11, 0xf9, 0xa6, 0x29, 0x13, 0xd6, 0x29, 0x22, 0xf1, 0x83, 0xa7, 0x59, 0x7c, + 0x64, 0xc1, 0x13, 0x3e, 0x31, 0xbd, 0x5e, 0x8f, 0xb8, 0x16, 0xcf, 0x19, 0x6a, 0xf8, 0x5d, 0xdb, + 0xbd, 0xe6, 0x1b, 0x0c, 0x51, 0x3c, 0x9c, 0x7a, 0xe5, 0xe8, 0xb0, 0xf1, 0x04, 0x3e, 0x06, 0x0f, + 0x1f, 0x4b, 0x05, 0xf5, 0xe0, 0xdc, 0x80, 0xe5, 0x35, 0xf2, 0xdb, 0x6e, 0x48, 0xfc, 0x3d, 0xc3, + 0x29, 0xf9, 0x66, 0x0d, 0x13, 0x16, 0x9b, 0x49, 0x52, 0x38, 0x4d, 0x1b, 0x1d, 0x50, 0x39, 0x2c, + 0x9a, 0xa3, 0xb0, 0xac, 0x95, 0xcf, 0x8d, 0x88, 0xb3, 0xe4, 0x70, 0x1e, 0x0f, 0xfd, 0x57, 0x34, + 0x10, 0xc7, 0x7e, 0xd4, 0xaa, 0x57, 0x5c, 0x13, 0xb5, 0x77, 0xfe, 0xc5, 0xf4, 0x7f, 0xab, 0x81, + 0xa0, 0xc0, 0x32, 0xd2, 0x0d, 0x95, 0xcf, 0xec, 0xc1, 0x0f, 0x5a, 0xc7, 0x19, 0xd5, 0xc6, 0x8a, + 0x32, 0xaa, 0x9d, 0x56, 0x7a, 0xb2, 0xdf, 0xd1, 0x20, 0xfd, 0x50, 0x24, 0xfa, 0x20, 0x4c, 0x8a, + 0xdb, 0x67, 0xe2, 0x0e, 0x0b, 0x0f, 0xb2, 0xe4, 0x45, 0x38, 0x82, 0x25, 0x35, 0xf7, 0x11, 0x2e, + 0xab, 0xe4, 0x5f, 0x1c, 0x38, 0x5e, 0x73, 0xd7, 0xbf, 0x3b, 0x0b, 0x13, 0xfc, 0xbe, 0x14, 0x95, + 0x69, 0x39, 0x31, 0x59, 0x37, 0xcb, 0xdf, 0xc8, 0x2a, 0x11, 0x7a, 0x95, 0x48, 0x9e, 0x53, 0x39, + 0x36, 0x79, 0x0e, 0xe6, 0xd9, 0x12, 0x47, 0xf0, 0xd6, 0xb4, 0x70, 0x5b, 0x24, 0xe8, 0x17, 0x99, + 0x12, 0x51, 0x98, 0x70, 0x63, 0x8c, 0x97, 0xcf, 0x03, 0xc9, 0x3b, 0x40, 0x71, 0x66, 0xcc, 0x1e, + 0xe3, 0xc8, 0x88, 0x2f, 0xa8, 0x54, 0xcb, 0x1f, 0x7f, 0x88, 0x2e, 0x1f, 0xe2, 0x82, 0x8a, 0x5c, + 0x48, 0x13, 0x85, 0x0b, 0x69, 0x1b, 0x26, 0xc5, 0x52, 0x10, 0xc2, 0xf1, 0xc5, 0x11, 0x32, 0x21, + 0x2a, 0xd7, 0x99, 0x79, 0x01, 0x8e, 0x88, 0xd3, 0x1d, 0xb7, 0x67, 0xec, 0xdb, 0xbd, 0x41, 0x8f, + 0x49, 0xc4, 0xaa, 0x8a, 0xca, 0x8a, 0x71, 0x04, 0x67, 0xa8, 0xfc, 0xd4, 0x88, 0x29, 0x96, 0x2a, + 0xaa, 0x78, 0x60, 0x26, 0x82, 0xa3, 0x37, 0xa0, 0xd6, 0x33, 0xf6, 0x3b, 0x03, 0xbf, 0x4b, 0x84, + 0x03, 0xa3, 0x58, 0xe5, 0x19, 0x84, 0xb6, 0xb3, 0x44, 0xcd, 0xa1, 0xd0, 0x5f, 0x6a, 0xbb, 0xe1, + 0x6d, 0xbf, 0x13, 0xfa, 0x32, 0x43, 0xdb, 0x9a, 0xa0, 0x82, 0x25, 0x3d, 0xe4, 0xc0, 0x6c, 0xcf, + 0xd8, 0xdf, 0x74, 0x0d, 0xf9, 0x0e, 0x46, 0xbd, 0x24, 0x07, 0xe6, 0xc5, 0x5d, 0x4b, 0xd0, 0xc2, + 0x29, 0xda, 0x39, 0x0e, 0xe3, 0xe9, 0xd3, 0x72, 0x18, 0x2f, 0xcb, 0xe0, 0x16, 0xae, 0xc7, 0x3e, + 0x96, 0x77, 0xbe, 0x74, 0x7c, 0xe0, 0xca, 0x9b, 0x32, 0x70, 0x65, 0xb6, 0xbc, 0x97, 0xf7, 0x98, + 0xa0, 0x95, 0x01, 0xd4, 0xa9, 0xc2, 0xc9, 0x4b, 0x83, 0x85, 0x73, 0xe5, 0xbd, 0x0c, 0x2b, 0x92, + 0x8c, 0x92, 0xa5, 0x3a, 0x26, 0x8d, 0x55, 0x3e, 0xe8, 0x36, 0x7f, 0x27, 0xc1, 0x21, 0x61, 0x8c, + 0xc2, 0x0c, 0x9c, 0x39, 0xee, 0x48, 0x8a, 0x9e, 0x35, 0xc8, 0x20, 0xe0, 0xfc, 0x7a, 0x54, 0x45, + 0xe5, 0x51, 0xf5, 0xf3, 0x71, 0x16, 0x85, 0xc4, 0x8d, 0xb5, 0xbf, 0xa2, 0xc1, 0x1c, 0x7f, 0x82, + 0xab, 0xe5, 0xf5, 0xfa, 0x9e, 0x4b, 0xe8, 0xb0, 0x20, 0xd6, 0xa7, 0x9f, 0x29, 0x2f, 0x1b, 0x3a, + 0x29, 0x8a, 0xe2, 0x60, 0x30, 0x55, 0x8a, 0x33, 0x9c, 0xd1, 0xef, 0x6a, 0xb0, 0xd0, 0x2b, 0x48, + 0x02, 0xbd, 0x70, 0xbe, 0x7c, 0x84, 0xde, 0x83, 0x12, 0x4b, 0xf3, 0x67, 0x01, 0x1f, 0x84, 0x85, + 0x0b, 0xdb, 0x36, 0x6a, 0x1c, 0xef, 0x28, 0x37, 0xf9, 0x7e, 0x0a, 0xe6, 0xd2, 0x7b, 0x80, 0xfa, + 0xb2, 0x83, 0x76, 0xaa, 0x2f, 0x3b, 0xe8, 0x2f, 0xc1, 0xa5, 0xfc, 0x31, 0xa7, 0x9a, 0x16, 0x7b, + 0x22, 0x45, 0x58, 0x38, 0x71, 0x92, 0x41, 0x5a, 0x88, 0x39, 0xac, 0xf9, 0xd1, 0x6f, 0xfd, 0xe0, + 0xf2, 0x23, 0xdf, 0xf9, 0xc1, 0xe5, 0x47, 0xbe, 0xf7, 0x83, 0xcb, 0x8f, 0x7c, 0xe9, 0xe8, 0xb2, + 0xf6, 0xad, 0xa3, 0xcb, 0xda, 0x77, 0x8e, 0x2e, 0x6b, 0xdf, 0x3b, 0xba, 0xac, 0xfd, 0xa7, 0xa3, + 0xcb, 0xda, 0x2f, 0xfe, 0xe7, 0xcb, 0x8f, 0xbc, 0x31, 0x29, 0x5a, 0xf4, 0xff, 0x03, 0x00, 0x00, + 0xff, 0xff, 0xea, 0xba, 0xd7, 0x53, 0xc9, 0xb4, 0x00, 0x00, } func (m *Addon) Marshal() (dAtA []byte, err error) { @@ -5664,6 +5669,11 @@ func (m *ClusterAutoscaler) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.MaxGracefulTerminationSeconds != nil { + i = encodeVarintGenerated(dAtA, i, uint64(*m.MaxGracefulTerminationSeconds)) + i-- + dAtA[i] = 0x48 + } if m.MaxNodeProvisionTime != nil { { size, err := m.MaxNodeProvisionTime.MarshalToSizedBuffer(dAtA[:i]) @@ -11293,6 +11303,28 @@ func (m *ServiceAccountConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.MaxTokenExpiration != nil { + { + size, err := m.MaxTokenExpiration.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + if m.ExtendTokenExpiration != nil { + i-- + if *m.ExtendTokenExpiration { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } if m.SigningKeySecret != nil { { size, err := m.SigningKeySecret.MarshalToSizedBuffer(dAtA[:i]) @@ -12943,6 +12975,9 @@ func (m *ClusterAutoscaler) Size() (n int) { l = m.MaxNodeProvisionTime.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.MaxGracefulTerminationSeconds != nil { + n += 1 + sovGenerated(uint64(*m.MaxGracefulTerminationSeconds)) + } return n } @@ -15005,6 +15040,13 @@ func (m *ServiceAccountConfig) Size() (n int) { l = m.SigningKeySecret.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.ExtendTokenExpiration != nil { + n += 2 + } + if m.MaxTokenExpiration != nil { + l = m.MaxTokenExpiration.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -15758,6 +15800,7 @@ func (this *ClusterAutoscaler) String() string { `ScanInterval:` + strings.Replace(fmt.Sprintf("%v", this.ScanInterval), "Duration", "v11.Duration", 1) + `,`, `Expander:` + valueToStringGenerated(this.Expander) + `,`, `MaxNodeProvisionTime:` + strings.Replace(fmt.Sprintf("%v", this.MaxNodeProvisionTime), "Duration", "v11.Duration", 1) + `,`, + `MaxGracefulTerminationSeconds:` + valueToStringGenerated(this.MaxGracefulTerminationSeconds) + `,`, `}`, }, "") return s @@ -17220,6 +17263,8 @@ func (this *ServiceAccountConfig) String() string { s := strings.Join([]string{`&ServiceAccountConfig{`, `Issuer:` + valueToStringGenerated(this.Issuer) + `,`, `SigningKeySecret:` + strings.Replace(fmt.Sprintf("%v", this.SigningKeySecret), "LocalObjectReference", "v1.LocalObjectReference", 1) + `,`, + `ExtendTokenExpiration:` + valueToStringGenerated(this.ExtendTokenExpiration) + `,`, + `MaxTokenExpiration:` + strings.Replace(fmt.Sprintf("%v", this.MaxTokenExpiration), "Duration", "v11.Duration", 1) + `,`, `}`, }, "") return s @@ -20689,6 +20734,26 @@ func (m *ClusterAutoscaler) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MaxGracefulTerminationSeconds", wireType) + } + var v int32 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.MaxGracefulTerminationSeconds = &v default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -37267,6 +37332,63 @@ func (m *ServiceAccountConfig) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ExtendTokenExpiration", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + b := bool(v != 0) + m.ExtendTokenExpiration = &b + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MaxTokenExpiration", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.MaxTokenExpiration == nil { + m.MaxTokenExpiration = &v11.Duration{} + } + if err := m.MaxTokenExpiration.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto index 50174abb9..fdff77829 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto @@ -344,6 +344,10 @@ message ClusterAutoscaler { // MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins). // +optional optional k8s.io.apimachinery.pkg.apis.meta.v1.Duration maxNodeProvisionTime = 8; + + // MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600). + // +optional + optional int32 maxGracefulTerminationSeconds = 9; } // ClusterInfo contains information about the Plant cluster @@ -559,12 +563,13 @@ message DNS { repeated DNSProvider providers = 2; } +// DNSIncludeExclude contains information about which domains shall be included/excluded. message DNSIncludeExclude { - // Include is a list of resources that shall be included. + // Include is a list of domains that shall be included. // +optional repeated string include = 1; - // Exclude is a list of resources that shall be excluded. + // Exclude is a list of domains that shall be excluded. // +optional repeated string exclude = 2; } @@ -1401,6 +1406,7 @@ message OpenIDConnectClientAuthentication { optional string secret = 2; } +// Plant represents an external kubernetes cluster. message Plant { // Standard object metadata. // +optional @@ -1595,6 +1601,7 @@ message Provider { repeated Worker workers = 4; } +// Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret. message Quota { // Standard object metadata. // +optional @@ -1661,6 +1668,7 @@ message ResourceWatchCacheSize { optional int32 size = 3; } +// SecretBinding represents a binding to a secret in the same or another namespace. message SecretBinding { // Standard object metadata. // +optional @@ -1993,8 +2001,22 @@ message ServiceAccountConfig { // Only useful if service account tokens are also issued by another external system. // +optional optional k8s.io.api.core.v1.LocalObjectReference signingKeySecretName = 2; + + // ExtendTokenExpiration turns on projected service account expiration extension during token generation, which + // helps safe transition from legacy token to bound service account token feature. If this flag is enabled, + // admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, + // ignoring value of service-account-max-token-expiration. + // +optional + optional bool extendTokenExpiration = 3; + + // MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an + // otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued + // with a validity duration of this value. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.Duration maxTokenExpiration = 4; } +// Shoot represents a Shoot cluster created and managed by Gardener. message Shoot { // Standard object metadata. // +optional diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/errors.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/errors.go index 90b088f50..6b00e42be 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/errors.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/errors.go @@ -53,14 +53,14 @@ func (e *ErrorWithCodes) Error() string { var ( unauthorizedRegexp = regexp.MustCompile(`(?i)(Unauthorized|InvalidClientTokenId|InvalidAuthenticationTokenTenant|SignatureDoesNotMatch|Authentication failed|AuthFailure|AuthorizationFailed|invalid character|invalid_grant|invalid_client|Authorization Profile was not found|cannot fetch token|no active subscriptions|InvalidAccessKeyId|InvalidSecretAccessKey|query returned no results|UnauthorizedOperation|not authorized|InvalidSubscriptionId)`) - quotaExceededRegexp = regexp.MustCompile(`(?i)((?:^|[^t]|(?:[^s]|^)t|(?:[^e]|^)st|(?:[^u]|^)est|(?:[^q]|^)uest|(?:[^e]|^)quest|(?:[^r]|^)equest)LimitExceeded|Quotas|Quota exceeded|exceeded quota|Quota has been met|QUOTA_EXCEEDED)`) + quotaExceededRegexp = regexp.MustCompile(`(?i)((?:^|[^t]|(?:[^s]|^)t|(?:[^e]|^)st|(?:[^u]|^)est|(?:[^q]|^)uest|(?:[^e]|^)quest|(?:[^r]|^)equest)LimitExceeded|Quotas|Quota.*exceeded|exceeded quota|Quota has been met|QUOTA_EXCEEDED|Maximum number of ports exceeded|ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS)`) rateLimitsExceededRegexp = regexp.MustCompile(`(?i)(RequestLimitExceeded|Throttling|Too many requests)`) insufficientPrivilegesRegexp = regexp.MustCompile(`(?i)(AccessDenied|OperationNotAllowed|Error 403)`) - dependenciesRegexp = regexp.MustCompile(`(?i)(PendingVerification|Access Not Configured|accessNotConfigured|DependencyViolation|OptInRequired|DeleteConflict|Conflict|inactive billing state|ReadOnlyDisabledSubscription|is already being used|InUseSubnetCannotBeDeleted|VnetInUse|InUseRouteTableCannotBeDeleted|timeout while waiting for state to become|InvalidCidrBlock|already busy for|InsufficientFreeAddressesInSubnet|InternalServerError|internalerror|internal server error|A resource with the ID|VnetAddressSpaceCannotChangeDueToPeerings|InternalBillingError)`) + dependenciesRegexp = regexp.MustCompile(`(?i)(PendingVerification|Access Not Configured|accessNotConfigured|DependencyViolation|OptInRequired|DeleteConflict|Conflict|inactive billing state|ReadOnlyDisabledSubscription|is already being used|InUseSubnetCannotBeDeleted|VnetInUse|InUseRouteTableCannotBeDeleted|timeout while waiting for state to become|InvalidCidrBlock|already busy for|InsufficientFreeAddressesInSubnet|InternalServerError|internalerror|internal server error|A resource with the ID|VnetAddressSpaceCannotChangeDueToPeerings|InternalBillingError|There are not enough hosts available)`) retryableDependenciesRegexp = regexp.MustCompile(`(?i)(RetryableError)`) resourcesDepletedRegexp = regexp.MustCompile(`(?i)(not available in the current hardware cluster|InsufficientInstanceCapacity|SkuNotAvailable|ZonalAllocationFailed|out of stock)`) configurationProblemRegexp = regexp.MustCompile(`(?i)(AzureBastionSubnet|not supported in your requested Availability Zone|InvalidParameter|InvalidParameterValue|notFound|NetcfgInvalidSubnet|InvalidSubnet|Invalid value|KubeletHasInsufficientMemory|KubeletHasDiskPressure|KubeletHasInsufficientPID|violates constraint|no attached internet gateway found|Your query returned no results|PrivateEndpointNetworkPoliciesCannotBeEnabledOnPrivateEndpointSubnet|invalid VPC attributes|PrivateLinkServiceNetworkPoliciesCannotBeEnabledOnPrivateLinkServiceSubnet|unrecognized feature gate|runtime-config invalid key|LoadBalancingRuleMustDisableSNATSinceSameFrontendIPConfigurationIsReferencedByOutboundRule|strict decoder error|not allowed to configure an unsupported|error during apply of object .* is invalid:|OverconstrainedZonalAllocationRequest)`) - retryableConfigurationProblemRegexp = regexp.MustCompile(`(?i)(is misconfigured and requires zero voluntary evictions)`) + retryableConfigurationProblemRegexp = regexp.MustCompile(`(?i)(is misconfigured and requires zero voluntary evictions|SDK.CanNotResolveEndpoint|The requested configuration is currently not supported)`) ) // DetermineError determines the Garden error code for the given error and creates a new error with the given message. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go index 05e6eb22b..b8fb979cb 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go @@ -187,6 +187,8 @@ func ComputeOperationType(meta metav1.ObjectMeta, lastOperation *gardencorev1bet return gardencorev1beta1.LastOperationTypeMigrate case meta.DeletionTimestamp != nil: return gardencorev1beta1.LastOperationTypeDelete + case meta.Annotations[v1beta1constants.GardenerOperation] == v1beta1constants.GardenerOperationRestore: + return gardencorev1beta1.LastOperationTypeRestore case lastOperation == nil: return gardencorev1beta1.LastOperationTypeCreate case lastOperation.Type == gardencorev1beta1.LastOperationTypeCreate && lastOperation.State != gardencorev1beta1.LastOperationStateSucceeded: @@ -247,6 +249,7 @@ func TaintsAreTolerated(taints []gardencorev1beta1.SeedTaint, tolerations []gard return true } +// ShootedSeed contains the configuration of a shooted seed. type ShootedSeed struct { DisableDNS *bool DisableCapacityReservation *bool @@ -267,16 +270,19 @@ type ShootedSeed struct { Resources *ShootedSeedResources } +// ShootedSeedAPIServer contains the configuration of a shooted seed API server. type ShootedSeedAPIServer struct { Replicas *int32 Autoscaler *ShootedSeedAPIServerAutoscaler } +// ShootedSeedAPIServerAutoscaler contains the configuration of a shooted seed API server autoscaler. type ShootedSeedAPIServerAutoscaler struct { MinReplicas *int32 MaxReplicas int32 } +// ShootedSeedResources contains the resources capacity and reserved values of a shooted seed. type ShootedSeedResources struct { Capacity corev1.ResourceList Reserved corev1.ResourceList @@ -1014,6 +1020,7 @@ func FindPrimaryDNSProvider(providers []gardencorev1beta1.DNSProvider) *gardenco return nil } +// VersionPredicate is a function that evaluates a condition on the given versions. type VersionPredicate func(expirableVersion gardencorev1beta1.ExpirableVersion, version *semver.Version) (bool, error) // GetKubernetesVersionForPatchUpdate finds the latest Kubernetes patch version for its minor version in the compared @@ -1378,3 +1385,25 @@ func ShootWantsAnonymousAuthentication(kubeAPIServerConfig *gardencorev1beta1.Ku } return *kubeAPIServerConfig.EnableAnonymousAuthentication } + +// CalculateSeedUsage returns a map representing the number of shoots per seed from the given list of shoots. +// It takes both spec.seedName and status.seedName into account. +func CalculateSeedUsage(shootList []gardencorev1beta1.Shoot) map[string]int { + m := map[string]int{} + + for _, shoot := range shootList { + var ( + specSeed = pointer.StringDeref(shoot.Spec.SeedName, "") + statusSeed = pointer.StringDeref(shoot.Status.SeedName, "") + ) + + if specSeed != "" { + m[specSeed]++ + } + if statusSeed != "" && specSeed != statusSeed { + m[statusSeed]++ + } + } + + return m +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go index 62a5c8ca2..5e9bd2ba3 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go @@ -217,7 +217,7 @@ const ( VolumeClassPremium string = "premium" ) -// VersionClassification is the logical state of a version according to https://github.com/gardener/gardener/blob/master/docs/operations/versioning.md +// VersionClassification is the logical state of a version. type VersionClassification string const ( @@ -225,7 +225,7 @@ const ( // ClassificationPreview versions will not be considered for automatic Kubernetes and Machine Image patch version updates. ClassificationPreview VersionClassification = "preview" // ClassificationSupported indicates that a patch version is the recommended version for a shoot. - // Using VersionMaintenance (see: https://github.com/gardener/gardener/docs/operation/versioning.md) there is one supported version per maintained minor version. + // Only one "supported" version is allowed per minor version. // Supported versions are eligible for the automated Kubernetes and Machine image patch version update for shoot clusters in Gardener. ClassificationSupported VersionClassification = "supported" // ClassificationDeprecated indicates that a patch version should not be used anymore, should be updated to a new version diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_plant.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_plant.go index 5177be625..5f96bd52c 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_plant.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_plant.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Plant represents an external kubernetes cluster. type Plant struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_quota.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_quota.go index 9803cb944..340bf33d9 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_quota.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_quota.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret. type Quota struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_secretbinding.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_secretbinding.go index 5aa8bb22d..bba134e5b 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_secretbinding.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_secretbinding.go @@ -22,6 +22,7 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// SecretBinding represents a binding to a secret in the same or another namespace. type SecretBinding struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go index 5a788e436..d06773f5f 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go @@ -30,6 +30,7 @@ import ( // +genclient:method=CreateAdminKubeconfigRequest,verb=create,subresource=adminkubeconfig,input=github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.AdminKubeconfigRequest,result=github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.AdminKubeconfigRequest // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Shoot represents a Shoot cluster created and managed by Gardener. type Shoot struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. @@ -275,11 +276,12 @@ type DNSProvider struct { Zones *DNSIncludeExclude `json:"zones,omitempty" protobuf:"bytes,5,opt,name=zones"` } +// DNSIncludeExclude contains information about which domains shall be included/excluded. type DNSIncludeExclude struct { - // Include is a list of resources that shall be included. + // Include is a list of domains that shall be included. // +optional Include []string `json:"include,omitempty" protobuf:"bytes,1,rep,name=include"` - // Exclude is a list of resources that shall be excluded. + // Exclude is a list of domains that shall be excluded. // +optional Exclude []string `json:"exclude,omitempty" protobuf:"bytes,2,rep,name=exclude"` } @@ -406,6 +408,9 @@ type ClusterAutoscaler struct { // MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins). // +optional MaxNodeProvisionTime *metav1.Duration `json:"maxNodeProvisionTime,omitempty" protobuf:"bytes,8,opt,name=maxNodeProvisionTime"` + // MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600). + // +optional + MaxGracefulTerminationSeconds *int32 `json:"maxGracefulTerminationSeconds,omitempty" protobuf:"varint,9,opt,name=maxGracefulTerminationSeconds"` } // ExpanderMode is type used for Expander values @@ -560,6 +565,17 @@ type ServiceAccountConfig struct { // Only useful if service account tokens are also issued by another external system. // +optional SigningKeySecret *corev1.LocalObjectReference `json:"signingKeySecretName,omitempty" protobuf:"bytes,2,opt,name=signingKeySecretName"` + // ExtendTokenExpiration turns on projected service account expiration extension during token generation, which + // helps safe transition from legacy token to bound service account token feature. If this flag is enabled, + // admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, + // ignoring value of service-account-max-token-expiration. + // +optional + ExtendTokenExpiration *bool `json:"extendTokenExpiration,omitempty" protobuf:"bytes,3,opt,name=extendTokenExpiration"` + // MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an + // otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued + // with a validity duration of this value. + // +optional + MaxTokenExpiration *metav1.Duration `json:"maxTokenExpiration,omitempty" protobuf:"bytes,4,opt,name=maxTokenExpiration"` } // AuditConfig contains settings for audit of the api server @@ -1176,8 +1192,10 @@ type CRI struct { type CRIName string const ( + // CRINameContainerD is a constant for ContainerD CRI name. CRINameContainerD CRIName = "containerd" - CRINameDocker CRIName = "docker" + // CRINameDocker is a constant for Docker CRI name. + CRINameDocker CRIName = "docker" ) // ContainerRuntime contains information about worker's available container runtime diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.conversion.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.conversion.go index 0c33f0819..f6dbae82b 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.conversion.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.conversion.go @@ -1939,6 +1939,7 @@ func autoConvert_v1beta1_ClusterAutoscaler_To_core_ClusterAutoscaler(in *Cluster out.ScanInterval = (*metav1.Duration)(unsafe.Pointer(in.ScanInterval)) out.Expander = (*core.ExpanderMode)(unsafe.Pointer(in.Expander)) out.MaxNodeProvisionTime = (*metav1.Duration)(unsafe.Pointer(in.MaxNodeProvisionTime)) + out.MaxGracefulTerminationSeconds = (*int32)(unsafe.Pointer(in.MaxGracefulTerminationSeconds)) return nil } @@ -1956,6 +1957,7 @@ func autoConvert_core_ClusterAutoscaler_To_v1beta1_ClusterAutoscaler(in *core.Cl out.ScanInterval = (*metav1.Duration)(unsafe.Pointer(in.ScanInterval)) out.Expander = (*ExpanderMode)(unsafe.Pointer(in.Expander)) out.MaxNodeProvisionTime = (*metav1.Duration)(unsafe.Pointer(in.MaxNodeProvisionTime)) + out.MaxGracefulTerminationSeconds = (*int32)(unsafe.Pointer(in.MaxGracefulTerminationSeconds)) return nil } @@ -4588,6 +4590,8 @@ func Convert_core_SeedVolumeProvider_To_v1beta1_SeedVolumeProvider(in *core.Seed func autoConvert_v1beta1_ServiceAccountConfig_To_core_ServiceAccountConfig(in *ServiceAccountConfig, out *core.ServiceAccountConfig, s conversion.Scope) error { out.Issuer = (*string)(unsafe.Pointer(in.Issuer)) out.SigningKeySecret = (*v1.LocalObjectReference)(unsafe.Pointer(in.SigningKeySecret)) + out.ExtendTokenExpiration = (*bool)(unsafe.Pointer(in.ExtendTokenExpiration)) + out.MaxTokenExpiration = (*metav1.Duration)(unsafe.Pointer(in.MaxTokenExpiration)) return nil } @@ -4599,6 +4603,8 @@ func Convert_v1beta1_ServiceAccountConfig_To_core_ServiceAccountConfig(in *Servi func autoConvert_core_ServiceAccountConfig_To_v1beta1_ServiceAccountConfig(in *core.ServiceAccountConfig, out *ServiceAccountConfig, s conversion.Scope) error { out.Issuer = (*string)(unsafe.Pointer(in.Issuer)) out.SigningKeySecret = (*v1.LocalObjectReference)(unsafe.Pointer(in.SigningKeySecret)) + out.ExtendTokenExpiration = (*bool)(unsafe.Pointer(in.ExtendTokenExpiration)) + out.MaxTokenExpiration = (*metav1.Duration)(unsafe.Pointer(in.MaxTokenExpiration)) return nil } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go index 0f7d650f6..d1e910ec9 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go @@ -636,6 +636,11 @@ func (in *ClusterAutoscaler) DeepCopyInto(out *ClusterAutoscaler) { *out = new(metav1.Duration) **out = **in } + if in.MaxGracefulTerminationSeconds != nil { + in, out := &in.MaxGracefulTerminationSeconds, &out.MaxGracefulTerminationSeconds + *out = new(int32) + **out = **in + } return } @@ -3546,6 +3551,16 @@ func (in *ServiceAccountConfig) DeepCopyInto(out *ServiceAccountConfig) { *out = new(v1.LocalObjectReference) **out = **in } + if in.ExtendTokenExpiration != nil { + in, out := &in.ExtendTokenExpiration, &out.ExtendTokenExpiration + *out = new(bool) + **out = **in + } + if in.MaxTokenExpiration != nil { + in, out := &in.MaxTokenExpiration, &out.MaxTokenExpiration + *out = new(metav1.Duration) + **out = **in + } return } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/cloudprofile.go b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/cloudprofile.go index 9f2213cbb..a7098c706 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/cloudprofile.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/cloudprofile.go @@ -239,9 +239,9 @@ func validateMachineTypes(machineTypes []core.MachineType, fldPath *field.Path) } names[machineType.Name] = struct{}{} - allErrs = append(allErrs, validateResourceQuantityValue("cpu", machineType.CPU, cpuPath)...) - allErrs = append(allErrs, validateResourceQuantityValue("gpu", machineType.GPU, gpuPath)...) - allErrs = append(allErrs, validateResourceQuantityValue("memory", machineType.Memory, memoryPath)...) + allErrs = append(allErrs, ValidateResourceQuantityValue("cpu", machineType.CPU, cpuPath)...) + allErrs = append(allErrs, ValidateResourceQuantityValue("gpu", machineType.GPU, gpuPath)...) + allErrs = append(allErrs, ValidateResourceQuantityValue("memory", machineType.Memory, memoryPath)...) if machineType.Storage != nil { allErrs = append(allErrs, validateMachineTypeStorage(*machineType.Storage, idxPath.Child("storage"))...) @@ -265,11 +265,11 @@ func validateMachineTypeStorage(storage core.MachineTypeStorage, fldPath *field. } if storage.StorageSize != nil { - allErrs = append(allErrs, validateResourceQuantityValue("size", *storage.StorageSize, fldPath.Child("size"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("size", *storage.StorageSize, fldPath.Child("size"))...) } if storage.MinSize != nil { - allErrs = append(allErrs, validateResourceQuantityValue("minSize", *storage.MinSize, fldPath.Child("minSize"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("minSize", *storage.MinSize, fldPath.Child("minSize"))...) } return allErrs @@ -386,7 +386,7 @@ func validateVolumeTypes(volumeTypes []core.VolumeType, fldPath *field.Path) fie } if volumeType.MinSize != nil { - allErrs = append(allErrs, validateResourceQuantityValue("minSize", *volumeType.MinSize, idxPath.Child("minSize"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("minSize", *volumeType.MinSize, idxPath.Child("minSize"))...) } } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/quota.go b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/quota.go index 6805d2b69..2a28a2f39 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/quota.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/quota.go @@ -66,7 +66,7 @@ func ValidateQuotaSpec(quotaSpec *core.QuotaSpec, fldPath *field.Path) field.Err if !isValidQuotaMetric(corev1.ResourceName(k)) { allErrs = append(allErrs, field.Invalid(keyPath, v.String(), fmt.Sprintf("%s is no supported quota metric", string(k)))) } - allErrs = append(allErrs, validateResourceQuantityValue(string(k), v, keyPath)...) + allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, keyPath)...) } return allErrs @@ -86,8 +86,8 @@ func isValidQuotaMetric(metric corev1.ResourceName) bool { return false } -// validateResourceQuantityValue validates the value of a resource quantity. -func validateResourceQuantityValue(key string, value resource.Quantity, fldPath *field.Path) field.ErrorList { +// ValidateResourceQuantityValue validates the value of a resource quantity. +func ValidateResourceQuantityValue(key string, value resource.Quantity, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} if value.Cmp(resource.Quantity{}) < 0 { diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/seed.go b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/seed.go index acdcdacaf..9765c2f80 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/seed.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/seed.go @@ -148,7 +148,7 @@ func ValidateSeedSpec(seedSpec *core.SeedSpec, fldPath *field.Path, inTemplate b if seedSpec.Volume != nil { if seedSpec.Volume.MinimumSize != nil { - allErrs = append(allErrs, validateResourceQuantityValue("minimumSize", *seedSpec.Volume.MinimumSize, fldPath.Child("volume", "minimumSize"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("minimumSize", *seedSpec.Volume.MinimumSize, fldPath.Child("volume", "minimumSize"))...) } volumeProviderPurposes := make(map[string]struct{}, len(seedSpec.Volume.Providers)) diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/shoot.go index 3e71744ea..bf42aadf6 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/validation/shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/validation/shoot.go @@ -179,7 +179,7 @@ func ValidateShootSpec(meta metav1.ObjectMeta, spec *core.ShootSpec, fldPath *fi allErrs = append(allErrs, validateDNS(spec.DNS, fldPath.Child("dns"))...) allErrs = append(allErrs, validateExtensions(spec.Extensions, fldPath.Child("extensions"))...) allErrs = append(allErrs, validateResources(spec.Resources, fldPath.Child("resources"))...) - allErrs = append(allErrs, validateKubernetes(spec.Kubernetes, fldPath.Child("kubernetes"))...) + allErrs = append(allErrs, validateKubernetes(spec.Kubernetes, isDockerConfigured(spec.Provider.Workers), fldPath.Child("kubernetes"))...) allErrs = append(allErrs, validateNetworking(spec.Networking, fldPath.Child("networking"))...) allErrs = append(allErrs, validateMaintenance(spec.Maintenance, fldPath.Child("maintenance"))...) allErrs = append(allErrs, validateMonitoring(spec.Monitoring, fldPath.Child("monitoring"))...) @@ -216,6 +216,15 @@ func ValidateShootSpec(meta metav1.ObjectMeta, spec *core.ShootSpec, fldPath *fi return allErrs } +func isDockerConfigured(workers []core.Worker) bool { + for _, worker := range workers { + if worker.CRI == nil || worker.CRI.Name == core.CRINameDocker { + return true + } + } + return false +} + // ValidateShootSpecUpdate validates the specification of a Shoot object. func ValidateShootSpecUpdate(newSpec, oldSpec *core.ShootSpec, newObjectMeta metav1.ObjectMeta, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} @@ -597,7 +606,7 @@ func validateResources(resources []core.NamedResourceReference, fldPath *field.P return allErrs } -func validateKubernetes(kubernetes core.Kubernetes, fldPath *field.Path) field.ErrorList { +func validateKubernetes(kubernetes core.Kubernetes, dockerConfigured bool, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} if len(kubernetes.Version) == 0 { @@ -711,6 +720,16 @@ func validateKubernetes(kubernetes core.Kubernetes, fldPath *field.Path) field.E } } + if kubeAPIServer.ServiceAccountConfig != nil { + if kubeAPIServer.ServiceAccountConfig.ExtendTokenExpiration != nil && !geqKubernetes119 { + allErrs = append(allErrs, field.Forbidden(fldPath.Child("kubeAPIServer", "serviceAccountConfig", "extendTokenExpiration"), "this field is only available in Kubernetes v1.19+")) + } + + if kubeAPIServer.ServiceAccountConfig.MaxTokenExpiration != nil && kubeAPIServer.ServiceAccountConfig.MaxTokenExpiration.Duration < 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("kubeAPIServer", "serviceAccountConfig", "maxTokenExpiration"), *kubeAPIServer.ServiceAccountConfig.MaxTokenExpiration, "can not be negative")) + } + } + allErrs = append(allErrs, ValidateFeatureGates(kubeAPIServer.FeatureGates, kubernetes.Version, fldPath.Child("kubeAPIServer", "featureGates"))...) } @@ -718,7 +737,7 @@ func validateKubernetes(kubernetes core.Kubernetes, fldPath *field.Path) field.E allErrs = append(allErrs, validateKubeScheduler(kubernetes.KubeScheduler, kubernetes.Version, fldPath.Child("kubeScheduler"))...) allErrs = append(allErrs, validateKubeProxy(kubernetes.KubeProxy, kubernetes.Version, fldPath.Child("kubeProxy"))...) if kubernetes.Kubelet != nil { - allErrs = append(allErrs, ValidateKubeletConfig(*kubernetes.Kubelet, kubernetes.Version, fldPath.Child("kubelet"))...) + allErrs = append(allErrs, ValidateKubeletConfig(*kubernetes.Kubelet, kubernetes.Version, dockerConfigured, fldPath.Child("kubelet"))...) } if clusterAutoscaler := kubernetes.ClusterAutoscaler; clusterAutoscaler != nil { @@ -802,6 +821,9 @@ func ValidateClusterAutoscaler(autoScaler core.ClusterAutoscaler, fldPath *field if maxNodeProvisionTime := autoScaler.MaxNodeProvisionTime; maxNodeProvisionTime != nil && maxNodeProvisionTime.Duration < 0 { allErrs = append(allErrs, field.Invalid(fldPath.Child("maxNodeProvisionTime"), *maxNodeProvisionTime, "can not be negative")) } + if maxGracefulTerminationSeconds := autoScaler.MaxGracefulTerminationSeconds; maxGracefulTerminationSeconds != nil && *maxGracefulTerminationSeconds < 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("maxGracefulTerminationSeconds"), *maxGracefulTerminationSeconds, "can not be negative")) + } if expander := autoScaler.Expander; expander != nil && !availableClusterAutoscalerExpanderModes.Has(string(*expander)) { allErrs = append(allErrs, field.NotSupported(fldPath.Child("expander"), *expander, availableClusterAutoscalerExpanderModes.List())) @@ -1029,7 +1051,7 @@ func ValidateWorker(worker core.Worker, kubernetesVersion string, fldPath *field allErrs = append(allErrs, validateTaints(worker.Taints, fldPath.Child("taints"))...) } if worker.Kubernetes != nil && worker.Kubernetes.Kubelet != nil { - allErrs = append(allErrs, ValidateKubeletConfig(*worker.Kubernetes.Kubelet, kubernetesVersion, fldPath.Child("kubernetes", "kubelet"))...) + allErrs = append(allErrs, ValidateKubeletConfig(*worker.Kubernetes.Kubelet, kubernetesVersion, isDockerConfigured([]core.Worker{worker}), fldPath.Child("kubernetes", "kubelet"))...) } if worker.CABundle != nil { @@ -1096,7 +1118,7 @@ func ValidateWorker(worker core.Worker, kubernetesVersion string, fldPath *field const PodPIDsLimitMinimum int64 = 100 // ValidateKubeletConfig validates the KubeletConfig object. -func ValidateKubeletConfig(kubeletConfig core.KubeletConfig, version string, fldPath *field.Path) field.ErrorList { +func ValidateKubeletConfig(kubeletConfig core.KubeletConfig, version string, dockerConfigured bool, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} if kubeletConfig.MaxPods != nil { @@ -1108,6 +1130,9 @@ func ValidateKubeletConfig(kubeletConfig core.KubeletConfig, version string, fld } } if kubeletConfig.ImagePullProgressDeadline != nil { + if !dockerConfigured { + allErrs = append(allErrs, field.Forbidden(fldPath.Child("imagePullProgressDeadline"), "can only be configured when a worker pool is configured with 'docker'. This setting has no effect for other container runtimes.")) + } allErrs = append(allErrs, ValidatePositiveDuration(kubeletConfig.ImagePullProgressDeadline, fldPath.Child("imagePullProgressDeadline"))...) } if kubeletConfig.EvictionPressureTransitionPeriod != nil { @@ -1160,19 +1185,19 @@ func validateKubeletConfigEviction(eviction *core.KubeletConfigEviction, fldPath func validateKubeletConfigEvictionMinimumReclaim(eviction *core.KubeletConfigEvictionMinimumReclaim, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} if eviction.MemoryAvailable != nil { - allErrs = append(allErrs, validateResourceQuantityValue("memoryAvailable", *eviction.MemoryAvailable, fldPath.Child("memoryAvailable"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("memoryAvailable", *eviction.MemoryAvailable, fldPath.Child("memoryAvailable"))...) } if eviction.ImageFSAvailable != nil { - allErrs = append(allErrs, validateResourceQuantityValue("imagefsAvailable", *eviction.ImageFSAvailable, fldPath.Child("imagefsAvailable"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("imagefsAvailable", *eviction.ImageFSAvailable, fldPath.Child("imagefsAvailable"))...) } if eviction.ImageFSInodesFree != nil { - allErrs = append(allErrs, validateResourceQuantityValue("imagefsInodesFree", *eviction.ImageFSInodesFree, fldPath.Child("imagefsInodesFree"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("imagefsInodesFree", *eviction.ImageFSInodesFree, fldPath.Child("imagefsInodesFree"))...) } if eviction.NodeFSAvailable != nil { - allErrs = append(allErrs, validateResourceQuantityValue("nodefsAvailable", *eviction.NodeFSAvailable, fldPath.Child("nodefsAvailable"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("nodefsAvailable", *eviction.NodeFSAvailable, fldPath.Child("nodefsAvailable"))...) } if eviction.ImageFSInodesFree != nil { - allErrs = append(allErrs, validateResourceQuantityValue("imagefsInodesFree", *eviction.ImageFSInodesFree, fldPath.Child("imagefsInodesFree"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("imagefsInodesFree", *eviction.ImageFSInodesFree, fldPath.Child("imagefsInodesFree"))...) } return allErrs } @@ -1190,16 +1215,16 @@ func validateKubeletConfigEvictionSoftGracePeriod(eviction *core.KubeletConfigEv func validateKubeletConfigReserved(reserved *core.KubeletConfigReserved, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} if reserved.CPU != nil { - allErrs = append(allErrs, validateResourceQuantityValue("cpu", *reserved.CPU, fldPath.Child("cpu"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("cpu", *reserved.CPU, fldPath.Child("cpu"))...) } if reserved.Memory != nil { - allErrs = append(allErrs, validateResourceQuantityValue("memory", *reserved.Memory, fldPath.Child("memory"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("memory", *reserved.Memory, fldPath.Child("memory"))...) } if reserved.EphemeralStorage != nil { - allErrs = append(allErrs, validateResourceQuantityValue("ephemeralStorage", *reserved.EphemeralStorage, fldPath.Child("ephemeralStorage"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("ephemeralStorage", *reserved.EphemeralStorage, fldPath.Child("ephemeralStorage"))...) } if reserved.PID != nil { - allErrs = append(allErrs, validateResourceQuantityValue("pid", *reserved.PID, fldPath.Child("pid"))...) + allErrs = append(allErrs, ValidateResourceQuantityValue("pid", *reserved.PID, fldPath.Child("pid"))...) } return allErrs } @@ -1426,7 +1451,7 @@ func ValidateResourceQuantityOrPercent(valuePtr *string, fldPath *field.Path, ke value := *valuePtr // check for resource quantity if quantity, err := resource.ParseQuantity(value); err == nil { - if len(validateResourceQuantityValue(key, quantity, fldPath)) == 0 { + if len(ValidateResourceQuantityValue(key, quantity, fldPath)) == 0 { return allErrs } } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/apis/core/zz_generated.deepcopy.go index 11f6ba5d7..e62673d45 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/zz_generated.deepcopy.go @@ -636,6 +636,11 @@ func (in *ClusterAutoscaler) DeepCopyInto(out *ClusterAutoscaler) { *out = new(metav1.Duration) **out = **in } + if in.MaxGracefulTerminationSeconds != nil { + in, out := &in.MaxGracefulTerminationSeconds, &out.MaxGracefulTerminationSeconds + *out = new(int32) + **out = **in + } return } @@ -3735,6 +3740,16 @@ func (in *ServiceAccountConfig) DeepCopyInto(out *ServiceAccountConfig) { *out = new(v1.LocalObjectReference) **out = **in } + if in.ExtendTokenExpiration != nil { + in, out := &in.ExtendTokenExpiration, &out.ExtendTokenExpiration + *out = new(bool) + **out = **in + } + if in.MaxTokenExpiration != nil { + in, out := &in.MaxTokenExpiration, &out.MaxTokenExpiration + *out = new(metav1.Duration) + **out = **in + } return } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/register.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/register.go index c074510b8..5a16fbd58 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/extensions/register.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/register.go @@ -15,5 +15,6 @@ package extensions const ( + // GroupName is the name of the extensions API group. GroupName = "extensions.gardener.cloud" ) diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/helper/helper.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/helper/helper.go index 42bd623c5..9df68bb07 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/helper/helper.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/helper/helper.go @@ -35,9 +35,8 @@ func ClusterAutoscalerRequired(pools []extensionsv1alpha1.WorkerPool) bool { func GetDNSRecordType(address string) extensionsv1alpha1.DNSRecordType { if ip := net.ParseIP(address); ip != nil && ip.To4() != nil { return extensionsv1alpha1.DNSRecordTypeA - } else { - return extensionsv1alpha1.DNSRecordTypeCNAME } + return extensionsv1alpha1.DNSRecordTypeCNAME } // GetDNSRecordTTL returns the value of the given ttl, or 120 if nil. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/register.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/register.go index ea56f57a8..517b89f05 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/register.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/register.go @@ -36,8 +36,10 @@ func Resource(resource string) schema.GroupResource { } var ( + // SchemeBuilder is a new Scheme Builder which registers our API. SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme + // AddToScheme is a reference to the Scheme Builder's AddToScheme function. + AddToScheme = SchemeBuilder.AddToScheme ) // Adds the list of known types to Scheme. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go index 7578e242b..b096f2eba 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go @@ -79,6 +79,7 @@ type ContainerRuntimeSpec struct { DefaultSpec `json:",inline"` } +// ContainerRuntimeWorkerPool identifies a Shoot worker pool by its name and selector. type ContainerRuntimeWorkerPool struct { // Name specifies the name of the worker pool the container runtime should be available for. Name string `json:"name"` diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go index 6865151ed..62b9f6de7 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go @@ -191,14 +191,14 @@ type OperatingSystemConfigStatus struct { Units []string `json:"units,omitempty"` } -// CloudConfig is a structure for containing the generated output for the given operating system +// CloudConfig contains the generated output for the given operating system // config spec. It contains a reference to a secret as the result may contain confidential data. type CloudConfig struct { // SecretRef is a reference to a secret that contains the actual result of the generated cloud config. SecretRef corev1.SecretReference `json:"secretRef"` } -// OperatingSystemConfigPurpose is a string alias. +// OperatingSystemConfigPurpose is a string alias. type OperatingSystemConfigPurpose string const ( @@ -216,7 +216,7 @@ const ( OperatingSystemConfigSecretDataKey = "cloud_config" ) -// CRI config is a structure contains configurations of the CRI library +// CRIConfig contains configurations of the CRI library. type CRIConfig struct { // Name is a mandatory string containing the name of the CRI library. Supported values are `docker` and `containerd`. Name CRIName `json:"name"` diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/backupbucket.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/backupbucket.go new file mode 100644 index 000000000..19668bca9 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/backupbucket.go @@ -0,0 +1,91 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateBackupBucket validates a BackupBucket object. +func ValidateBackupBucket(bb *extensionsv1alpha1.BackupBucket) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&bb.ObjectMeta, false, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateBackupBucketSpec(&bb.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateBackupBucketUpdate validates a BackupBucket object before an update. +func ValidateBackupBucketUpdate(new, old *extensionsv1alpha1.BackupBucket) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateBackupBucketSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateBackupBucket(new)...) + + return allErrs +} + +// ValidateBackupBucketSpec validates the specification of a BackupBucket object. +func ValidateBackupBucketSpec(spec *extensionsv1alpha1.BackupBucketSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if len(spec.Region) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("region"), "field is required")) + } + + if len(spec.SecretRef.Name) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "field is required")) + } + + return allErrs +} + +// ValidateBackupBucketSpecUpdate validates the spec of a BackupBucket object before an update. +func ValidateBackupBucketSpecUpdate(new, old *extensionsv1alpha1.BackupBucketSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Region, old.Region, fldPath.Child("region"))...) + + return allErrs +} + +// ValidateBackupBucketStatus validates the status of a BackupBucket object. +func ValidateBackupBucketStatus(spec *extensionsv1alpha1.BackupBucketStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateBackupBucketStatusUpdate validates the status field of a BackupBucket object. +func ValidateBackupBucketStatusUpdate(newStatus, oldStatus extensionsv1alpha1.BackupBucketStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/backupentry.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/backupentry.go new file mode 100644 index 000000000..be5e14897 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/backupentry.go @@ -0,0 +1,96 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateBackupEntry validates a BackupEntry object. +func ValidateBackupEntry(be *extensionsv1alpha1.BackupEntry) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&be.ObjectMeta, false, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateBackupEntrySpec(&be.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateBackupEntryUpdate validates a BackupEntry object before an update. +func ValidateBackupEntryUpdate(new, old *extensionsv1alpha1.BackupEntry) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateBackupEntrySpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateBackupEntry(new)...) + + return allErrs +} + +// ValidateBackupEntrySpec validates the specification of a BackupEntry object. +func ValidateBackupEntrySpec(spec *extensionsv1alpha1.BackupEntrySpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if len(spec.BucketName) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("bucketName"), "field is required")) + } + + if len(spec.Region) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("region"), "field is required")) + } + + if len(spec.SecretRef.Name) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "field is required")) + } + + return allErrs +} + +// ValidateBackupEntrySpecUpdate validates the spec of a BackupEntry object before an update. +func ValidateBackupEntrySpecUpdate(new, old *extensionsv1alpha1.BackupEntrySpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Region, old.Region, fldPath.Child("region"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.BucketName, old.BucketName, fldPath.Child("bucketName"))...) + + return allErrs +} + +// ValidateBackupEntryStatus validates the status of a BackupEntry object. +func ValidateBackupEntryStatus(spec *extensionsv1alpha1.BackupEntryStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateBackupEntryStatusUpdate validates the status field of a BackupEntry object. +func ValidateBackupEntryStatusUpdate(newStatus, oldStatus extensionsv1alpha1.BackupEntryStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/bastion.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/bastion.go new file mode 100644 index 000000000..6fa77e39a --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/bastion.go @@ -0,0 +1,91 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateBastion validates a Bastion object. +func ValidateBastion(bastion *extensionsv1alpha1.Bastion) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&bastion.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateBastionSpec(&bastion.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateBastionUpdate validates a Bastion object before an update. +func ValidateBastionUpdate(new, old *extensionsv1alpha1.Bastion) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateBastionSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateBastion(new)...) + + return allErrs +} + +// ValidateBastionSpec validates the specification of a Bastion object. +func ValidateBastionSpec(spec *extensionsv1alpha1.BastionSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if len(spec.UserData) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("userData"), "field is required")) + } + + if len(spec.Ingress) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("ingress"), "field is required")) + } + + return allErrs +} + +// ValidateBastionSpecUpdate validates the spec of a Bastion object before an update. +func ValidateBastionSpecUpdate(new, old *extensionsv1alpha1.BastionSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.UserData, old.UserData, fldPath.Child("userData"))...) + + return allErrs +} + +// ValidateBastionStatus validates the status of a Bastion object. +func ValidateBastionStatus(spec *extensionsv1alpha1.BastionStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateBastionStatusUpdate validates the status field of a Bastion object. +func ValidateBastionStatusUpdate(newStatus, oldStatus extensionsv1alpha1.BastionStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/test/e2e/netpol-gen/netpol-gen.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/containerruntime.go similarity index 53% rename from test/e2e/netpol-gen/netpol-gen.go rename to vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/containerruntime.go index b1ae734c8..330608c32 100644 --- a/test/e2e/netpol-gen/netpol-gen.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/containerruntime.go @@ -1,4 +1,4 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,28 +12,20 @@ // See the License for the specific language governing permissions and // limitations under the License. -package main +package validation import ( - "os" + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/gardener/gardener-extension-provider-azure/test/e2e/netpol-gen/app" - - "github.com/gardener/gardener/extensions/test/e2e/framework/networkpolicies/generators" - "k8s.io/gengo/args" - "k8s.io/klog" + "k8s.io/apimachinery/pkg/util/validation/field" ) -func main() { - klog.InitFlags(nil) - arguments := args.Default() - if err := arguments.Execute( - generators.NameSystems(), - generators.DefaultNameSystem(), - generators.NewPackages(app.NewCloudAware()), - ); err != nil { - klog.Errorf("Error: %v", err) - os.Exit(1) - } - klog.V(2).Info("Completed successfully.") +// ValidateContainerRuntime validates a ContainerRuntime object. +func ValidateContainerRuntime(cr *extensionsv1alpha1.ContainerRuntime) field.ErrorList { + return nil +} + +// ValidateContainerRuntimeUpdate validates a ContainerRuntime object before an update. +func ValidateContainerRuntimeUpdate(new, old *extensionsv1alpha1.ContainerRuntime) field.ErrorList { + return nil } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/controlplane.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/controlplane.go new file mode 100644 index 000000000..1b40794da --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/controlplane.go @@ -0,0 +1,98 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateControlPlane validates a ControlPlane object. +func ValidateControlPlane(cp *extensionsv1alpha1.ControlPlane) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&cp.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateControlPlaneSpec(&cp.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateControlPlaneUpdate validates a ControlPlane object before an update. +func ValidateControlPlaneUpdate(new, old *extensionsv1alpha1.ControlPlane) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateControlPlaneSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateControlPlane(new)...) + + return allErrs +} + +// ValidateControlPlaneSpec validates the specification of a ControlPlane object. +func ValidateControlPlaneSpec(spec *extensionsv1alpha1.ControlPlaneSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if spec.Purpose != nil { + if *spec.Purpose != extensionsv1alpha1.Normal && *spec.Purpose != extensionsv1alpha1.Exposure { + allErrs = append(allErrs, field.NotSupported(fldPath.Child("purpose"), *spec.Purpose, []string{string(extensionsv1alpha1.Normal), string(extensionsv1alpha1.Exposure)})) + } + } + + if len(spec.Region) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("region"), "field is required")) + } + + if len(spec.SecretRef.Name) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "field is required")) + } + + return allErrs +} + +// ValidateControlPlaneSpecUpdate validates the spec of a ControlPlane object before an update. +func ValidateControlPlaneSpecUpdate(new, old *extensionsv1alpha1.ControlPlaneSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Purpose, old.Purpose, fldPath.Child("purpose"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Region, old.Region, fldPath.Child("region"))...) + + return allErrs +} + +// ValidateControlPlaneStatus validates the status of a ControlPlane object. +func ValidateControlPlaneStatus(spec *extensionsv1alpha1.ControlPlaneStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateControlPlaneStatusUpdate validates the status field of a ControlPlane object. +func ValidateControlPlaneStatusUpdate(newStatus, oldStatus extensionsv1alpha1.ControlPlaneStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/dnsrecord.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/dnsrecord.go new file mode 100644 index 000000000..56d4b69d0 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/dnsrecord.go @@ -0,0 +1,133 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + "strings" + + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + "github.com/gardener/gardener/pkg/utils" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateDNSRecord validates a DNSRecord object. +func ValidateDNSRecord(dns *extensionsv1alpha1.DNSRecord) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&dns.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateDNSRecordSpec(&dns.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateDNSRecordUpdate validates a DNSRecord object before an update. +func ValidateDNSRecordUpdate(new, old *extensionsv1alpha1.DNSRecord) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateDNSRecordSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateDNSRecord(new)...) + + return allErrs +} + +// ValidateDNSRecordSpec validates the specification of a DNSRecord object. +func ValidateDNSRecordSpec(spec *extensionsv1alpha1.DNSRecordSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if len(spec.SecretRef.Name) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "field is required")) + } + + if spec.Region != nil && len(*spec.Region) == 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("region"), *spec.Region, "field cannot be empty if specified")) + } + + if spec.Zone != nil && len(*spec.Zone) == 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("zone"), *spec.Zone, "field cannot be empty if specified")) + } + + // This will return FieldValueRequired for an empty spec.Name + allErrs = append(allErrs, validation.IsFullyQualifiedDomainName(fldPath.Child("name"), strings.TrimPrefix(spec.Name, "*."))...) + + validRecordTypes := []string{string(extensionsv1alpha1.DNSRecordTypeA), string(extensionsv1alpha1.DNSRecordTypeCNAME), string(extensionsv1alpha1.DNSRecordTypeTXT)} + if !utils.ValueExists(string(spec.RecordType), validRecordTypes) { + allErrs = append(allErrs, field.NotSupported(fldPath.Child("recordType"), spec.RecordType, validRecordTypes)) + } + + if len(spec.Values) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("values"), "field is required")) + } + if spec.RecordType == extensionsv1alpha1.DNSRecordTypeCNAME && len(spec.Values) > 1 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("values"), spec.Values, "CNAME records must have a single value")) + } + for i, value := range spec.Values { + allErrs = append(allErrs, validateValue(spec.RecordType, value, fldPath.Child("values").Index(i))...) + } + + if spec.TTL != nil { + allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(*spec.TTL, fldPath.Child("ttl"))...) + } + + return allErrs +} + +// ValidateDNSRecordSpecUpdate validates the spec of a DNSRecord object before an update. +func ValidateDNSRecordSpecUpdate(new, old *extensionsv1alpha1.DNSRecordSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Name, old.Name, fldPath.Child("name"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.RecordType, old.RecordType, fldPath.Child("recordType"))...) + + return allErrs +} + +// ValidateDNSRecordStatus validates the status of a DNSRecord object. +func ValidateDNSRecordStatus(spec *extensionsv1alpha1.DNSRecordStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateDNSRecordStatusUpdate validates the status field of a DNSRecord object. +func ValidateDNSRecordStatusUpdate(newStatus, oldStatus extensionsv1alpha1.DNSRecordStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +func validateValue(recordType extensionsv1alpha1.DNSRecordType, value string, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + switch recordType { + case extensionsv1alpha1.DNSRecordTypeA: + allErrs = append(allErrs, validation.IsValidIPv4Address(fldPath, value)...) + case extensionsv1alpha1.DNSRecordTypeCNAME: + allErrs = append(allErrs, validation.IsFullyQualifiedDomainName(fldPath, value)...) + } + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/extension.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/extension.go new file mode 100644 index 000000000..eb34a0a7d --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/extension.go @@ -0,0 +1,82 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateExtension validates a Extension object. +func ValidateExtension(ext *extensionsv1alpha1.Extension) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&ext.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateExtensionSpec(&ext.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateExtensionUpdate validates a Extension object before an update. +func ValidateExtensionUpdate(new, old *extensionsv1alpha1.Extension) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateExtensionSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateExtension(new)...) + + return allErrs +} + +// ValidateExtensionSpec validates the specification of a Extension object. +func ValidateExtensionSpec(spec *extensionsv1alpha1.ExtensionSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + return allErrs +} + +// ValidateExtensionSpecUpdate validates the spec of a Extension object before an update. +func ValidateExtensionSpecUpdate(new, old *extensionsv1alpha1.ExtensionSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + + return allErrs +} + +// ValidateExtensionStatus validates the status of a Extension object. +func ValidateExtensionStatus(spec *extensionsv1alpha1.ExtensionStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateExtensionStatusUpdate validates the status field of a Extension object. +func ValidateExtensionStatusUpdate(newStatus, oldStatus extensionsv1alpha1.ExtensionStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/infrastructure.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/infrastructure.go new file mode 100644 index 000000000..31f1c73ef --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/infrastructure.go @@ -0,0 +1,91 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateInfrastructure validates a Infrastructure object. +func ValidateInfrastructure(infra *extensionsv1alpha1.Infrastructure) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&infra.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateInfrastructureSpec(&infra.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateInfrastructureUpdate validates a Infrastructure object before an update. +func ValidateInfrastructureUpdate(new, old *extensionsv1alpha1.Infrastructure) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateInfrastructureSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateInfrastructure(new)...) + + return allErrs +} + +// ValidateInfrastructureSpec validates the specification of a Infrastructure object. +func ValidateInfrastructureSpec(spec *extensionsv1alpha1.InfrastructureSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if len(spec.Region) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("region"), "field is required")) + } + + if len(spec.SecretRef.Name) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "field is required")) + } + + return allErrs +} + +// ValidateInfrastructureSpecUpdate validates the spec of a Infrastructure object before an update. +func ValidateInfrastructureSpecUpdate(new, old *extensionsv1alpha1.InfrastructureSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Region, old.Region, fldPath.Child("region"))...) + + return allErrs +} + +// ValidateInfrastructureStatus validates the status of a Infrastructure object. +func ValidateInfrastructureStatus(spec *extensionsv1alpha1.InfrastructureStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateInfrastructureStatusUpdate validates the status field of a Infrastructure object. +func ValidateInfrastructureStatusUpdate(newStatus, oldStatus extensionsv1alpha1.InfrastructureStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/network.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/network.go new file mode 100644 index 000000000..3a22f1415 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/network.go @@ -0,0 +1,102 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + cidrvalidation "github.com/gardener/gardener/pkg/utils/validation/cidr" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateNetwork validates a Network object. +func ValidateNetwork(network *extensionsv1alpha1.Network) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&network.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateNetworkSpec(&network.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateNetworkUpdate validates a Network object before an update. +func ValidateNetworkUpdate(new, old *extensionsv1alpha1.Network) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateNetworkSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateNetwork(new)...) + + return allErrs +} + +// ValidateNetworkSpec validates the specification of a Network object. +func ValidateNetworkSpec(spec *extensionsv1alpha1.NetworkSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + var cidrs []cidrvalidation.CIDR + + if len(spec.PodCIDR) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("podCIDR"), "field is required")) + } else { + cidrs = append(cidrs, cidrvalidation.NewCIDR(spec.PodCIDR, fldPath.Child("podCIDR"))) + } + + if len(spec.ServiceCIDR) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("serviceCIDR"), "field is required")) + } else { + cidrs = append(cidrs, cidrvalidation.NewCIDR(spec.ServiceCIDR, fldPath.Child("serviceCIDR"))) + } + + allErrs = append(allErrs, cidrvalidation.ValidateCIDRParse(cidrs...)...) + allErrs = append(allErrs, cidrvalidation.ValidateCIDROverlap(cidrs, cidrs, false)...) + + return allErrs +} + +// ValidateNetworkSpecUpdate validates the spec of a Network object before an update. +func ValidateNetworkSpecUpdate(new, old *extensionsv1alpha1.NetworkSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.PodCIDR, old.PodCIDR, fldPath.Child("podCIDR"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.ServiceCIDR, old.ServiceCIDR, fldPath.Child("serviceCIDR"))...) + + return allErrs +} + +// ValidateNetworkStatus validates the status of a Network object. +func ValidateNetworkStatus(spec *extensionsv1alpha1.NetworkStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateNetworkStatusUpdate validates the status field of a Network object. +func ValidateNetworkStatusUpdate(newStatus, oldStatus extensionsv1alpha1.NetworkStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/operatingsystemconfig.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/operatingsystemconfig.go new file mode 100644 index 000000000..328ba0a0c --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/operatingsystemconfig.go @@ -0,0 +1,168 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + "github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/oscommon/cloudinit" + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + "github.com/gardener/gardener/pkg/utils" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateOperatingSystemConfig validates a OperatingSystemConfig object. +func ValidateOperatingSystemConfig(osc *extensionsv1alpha1.OperatingSystemConfig) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&osc.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateOperatingSystemConfigSpec(&osc.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateOperatingSystemConfigUpdate validates a OperatingSystemConfig object before an update. +func ValidateOperatingSystemConfigUpdate(new, old *extensionsv1alpha1.OperatingSystemConfig) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateOperatingSystemConfigSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateOperatingSystemConfig(new)...) + + return allErrs +} + +// ValidateOperatingSystemConfigSpec validates the specification of a OperatingSystemConfig object. +func ValidateOperatingSystemConfigSpec(spec *extensionsv1alpha1.OperatingSystemConfigSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if len(spec.Purpose) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("purpose"), "field is required")) + } else { + if spec.Purpose != extensionsv1alpha1.OperatingSystemConfigPurposeProvision && spec.Purpose != extensionsv1alpha1.OperatingSystemConfigPurposeReconcile { + allErrs = append(allErrs, field.NotSupported(fldPath.Child("purpose"), spec.Purpose, []string{string(extensionsv1alpha1.OperatingSystemConfigPurposeProvision), string(extensionsv1alpha1.OperatingSystemConfigPurposeReconcile)})) + } + } + + allErrs = append(allErrs, ValidateUnits(spec.Units, fldPath.Child("units"))...) + allErrs = append(allErrs, ValidateFiles(spec.Files, fldPath.Child("files"))...) + + return allErrs +} + +// ValidateUnits validates operating system config units. +func ValidateUnits(units []extensionsv1alpha1.Unit, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + for i, unit := range units { + idxPath := fldPath.Index(i) + + if len(unit.Name) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("name"), "field is required")) + } + + for j, dropIn := range unit.DropIns { + jdxPath := idxPath.Child("dropIns").Index(j) + + if len(dropIn.Name) == 0 { + allErrs = append(allErrs, field.Required(jdxPath.Child("name"), "field is required")) + } + if len(dropIn.Content) == 0 { + allErrs = append(allErrs, field.Required(jdxPath.Child("content"), "field is required")) + } + } + } + + return allErrs +} + +// ValidateFiles validates operating system config files. +func ValidateFiles(files []extensionsv1alpha1.File, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + paths := sets.NewString() + + for i, file := range files { + idxPath := fldPath.Index(i) + + if len(file.Path) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("path"), "field is required")) + } else { + if paths.Has(file.Path) { + allErrs = append(allErrs, field.Duplicate(idxPath.Child("path"), file.Path)) + } + paths.Insert(file.Path) + } + + switch { + case file.Content.SecretRef == nil && file.Content.Inline == nil: + allErrs = append(allErrs, field.Required(idxPath.Child("content"), "either 'secretRef' or 'inline' must be provided")) + case file.Content.SecretRef != nil && file.Content.Inline != nil: + allErrs = append(allErrs, field.Invalid(idxPath.Child("content"), file.Content, "either 'secretRef' or 'inline' must be provided, not both at the same time")) + case file.Content.SecretRef != nil: + if len(file.Content.SecretRef.Name) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("content", "secretRef", "name"), "field is required")) + } + if len(file.Content.SecretRef.DataKey) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("content", "secretRef", "dataKey"), "field is required")) + } + case file.Content.Inline != nil: + encodings := []string{"", string(cloudinit.B64FileCodecID), string(cloudinit.GZIPFileCodecID), string(cloudinit.GZIPB64FileCodecID)} + if !utils.ValueExists(file.Content.Inline.Encoding, encodings) { + allErrs = append(allErrs, field.NotSupported(idxPath.Child("content", "inline", "encoding"), file.Content.Inline.Encoding, encodings)) + } + + if len(file.Content.Inline.Data) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("content", "inline", "data"), "field is required")) + } + } + } + + return allErrs +} + +// ValidateOperatingSystemConfigSpecUpdate validates the spec of a OperatingSystemConfig object before an update. +func ValidateOperatingSystemConfigSpecUpdate(new, old *extensionsv1alpha1.OperatingSystemConfigSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Purpose, old.Purpose, fldPath.Child("purpose"))...) + + return allErrs +} + +// ValidateOperatingSystemConfigStatus validates the status of a OperatingSystemConfig object. +func ValidateOperatingSystemConfigStatus(spec *extensionsv1alpha1.OperatingSystemConfigStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateOperatingSystemConfigStatusUpdate validates the status field of a OperatingSystemConfig object. +func ValidateOperatingSystemConfigStatusUpdate(newStatus, oldStatus extensionsv1alpha1.OperatingSystemConfigStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/worker.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/worker.go new file mode 100644 index 000000000..80323f119 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/validation/worker.go @@ -0,0 +1,123 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package validation + +import ( + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + + apiequality "k8s.io/apimachinery/pkg/api/equality" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +// ValidateWorker validates a Worker object. +func ValidateWorker(worker *extensionsv1alpha1.Worker) field.ErrorList { + allErrs := field.ErrorList{} + allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&worker.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateWorkerSpec(&worker.Spec, field.NewPath("spec"))...) + + return allErrs +} + +// ValidateWorkerUpdate validates a Worker object before an update. +func ValidateWorkerUpdate(new, old *extensionsv1alpha1.Worker) field.ErrorList { + allErrs := field.ErrorList{} + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateWorkerSpecUpdate(&new.Spec, &old.Spec, new.DeletionTimestamp != nil, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateWorker(new)...) + + return allErrs +} + +// ValidateWorkerSpec validates the specification of a Worker object. +func ValidateWorkerSpec(spec *extensionsv1alpha1.WorkerSpec, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(spec.Type) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("type"), "field is required")) + } + + if len(spec.Region) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("region"), "field is required")) + } + + if len(spec.SecretRef.Name) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "field is required")) + } + + allErrs = append(allErrs, ValidateWorkerPools(spec.Pools, fldPath.Child("pools"))...) + + return allErrs +} + +// ValidateWorkerPools validates a list of worker pools. +func ValidateWorkerPools(pools []extensionsv1alpha1.WorkerPool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + for i, pool := range pools { + idxPath := fldPath.Index(i) + + if len(pool.MachineType) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("machineType"), "field is required")) + } + + if len(pool.MachineImage.Name) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("machineImage", "name"), "field is required")) + } + if len(pool.MachineImage.Version) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("machineImage", "version"), "field is required")) + } + + if len(pool.Name) == 0 { + allErrs = append(allErrs, field.Required(idxPath.Child("name"), "field is required")) + } + + if pool.UserData == nil { + allErrs = append(allErrs, field.Required(idxPath.Child("userData"), "field is required")) + } + } + + return allErrs +} + +// ValidateWorkerSpecUpdate validates the spec of a Worker object before an update. +func ValidateWorkerSpecUpdate(new, old *extensionsv1alpha1.WorkerSpec, deletionTimestampSet bool, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if deletionTimestampSet && !apiequality.Semantic.DeepEqual(new, old) { + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new, old, fldPath)...) + return allErrs + } + + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Type, old.Type, fldPath.Child("type"))...) + allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Region, old.Region, fldPath.Child("region"))...) + + return allErrs +} + +// ValidateWorkerStatus validates the status of a Worker object. +func ValidateWorkerStatus(spec *extensionsv1alpha1.WorkerStatus, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} + +// ValidateWorkerStatusUpdate validates the status field of a Worker object. +func ValidateWorkerStatusUpdate(newStatus, oldStatus extensionsv1alpha1.WorkerStatus) field.ErrorList { + allErrs := field.ErrorList{} + + return allErrs +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/operations/install/install.go b/vendor/github.com/gardener/gardener/pkg/apis/operations/install/install.go new file mode 100644 index 000000000..89f602f7c --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/operations/install/install.go @@ -0,0 +1,39 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package install + +import ( + "github.com/gardener/gardener/pkg/apis/operations" + "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var ( + localSchemeBuilder = runtime.SchemeBuilder{ + v1alpha1.AddToScheme, + } + // AddToScheme adds all versioned API types to the given scheme. + AddToScheme = localSchemeBuilder.AddToScheme +) + +// Install registers the API group and adds types to a scheme. +func Install(scheme *runtime.Scheme) { + utilruntime.Must(operations.AddToScheme(scheme)) + utilruntime.Must(v1alpha1.AddToScheme(scheme)) + + utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/operations/v1alpha1/conversions.go b/vendor/github.com/gardener/gardener/pkg/apis/operations/v1alpha1/conversions.go index fd4f0f45b..ed901f302 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/operations/v1alpha1/conversions.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/operations/v1alpha1/conversions.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//nolint:revive package v1alpha1 import ( diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/install/install.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/install/install.go new file mode 100644 index 000000000..f3555ec8f --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/install/install.go @@ -0,0 +1,39 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package install + +import ( + "github.com/gardener/gardener/pkg/apis/seedmanagement" + "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var ( + localSchemeBuilder = runtime.SchemeBuilder{ + v1alpha1.AddToScheme, + } + // AddToScheme adds all versioned API types to the given scheme. + AddToScheme = localSchemeBuilder.AddToScheme +) + +// Install registers the API group and adds types to a scheme. +func Install(scheme *runtime.Scheme) { + utilruntime.Must(seedmanagement.AddToScheme(scheme)) + utilruntime.Must(v1alpha1.AddToScheme(scheme)) + + utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/types_managedseed.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/types_managedseed.go index 2c3902950..21f0247f4 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/types_managedseed.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/types_managedseed.go @@ -95,7 +95,7 @@ type Gardenlet struct { type GardenletDeployment struct { // ReplicaCount is the number of gardenlet replicas. Defaults to 1. ReplicaCount *int32 - // RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 1. + // RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 10. RevisionHistoryLimit *int32 // ServiceAccountName is the name of the ServiceAccount to use to run gardenlet pods. ServiceAccountName *string diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/conversions.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/conversions.go index adb330b79..cb84b5c79 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/conversions.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/conversions.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//nolint:revive package v1alpha1 import ( diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go index d3b5831dc..b5fdf3724 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go @@ -51,7 +51,7 @@ func SetDefaults_GardenletDeployment(obj *GardenletDeployment) { // Set default revision history limit if obj.RevisionHistoryLimit == nil { - obj.RevisionHistoryLimit = pointer.Int32(1) + obj.RevisionHistoryLimit = pointer.Int32(10) } // Set default image diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/generated.proto b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/generated.proto index 17da9c75b..b3491ba38 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/generated.proto +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/generated.proto @@ -59,7 +59,7 @@ message GardenletDeployment { // +optional optional int32 replicaCount = 1; - // RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 1. + // RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 10. // +optional optional int32 revisionHistoryLimit = 2; diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/types_managedseed.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/types_managedseed.go index d1e75cda1..e7ce30b03 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/types_managedseed.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/types_managedseed.go @@ -109,7 +109,7 @@ type GardenletDeployment struct { // ReplicaCount is the number of gardenlet replicas. Defaults to 1. // +optional ReplicaCount *int32 `json:"replicaCount,omitempty" protobuf:"varint,1,opt,name=replicaCount"` - // RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 1. + // RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 10. // +optional RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty" protobuf:"varint,2,opt,name=revisionHistoryLimit"` // ServiceAccountName is the name of the ServiceAccount to use to run gardenlet pods. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/settings/install/install.go b/vendor/github.com/gardener/gardener/pkg/apis/settings/install/install.go new file mode 100644 index 000000000..328086047 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/apis/settings/install/install.go @@ -0,0 +1,39 @@ +// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package install + +import ( + "github.com/gardener/gardener/pkg/apis/settings" + "github.com/gardener/gardener/pkg/apis/settings/v1alpha1" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var ( + localSchemeBuilder = runtime.SchemeBuilder{ + v1alpha1.AddToScheme, + } + // AddToScheme adds all versioned API types to the given scheme. + AddToScheme = localSchemeBuilder.AddToScheme +) + +// Install registers the API group and adds types to a scheme. +func Install(scheme *runtime.Scheme) { + utilruntime.Must(settings.AddToScheme(scheme)) + utilruntime.Must(v1alpha1.AddToScheme(scheme)) + + utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/clientset.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/clientset.go deleted file mode 100644 index d6ec68662..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/clientset.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package versioned - -import ( - "fmt" - - corev1alpha1 "github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1" - corev1beta1 "github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1" - discovery "k8s.io/client-go/discovery" - rest "k8s.io/client-go/rest" - flowcontrol "k8s.io/client-go/util/flowcontrol" -) - -type Interface interface { - Discovery() discovery.DiscoveryInterface - CoreV1alpha1() corev1alpha1.CoreV1alpha1Interface - CoreV1beta1() corev1beta1.CoreV1beta1Interface -} - -// Clientset contains the clients for groups. Each group has exactly one -// version included in a Clientset. -type Clientset struct { - *discovery.DiscoveryClient - coreV1alpha1 *corev1alpha1.CoreV1alpha1Client - coreV1beta1 *corev1beta1.CoreV1beta1Client -} - -// CoreV1alpha1 retrieves the CoreV1alpha1Client -func (c *Clientset) CoreV1alpha1() corev1alpha1.CoreV1alpha1Interface { - return c.coreV1alpha1 -} - -// CoreV1beta1 retrieves the CoreV1beta1Client -func (c *Clientset) CoreV1beta1() corev1beta1.CoreV1beta1Interface { - return c.coreV1beta1 -} - -// Discovery retrieves the DiscoveryClient -func (c *Clientset) Discovery() discovery.DiscoveryInterface { - if c == nil { - return nil - } - return c.DiscoveryClient -} - -// NewForConfig creates a new Clientset for the given config. -// If config's RateLimiter is not set and QPS and Burst are acceptable, -// NewForConfig will generate a rate-limiter in configShallowCopy. -func NewForConfig(c *rest.Config) (*Clientset, error) { - configShallowCopy := *c - if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { - if configShallowCopy.Burst <= 0 { - return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") - } - configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) - } - var cs Clientset - var err error - cs.coreV1alpha1, err = corev1alpha1.NewForConfig(&configShallowCopy) - if err != nil { - return nil, err - } - cs.coreV1beta1, err = corev1beta1.NewForConfig(&configShallowCopy) - if err != nil { - return nil, err - } - - cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) - if err != nil { - return nil, err - } - return &cs, nil -} - -// NewForConfigOrDie creates a new Clientset for the given config and -// panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *Clientset { - var cs Clientset - cs.coreV1alpha1 = corev1alpha1.NewForConfigOrDie(c) - cs.coreV1beta1 = corev1beta1.NewForConfigOrDie(c) - - cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) - return &cs -} - -// New creates a new Clientset for the given RESTClient. -func New(c rest.Interface) *Clientset { - var cs Clientset - cs.coreV1alpha1 = corev1alpha1.New(c) - cs.coreV1beta1 = corev1beta1.New(c) - - cs.DiscoveryClient = discovery.NewDiscoveryClient(c) - return &cs -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme/doc.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme/doc.go deleted file mode 100644 index 7d4fb776b..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -// This package contains the scheme of the automatically generated clientset. -package scheme diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme/register.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme/register.go deleted file mode 100644 index aee592da4..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme/register.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package scheme - -import ( - corev1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - corev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - schema "k8s.io/apimachinery/pkg/runtime/schema" - serializer "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var Scheme = runtime.NewScheme() -var Codecs = serializer.NewCodecFactory(Scheme) -var ParameterCodec = runtime.NewParameterCodec(Scheme) -var localSchemeBuilder = runtime.SchemeBuilder{ - corev1alpha1.AddToScheme, - corev1beta1.AddToScheme, -} - -// AddToScheme adds all types of this clientset into the given scheme. This allows composition -// of clientsets, like in: -// -// import ( -// "k8s.io/client-go/kubernetes" -// clientsetscheme "k8s.io/client-go/kubernetes/scheme" -// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" -// ) -// -// kclientset, _ := kubernetes.NewForConfig(c) -// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) -// -// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types -// correctly. -var AddToScheme = localSchemeBuilder.AddToScheme - -func init() { - v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) - utilruntime.Must(AddToScheme(Scheme)) -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/backupbucket.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/backupbucket.go deleted file mode 100644 index 8e168d589..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/backupbucket.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// BackupBucketsGetter has a method to return a BackupBucketInterface. -// A group's client should implement this interface. -type BackupBucketsGetter interface { - BackupBuckets() BackupBucketInterface -} - -// BackupBucketInterface has methods to work with BackupBucket resources. -type BackupBucketInterface interface { - Create(ctx context.Context, backupBucket *v1alpha1.BackupBucket, opts v1.CreateOptions) (*v1alpha1.BackupBucket, error) - Update(ctx context.Context, backupBucket *v1alpha1.BackupBucket, opts v1.UpdateOptions) (*v1alpha1.BackupBucket, error) - UpdateStatus(ctx context.Context, backupBucket *v1alpha1.BackupBucket, opts v1.UpdateOptions) (*v1alpha1.BackupBucket, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.BackupBucket, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.BackupBucketList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.BackupBucket, err error) - BackupBucketExpansion -} - -// backupBuckets implements BackupBucketInterface -type backupBuckets struct { - client rest.Interface -} - -// newBackupBuckets returns a BackupBuckets -func newBackupBuckets(c *CoreV1alpha1Client) *backupBuckets { - return &backupBuckets{ - client: c.RESTClient(), - } -} - -// Get takes name of the backupBucket, and returns the corresponding backupBucket object, and an error if there is any. -func (c *backupBuckets) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.BackupBucket, err error) { - result = &v1alpha1.BackupBucket{} - err = c.client.Get(). - Resource("backupbuckets"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of BackupBuckets that match those selectors. -func (c *backupBuckets) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.BackupBucketList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.BackupBucketList{} - err = c.client.Get(). - Resource("backupbuckets"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested backupBuckets. -func (c *backupBuckets) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("backupbuckets"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a backupBucket and creates it. Returns the server's representation of the backupBucket, and an error, if there is any. -func (c *backupBuckets) Create(ctx context.Context, backupBucket *v1alpha1.BackupBucket, opts v1.CreateOptions) (result *v1alpha1.BackupBucket, err error) { - result = &v1alpha1.BackupBucket{} - err = c.client.Post(). - Resource("backupbuckets"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupBucket). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a backupBucket and updates it. Returns the server's representation of the backupBucket, and an error, if there is any. -func (c *backupBuckets) Update(ctx context.Context, backupBucket *v1alpha1.BackupBucket, opts v1.UpdateOptions) (result *v1alpha1.BackupBucket, err error) { - result = &v1alpha1.BackupBucket{} - err = c.client.Put(). - Resource("backupbuckets"). - Name(backupBucket.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupBucket). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *backupBuckets) UpdateStatus(ctx context.Context, backupBucket *v1alpha1.BackupBucket, opts v1.UpdateOptions) (result *v1alpha1.BackupBucket, err error) { - result = &v1alpha1.BackupBucket{} - err = c.client.Put(). - Resource("backupbuckets"). - Name(backupBucket.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupBucket). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the backupBucket and deletes it. Returns an error if one occurs. -func (c *backupBuckets) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("backupbuckets"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *backupBuckets) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("backupbuckets"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched backupBucket. -func (c *backupBuckets) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.BackupBucket, err error) { - result = &v1alpha1.BackupBucket{} - err = c.client.Patch(pt). - Resource("backupbuckets"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/backupentry.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/backupentry.go deleted file mode 100644 index cf367142c..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/backupentry.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// BackupEntriesGetter has a method to return a BackupEntryInterface. -// A group's client should implement this interface. -type BackupEntriesGetter interface { - BackupEntries(namespace string) BackupEntryInterface -} - -// BackupEntryInterface has methods to work with BackupEntry resources. -type BackupEntryInterface interface { - Create(ctx context.Context, backupEntry *v1alpha1.BackupEntry, opts v1.CreateOptions) (*v1alpha1.BackupEntry, error) - Update(ctx context.Context, backupEntry *v1alpha1.BackupEntry, opts v1.UpdateOptions) (*v1alpha1.BackupEntry, error) - UpdateStatus(ctx context.Context, backupEntry *v1alpha1.BackupEntry, opts v1.UpdateOptions) (*v1alpha1.BackupEntry, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.BackupEntry, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.BackupEntryList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.BackupEntry, err error) - BackupEntryExpansion -} - -// backupEntries implements BackupEntryInterface -type backupEntries struct { - client rest.Interface - ns string -} - -// newBackupEntries returns a BackupEntries -func newBackupEntries(c *CoreV1alpha1Client, namespace string) *backupEntries { - return &backupEntries{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the backupEntry, and returns the corresponding backupEntry object, and an error if there is any. -func (c *backupEntries) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.BackupEntry, err error) { - result = &v1alpha1.BackupEntry{} - err = c.client.Get(). - Namespace(c.ns). - Resource("backupentries"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of BackupEntries that match those selectors. -func (c *backupEntries) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.BackupEntryList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.BackupEntryList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested backupEntries. -func (c *backupEntries) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a backupEntry and creates it. Returns the server's representation of the backupEntry, and an error, if there is any. -func (c *backupEntries) Create(ctx context.Context, backupEntry *v1alpha1.BackupEntry, opts v1.CreateOptions) (result *v1alpha1.BackupEntry, err error) { - result = &v1alpha1.BackupEntry{} - err = c.client.Post(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupEntry). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a backupEntry and updates it. Returns the server's representation of the backupEntry, and an error, if there is any. -func (c *backupEntries) Update(ctx context.Context, backupEntry *v1alpha1.BackupEntry, opts v1.UpdateOptions) (result *v1alpha1.BackupEntry, err error) { - result = &v1alpha1.BackupEntry{} - err = c.client.Put(). - Namespace(c.ns). - Resource("backupentries"). - Name(backupEntry.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupEntry). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *backupEntries) UpdateStatus(ctx context.Context, backupEntry *v1alpha1.BackupEntry, opts v1.UpdateOptions) (result *v1alpha1.BackupEntry, err error) { - result = &v1alpha1.BackupEntry{} - err = c.client.Put(). - Namespace(c.ns). - Resource("backupentries"). - Name(backupEntry.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupEntry). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the backupEntry and deletes it. Returns an error if one occurs. -func (c *backupEntries) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("backupentries"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *backupEntries) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched backupEntry. -func (c *backupEntries) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.BackupEntry, err error) { - result = &v1alpha1.BackupEntry{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("backupentries"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/cloudprofile.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/cloudprofile.go deleted file mode 100644 index 064d00471..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/cloudprofile.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// CloudProfilesGetter has a method to return a CloudProfileInterface. -// A group's client should implement this interface. -type CloudProfilesGetter interface { - CloudProfiles() CloudProfileInterface -} - -// CloudProfileInterface has methods to work with CloudProfile resources. -type CloudProfileInterface interface { - Create(ctx context.Context, cloudProfile *v1alpha1.CloudProfile, opts v1.CreateOptions) (*v1alpha1.CloudProfile, error) - Update(ctx context.Context, cloudProfile *v1alpha1.CloudProfile, opts v1.UpdateOptions) (*v1alpha1.CloudProfile, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.CloudProfile, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.CloudProfileList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CloudProfile, err error) - CloudProfileExpansion -} - -// cloudProfiles implements CloudProfileInterface -type cloudProfiles struct { - client rest.Interface -} - -// newCloudProfiles returns a CloudProfiles -func newCloudProfiles(c *CoreV1alpha1Client) *cloudProfiles { - return &cloudProfiles{ - client: c.RESTClient(), - } -} - -// Get takes name of the cloudProfile, and returns the corresponding cloudProfile object, and an error if there is any. -func (c *cloudProfiles) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CloudProfile, err error) { - result = &v1alpha1.CloudProfile{} - err = c.client.Get(). - Resource("cloudprofiles"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of CloudProfiles that match those selectors. -func (c *cloudProfiles) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CloudProfileList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.CloudProfileList{} - err = c.client.Get(). - Resource("cloudprofiles"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested cloudProfiles. -func (c *cloudProfiles) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("cloudprofiles"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a cloudProfile and creates it. Returns the server's representation of the cloudProfile, and an error, if there is any. -func (c *cloudProfiles) Create(ctx context.Context, cloudProfile *v1alpha1.CloudProfile, opts v1.CreateOptions) (result *v1alpha1.CloudProfile, err error) { - result = &v1alpha1.CloudProfile{} - err = c.client.Post(). - Resource("cloudprofiles"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(cloudProfile). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a cloudProfile and updates it. Returns the server's representation of the cloudProfile, and an error, if there is any. -func (c *cloudProfiles) Update(ctx context.Context, cloudProfile *v1alpha1.CloudProfile, opts v1.UpdateOptions) (result *v1alpha1.CloudProfile, err error) { - result = &v1alpha1.CloudProfile{} - err = c.client.Put(). - Resource("cloudprofiles"). - Name(cloudProfile.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(cloudProfile). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the cloudProfile and deletes it. Returns an error if one occurs. -func (c *cloudProfiles) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("cloudprofiles"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *cloudProfiles) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("cloudprofiles"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched cloudProfile. -func (c *cloudProfiles) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CloudProfile, err error) { - result = &v1alpha1.CloudProfile{} - err = c.client.Patch(pt). - Resource("cloudprofiles"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerdeployment.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerdeployment.go deleted file mode 100644 index 8ecd643fe..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerdeployment.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ControllerDeploymentsGetter has a method to return a ControllerDeploymentInterface. -// A group's client should implement this interface. -type ControllerDeploymentsGetter interface { - ControllerDeployments() ControllerDeploymentInterface -} - -// ControllerDeploymentInterface has methods to work with ControllerDeployment resources. -type ControllerDeploymentInterface interface { - Create(ctx context.Context, controllerDeployment *v1alpha1.ControllerDeployment, opts v1.CreateOptions) (*v1alpha1.ControllerDeployment, error) - Update(ctx context.Context, controllerDeployment *v1alpha1.ControllerDeployment, opts v1.UpdateOptions) (*v1alpha1.ControllerDeployment, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ControllerDeployment, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ControllerDeploymentList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ControllerDeployment, err error) - ControllerDeploymentExpansion -} - -// controllerDeployments implements ControllerDeploymentInterface -type controllerDeployments struct { - client rest.Interface -} - -// newControllerDeployments returns a ControllerDeployments -func newControllerDeployments(c *CoreV1alpha1Client) *controllerDeployments { - return &controllerDeployments{ - client: c.RESTClient(), - } -} - -// Get takes name of the controllerDeployment, and returns the corresponding controllerDeployment object, and an error if there is any. -func (c *controllerDeployments) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ControllerDeployment, err error) { - result = &v1alpha1.ControllerDeployment{} - err = c.client.Get(). - Resource("controllerdeployments"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ControllerDeployments that match those selectors. -func (c *controllerDeployments) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ControllerDeploymentList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ControllerDeploymentList{} - err = c.client.Get(). - Resource("controllerdeployments"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested controllerDeployments. -func (c *controllerDeployments) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("controllerdeployments"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a controllerDeployment and creates it. Returns the server's representation of the controllerDeployment, and an error, if there is any. -func (c *controllerDeployments) Create(ctx context.Context, controllerDeployment *v1alpha1.ControllerDeployment, opts v1.CreateOptions) (result *v1alpha1.ControllerDeployment, err error) { - result = &v1alpha1.ControllerDeployment{} - err = c.client.Post(). - Resource("controllerdeployments"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerDeployment). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a controllerDeployment and updates it. Returns the server's representation of the controllerDeployment, and an error, if there is any. -func (c *controllerDeployments) Update(ctx context.Context, controllerDeployment *v1alpha1.ControllerDeployment, opts v1.UpdateOptions) (result *v1alpha1.ControllerDeployment, err error) { - result = &v1alpha1.ControllerDeployment{} - err = c.client.Put(). - Resource("controllerdeployments"). - Name(controllerDeployment.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerDeployment). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the controllerDeployment and deletes it. Returns an error if one occurs. -func (c *controllerDeployments) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("controllerdeployments"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *controllerDeployments) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("controllerdeployments"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched controllerDeployment. -func (c *controllerDeployments) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ControllerDeployment, err error) { - result = &v1alpha1.ControllerDeployment{} - err = c.client.Patch(pt). - Resource("controllerdeployments"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerinstallation.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerinstallation.go deleted file mode 100644 index 219170efe..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerinstallation.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ControllerInstallationsGetter has a method to return a ControllerInstallationInterface. -// A group's client should implement this interface. -type ControllerInstallationsGetter interface { - ControllerInstallations() ControllerInstallationInterface -} - -// ControllerInstallationInterface has methods to work with ControllerInstallation resources. -type ControllerInstallationInterface interface { - Create(ctx context.Context, controllerInstallation *v1alpha1.ControllerInstallation, opts v1.CreateOptions) (*v1alpha1.ControllerInstallation, error) - Update(ctx context.Context, controllerInstallation *v1alpha1.ControllerInstallation, opts v1.UpdateOptions) (*v1alpha1.ControllerInstallation, error) - UpdateStatus(ctx context.Context, controllerInstallation *v1alpha1.ControllerInstallation, opts v1.UpdateOptions) (*v1alpha1.ControllerInstallation, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ControllerInstallation, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ControllerInstallationList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ControllerInstallation, err error) - ControllerInstallationExpansion -} - -// controllerInstallations implements ControllerInstallationInterface -type controllerInstallations struct { - client rest.Interface -} - -// newControllerInstallations returns a ControllerInstallations -func newControllerInstallations(c *CoreV1alpha1Client) *controllerInstallations { - return &controllerInstallations{ - client: c.RESTClient(), - } -} - -// Get takes name of the controllerInstallation, and returns the corresponding controllerInstallation object, and an error if there is any. -func (c *controllerInstallations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ControllerInstallation, err error) { - result = &v1alpha1.ControllerInstallation{} - err = c.client.Get(). - Resource("controllerinstallations"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ControllerInstallations that match those selectors. -func (c *controllerInstallations) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ControllerInstallationList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ControllerInstallationList{} - err = c.client.Get(). - Resource("controllerinstallations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested controllerInstallations. -func (c *controllerInstallations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("controllerinstallations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a controllerInstallation and creates it. Returns the server's representation of the controllerInstallation, and an error, if there is any. -func (c *controllerInstallations) Create(ctx context.Context, controllerInstallation *v1alpha1.ControllerInstallation, opts v1.CreateOptions) (result *v1alpha1.ControllerInstallation, err error) { - result = &v1alpha1.ControllerInstallation{} - err = c.client.Post(). - Resource("controllerinstallations"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerInstallation). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a controllerInstallation and updates it. Returns the server's representation of the controllerInstallation, and an error, if there is any. -func (c *controllerInstallations) Update(ctx context.Context, controllerInstallation *v1alpha1.ControllerInstallation, opts v1.UpdateOptions) (result *v1alpha1.ControllerInstallation, err error) { - result = &v1alpha1.ControllerInstallation{} - err = c.client.Put(). - Resource("controllerinstallations"). - Name(controllerInstallation.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerInstallation). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *controllerInstallations) UpdateStatus(ctx context.Context, controllerInstallation *v1alpha1.ControllerInstallation, opts v1.UpdateOptions) (result *v1alpha1.ControllerInstallation, err error) { - result = &v1alpha1.ControllerInstallation{} - err = c.client.Put(). - Resource("controllerinstallations"). - Name(controllerInstallation.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerInstallation). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the controllerInstallation and deletes it. Returns an error if one occurs. -func (c *controllerInstallations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("controllerinstallations"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *controllerInstallations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("controllerinstallations"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched controllerInstallation. -func (c *controllerInstallations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ControllerInstallation, err error) { - result = &v1alpha1.ControllerInstallation{} - err = c.client.Patch(pt). - Resource("controllerinstallations"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerregistration.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerregistration.go deleted file mode 100644 index 67890f524..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/controllerregistration.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ControllerRegistrationsGetter has a method to return a ControllerRegistrationInterface. -// A group's client should implement this interface. -type ControllerRegistrationsGetter interface { - ControllerRegistrations() ControllerRegistrationInterface -} - -// ControllerRegistrationInterface has methods to work with ControllerRegistration resources. -type ControllerRegistrationInterface interface { - Create(ctx context.Context, controllerRegistration *v1alpha1.ControllerRegistration, opts v1.CreateOptions) (*v1alpha1.ControllerRegistration, error) - Update(ctx context.Context, controllerRegistration *v1alpha1.ControllerRegistration, opts v1.UpdateOptions) (*v1alpha1.ControllerRegistration, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ControllerRegistration, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ControllerRegistrationList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ControllerRegistration, err error) - ControllerRegistrationExpansion -} - -// controllerRegistrations implements ControllerRegistrationInterface -type controllerRegistrations struct { - client rest.Interface -} - -// newControllerRegistrations returns a ControllerRegistrations -func newControllerRegistrations(c *CoreV1alpha1Client) *controllerRegistrations { - return &controllerRegistrations{ - client: c.RESTClient(), - } -} - -// Get takes name of the controllerRegistration, and returns the corresponding controllerRegistration object, and an error if there is any. -func (c *controllerRegistrations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ControllerRegistration, err error) { - result = &v1alpha1.ControllerRegistration{} - err = c.client.Get(). - Resource("controllerregistrations"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ControllerRegistrations that match those selectors. -func (c *controllerRegistrations) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ControllerRegistrationList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ControllerRegistrationList{} - err = c.client.Get(). - Resource("controllerregistrations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested controllerRegistrations. -func (c *controllerRegistrations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("controllerregistrations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a controllerRegistration and creates it. Returns the server's representation of the controllerRegistration, and an error, if there is any. -func (c *controllerRegistrations) Create(ctx context.Context, controllerRegistration *v1alpha1.ControllerRegistration, opts v1.CreateOptions) (result *v1alpha1.ControllerRegistration, err error) { - result = &v1alpha1.ControllerRegistration{} - err = c.client.Post(). - Resource("controllerregistrations"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerRegistration). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a controllerRegistration and updates it. Returns the server's representation of the controllerRegistration, and an error, if there is any. -func (c *controllerRegistrations) Update(ctx context.Context, controllerRegistration *v1alpha1.ControllerRegistration, opts v1.UpdateOptions) (result *v1alpha1.ControllerRegistration, err error) { - result = &v1alpha1.ControllerRegistration{} - err = c.client.Put(). - Resource("controllerregistrations"). - Name(controllerRegistration.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerRegistration). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the controllerRegistration and deletes it. Returns an error if one occurs. -func (c *controllerRegistrations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("controllerregistrations"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *controllerRegistrations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("controllerregistrations"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched controllerRegistration. -func (c *controllerRegistrations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ControllerRegistration, err error) { - result = &v1alpha1.ControllerRegistration{} - err = c.client.Patch(pt). - Resource("controllerregistrations"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/core_client.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/core_client.go deleted file mode 100644 index 617ef417e..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/core_client.go +++ /dev/null @@ -1,159 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - rest "k8s.io/client-go/rest" -) - -type CoreV1alpha1Interface interface { - RESTClient() rest.Interface - BackupBucketsGetter - BackupEntriesGetter - CloudProfilesGetter - ControllerDeploymentsGetter - ControllerInstallationsGetter - ControllerRegistrationsGetter - ExposureClassesGetter - PlantsGetter - ProjectsGetter - QuotasGetter - SecretBindingsGetter - SeedsGetter - ShootsGetter - ShootExtensionStatusesGetter - ShootStatesGetter -} - -// CoreV1alpha1Client is used to interact with features provided by the core.gardener.cloud group. -type CoreV1alpha1Client struct { - restClient rest.Interface -} - -func (c *CoreV1alpha1Client) BackupBuckets() BackupBucketInterface { - return newBackupBuckets(c) -} - -func (c *CoreV1alpha1Client) BackupEntries(namespace string) BackupEntryInterface { - return newBackupEntries(c, namespace) -} - -func (c *CoreV1alpha1Client) CloudProfiles() CloudProfileInterface { - return newCloudProfiles(c) -} - -func (c *CoreV1alpha1Client) ControllerDeployments() ControllerDeploymentInterface { - return newControllerDeployments(c) -} - -func (c *CoreV1alpha1Client) ControllerInstallations() ControllerInstallationInterface { - return newControllerInstallations(c) -} - -func (c *CoreV1alpha1Client) ControllerRegistrations() ControllerRegistrationInterface { - return newControllerRegistrations(c) -} - -func (c *CoreV1alpha1Client) ExposureClasses() ExposureClassInterface { - return newExposureClasses(c) -} - -func (c *CoreV1alpha1Client) Plants(namespace string) PlantInterface { - return newPlants(c, namespace) -} - -func (c *CoreV1alpha1Client) Projects() ProjectInterface { - return newProjects(c) -} - -func (c *CoreV1alpha1Client) Quotas(namespace string) QuotaInterface { - return newQuotas(c, namespace) -} - -func (c *CoreV1alpha1Client) SecretBindings(namespace string) SecretBindingInterface { - return newSecretBindings(c, namespace) -} - -func (c *CoreV1alpha1Client) Seeds() SeedInterface { - return newSeeds(c) -} - -func (c *CoreV1alpha1Client) Shoots(namespace string) ShootInterface { - return newShoots(c, namespace) -} - -func (c *CoreV1alpha1Client) ShootExtensionStatuses(namespace string) ShootExtensionStatusInterface { - return newShootExtensionStatuses(c, namespace) -} - -func (c *CoreV1alpha1Client) ShootStates(namespace string) ShootStateInterface { - return newShootStates(c, namespace) -} - -// NewForConfig creates a new CoreV1alpha1Client for the given config. -func NewForConfig(c *rest.Config) (*CoreV1alpha1Client, error) { - config := *c - if err := setConfigDefaults(&config); err != nil { - return nil, err - } - client, err := rest.RESTClientFor(&config) - if err != nil { - return nil, err - } - return &CoreV1alpha1Client{client}, nil -} - -// NewForConfigOrDie creates a new CoreV1alpha1Client for the given config and -// panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *CoreV1alpha1Client { - client, err := NewForConfig(c) - if err != nil { - panic(err) - } - return client -} - -// New creates a new CoreV1alpha1Client for the given RESTClient. -func New(c rest.Interface) *CoreV1alpha1Client { - return &CoreV1alpha1Client{c} -} - -func setConfigDefaults(config *rest.Config) error { - gv := v1alpha1.SchemeGroupVersion - config.GroupVersion = &gv - config.APIPath = "/apis" - config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() - - if config.UserAgent == "" { - config.UserAgent = rest.DefaultKubernetesUserAgent() - } - - return nil -} - -// RESTClient returns a RESTClient that is used to communicate -// with API server by this client implementation. -func (c *CoreV1alpha1Client) RESTClient() rest.Interface { - if c == nil { - return nil - } - return c.restClient -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/doc.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/doc.go deleted file mode 100644 index 828c8ebe1..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -// This package has the automatically generated typed clients. -package v1alpha1 diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/exposureclass.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/exposureclass.go deleted file mode 100644 index bab70b1b5..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/exposureclass.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ExposureClassesGetter has a method to return a ExposureClassInterface. -// A group's client should implement this interface. -type ExposureClassesGetter interface { - ExposureClasses() ExposureClassInterface -} - -// ExposureClassInterface has methods to work with ExposureClass resources. -type ExposureClassInterface interface { - Create(ctx context.Context, exposureClass *v1alpha1.ExposureClass, opts v1.CreateOptions) (*v1alpha1.ExposureClass, error) - Update(ctx context.Context, exposureClass *v1alpha1.ExposureClass, opts v1.UpdateOptions) (*v1alpha1.ExposureClass, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ExposureClass, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ExposureClassList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ExposureClass, err error) - ExposureClassExpansion -} - -// exposureClasses implements ExposureClassInterface -type exposureClasses struct { - client rest.Interface -} - -// newExposureClasses returns a ExposureClasses -func newExposureClasses(c *CoreV1alpha1Client) *exposureClasses { - return &exposureClasses{ - client: c.RESTClient(), - } -} - -// Get takes name of the exposureClass, and returns the corresponding exposureClass object, and an error if there is any. -func (c *exposureClasses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ExposureClass, err error) { - result = &v1alpha1.ExposureClass{} - err = c.client.Get(). - Resource("exposureclasses"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ExposureClasses that match those selectors. -func (c *exposureClasses) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ExposureClassList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ExposureClassList{} - err = c.client.Get(). - Resource("exposureclasses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested exposureClasses. -func (c *exposureClasses) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("exposureclasses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a exposureClass and creates it. Returns the server's representation of the exposureClass, and an error, if there is any. -func (c *exposureClasses) Create(ctx context.Context, exposureClass *v1alpha1.ExposureClass, opts v1.CreateOptions) (result *v1alpha1.ExposureClass, err error) { - result = &v1alpha1.ExposureClass{} - err = c.client.Post(). - Resource("exposureclasses"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(exposureClass). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a exposureClass and updates it. Returns the server's representation of the exposureClass, and an error, if there is any. -func (c *exposureClasses) Update(ctx context.Context, exposureClass *v1alpha1.ExposureClass, opts v1.UpdateOptions) (result *v1alpha1.ExposureClass, err error) { - result = &v1alpha1.ExposureClass{} - err = c.client.Put(). - Resource("exposureclasses"). - Name(exposureClass.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(exposureClass). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the exposureClass and deletes it. Returns an error if one occurs. -func (c *exposureClasses) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("exposureclasses"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *exposureClasses) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("exposureclasses"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched exposureClass. -func (c *exposureClasses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ExposureClass, err error) { - result = &v1alpha1.ExposureClass{} - err = c.client.Patch(pt). - Resource("exposureclasses"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/generated_expansion.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/generated_expansion.go deleted file mode 100644 index eaba1f41c..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/generated_expansion.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -type BackupBucketExpansion interface{} - -type BackupEntryExpansion interface{} - -type CloudProfileExpansion interface{} - -type ControllerDeploymentExpansion interface{} - -type ControllerInstallationExpansion interface{} - -type ControllerRegistrationExpansion interface{} - -type ExposureClassExpansion interface{} - -type PlantExpansion interface{} - -type ProjectExpansion interface{} - -type QuotaExpansion interface{} - -type SecretBindingExpansion interface{} - -type SeedExpansion interface{} - -type ShootExpansion interface{} - -type ShootExtensionStatusExpansion interface{} - -type ShootStateExpansion interface{} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/plant.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/plant.go deleted file mode 100644 index 2c5fb0c7f..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/plant.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// PlantsGetter has a method to return a PlantInterface. -// A group's client should implement this interface. -type PlantsGetter interface { - Plants(namespace string) PlantInterface -} - -// PlantInterface has methods to work with Plant resources. -type PlantInterface interface { - Create(ctx context.Context, plant *v1alpha1.Plant, opts v1.CreateOptions) (*v1alpha1.Plant, error) - Update(ctx context.Context, plant *v1alpha1.Plant, opts v1.UpdateOptions) (*v1alpha1.Plant, error) - UpdateStatus(ctx context.Context, plant *v1alpha1.Plant, opts v1.UpdateOptions) (*v1alpha1.Plant, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Plant, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.PlantList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Plant, err error) - PlantExpansion -} - -// plants implements PlantInterface -type plants struct { - client rest.Interface - ns string -} - -// newPlants returns a Plants -func newPlants(c *CoreV1alpha1Client, namespace string) *plants { - return &plants{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the plant, and returns the corresponding plant object, and an error if there is any. -func (c *plants) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Plant, err error) { - result = &v1alpha1.Plant{} - err = c.client.Get(). - Namespace(c.ns). - Resource("plants"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Plants that match those selectors. -func (c *plants) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PlantList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.PlantList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested plants. -func (c *plants) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a plant and creates it. Returns the server's representation of the plant, and an error, if there is any. -func (c *plants) Create(ctx context.Context, plant *v1alpha1.Plant, opts v1.CreateOptions) (result *v1alpha1.Plant, err error) { - result = &v1alpha1.Plant{} - err = c.client.Post(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(plant). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a plant and updates it. Returns the server's representation of the plant, and an error, if there is any. -func (c *plants) Update(ctx context.Context, plant *v1alpha1.Plant, opts v1.UpdateOptions) (result *v1alpha1.Plant, err error) { - result = &v1alpha1.Plant{} - err = c.client.Put(). - Namespace(c.ns). - Resource("plants"). - Name(plant.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(plant). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *plants) UpdateStatus(ctx context.Context, plant *v1alpha1.Plant, opts v1.UpdateOptions) (result *v1alpha1.Plant, err error) { - result = &v1alpha1.Plant{} - err = c.client.Put(). - Namespace(c.ns). - Resource("plants"). - Name(plant.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(plant). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the plant and deletes it. Returns an error if one occurs. -func (c *plants) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("plants"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *plants) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched plant. -func (c *plants) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Plant, err error) { - result = &v1alpha1.Plant{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("plants"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/project.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/project.go deleted file mode 100644 index a42bf152e..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/project.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ProjectsGetter has a method to return a ProjectInterface. -// A group's client should implement this interface. -type ProjectsGetter interface { - Projects() ProjectInterface -} - -// ProjectInterface has methods to work with Project resources. -type ProjectInterface interface { - Create(ctx context.Context, project *v1alpha1.Project, opts v1.CreateOptions) (*v1alpha1.Project, error) - Update(ctx context.Context, project *v1alpha1.Project, opts v1.UpdateOptions) (*v1alpha1.Project, error) - UpdateStatus(ctx context.Context, project *v1alpha1.Project, opts v1.UpdateOptions) (*v1alpha1.Project, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Project, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ProjectList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Project, err error) - ProjectExpansion -} - -// projects implements ProjectInterface -type projects struct { - client rest.Interface -} - -// newProjects returns a Projects -func newProjects(c *CoreV1alpha1Client) *projects { - return &projects{ - client: c.RESTClient(), - } -} - -// Get takes name of the project, and returns the corresponding project object, and an error if there is any. -func (c *projects) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Project, err error) { - result = &v1alpha1.Project{} - err = c.client.Get(). - Resource("projects"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Projects that match those selectors. -func (c *projects) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ProjectList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ProjectList{} - err = c.client.Get(). - Resource("projects"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested projects. -func (c *projects) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("projects"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a project and creates it. Returns the server's representation of the project, and an error, if there is any. -func (c *projects) Create(ctx context.Context, project *v1alpha1.Project, opts v1.CreateOptions) (result *v1alpha1.Project, err error) { - result = &v1alpha1.Project{} - err = c.client.Post(). - Resource("projects"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(project). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a project and updates it. Returns the server's representation of the project, and an error, if there is any. -func (c *projects) Update(ctx context.Context, project *v1alpha1.Project, opts v1.UpdateOptions) (result *v1alpha1.Project, err error) { - result = &v1alpha1.Project{} - err = c.client.Put(). - Resource("projects"). - Name(project.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(project). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *projects) UpdateStatus(ctx context.Context, project *v1alpha1.Project, opts v1.UpdateOptions) (result *v1alpha1.Project, err error) { - result = &v1alpha1.Project{} - err = c.client.Put(). - Resource("projects"). - Name(project.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(project). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the project and deletes it. Returns an error if one occurs. -func (c *projects) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("projects"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *projects) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("projects"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched project. -func (c *projects) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Project, err error) { - result = &v1alpha1.Project{} - err = c.client.Patch(pt). - Resource("projects"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/quota.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/quota.go deleted file mode 100644 index 1bd530ef1..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/quota.go +++ /dev/null @@ -1,178 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// QuotasGetter has a method to return a QuotaInterface. -// A group's client should implement this interface. -type QuotasGetter interface { - Quotas(namespace string) QuotaInterface -} - -// QuotaInterface has methods to work with Quota resources. -type QuotaInterface interface { - Create(ctx context.Context, quota *v1alpha1.Quota, opts v1.CreateOptions) (*v1alpha1.Quota, error) - Update(ctx context.Context, quota *v1alpha1.Quota, opts v1.UpdateOptions) (*v1alpha1.Quota, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Quota, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.QuotaList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Quota, err error) - QuotaExpansion -} - -// quotas implements QuotaInterface -type quotas struct { - client rest.Interface - ns string -} - -// newQuotas returns a Quotas -func newQuotas(c *CoreV1alpha1Client, namespace string) *quotas { - return "as{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the quota, and returns the corresponding quota object, and an error if there is any. -func (c *quotas) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Quota, err error) { - result = &v1alpha1.Quota{} - err = c.client.Get(). - Namespace(c.ns). - Resource("quotas"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Quotas that match those selectors. -func (c *quotas) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.QuotaList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.QuotaList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested quotas. -func (c *quotas) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a quota and creates it. Returns the server's representation of the quota, and an error, if there is any. -func (c *quotas) Create(ctx context.Context, quota *v1alpha1.Quota, opts v1.CreateOptions) (result *v1alpha1.Quota, err error) { - result = &v1alpha1.Quota{} - err = c.client.Post(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(quota). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a quota and updates it. Returns the server's representation of the quota, and an error, if there is any. -func (c *quotas) Update(ctx context.Context, quota *v1alpha1.Quota, opts v1.UpdateOptions) (result *v1alpha1.Quota, err error) { - result = &v1alpha1.Quota{} - err = c.client.Put(). - Namespace(c.ns). - Resource("quotas"). - Name(quota.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(quota). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the quota and deletes it. Returns an error if one occurs. -func (c *quotas) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("quotas"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *quotas) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched quota. -func (c *quotas) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Quota, err error) { - result = &v1alpha1.Quota{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("quotas"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/secretbinding.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/secretbinding.go deleted file mode 100644 index 0798e053b..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/secretbinding.go +++ /dev/null @@ -1,178 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// SecretBindingsGetter has a method to return a SecretBindingInterface. -// A group's client should implement this interface. -type SecretBindingsGetter interface { - SecretBindings(namespace string) SecretBindingInterface -} - -// SecretBindingInterface has methods to work with SecretBinding resources. -type SecretBindingInterface interface { - Create(ctx context.Context, secretBinding *v1alpha1.SecretBinding, opts v1.CreateOptions) (*v1alpha1.SecretBinding, error) - Update(ctx context.Context, secretBinding *v1alpha1.SecretBinding, opts v1.UpdateOptions) (*v1alpha1.SecretBinding, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.SecretBinding, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.SecretBindingList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.SecretBinding, err error) - SecretBindingExpansion -} - -// secretBindings implements SecretBindingInterface -type secretBindings struct { - client rest.Interface - ns string -} - -// newSecretBindings returns a SecretBindings -func newSecretBindings(c *CoreV1alpha1Client, namespace string) *secretBindings { - return &secretBindings{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the secretBinding, and returns the corresponding secretBinding object, and an error if there is any. -func (c *secretBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.SecretBinding, err error) { - result = &v1alpha1.SecretBinding{} - err = c.client.Get(). - Namespace(c.ns). - Resource("secretbindings"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of SecretBindings that match those selectors. -func (c *secretBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.SecretBindingList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.SecretBindingList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested secretBindings. -func (c *secretBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a secretBinding and creates it. Returns the server's representation of the secretBinding, and an error, if there is any. -func (c *secretBindings) Create(ctx context.Context, secretBinding *v1alpha1.SecretBinding, opts v1.CreateOptions) (result *v1alpha1.SecretBinding, err error) { - result = &v1alpha1.SecretBinding{} - err = c.client.Post(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(secretBinding). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a secretBinding and updates it. Returns the server's representation of the secretBinding, and an error, if there is any. -func (c *secretBindings) Update(ctx context.Context, secretBinding *v1alpha1.SecretBinding, opts v1.UpdateOptions) (result *v1alpha1.SecretBinding, err error) { - result = &v1alpha1.SecretBinding{} - err = c.client.Put(). - Namespace(c.ns). - Resource("secretbindings"). - Name(secretBinding.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(secretBinding). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the secretBinding and deletes it. Returns an error if one occurs. -func (c *secretBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("secretbindings"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *secretBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched secretBinding. -func (c *secretBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.SecretBinding, err error) { - result = &v1alpha1.SecretBinding{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("secretbindings"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/seed.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/seed.go deleted file mode 100644 index 97dee9344..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/seed.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// SeedsGetter has a method to return a SeedInterface. -// A group's client should implement this interface. -type SeedsGetter interface { - Seeds() SeedInterface -} - -// SeedInterface has methods to work with Seed resources. -type SeedInterface interface { - Create(ctx context.Context, seed *v1alpha1.Seed, opts v1.CreateOptions) (*v1alpha1.Seed, error) - Update(ctx context.Context, seed *v1alpha1.Seed, opts v1.UpdateOptions) (*v1alpha1.Seed, error) - UpdateStatus(ctx context.Context, seed *v1alpha1.Seed, opts v1.UpdateOptions) (*v1alpha1.Seed, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Seed, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.SeedList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Seed, err error) - SeedExpansion -} - -// seeds implements SeedInterface -type seeds struct { - client rest.Interface -} - -// newSeeds returns a Seeds -func newSeeds(c *CoreV1alpha1Client) *seeds { - return &seeds{ - client: c.RESTClient(), - } -} - -// Get takes name of the seed, and returns the corresponding seed object, and an error if there is any. -func (c *seeds) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Seed, err error) { - result = &v1alpha1.Seed{} - err = c.client.Get(). - Resource("seeds"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Seeds that match those selectors. -func (c *seeds) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.SeedList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.SeedList{} - err = c.client.Get(). - Resource("seeds"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested seeds. -func (c *seeds) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("seeds"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a seed and creates it. Returns the server's representation of the seed, and an error, if there is any. -func (c *seeds) Create(ctx context.Context, seed *v1alpha1.Seed, opts v1.CreateOptions) (result *v1alpha1.Seed, err error) { - result = &v1alpha1.Seed{} - err = c.client.Post(). - Resource("seeds"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(seed). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a seed and updates it. Returns the server's representation of the seed, and an error, if there is any. -func (c *seeds) Update(ctx context.Context, seed *v1alpha1.Seed, opts v1.UpdateOptions) (result *v1alpha1.Seed, err error) { - result = &v1alpha1.Seed{} - err = c.client.Put(). - Resource("seeds"). - Name(seed.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(seed). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *seeds) UpdateStatus(ctx context.Context, seed *v1alpha1.Seed, opts v1.UpdateOptions) (result *v1alpha1.Seed, err error) { - result = &v1alpha1.Seed{} - err = c.client.Put(). - Resource("seeds"). - Name(seed.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(seed). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the seed and deletes it. Returns an error if one occurs. -func (c *seeds) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("seeds"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *seeds) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("seeds"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched seed. -func (c *seeds) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Seed, err error) { - result = &v1alpha1.Seed{} - err = c.client.Patch(pt). - Resource("seeds"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shoot.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shoot.go deleted file mode 100644 index 8a217cfa9..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shoot.go +++ /dev/null @@ -1,213 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ShootsGetter has a method to return a ShootInterface. -// A group's client should implement this interface. -type ShootsGetter interface { - Shoots(namespace string) ShootInterface -} - -// ShootInterface has methods to work with Shoot resources. -type ShootInterface interface { - Create(ctx context.Context, shoot *v1alpha1.Shoot, opts v1.CreateOptions) (*v1alpha1.Shoot, error) - Update(ctx context.Context, shoot *v1alpha1.Shoot, opts v1.UpdateOptions) (*v1alpha1.Shoot, error) - UpdateStatus(ctx context.Context, shoot *v1alpha1.Shoot, opts v1.UpdateOptions) (*v1alpha1.Shoot, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Shoot, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ShootList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Shoot, err error) - CreateAdminKubeconfigRequest(ctx context.Context, shootName string, adminKubeconfigRequest *authenticationv1alpha1.AdminKubeconfigRequest, opts v1.CreateOptions) (*authenticationv1alpha1.AdminKubeconfigRequest, error) - - ShootExpansion -} - -// shoots implements ShootInterface -type shoots struct { - client rest.Interface - ns string -} - -// newShoots returns a Shoots -func newShoots(c *CoreV1alpha1Client, namespace string) *shoots { - return &shoots{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the shoot, and returns the corresponding shoot object, and an error if there is any. -func (c *shoots) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Shoot, err error) { - result = &v1alpha1.Shoot{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shoots"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Shoots that match those selectors. -func (c *shoots) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ShootList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ShootList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested shoots. -func (c *shoots) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a shoot and creates it. Returns the server's representation of the shoot, and an error, if there is any. -func (c *shoots) Create(ctx context.Context, shoot *v1alpha1.Shoot, opts v1.CreateOptions) (result *v1alpha1.Shoot, err error) { - result = &v1alpha1.Shoot{} - err = c.client.Post(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shoot). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a shoot and updates it. Returns the server's representation of the shoot, and an error, if there is any. -func (c *shoots) Update(ctx context.Context, shoot *v1alpha1.Shoot, opts v1.UpdateOptions) (result *v1alpha1.Shoot, err error) { - result = &v1alpha1.Shoot{} - err = c.client.Put(). - Namespace(c.ns). - Resource("shoots"). - Name(shoot.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shoot). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *shoots) UpdateStatus(ctx context.Context, shoot *v1alpha1.Shoot, opts v1.UpdateOptions) (result *v1alpha1.Shoot, err error) { - result = &v1alpha1.Shoot{} - err = c.client.Put(). - Namespace(c.ns). - Resource("shoots"). - Name(shoot.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shoot). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the shoot and deletes it. Returns an error if one occurs. -func (c *shoots) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("shoots"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *shoots) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched shoot. -func (c *shoots) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Shoot, err error) { - result = &v1alpha1.Shoot{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("shoots"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// CreateAdminKubeconfigRequest takes the representation of a adminKubeconfigRequest and creates it. Returns the server's representation of the adminKubeconfigRequest, and an error, if there is any. -func (c *shoots) CreateAdminKubeconfigRequest(ctx context.Context, shootName string, adminKubeconfigRequest *authenticationv1alpha1.AdminKubeconfigRequest, opts v1.CreateOptions) (result *authenticationv1alpha1.AdminKubeconfigRequest, err error) { - result = &authenticationv1alpha1.AdminKubeconfigRequest{} - err = c.client.Post(). - Namespace(c.ns). - Resource("shoots"). - Name(shootName). - SubResource("adminkubeconfig"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(adminKubeconfigRequest). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shootextensionstatus.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shootextensionstatus.go deleted file mode 100644 index 90ee4528c..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shootextensionstatus.go +++ /dev/null @@ -1,178 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ShootExtensionStatusesGetter has a method to return a ShootExtensionStatusInterface. -// A group's client should implement this interface. -type ShootExtensionStatusesGetter interface { - ShootExtensionStatuses(namespace string) ShootExtensionStatusInterface -} - -// ShootExtensionStatusInterface has methods to work with ShootExtensionStatus resources. -type ShootExtensionStatusInterface interface { - Create(ctx context.Context, shootExtensionStatus *v1alpha1.ShootExtensionStatus, opts v1.CreateOptions) (*v1alpha1.ShootExtensionStatus, error) - Update(ctx context.Context, shootExtensionStatus *v1alpha1.ShootExtensionStatus, opts v1.UpdateOptions) (*v1alpha1.ShootExtensionStatus, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ShootExtensionStatus, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ShootExtensionStatusList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ShootExtensionStatus, err error) - ShootExtensionStatusExpansion -} - -// shootExtensionStatuses implements ShootExtensionStatusInterface -type shootExtensionStatuses struct { - client rest.Interface - ns string -} - -// newShootExtensionStatuses returns a ShootExtensionStatuses -func newShootExtensionStatuses(c *CoreV1alpha1Client, namespace string) *shootExtensionStatuses { - return &shootExtensionStatuses{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the shootExtensionStatus, and returns the corresponding shootExtensionStatus object, and an error if there is any. -func (c *shootExtensionStatuses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ShootExtensionStatus, err error) { - result = &v1alpha1.ShootExtensionStatus{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shootextensionstatuses"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ShootExtensionStatuses that match those selectors. -func (c *shootExtensionStatuses) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ShootExtensionStatusList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ShootExtensionStatusList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shootextensionstatuses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested shootExtensionStatuses. -func (c *shootExtensionStatuses) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("shootextensionstatuses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a shootExtensionStatus and creates it. Returns the server's representation of the shootExtensionStatus, and an error, if there is any. -func (c *shootExtensionStatuses) Create(ctx context.Context, shootExtensionStatus *v1alpha1.ShootExtensionStatus, opts v1.CreateOptions) (result *v1alpha1.ShootExtensionStatus, err error) { - result = &v1alpha1.ShootExtensionStatus{} - err = c.client.Post(). - Namespace(c.ns). - Resource("shootextensionstatuses"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shootExtensionStatus). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a shootExtensionStatus and updates it. Returns the server's representation of the shootExtensionStatus, and an error, if there is any. -func (c *shootExtensionStatuses) Update(ctx context.Context, shootExtensionStatus *v1alpha1.ShootExtensionStatus, opts v1.UpdateOptions) (result *v1alpha1.ShootExtensionStatus, err error) { - result = &v1alpha1.ShootExtensionStatus{} - err = c.client.Put(). - Namespace(c.ns). - Resource("shootextensionstatuses"). - Name(shootExtensionStatus.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shootExtensionStatus). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the shootExtensionStatus and deletes it. Returns an error if one occurs. -func (c *shootExtensionStatuses) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("shootextensionstatuses"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *shootExtensionStatuses) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("shootextensionstatuses"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched shootExtensionStatus. -func (c *shootExtensionStatuses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ShootExtensionStatus, err error) { - result = &v1alpha1.ShootExtensionStatus{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("shootextensionstatuses"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shootstate.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shootstate.go deleted file mode 100644 index 2a28e0a19..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1alpha1/shootstate.go +++ /dev/null @@ -1,178 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ShootStatesGetter has a method to return a ShootStateInterface. -// A group's client should implement this interface. -type ShootStatesGetter interface { - ShootStates(namespace string) ShootStateInterface -} - -// ShootStateInterface has methods to work with ShootState resources. -type ShootStateInterface interface { - Create(ctx context.Context, shootState *v1alpha1.ShootState, opts v1.CreateOptions) (*v1alpha1.ShootState, error) - Update(ctx context.Context, shootState *v1alpha1.ShootState, opts v1.UpdateOptions) (*v1alpha1.ShootState, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ShootState, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ShootStateList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ShootState, err error) - ShootStateExpansion -} - -// shootStates implements ShootStateInterface -type shootStates struct { - client rest.Interface - ns string -} - -// newShootStates returns a ShootStates -func newShootStates(c *CoreV1alpha1Client, namespace string) *shootStates { - return &shootStates{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the shootState, and returns the corresponding shootState object, and an error if there is any. -func (c *shootStates) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ShootState, err error) { - result = &v1alpha1.ShootState{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shootstates"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ShootStates that match those selectors. -func (c *shootStates) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ShootStateList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ShootStateList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shootstates"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested shootStates. -func (c *shootStates) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("shootstates"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a shootState and creates it. Returns the server's representation of the shootState, and an error, if there is any. -func (c *shootStates) Create(ctx context.Context, shootState *v1alpha1.ShootState, opts v1.CreateOptions) (result *v1alpha1.ShootState, err error) { - result = &v1alpha1.ShootState{} - err = c.client.Post(). - Namespace(c.ns). - Resource("shootstates"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shootState). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a shootState and updates it. Returns the server's representation of the shootState, and an error, if there is any. -func (c *shootStates) Update(ctx context.Context, shootState *v1alpha1.ShootState, opts v1.UpdateOptions) (result *v1alpha1.ShootState, err error) { - result = &v1alpha1.ShootState{} - err = c.client.Put(). - Namespace(c.ns). - Resource("shootstates"). - Name(shootState.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shootState). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the shootState and deletes it. Returns an error if one occurs. -func (c *shootStates) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("shootstates"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *shootStates) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("shootstates"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched shootState. -func (c *shootStates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ShootState, err error) { - result = &v1alpha1.ShootState{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("shootstates"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/backupbucket.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/backupbucket.go deleted file mode 100644 index a7238c9a6..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/backupbucket.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// BackupBucketsGetter has a method to return a BackupBucketInterface. -// A group's client should implement this interface. -type BackupBucketsGetter interface { - BackupBuckets() BackupBucketInterface -} - -// BackupBucketInterface has methods to work with BackupBucket resources. -type BackupBucketInterface interface { - Create(ctx context.Context, backupBucket *v1beta1.BackupBucket, opts v1.CreateOptions) (*v1beta1.BackupBucket, error) - Update(ctx context.Context, backupBucket *v1beta1.BackupBucket, opts v1.UpdateOptions) (*v1beta1.BackupBucket, error) - UpdateStatus(ctx context.Context, backupBucket *v1beta1.BackupBucket, opts v1.UpdateOptions) (*v1beta1.BackupBucket, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.BackupBucket, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.BackupBucketList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.BackupBucket, err error) - BackupBucketExpansion -} - -// backupBuckets implements BackupBucketInterface -type backupBuckets struct { - client rest.Interface -} - -// newBackupBuckets returns a BackupBuckets -func newBackupBuckets(c *CoreV1beta1Client) *backupBuckets { - return &backupBuckets{ - client: c.RESTClient(), - } -} - -// Get takes name of the backupBucket, and returns the corresponding backupBucket object, and an error if there is any. -func (c *backupBuckets) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.BackupBucket, err error) { - result = &v1beta1.BackupBucket{} - err = c.client.Get(). - Resource("backupbuckets"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of BackupBuckets that match those selectors. -func (c *backupBuckets) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.BackupBucketList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.BackupBucketList{} - err = c.client.Get(). - Resource("backupbuckets"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested backupBuckets. -func (c *backupBuckets) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("backupbuckets"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a backupBucket and creates it. Returns the server's representation of the backupBucket, and an error, if there is any. -func (c *backupBuckets) Create(ctx context.Context, backupBucket *v1beta1.BackupBucket, opts v1.CreateOptions) (result *v1beta1.BackupBucket, err error) { - result = &v1beta1.BackupBucket{} - err = c.client.Post(). - Resource("backupbuckets"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupBucket). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a backupBucket and updates it. Returns the server's representation of the backupBucket, and an error, if there is any. -func (c *backupBuckets) Update(ctx context.Context, backupBucket *v1beta1.BackupBucket, opts v1.UpdateOptions) (result *v1beta1.BackupBucket, err error) { - result = &v1beta1.BackupBucket{} - err = c.client.Put(). - Resource("backupbuckets"). - Name(backupBucket.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupBucket). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *backupBuckets) UpdateStatus(ctx context.Context, backupBucket *v1beta1.BackupBucket, opts v1.UpdateOptions) (result *v1beta1.BackupBucket, err error) { - result = &v1beta1.BackupBucket{} - err = c.client.Put(). - Resource("backupbuckets"). - Name(backupBucket.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupBucket). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the backupBucket and deletes it. Returns an error if one occurs. -func (c *backupBuckets) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("backupbuckets"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *backupBuckets) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("backupbuckets"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched backupBucket. -func (c *backupBuckets) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.BackupBucket, err error) { - result = &v1beta1.BackupBucket{} - err = c.client.Patch(pt). - Resource("backupbuckets"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/backupentry.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/backupentry.go deleted file mode 100644 index 13880f074..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/backupentry.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// BackupEntriesGetter has a method to return a BackupEntryInterface. -// A group's client should implement this interface. -type BackupEntriesGetter interface { - BackupEntries(namespace string) BackupEntryInterface -} - -// BackupEntryInterface has methods to work with BackupEntry resources. -type BackupEntryInterface interface { - Create(ctx context.Context, backupEntry *v1beta1.BackupEntry, opts v1.CreateOptions) (*v1beta1.BackupEntry, error) - Update(ctx context.Context, backupEntry *v1beta1.BackupEntry, opts v1.UpdateOptions) (*v1beta1.BackupEntry, error) - UpdateStatus(ctx context.Context, backupEntry *v1beta1.BackupEntry, opts v1.UpdateOptions) (*v1beta1.BackupEntry, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.BackupEntry, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.BackupEntryList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.BackupEntry, err error) - BackupEntryExpansion -} - -// backupEntries implements BackupEntryInterface -type backupEntries struct { - client rest.Interface - ns string -} - -// newBackupEntries returns a BackupEntries -func newBackupEntries(c *CoreV1beta1Client, namespace string) *backupEntries { - return &backupEntries{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the backupEntry, and returns the corresponding backupEntry object, and an error if there is any. -func (c *backupEntries) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.BackupEntry, err error) { - result = &v1beta1.BackupEntry{} - err = c.client.Get(). - Namespace(c.ns). - Resource("backupentries"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of BackupEntries that match those selectors. -func (c *backupEntries) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.BackupEntryList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.BackupEntryList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested backupEntries. -func (c *backupEntries) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a backupEntry and creates it. Returns the server's representation of the backupEntry, and an error, if there is any. -func (c *backupEntries) Create(ctx context.Context, backupEntry *v1beta1.BackupEntry, opts v1.CreateOptions) (result *v1beta1.BackupEntry, err error) { - result = &v1beta1.BackupEntry{} - err = c.client.Post(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupEntry). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a backupEntry and updates it. Returns the server's representation of the backupEntry, and an error, if there is any. -func (c *backupEntries) Update(ctx context.Context, backupEntry *v1beta1.BackupEntry, opts v1.UpdateOptions) (result *v1beta1.BackupEntry, err error) { - result = &v1beta1.BackupEntry{} - err = c.client.Put(). - Namespace(c.ns). - Resource("backupentries"). - Name(backupEntry.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupEntry). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *backupEntries) UpdateStatus(ctx context.Context, backupEntry *v1beta1.BackupEntry, opts v1.UpdateOptions) (result *v1beta1.BackupEntry, err error) { - result = &v1beta1.BackupEntry{} - err = c.client.Put(). - Namespace(c.ns). - Resource("backupentries"). - Name(backupEntry.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(backupEntry). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the backupEntry and deletes it. Returns an error if one occurs. -func (c *backupEntries) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("backupentries"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *backupEntries) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("backupentries"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched backupEntry. -func (c *backupEntries) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.BackupEntry, err error) { - result = &v1beta1.BackupEntry{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("backupentries"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/cloudprofile.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/cloudprofile.go deleted file mode 100644 index 37b7cab27..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/cloudprofile.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// CloudProfilesGetter has a method to return a CloudProfileInterface. -// A group's client should implement this interface. -type CloudProfilesGetter interface { - CloudProfiles() CloudProfileInterface -} - -// CloudProfileInterface has methods to work with CloudProfile resources. -type CloudProfileInterface interface { - Create(ctx context.Context, cloudProfile *v1beta1.CloudProfile, opts v1.CreateOptions) (*v1beta1.CloudProfile, error) - Update(ctx context.Context, cloudProfile *v1beta1.CloudProfile, opts v1.UpdateOptions) (*v1beta1.CloudProfile, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.CloudProfile, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.CloudProfileList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.CloudProfile, err error) - CloudProfileExpansion -} - -// cloudProfiles implements CloudProfileInterface -type cloudProfiles struct { - client rest.Interface -} - -// newCloudProfiles returns a CloudProfiles -func newCloudProfiles(c *CoreV1beta1Client) *cloudProfiles { - return &cloudProfiles{ - client: c.RESTClient(), - } -} - -// Get takes name of the cloudProfile, and returns the corresponding cloudProfile object, and an error if there is any. -func (c *cloudProfiles) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.CloudProfile, err error) { - result = &v1beta1.CloudProfile{} - err = c.client.Get(). - Resource("cloudprofiles"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of CloudProfiles that match those selectors. -func (c *cloudProfiles) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.CloudProfileList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.CloudProfileList{} - err = c.client.Get(). - Resource("cloudprofiles"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested cloudProfiles. -func (c *cloudProfiles) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("cloudprofiles"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a cloudProfile and creates it. Returns the server's representation of the cloudProfile, and an error, if there is any. -func (c *cloudProfiles) Create(ctx context.Context, cloudProfile *v1beta1.CloudProfile, opts v1.CreateOptions) (result *v1beta1.CloudProfile, err error) { - result = &v1beta1.CloudProfile{} - err = c.client.Post(). - Resource("cloudprofiles"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(cloudProfile). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a cloudProfile and updates it. Returns the server's representation of the cloudProfile, and an error, if there is any. -func (c *cloudProfiles) Update(ctx context.Context, cloudProfile *v1beta1.CloudProfile, opts v1.UpdateOptions) (result *v1beta1.CloudProfile, err error) { - result = &v1beta1.CloudProfile{} - err = c.client.Put(). - Resource("cloudprofiles"). - Name(cloudProfile.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(cloudProfile). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the cloudProfile and deletes it. Returns an error if one occurs. -func (c *cloudProfiles) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("cloudprofiles"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *cloudProfiles) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("cloudprofiles"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched cloudProfile. -func (c *cloudProfiles) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.CloudProfile, err error) { - result = &v1beta1.CloudProfile{} - err = c.client.Patch(pt). - Resource("cloudprofiles"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerdeployment.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerdeployment.go deleted file mode 100644 index 4fb08989e..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerdeployment.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ControllerDeploymentsGetter has a method to return a ControllerDeploymentInterface. -// A group's client should implement this interface. -type ControllerDeploymentsGetter interface { - ControllerDeployments() ControllerDeploymentInterface -} - -// ControllerDeploymentInterface has methods to work with ControllerDeployment resources. -type ControllerDeploymentInterface interface { - Create(ctx context.Context, controllerDeployment *v1beta1.ControllerDeployment, opts v1.CreateOptions) (*v1beta1.ControllerDeployment, error) - Update(ctx context.Context, controllerDeployment *v1beta1.ControllerDeployment, opts v1.UpdateOptions) (*v1beta1.ControllerDeployment, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ControllerDeployment, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ControllerDeploymentList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ControllerDeployment, err error) - ControllerDeploymentExpansion -} - -// controllerDeployments implements ControllerDeploymentInterface -type controllerDeployments struct { - client rest.Interface -} - -// newControllerDeployments returns a ControllerDeployments -func newControllerDeployments(c *CoreV1beta1Client) *controllerDeployments { - return &controllerDeployments{ - client: c.RESTClient(), - } -} - -// Get takes name of the controllerDeployment, and returns the corresponding controllerDeployment object, and an error if there is any. -func (c *controllerDeployments) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ControllerDeployment, err error) { - result = &v1beta1.ControllerDeployment{} - err = c.client.Get(). - Resource("controllerdeployments"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ControllerDeployments that match those selectors. -func (c *controllerDeployments) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ControllerDeploymentList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.ControllerDeploymentList{} - err = c.client.Get(). - Resource("controllerdeployments"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested controllerDeployments. -func (c *controllerDeployments) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("controllerdeployments"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a controllerDeployment and creates it. Returns the server's representation of the controllerDeployment, and an error, if there is any. -func (c *controllerDeployments) Create(ctx context.Context, controllerDeployment *v1beta1.ControllerDeployment, opts v1.CreateOptions) (result *v1beta1.ControllerDeployment, err error) { - result = &v1beta1.ControllerDeployment{} - err = c.client.Post(). - Resource("controllerdeployments"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerDeployment). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a controllerDeployment and updates it. Returns the server's representation of the controllerDeployment, and an error, if there is any. -func (c *controllerDeployments) Update(ctx context.Context, controllerDeployment *v1beta1.ControllerDeployment, opts v1.UpdateOptions) (result *v1beta1.ControllerDeployment, err error) { - result = &v1beta1.ControllerDeployment{} - err = c.client.Put(). - Resource("controllerdeployments"). - Name(controllerDeployment.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerDeployment). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the controllerDeployment and deletes it. Returns an error if one occurs. -func (c *controllerDeployments) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("controllerdeployments"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *controllerDeployments) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("controllerdeployments"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched controllerDeployment. -func (c *controllerDeployments) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ControllerDeployment, err error) { - result = &v1beta1.ControllerDeployment{} - err = c.client.Patch(pt). - Resource("controllerdeployments"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerinstallation.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerinstallation.go deleted file mode 100644 index 5756e8467..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerinstallation.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ControllerInstallationsGetter has a method to return a ControllerInstallationInterface. -// A group's client should implement this interface. -type ControllerInstallationsGetter interface { - ControllerInstallations() ControllerInstallationInterface -} - -// ControllerInstallationInterface has methods to work with ControllerInstallation resources. -type ControllerInstallationInterface interface { - Create(ctx context.Context, controllerInstallation *v1beta1.ControllerInstallation, opts v1.CreateOptions) (*v1beta1.ControllerInstallation, error) - Update(ctx context.Context, controllerInstallation *v1beta1.ControllerInstallation, opts v1.UpdateOptions) (*v1beta1.ControllerInstallation, error) - UpdateStatus(ctx context.Context, controllerInstallation *v1beta1.ControllerInstallation, opts v1.UpdateOptions) (*v1beta1.ControllerInstallation, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ControllerInstallation, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ControllerInstallationList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ControllerInstallation, err error) - ControllerInstallationExpansion -} - -// controllerInstallations implements ControllerInstallationInterface -type controllerInstallations struct { - client rest.Interface -} - -// newControllerInstallations returns a ControllerInstallations -func newControllerInstallations(c *CoreV1beta1Client) *controllerInstallations { - return &controllerInstallations{ - client: c.RESTClient(), - } -} - -// Get takes name of the controllerInstallation, and returns the corresponding controllerInstallation object, and an error if there is any. -func (c *controllerInstallations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ControllerInstallation, err error) { - result = &v1beta1.ControllerInstallation{} - err = c.client.Get(). - Resource("controllerinstallations"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ControllerInstallations that match those selectors. -func (c *controllerInstallations) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ControllerInstallationList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.ControllerInstallationList{} - err = c.client.Get(). - Resource("controllerinstallations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested controllerInstallations. -func (c *controllerInstallations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("controllerinstallations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a controllerInstallation and creates it. Returns the server's representation of the controllerInstallation, and an error, if there is any. -func (c *controllerInstallations) Create(ctx context.Context, controllerInstallation *v1beta1.ControllerInstallation, opts v1.CreateOptions) (result *v1beta1.ControllerInstallation, err error) { - result = &v1beta1.ControllerInstallation{} - err = c.client.Post(). - Resource("controllerinstallations"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerInstallation). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a controllerInstallation and updates it. Returns the server's representation of the controllerInstallation, and an error, if there is any. -func (c *controllerInstallations) Update(ctx context.Context, controllerInstallation *v1beta1.ControllerInstallation, opts v1.UpdateOptions) (result *v1beta1.ControllerInstallation, err error) { - result = &v1beta1.ControllerInstallation{} - err = c.client.Put(). - Resource("controllerinstallations"). - Name(controllerInstallation.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerInstallation). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *controllerInstallations) UpdateStatus(ctx context.Context, controllerInstallation *v1beta1.ControllerInstallation, opts v1.UpdateOptions) (result *v1beta1.ControllerInstallation, err error) { - result = &v1beta1.ControllerInstallation{} - err = c.client.Put(). - Resource("controllerinstallations"). - Name(controllerInstallation.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerInstallation). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the controllerInstallation and deletes it. Returns an error if one occurs. -func (c *controllerInstallations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("controllerinstallations"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *controllerInstallations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("controllerinstallations"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched controllerInstallation. -func (c *controllerInstallations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ControllerInstallation, err error) { - result = &v1beta1.ControllerInstallation{} - err = c.client.Patch(pt). - Resource("controllerinstallations"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerregistration.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerregistration.go deleted file mode 100644 index c7f66b209..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/controllerregistration.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ControllerRegistrationsGetter has a method to return a ControllerRegistrationInterface. -// A group's client should implement this interface. -type ControllerRegistrationsGetter interface { - ControllerRegistrations() ControllerRegistrationInterface -} - -// ControllerRegistrationInterface has methods to work with ControllerRegistration resources. -type ControllerRegistrationInterface interface { - Create(ctx context.Context, controllerRegistration *v1beta1.ControllerRegistration, opts v1.CreateOptions) (*v1beta1.ControllerRegistration, error) - Update(ctx context.Context, controllerRegistration *v1beta1.ControllerRegistration, opts v1.UpdateOptions) (*v1beta1.ControllerRegistration, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ControllerRegistration, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ControllerRegistrationList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ControllerRegistration, err error) - ControllerRegistrationExpansion -} - -// controllerRegistrations implements ControllerRegistrationInterface -type controllerRegistrations struct { - client rest.Interface -} - -// newControllerRegistrations returns a ControllerRegistrations -func newControllerRegistrations(c *CoreV1beta1Client) *controllerRegistrations { - return &controllerRegistrations{ - client: c.RESTClient(), - } -} - -// Get takes name of the controllerRegistration, and returns the corresponding controllerRegistration object, and an error if there is any. -func (c *controllerRegistrations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ControllerRegistration, err error) { - result = &v1beta1.ControllerRegistration{} - err = c.client.Get(). - Resource("controllerregistrations"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ControllerRegistrations that match those selectors. -func (c *controllerRegistrations) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ControllerRegistrationList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.ControllerRegistrationList{} - err = c.client.Get(). - Resource("controllerregistrations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested controllerRegistrations. -func (c *controllerRegistrations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("controllerregistrations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a controllerRegistration and creates it. Returns the server's representation of the controllerRegistration, and an error, if there is any. -func (c *controllerRegistrations) Create(ctx context.Context, controllerRegistration *v1beta1.ControllerRegistration, opts v1.CreateOptions) (result *v1beta1.ControllerRegistration, err error) { - result = &v1beta1.ControllerRegistration{} - err = c.client.Post(). - Resource("controllerregistrations"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerRegistration). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a controllerRegistration and updates it. Returns the server's representation of the controllerRegistration, and an error, if there is any. -func (c *controllerRegistrations) Update(ctx context.Context, controllerRegistration *v1beta1.ControllerRegistration, opts v1.UpdateOptions) (result *v1beta1.ControllerRegistration, err error) { - result = &v1beta1.ControllerRegistration{} - err = c.client.Put(). - Resource("controllerregistrations"). - Name(controllerRegistration.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(controllerRegistration). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the controllerRegistration and deletes it. Returns an error if one occurs. -func (c *controllerRegistrations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("controllerregistrations"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *controllerRegistrations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("controllerregistrations"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched controllerRegistration. -func (c *controllerRegistrations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ControllerRegistration, err error) { - result = &v1beta1.ControllerRegistration{} - err = c.client.Patch(pt). - Resource("controllerregistrations"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/core_client.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/core_client.go deleted file mode 100644 index 79dedf09a..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/core_client.go +++ /dev/null @@ -1,144 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - rest "k8s.io/client-go/rest" -) - -type CoreV1beta1Interface interface { - RESTClient() rest.Interface - BackupBucketsGetter - BackupEntriesGetter - CloudProfilesGetter - ControllerDeploymentsGetter - ControllerInstallationsGetter - ControllerRegistrationsGetter - PlantsGetter - ProjectsGetter - QuotasGetter - SecretBindingsGetter - SeedsGetter - ShootsGetter -} - -// CoreV1beta1Client is used to interact with features provided by the core.gardener.cloud group. -type CoreV1beta1Client struct { - restClient rest.Interface -} - -func (c *CoreV1beta1Client) BackupBuckets() BackupBucketInterface { - return newBackupBuckets(c) -} - -func (c *CoreV1beta1Client) BackupEntries(namespace string) BackupEntryInterface { - return newBackupEntries(c, namespace) -} - -func (c *CoreV1beta1Client) CloudProfiles() CloudProfileInterface { - return newCloudProfiles(c) -} - -func (c *CoreV1beta1Client) ControllerDeployments() ControllerDeploymentInterface { - return newControllerDeployments(c) -} - -func (c *CoreV1beta1Client) ControllerInstallations() ControllerInstallationInterface { - return newControllerInstallations(c) -} - -func (c *CoreV1beta1Client) ControllerRegistrations() ControllerRegistrationInterface { - return newControllerRegistrations(c) -} - -func (c *CoreV1beta1Client) Plants(namespace string) PlantInterface { - return newPlants(c, namespace) -} - -func (c *CoreV1beta1Client) Projects() ProjectInterface { - return newProjects(c) -} - -func (c *CoreV1beta1Client) Quotas(namespace string) QuotaInterface { - return newQuotas(c, namespace) -} - -func (c *CoreV1beta1Client) SecretBindings(namespace string) SecretBindingInterface { - return newSecretBindings(c, namespace) -} - -func (c *CoreV1beta1Client) Seeds() SeedInterface { - return newSeeds(c) -} - -func (c *CoreV1beta1Client) Shoots(namespace string) ShootInterface { - return newShoots(c, namespace) -} - -// NewForConfig creates a new CoreV1beta1Client for the given config. -func NewForConfig(c *rest.Config) (*CoreV1beta1Client, error) { - config := *c - if err := setConfigDefaults(&config); err != nil { - return nil, err - } - client, err := rest.RESTClientFor(&config) - if err != nil { - return nil, err - } - return &CoreV1beta1Client{client}, nil -} - -// NewForConfigOrDie creates a new CoreV1beta1Client for the given config and -// panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *CoreV1beta1Client { - client, err := NewForConfig(c) - if err != nil { - panic(err) - } - return client -} - -// New creates a new CoreV1beta1Client for the given RESTClient. -func New(c rest.Interface) *CoreV1beta1Client { - return &CoreV1beta1Client{c} -} - -func setConfigDefaults(config *rest.Config) error { - gv := v1beta1.SchemeGroupVersion - config.GroupVersion = &gv - config.APIPath = "/apis" - config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() - - if config.UserAgent == "" { - config.UserAgent = rest.DefaultKubernetesUserAgent() - } - - return nil -} - -// RESTClient returns a RESTClient that is used to communicate -// with API server by this client implementation. -func (c *CoreV1beta1Client) RESTClient() rest.Interface { - if c == nil { - return nil - } - return c.restClient -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/generated_expansion.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/generated_expansion.go deleted file mode 100644 index f1d02d42c..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/generated_expansion.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -type BackupBucketExpansion interface{} - -type BackupEntryExpansion interface{} - -type CloudProfileExpansion interface{} - -type ControllerDeploymentExpansion interface{} - -type ControllerInstallationExpansion interface{} - -type ControllerRegistrationExpansion interface{} - -type PlantExpansion interface{} - -type ProjectExpansion interface{} - -type QuotaExpansion interface{} - -type SecretBindingExpansion interface{} - -type SeedExpansion interface{} - -type ShootExpansion interface{} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/plant.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/plant.go deleted file mode 100644 index 1beb236a0..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/plant.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// PlantsGetter has a method to return a PlantInterface. -// A group's client should implement this interface. -type PlantsGetter interface { - Plants(namespace string) PlantInterface -} - -// PlantInterface has methods to work with Plant resources. -type PlantInterface interface { - Create(ctx context.Context, plant *v1beta1.Plant, opts v1.CreateOptions) (*v1beta1.Plant, error) - Update(ctx context.Context, plant *v1beta1.Plant, opts v1.UpdateOptions) (*v1beta1.Plant, error) - UpdateStatus(ctx context.Context, plant *v1beta1.Plant, opts v1.UpdateOptions) (*v1beta1.Plant, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.Plant, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.PlantList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Plant, err error) - PlantExpansion -} - -// plants implements PlantInterface -type plants struct { - client rest.Interface - ns string -} - -// newPlants returns a Plants -func newPlants(c *CoreV1beta1Client, namespace string) *plants { - return &plants{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the plant, and returns the corresponding plant object, and an error if there is any. -func (c *plants) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Plant, err error) { - result = &v1beta1.Plant{} - err = c.client.Get(). - Namespace(c.ns). - Resource("plants"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Plants that match those selectors. -func (c *plants) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PlantList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.PlantList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested plants. -func (c *plants) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a plant and creates it. Returns the server's representation of the plant, and an error, if there is any. -func (c *plants) Create(ctx context.Context, plant *v1beta1.Plant, opts v1.CreateOptions) (result *v1beta1.Plant, err error) { - result = &v1beta1.Plant{} - err = c.client.Post(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(plant). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a plant and updates it. Returns the server's representation of the plant, and an error, if there is any. -func (c *plants) Update(ctx context.Context, plant *v1beta1.Plant, opts v1.UpdateOptions) (result *v1beta1.Plant, err error) { - result = &v1beta1.Plant{} - err = c.client.Put(). - Namespace(c.ns). - Resource("plants"). - Name(plant.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(plant). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *plants) UpdateStatus(ctx context.Context, plant *v1beta1.Plant, opts v1.UpdateOptions) (result *v1beta1.Plant, err error) { - result = &v1beta1.Plant{} - err = c.client.Put(). - Namespace(c.ns). - Resource("plants"). - Name(plant.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(plant). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the plant and deletes it. Returns an error if one occurs. -func (c *plants) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("plants"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *plants) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("plants"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched plant. -func (c *plants) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Plant, err error) { - result = &v1beta1.Plant{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("plants"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/project.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/project.go deleted file mode 100644 index b0d08d49c..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/project.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ProjectsGetter has a method to return a ProjectInterface. -// A group's client should implement this interface. -type ProjectsGetter interface { - Projects() ProjectInterface -} - -// ProjectInterface has methods to work with Project resources. -type ProjectInterface interface { - Create(ctx context.Context, project *v1beta1.Project, opts v1.CreateOptions) (*v1beta1.Project, error) - Update(ctx context.Context, project *v1beta1.Project, opts v1.UpdateOptions) (*v1beta1.Project, error) - UpdateStatus(ctx context.Context, project *v1beta1.Project, opts v1.UpdateOptions) (*v1beta1.Project, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.Project, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ProjectList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Project, err error) - ProjectExpansion -} - -// projects implements ProjectInterface -type projects struct { - client rest.Interface -} - -// newProjects returns a Projects -func newProjects(c *CoreV1beta1Client) *projects { - return &projects{ - client: c.RESTClient(), - } -} - -// Get takes name of the project, and returns the corresponding project object, and an error if there is any. -func (c *projects) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Project, err error) { - result = &v1beta1.Project{} - err = c.client.Get(). - Resource("projects"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Projects that match those selectors. -func (c *projects) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ProjectList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.ProjectList{} - err = c.client.Get(). - Resource("projects"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested projects. -func (c *projects) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("projects"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a project and creates it. Returns the server's representation of the project, and an error, if there is any. -func (c *projects) Create(ctx context.Context, project *v1beta1.Project, opts v1.CreateOptions) (result *v1beta1.Project, err error) { - result = &v1beta1.Project{} - err = c.client.Post(). - Resource("projects"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(project). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a project and updates it. Returns the server's representation of the project, and an error, if there is any. -func (c *projects) Update(ctx context.Context, project *v1beta1.Project, opts v1.UpdateOptions) (result *v1beta1.Project, err error) { - result = &v1beta1.Project{} - err = c.client.Put(). - Resource("projects"). - Name(project.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(project). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *projects) UpdateStatus(ctx context.Context, project *v1beta1.Project, opts v1.UpdateOptions) (result *v1beta1.Project, err error) { - result = &v1beta1.Project{} - err = c.client.Put(). - Resource("projects"). - Name(project.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(project). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the project and deletes it. Returns an error if one occurs. -func (c *projects) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("projects"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *projects) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("projects"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched project. -func (c *projects) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Project, err error) { - result = &v1beta1.Project{} - err = c.client.Patch(pt). - Resource("projects"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/quota.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/quota.go deleted file mode 100644 index 73aef2bea..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/quota.go +++ /dev/null @@ -1,178 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// QuotasGetter has a method to return a QuotaInterface. -// A group's client should implement this interface. -type QuotasGetter interface { - Quotas(namespace string) QuotaInterface -} - -// QuotaInterface has methods to work with Quota resources. -type QuotaInterface interface { - Create(ctx context.Context, quota *v1beta1.Quota, opts v1.CreateOptions) (*v1beta1.Quota, error) - Update(ctx context.Context, quota *v1beta1.Quota, opts v1.UpdateOptions) (*v1beta1.Quota, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.Quota, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.QuotaList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Quota, err error) - QuotaExpansion -} - -// quotas implements QuotaInterface -type quotas struct { - client rest.Interface - ns string -} - -// newQuotas returns a Quotas -func newQuotas(c *CoreV1beta1Client, namespace string) *quotas { - return "as{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the quota, and returns the corresponding quota object, and an error if there is any. -func (c *quotas) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Quota, err error) { - result = &v1beta1.Quota{} - err = c.client.Get(). - Namespace(c.ns). - Resource("quotas"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Quotas that match those selectors. -func (c *quotas) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.QuotaList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.QuotaList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested quotas. -func (c *quotas) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a quota and creates it. Returns the server's representation of the quota, and an error, if there is any. -func (c *quotas) Create(ctx context.Context, quota *v1beta1.Quota, opts v1.CreateOptions) (result *v1beta1.Quota, err error) { - result = &v1beta1.Quota{} - err = c.client.Post(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(quota). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a quota and updates it. Returns the server's representation of the quota, and an error, if there is any. -func (c *quotas) Update(ctx context.Context, quota *v1beta1.Quota, opts v1.UpdateOptions) (result *v1beta1.Quota, err error) { - result = &v1beta1.Quota{} - err = c.client.Put(). - Namespace(c.ns). - Resource("quotas"). - Name(quota.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(quota). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the quota and deletes it. Returns an error if one occurs. -func (c *quotas) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("quotas"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *quotas) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("quotas"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched quota. -func (c *quotas) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Quota, err error) { - result = &v1beta1.Quota{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("quotas"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/secretbinding.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/secretbinding.go deleted file mode 100644 index 953846e93..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/secretbinding.go +++ /dev/null @@ -1,178 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// SecretBindingsGetter has a method to return a SecretBindingInterface. -// A group's client should implement this interface. -type SecretBindingsGetter interface { - SecretBindings(namespace string) SecretBindingInterface -} - -// SecretBindingInterface has methods to work with SecretBinding resources. -type SecretBindingInterface interface { - Create(ctx context.Context, secretBinding *v1beta1.SecretBinding, opts v1.CreateOptions) (*v1beta1.SecretBinding, error) - Update(ctx context.Context, secretBinding *v1beta1.SecretBinding, opts v1.UpdateOptions) (*v1beta1.SecretBinding, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.SecretBinding, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.SecretBindingList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.SecretBinding, err error) - SecretBindingExpansion -} - -// secretBindings implements SecretBindingInterface -type secretBindings struct { - client rest.Interface - ns string -} - -// newSecretBindings returns a SecretBindings -func newSecretBindings(c *CoreV1beta1Client, namespace string) *secretBindings { - return &secretBindings{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the secretBinding, and returns the corresponding secretBinding object, and an error if there is any. -func (c *secretBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.SecretBinding, err error) { - result = &v1beta1.SecretBinding{} - err = c.client.Get(). - Namespace(c.ns). - Resource("secretbindings"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of SecretBindings that match those selectors. -func (c *secretBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.SecretBindingList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.SecretBindingList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested secretBindings. -func (c *secretBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a secretBinding and creates it. Returns the server's representation of the secretBinding, and an error, if there is any. -func (c *secretBindings) Create(ctx context.Context, secretBinding *v1beta1.SecretBinding, opts v1.CreateOptions) (result *v1beta1.SecretBinding, err error) { - result = &v1beta1.SecretBinding{} - err = c.client.Post(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(secretBinding). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a secretBinding and updates it. Returns the server's representation of the secretBinding, and an error, if there is any. -func (c *secretBindings) Update(ctx context.Context, secretBinding *v1beta1.SecretBinding, opts v1.UpdateOptions) (result *v1beta1.SecretBinding, err error) { - result = &v1beta1.SecretBinding{} - err = c.client.Put(). - Namespace(c.ns). - Resource("secretbindings"). - Name(secretBinding.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(secretBinding). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the secretBinding and deletes it. Returns an error if one occurs. -func (c *secretBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("secretbindings"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *secretBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("secretbindings"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched secretBinding. -func (c *secretBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.SecretBinding, err error) { - result = &v1beta1.SecretBinding{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("secretbindings"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/seed.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/seed.go deleted file mode 100644 index 05b1df257..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/seed.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// SeedsGetter has a method to return a SeedInterface. -// A group's client should implement this interface. -type SeedsGetter interface { - Seeds() SeedInterface -} - -// SeedInterface has methods to work with Seed resources. -type SeedInterface interface { - Create(ctx context.Context, seed *v1beta1.Seed, opts v1.CreateOptions) (*v1beta1.Seed, error) - Update(ctx context.Context, seed *v1beta1.Seed, opts v1.UpdateOptions) (*v1beta1.Seed, error) - UpdateStatus(ctx context.Context, seed *v1beta1.Seed, opts v1.UpdateOptions) (*v1beta1.Seed, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.Seed, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.SeedList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Seed, err error) - SeedExpansion -} - -// seeds implements SeedInterface -type seeds struct { - client rest.Interface -} - -// newSeeds returns a Seeds -func newSeeds(c *CoreV1beta1Client) *seeds { - return &seeds{ - client: c.RESTClient(), - } -} - -// Get takes name of the seed, and returns the corresponding seed object, and an error if there is any. -func (c *seeds) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Seed, err error) { - result = &v1beta1.Seed{} - err = c.client.Get(). - Resource("seeds"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Seeds that match those selectors. -func (c *seeds) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.SeedList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.SeedList{} - err = c.client.Get(). - Resource("seeds"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested seeds. -func (c *seeds) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("seeds"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a seed and creates it. Returns the server's representation of the seed, and an error, if there is any. -func (c *seeds) Create(ctx context.Context, seed *v1beta1.Seed, opts v1.CreateOptions) (result *v1beta1.Seed, err error) { - result = &v1beta1.Seed{} - err = c.client.Post(). - Resource("seeds"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(seed). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a seed and updates it. Returns the server's representation of the seed, and an error, if there is any. -func (c *seeds) Update(ctx context.Context, seed *v1beta1.Seed, opts v1.UpdateOptions) (result *v1beta1.Seed, err error) { - result = &v1beta1.Seed{} - err = c.client.Put(). - Resource("seeds"). - Name(seed.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(seed). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *seeds) UpdateStatus(ctx context.Context, seed *v1beta1.Seed, opts v1.UpdateOptions) (result *v1beta1.Seed, err error) { - result = &v1beta1.Seed{} - err = c.client.Put(). - Resource("seeds"). - Name(seed.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(seed). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the seed and deletes it. Returns an error if one occurs. -func (c *seeds) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("seeds"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *seeds) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("seeds"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched seed. -func (c *seeds) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Seed, err error) { - result = &v1beta1.Seed{} - err = c.client.Patch(pt). - Resource("seeds"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/shoot.go b/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/shoot.go deleted file mode 100644 index d76e0ea8d..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1/shoot.go +++ /dev/null @@ -1,213 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" - v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - scheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ShootsGetter has a method to return a ShootInterface. -// A group's client should implement this interface. -type ShootsGetter interface { - Shoots(namespace string) ShootInterface -} - -// ShootInterface has methods to work with Shoot resources. -type ShootInterface interface { - Create(ctx context.Context, shoot *v1beta1.Shoot, opts v1.CreateOptions) (*v1beta1.Shoot, error) - Update(ctx context.Context, shoot *v1beta1.Shoot, opts v1.UpdateOptions) (*v1beta1.Shoot, error) - UpdateStatus(ctx context.Context, shoot *v1beta1.Shoot, opts v1.UpdateOptions) (*v1beta1.Shoot, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.Shoot, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ShootList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Shoot, err error) - CreateAdminKubeconfigRequest(ctx context.Context, shootName string, adminKubeconfigRequest *v1alpha1.AdminKubeconfigRequest, opts v1.CreateOptions) (*v1alpha1.AdminKubeconfigRequest, error) - - ShootExpansion -} - -// shoots implements ShootInterface -type shoots struct { - client rest.Interface - ns string -} - -// newShoots returns a Shoots -func newShoots(c *CoreV1beta1Client, namespace string) *shoots { - return &shoots{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the shoot, and returns the corresponding shoot object, and an error if there is any. -func (c *shoots) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Shoot, err error) { - result = &v1beta1.Shoot{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shoots"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Shoots that match those selectors. -func (c *shoots) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ShootList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.ShootList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested shoots. -func (c *shoots) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a shoot and creates it. Returns the server's representation of the shoot, and an error, if there is any. -func (c *shoots) Create(ctx context.Context, shoot *v1beta1.Shoot, opts v1.CreateOptions) (result *v1beta1.Shoot, err error) { - result = &v1beta1.Shoot{} - err = c.client.Post(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shoot). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a shoot and updates it. Returns the server's representation of the shoot, and an error, if there is any. -func (c *shoots) Update(ctx context.Context, shoot *v1beta1.Shoot, opts v1.UpdateOptions) (result *v1beta1.Shoot, err error) { - result = &v1beta1.Shoot{} - err = c.client.Put(). - Namespace(c.ns). - Resource("shoots"). - Name(shoot.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shoot). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *shoots) UpdateStatus(ctx context.Context, shoot *v1beta1.Shoot, opts v1.UpdateOptions) (result *v1beta1.Shoot, err error) { - result = &v1beta1.Shoot{} - err = c.client.Put(). - Namespace(c.ns). - Resource("shoots"). - Name(shoot.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(shoot). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the shoot and deletes it. Returns an error if one occurs. -func (c *shoots) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("shoots"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *shoots) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("shoots"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched shoot. -func (c *shoots) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.Shoot, err error) { - result = &v1beta1.Shoot{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("shoots"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// CreateAdminKubeconfigRequest takes the representation of a adminKubeconfigRequest and creates it. Returns the server's representation of the adminKubeconfigRequest, and an error, if there is any. -func (c *shoots) CreateAdminKubeconfigRequest(ctx context.Context, shootName string, adminKubeconfigRequest *v1alpha1.AdminKubeconfigRequest, opts v1.CreateOptions) (result *v1alpha1.AdminKubeconfigRequest, err error) { - result = &v1alpha1.AdminKubeconfigRequest{} - err = c.client.Post(). - Namespace(c.ns). - Resource("shoots"). - Name(shootName). - SubResource("adminkubeconfig"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(adminKubeconfigRequest). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/extensions/clientset/versioned/scheme/doc.go b/vendor/github.com/gardener/gardener/pkg/client/extensions/clientset/versioned/scheme/doc.go deleted file mode 100644 index 7d4fb776b..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/extensions/clientset/versioned/scheme/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -// This package contains the scheme of the automatically generated clientset. -package scheme diff --git a/vendor/github.com/gardener/gardener/pkg/client/extensions/clientset/versioned/scheme/register.go b/vendor/github.com/gardener/gardener/pkg/client/extensions/clientset/versioned/scheme/register.go deleted file mode 100644 index 22a1acecf..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/extensions/clientset/versioned/scheme/register.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package scheme - -import ( - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - schema "k8s.io/apimachinery/pkg/runtime/schema" - serializer "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var Scheme = runtime.NewScheme() -var Codecs = serializer.NewCodecFactory(Scheme) -var ParameterCodec = runtime.NewParameterCodec(Scheme) -var localSchemeBuilder = runtime.SchemeBuilder{ - extensionsv1alpha1.AddToScheme, -} - -// AddToScheme adds all types of this clientset into the given scheme. This allows composition -// of clientsets, like in: -// -// import ( -// "k8s.io/client-go/kubernetes" -// clientsetscheme "k8s.io/client-go/kubernetes/scheme" -// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" -// ) -// -// kclientset, _ := kubernetes.NewForConfig(c) -// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) -// -// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types -// correctly. -var AddToScheme = localSchemeBuilder.AddToScheme - -func init() { - v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) - utilruntime.Must(AddToScheme(Scheme)) -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/cache.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/cache.go index 717bca579..c2c78be42 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/cache.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/cache.go @@ -93,6 +93,11 @@ func (c *aggregator) GetInformerForKind(ctx context.Context, gvk schema.GroupVer } func (c *aggregator) Start(ctx context.Context) error { + // NB: this function might leak goroutines, when the context for this aggregator cache is cancelled. + // There is no way of waiting for caches to stop, so there's no point in waiting for the following + // goroutines to finish, because there might still be goroutines running under the hood of caches. + // However, this is not problematic, as long as the aggregator cache is not in any client set, that might + // be invalidated during runtime. for gvk, cache := range c.gvkToCache { go func(gvk schema.GroupVersionKind, cache runtimecache.Cache) { err := cache.Start(ctx) diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/chartoptions.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/chartoptions.go index 438a1ca5d..729c8e921 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/chartoptions.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/chartoptions.go @@ -108,6 +108,7 @@ type DeleteOptions struct { // TolerateErrorFunc is a function for which err is tolerated. type TolerateErrorFunc func(err error) bool +// MutateDeleteOptions applies this configuration to the given delete options. func (t TolerateErrorFunc) MutateDeleteOptions(opts *DeleteOptions) { if opts.TolerateErrorFuncs == nil { opts.TolerateErrorFuncs = []TolerateErrorFunc{} @@ -116,6 +117,7 @@ func (t TolerateErrorFunc) MutateDeleteOptions(opts *DeleteOptions) { opts.TolerateErrorFuncs = append(opts.TolerateErrorFuncs, t) } +// MutateDeleteManifestOptions applies this configuration to the given delete manifest options. func (t TolerateErrorFunc) MutateDeleteManifestOptions(opts *DeleteManifestOptions) { if opts.TolerateErrorFuncs == nil { opts.TolerateErrorFuncs = []TolerateErrorFunc{} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go index 869faa808..934f2629b 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go @@ -20,7 +20,6 @@ import ( "fmt" corev1 "k8s.io/api/core/v1" - apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" kubernetesclientset "k8s.io/client-go/kubernetes" @@ -28,18 +27,14 @@ import ( "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" componentbaseconfig "k8s.io/component-base/config" - apiserviceclientset "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" - gardencoreclientset "github.com/gardener/gardener/pkg/client/core/clientset/versioned" - gardenercorescheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" + gardenercoreinstall "github.com/gardener/gardener/pkg/apis/core/install" + seedmanagementinstall "github.com/gardener/gardener/pkg/apis/seedmanagement/install" + settingsinstall "github.com/gardener/gardener/pkg/apis/settings/install" kcache "github.com/gardener/gardener/pkg/client/kubernetes/cache" - gardenoperationsclientset "github.com/gardener/gardener/pkg/client/operations/clientset/versioned" - gardenseedmanagementclientset "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned" - seedmanagementscheme "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned/scheme" - settingsscheme "github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme" "github.com/gardener/gardener/pkg/logger" versionutils "github.com/gardener/gardener/pkg/utils/version" ) @@ -57,9 +52,9 @@ const KubeConfig = "kubeconfig" func init() { // enable protobuf for Gardener API for controller-runtime clients protobufSchemeBuilder := runtime.NewSchemeBuilder( - gardenercorescheme.AddToScheme, - seedmanagementscheme.AddToScheme, - settingsscheme.AddToScheme, + gardenercoreinstall.AddToScheme, + seedmanagementinstall.AddToScheme, + settingsinstall.AddToScheme, ) utilruntime.Must(apiutil.AddToProtobufScheme(protobufSchemeBuilder.AddToScheme)) @@ -306,31 +301,6 @@ func newClientSet(conf *Config) (Interface, error) { return nil, err } - gardenCore, err := gardencoreclientset.NewForConfig(cfg) - if err != nil { - return nil, err - } - - gardenSeedManagement, err := gardenseedmanagementclientset.NewForConfig(cfg) - if err != nil { - return nil, err - } - - gardenOperations, err := gardenoperationsclientset.NewForConfig(cfg) - if err != nil { - return nil, err - } - - apiRegistration, err := apiserviceclientset.NewForConfig(cfg) - if err != nil { - return nil, err - } - - apiExtension, err := apiextensionsclientset.NewForConfig(cfg) - if err != nil { - return nil, err - } - cs := &clientSet{ config: conf.restConfig, restClient: kubernetes.Discovery().RESTClient(), @@ -341,12 +311,7 @@ func newClientSet(conf *Config) (Interface, error) { apiReader: c, cache: runtimeCache, - kubernetes: kubernetes, - gardenCore: gardenCore, - gardenSeedManagement: gardenSeedManagement, - gardenOperations: gardenOperations, - apiregistration: apiRegistration, - apiextension: apiExtension, + kubernetes: kubernetes, } if _, err := cs.DiscoverVersion(); err != nil { diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/alias.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/alias.go new file mode 100644 index 000000000..68e07692b --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/alias.go @@ -0,0 +1,44 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "net" + + "github.com/gardener/gardener/pkg/client/kubernetes" + gutil "github.com/gardener/gardener/pkg/utils/gardener" +) + +// github.com/gardener/gardener/pkg/client/kubernetes aliases +var ( + // NewClientFromFile is an alias to kubernetes.NewClientFromFile which allows it to be mocked for testing. + NewClientFromFile = kubernetes.NewClientFromFile + // NewClientFromSecret is an alias to kubernetes.NewClientFromSecret which allows it to be mocked for testing. + NewClientFromSecret = kubernetes.NewClientFromSecret + // NewClientSetWithConfig is an alias to kubernetes.NewWithConfig which allows it to be mocked for testing. + NewClientSetWithConfig = kubernetes.NewWithConfig +) + +// github.com/gardener/gardener/pkg/utils/gardener aliases +var ( + // ProjectForNamespaceFromReader is an alias to gutil.ProjectForNamespaceFromReader which allows it to be mocked for testing. + ProjectForNamespaceFromReader = gutil.ProjectForNamespaceFromReader +) + +// net aliases +var ( + // LookupHost is an alias to net.LookupHost which allows it to be mocked for testing. + LookupHost = net.LookupHost +) diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/deleg_clientmap.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/deleg_clientmap.go new file mode 100644 index 000000000..78858d038 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/deleg_clientmap.go @@ -0,0 +1,170 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "context" + "fmt" + + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap" +) + +var _ clientmap.ClientMap = &delegatingClientMap{} + +// delegatingClientMap is a ClientMap, which will delegate calls to different ClientMaps based on +// the type of the key (e.g. a call with keys.ForShoot() will be delegated to the ShootClientMap). +type delegatingClientMap struct { + GardenClients clientmap.ClientMap + SeedClients clientmap.ClientMap + ShootClients clientmap.ClientMap + PlantClients clientmap.ClientMap +} + +// NewDelegatingClientMap constructs a new delegatingClientMap consisting of the given different ClientMaps. +// It will panic if `gardenClientMap` is nil. +func NewDelegatingClientMap(gardenClientMap, seedClientMap, shootClientMap, plantClientMap clientmap.ClientMap) clientmap.ClientMap { + if gardenClientMap == nil { + panic("delegatingClientMap must contain a non-nil gardenClientMap") + } + + return &delegatingClientMap{ + GardenClients: gardenClientMap, + SeedClients: seedClientMap, + ShootClients: shootClientMap, + PlantClients: plantClientMap, + } +} + +// errUnknownKeyType is an error that will be returned by a delegatingClientMap if the type of the given key is unknown. +type errUnknownKeyType struct { + calledFunc string + key clientmap.ClientSetKey +} + +func (e *errUnknownKeyType) Error() string { + return fmt.Sprintf("call to %s with unknown ClientSetKey type: %T", e.calledFunc, e.key) +} + +// errUnsupportedKeyType is an error that will be returned by a delegatingClientMap if it doesn't contain a ClientMap +// that is responsible for the type of the given key. +type errUnsupportedKeyType struct { + calledFunc string + key clientmap.ClientSetKey +} + +func (e *errUnsupportedKeyType) Error() string { + return fmt.Sprintf("call to %s with unsupported ClientSetKey type: %T, delegatingClientMap doesn't contain a ClientMap responsible for this key type", e.calledFunc, e.key) +} + +// GetClient delegates the call to the ClientMap responsible for the type of the given key. +func (cm *delegatingClientMap) GetClient(ctx context.Context, key clientmap.ClientSetKey) (kubernetes.Interface, error) { + switch key.(type) { + case GardenClientSetKey: + return cm.GardenClients.GetClient(ctx, key) + case SeedClientSetKey: + if cm.SeedClients != nil { + return cm.SeedClients.GetClient(ctx, key) + } + return nil, &errUnsupportedKeyType{ + calledFunc: "GetClient", + key: key, + } + case ShootClientSetKey: + if cm.ShootClients != nil { + return cm.ShootClients.GetClient(ctx, key) + } + return nil, &errUnsupportedKeyType{ + calledFunc: "GetClient", + key: key, + } + case PlantClientSetKey: + if cm.PlantClients != nil { + return cm.PlantClients.GetClient(ctx, key) + } + return nil, &errUnsupportedKeyType{ + calledFunc: "GetClient", + key: key, + } + } + + return nil, &errUnknownKeyType{ + calledFunc: "GetClient", + key: key, + } +} + +// InvalidateClient delegates the call to the ClientMap responsible for the type of the given key. +func (cm *delegatingClientMap) InvalidateClient(key clientmap.ClientSetKey) error { + switch key.(type) { + case GardenClientSetKey: + return cm.GardenClients.InvalidateClient(key) + case SeedClientSetKey: + if cm.SeedClients != nil { + return cm.SeedClients.InvalidateClient(key) + } + return &errUnsupportedKeyType{ + calledFunc: "InvalidateClient", + key: key, + } + case ShootClientSetKey: + if cm.ShootClients != nil { + return cm.ShootClients.InvalidateClient(key) + } + return &errUnsupportedKeyType{ + calledFunc: "InvalidateClient", + key: key, + } + case PlantClientSetKey: + if cm.PlantClients != nil { + return cm.PlantClients.InvalidateClient(key) + } + return &errUnsupportedKeyType{ + calledFunc: "InvalidateClient", + key: key, + } + } + + return &errUnknownKeyType{ + calledFunc: "InvalidateClient", + key: key, + } +} + +// Start delegates the call to all contained non-nil ClientMaps. +func (cm *delegatingClientMap) Start(stopCh <-chan struct{}) error { + if err := cm.GardenClients.Start(stopCh); err != nil { + return fmt.Errorf("failed to start garden ClientMap: %w", err) + } + + if cm.SeedClients != nil { + if err := cm.SeedClients.Start(stopCh); err != nil { + return fmt.Errorf("failed to start seed ClientMap: %w", err) + } + } + + if cm.ShootClients != nil { + if err := cm.ShootClients.Start(stopCh); err != nil { + return fmt.Errorf("failed to start shoot ClientMap: %w", err) + } + } + + if cm.PlantClients != nil { + if err := cm.PlantClients.Start(stopCh); err != nil { + return fmt.Errorf("failed to start plant ClientMap: %w", err) + } + } + return nil +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/garden_clientmap.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/garden_clientmap.go new file mode 100644 index 000000000..5f9a04aa3 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/garden_clientmap.go @@ -0,0 +1,97 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "context" + "fmt" + + "github.com/sirupsen/logrus" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap" + gutil "github.com/gardener/gardener/pkg/utils/gardener" +) + +// gardenClientMap is a ClientMap for requesting and storing a client to the garden cluster. Most probably, this +// ClientMap will only contain one ClientSet, but this can be used to retrieve a client to the garden cluster via the +// same mechanisms as the other types of ClientSets (e.g. through a DelegatingClientMap). +type gardenClientMap struct { + clientmap.ClientMap +} + +// NewGardenClientMap creates a new gardenClientMap with the given factory and logger. +func NewGardenClientMap(factory *GardenClientSetFactory, logger logrus.FieldLogger) clientmap.ClientMap { + return &gardenClientMap{ + ClientMap: NewGenericClientMap(factory, logger), + } +} + +// GardenClientSetFactory is a ClientSetFactory that can produce new ClientSets to the garden cluster. +type GardenClientSetFactory struct { + // RESTConfig is a rest.Config that will be used by the created ClientSets. + RESTConfig *rest.Config + // UncachedObjects is a list of objects that will not be cached. + UncachedObjects []client.Object + // SeedName is the name of the seed that will be used by the created ClientSets. + SeedName string +} + +// CalculateClientSetHash returns "" as the garden client config cannot change during runtime +func (f *GardenClientSetFactory) CalculateClientSetHash(context.Context, clientmap.ClientSetKey) (string, error) { + return "", nil +} + +// NewClientSet creates a new ClientSet to the garden cluster. +func (f *GardenClientSetFactory) NewClientSet(_ context.Context, k clientmap.ClientSetKey) (kubernetes.Interface, error) { + _, ok := k.(GardenClientSetKey) + if !ok { + return nil, fmt.Errorf("unsupported ClientSetKey: expected %T got %T", GardenClientSetKey{}, k) + } + + configFns := []kubernetes.ConfigFunc{ + kubernetes.WithRESTConfig(f.RESTConfig), + kubernetes.WithClientOptions(client.Options{Scheme: kubernetes.GardenScheme}), + kubernetes.WithUncached(f.UncachedObjects...), + } + + // Use multi-namespaced caches for Secrets which only consider the seed namespace. + // Gardenlet is not permitted to open a watch for Secrets on any other namespace. + if seedName := f.SeedName; len(seedName) > 0 { + configFns = append(configFns, kubernetes.WithNewCacheFunc( + kubernetes.AggregatorCacheFunc( + kubernetes.NewRuntimeCache, + map[client.Object]cache.NewCacheFunc{ + &corev1.Secret{}: cache.MultiNamespacedCacheBuilder([]string{gutil.ComputeGardenNamespace(seedName)}), + }, + kubernetes.GardenScheme, + ), + )) + } + + return NewClientSetWithConfig(configFns...) +} + +// GardenClientSetKey is a ClientSetKey for the garden cluster. +type GardenClientSetKey struct{} + +// Key returns the string representation of the ClientSetKey. +func (k GardenClientSetKey) Key() string { + return "garden" +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/generic_clientmap.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/generic_clientmap.go new file mode 100644 index 000000000..7f7e654bf --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/generic_clientmap.go @@ -0,0 +1,282 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "context" + "fmt" + "sync" + "time" + + "github.com/sirupsen/logrus" + "golang.org/x/time/rate" + + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap" +) + +var _ clientmap.ClientMap = &GenericClientMap{} + +const ( + waitForCacheSyncTimeout = 5 * time.Minute +) + +var ( + // MaxRefreshInterval is the maximum rate at which the version and hash of a single ClientSet are checked, to + // decide whether the ClientSet should be refreshed. Also, the GenericClientMap waits at least MaxRefreshInterval + // after creating a new ClientSet before checking if it should be refreshed. + MaxRefreshInterval = 5 * time.Second +) + +// GenericClientMap is a generic implementation of clientmap.ClientMap, which can be used by specific ClientMap +// implementations to reuse the core logic for storing, requesting, invalidating and starting ClientSets. Specific +// implementations only need to provide a ClientSetFactory that can produce new ClientSets for the respective keys +// if a corresponding entry is not found in the GenericClientMap. +type GenericClientMap struct { + clientSets map[clientmap.ClientSetKey]*clientMapEntry + factory clientmap.ClientSetFactory + + // lock guards concurrent access to clientSets + lock sync.RWMutex + + log logrus.FieldLogger + + // stopCh is saved on the first call to Start and is used to start the caches of newly created ClientSets. + stopCh <-chan struct{} + started bool +} + +// clientMapEntry is a single entry of the ClientMap. +type clientMapEntry struct { + clientSet kubernetes.Interface + synced bool + cancel context.CancelFunc + hash string + + // refreshLimiter limits the attempts to refresh the entry due to an outdated server version. + refreshLimiter *rate.Limiter +} + +// NewGenericClientMap creates a new GenericClientMap with the given factory and logger. +func NewGenericClientMap(factory clientmap.ClientSetFactory, logger logrus.FieldLogger) *GenericClientMap { + return &GenericClientMap{ + clientSets: make(map[clientmap.ClientSetKey]*clientMapEntry), + factory: factory, + log: logger, + } +} + +// GetClient requests a ClientSet for a cluster identified by the given key. If the ClientSet was already created before, +// it returns the one saved in the map, otherwise it creates a new ClientSet by using the provided ClientSetFactory. +// New ClientSets are immediately started if the ClientMap has already been started before. Also GetClient will regularly +// rediscover the server version of the targeted cluster and check if the config hash has changed and recreate the +// ClientSet if a config hash change is detected. +func (cm *GenericClientMap) GetClient(ctx context.Context, key clientmap.ClientSetKey) (kubernetes.Interface, error) { + entry, found := func() (*clientMapEntry, bool) { + cm.lock.RLock() + defer cm.lock.RUnlock() + + entry, found := cm.clientSets[key] + return entry, found + }() + + if found { + if entry.refreshLimiter.Allow() { + shouldRefresh, err := func() (bool, error) { + // refresh server version + oldVersion := entry.clientSet.Version() + serverVersion, err := entry.clientSet.DiscoverVersion() + if err != nil { + return false, fmt.Errorf("failed to refresh ClientSet's server version: %w", err) + } + if serverVersion.GitVersion != oldVersion { + cm.log.Infof("New server version discovered for ClientSet with key %q: %s", key.Key(), serverVersion.GitVersion) + } + + // invalidate client if the config of the client has changed (e.g. kubeconfig secret) + hash, err := cm.factory.CalculateClientSetHash(ctx, key) + if err != nil { + return false, fmt.Errorf("failed to calculate new hash for ClientSet: %w", err) + } + + if hash != entry.hash { + cm.log.Infof("Refreshing ClientSet with key %q due to changed ClientSetHash: %s/%s", key.Key(), entry.hash, hash) + return true, nil + } + + return false, nil + }() + if err != nil { + return nil, err + } + + if shouldRefresh { + if err := cm.InvalidateClient(key); err != nil { + return nil, fmt.Errorf("error refreshing ClientSet for key %q: %w", key.Key(), err) + } + found = false + } + } + } + + if !found { + var err error + if entry, err = cm.addClientSet(ctx, key); err != nil { + return nil, err + } + } + + return entry.clientSet, nil +} + +func (cm *GenericClientMap) addClientSet(ctx context.Context, key clientmap.ClientSetKey) (*clientMapEntry, error) { + cm.lock.Lock() + defer cm.lock.Unlock() + + // ClientSet might have been created in the meanwhile (e.g. two goroutines might concurrently call + // GetClient() when the ClientSet is not yet created) + if entry, found := cm.clientSets[key]; found { + return entry, nil + } + + cm.log.Infof("Creating new ClientSet for key %q", key.Key()) + cs, err := cm.factory.NewClientSet(ctx, key) + if err != nil { + return nil, fmt.Errorf("error creating new ClientSet for key %q: %w", key.Key(), err) + } + + // save hash of client set configuration to detect if it should be recreated later on + hash, err := cm.factory.CalculateClientSetHash(ctx, key) + if err != nil { + return nil, fmt.Errorf("error calculating ClientSet hash for key %q: %w", key.Key(), err) + } + + entry := &clientMapEntry{ + clientSet: cs, + refreshLimiter: rate.NewLimiter(rate.Every(MaxRefreshInterval), 1), + hash: hash, + } + + // avoid checking if the client should be refreshed directly after creating, by directly taking a token here + entry.refreshLimiter.Allow() + + // add ClientSet to map + cm.clientSets[key] = entry + + // if ClientMap is not started, then don't automatically start new ClientSets + if cm.started { + if err := cm.startClientSet(key, entry); err != nil { + return nil, err + } + } + + return entry, nil +} + +// InvalidateClient removes the ClientSet identified by the given key from the ClientMap after stopping its cache. +func (cm *GenericClientMap) InvalidateClient(key clientmap.ClientSetKey) error { + cm.lock.Lock() + defer cm.lock.Unlock() + + entry, found := cm.clientSets[key] + if !found { + return nil + } + + cm.log.Infof("Invalidating ClientSet for key %q", key.Key()) + if entry.cancel != nil { + entry.cancel() + } + + delete(cm.clientSets, key) + + if invalidate, ok := cm.factory.(clientmap.Invalidate); ok { + if err := invalidate.InvalidateClient(key); err != nil { + return err + } + } + + return nil +} + +// Start starts the caches of all contained ClientSets and saves the stopCh to start the caches of ClientSets, +// that will be created afterwards. +func (cm *GenericClientMap) Start(stopCh <-chan struct{}) error { + cm.lock.Lock() + defer cm.lock.Unlock() + + if cm.started { + return nil + } + + cm.stopCh = stopCh + + // start any ClientSets that have been added before starting the ClientMap + // there will probably be only a garden client in here on startup, no other clients + for key, entry := range cm.clientSets { + // each call to startClientSet will also wait for the respective caches to sync. + // doing this in the loop here is not problematic, as + if err := cm.startClientSet(key, entry); err != nil { + return err + } + } + + // set started to true, so we immediately start all newly created clientsets + cm.started = true + return nil +} + +func (cm *GenericClientMap) startClientSet(key clientmap.ClientSetKey, entry *clientMapEntry) error { + clientSetContext, clientSetCancel := context.WithCancel(context.Background()) + go func() { + select { + case <-clientSetContext.Done(): + case <-cm.stopCh: + clientSetCancel() + } + }() + + entry.cancel = clientSetCancel + + entry.clientSet.Start(clientSetContext) + + // limit the amount of time to wait for a cache sync, as this can block controller worker routines + // and we don't want to block all workers if it takes a long time to sync some caches + waitContext, cancel := context.WithTimeout(clientSetContext, waitForCacheSyncTimeout) + defer cancel() + + // make sure the ClientSet has synced before returning + // callers of Start/GetClient expect that cached clients can be used immediately after retrieval from a started + // ClientMap or after starting the ClientMap respectively + if !waitForClientSetCacheSync(waitContext, entry) { + return fmt.Errorf("timed out waiting for caches of ClientSet with key %q to sync", key.Key()) + } + + return nil +} + +func waitForClientSetCacheSync(ctx context.Context, entry *clientMapEntry) bool { + // don't need a lock here, as caller already holds lock + if entry.synced { + return true + } + + if !entry.clientSet.WaitForCacheSync(ctx) { + return false + } + + entry.synced = true + return true +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/plant_clientmap.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/plant_clientmap.go new file mode 100644 index 000000000..79ae43920 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/plant_clientmap.go @@ -0,0 +1,115 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "context" + "fmt" + + "github.com/sirupsen/logrus" + corev1 "k8s.io/api/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap" + "github.com/gardener/gardener/pkg/utils" +) + +// plantClientMap is a ClientMap for requesting and storing clients for Plant clusters. +type plantClientMap struct { + clientmap.ClientMap +} + +// NewPlantClientMap creates a new plantClientMap with the given factory and logger. +func NewPlantClientMap(factory *PlantClientSetFactory, logger logrus.FieldLogger) clientmap.ClientMap { + return &plantClientMap{ + ClientMap: NewGenericClientMap(factory, logger), + } +} + +// PlantClientSetFactory is a ClientSetFactory that can produce new ClientSets to Plant clusters. +type PlantClientSetFactory struct { + // GetGardenClient is a func that will be used to get a client to the garden cluster to retrieve the Plant's + // kubeconfig secret. + GetGardenClient func(ctx context.Context) (kubernetes.Interface, error) +} + +// CalculateClientSetHash calculates a SHA256 hash of the kubeconfig in the plant secret. +func (f *PlantClientSetFactory) CalculateClientSetHash(ctx context.Context, k clientmap.ClientSetKey) (string, error) { + key, ok := k.(PlantClientSetKey) + if !ok { + return "", fmt.Errorf("unsupported ClientSetKey: expected %T got %T", PlantClientSetKey{}, k) + } + + secretRef, gardenClient, err := f.getPlantSecretRef(ctx, key) + if err != nil { + return "", err + } + + kubeconfigSecret := &corev1.Secret{} + if err := gardenClient.Client().Get(ctx, client.ObjectKey{Namespace: key.Namespace, Name: secretRef.Name}, kubeconfigSecret); err != nil { + return "", err + } + + return utils.ComputeSHA256Hex(kubeconfigSecret.Data[kubernetes.KubeConfig]), nil +} + +// NewClientSet creates a new ClientSet for a Plant cluster. +func (f *PlantClientSetFactory) NewClientSet(ctx context.Context, k clientmap.ClientSetKey) (kubernetes.Interface, error) { + key, ok := k.(PlantClientSetKey) + if !ok { + return nil, fmt.Errorf("unsupported ClientSetKey: expected %T got %T", PlantClientSetKey{}, k) + } + + secretRef, gardenClient, err := f.getPlantSecretRef(ctx, key) + if err != nil { + return nil, err + } + + return NewClientFromSecret(ctx, gardenClient.Client(), key.Namespace, secretRef.Name, + kubernetes.WithClientOptions(client.Options{ + Scheme: kubernetes.PlantScheme, + }), + ) +} + +func (f *PlantClientSetFactory) getPlantSecretRef(ctx context.Context, key PlantClientSetKey) (*corev1.LocalObjectReference, kubernetes.Interface, error) { + gardenClient, err := f.GetGardenClient(ctx) + if err != nil { + return nil, nil, fmt.Errorf("failed to get garden client: %w", err) + } + + plant := &gardencorev1beta1.Plant{} + if err := gardenClient.Client().Get(ctx, client.ObjectKey{Namespace: key.Namespace, Name: key.Name}, plant); err != nil { + return nil, nil, fmt.Errorf("failed to get Plant object %q: %w", key.Key(), err) + } + + if plant.Spec.SecretRef.Name == "" { + return nil, nil, fmt.Errorf("plant %q does not have a secretRef", key.Key()) + } + + return &plant.Spec.SecretRef, gardenClient, nil +} + +// PlantClientSetKey is a ClientSetKey for a Plant cluster. +type PlantClientSetKey struct { + Namespace, Name string +} + +// Key returns the string representation of the ClientSetKey. +func (k PlantClientSetKey) Key() string { + return k.Namespace + "/" + k.Name +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/seed_clientmap.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/seed_clientmap.go new file mode 100644 index 000000000..ceacb20c1 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/seed_clientmap.go @@ -0,0 +1,83 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "context" + "fmt" + + "github.com/sirupsen/logrus" + corev1 "k8s.io/api/core/v1" + eventsv1 "k8s.io/api/events/v1" + baseconfig "k8s.io/component-base/config" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap" +) + +// seedClientMap is a ClientMap for requesting and storing clients for Seed clusters. +type seedClientMap struct { + clientmap.ClientMap +} + +// NewSeedClientMap creates a new seedClientMap with the given factory and logger. +func NewSeedClientMap(factory *SeedClientSetFactory, logger logrus.FieldLogger) clientmap.ClientMap { + return &seedClientMap{ + ClientMap: NewGenericClientMap(factory, logger), + } +} + +// SeedClientSetFactory is a ClientSetFactory that can produce new ClientSets to Seed clusters. +type SeedClientSetFactory struct { + // ClientConnectionConfiguration is the configuration that will be used by created ClientSets. + ClientConnectionConfig baseconfig.ClientConnectionConfiguration +} + +// CalculateClientSetHash always returns "" and nil. +func (f *SeedClientSetFactory) CalculateClientSetHash(ctx context.Context, k clientmap.ClientSetKey) (string, error) { + return "", nil +} + +// NewClientSet creates a new ClientSet for a Seed cluster. +func (f *SeedClientSetFactory) NewClientSet(ctx context.Context, k clientmap.ClientSetKey) (kubernetes.Interface, error) { + _, ok := k.(SeedClientSetKey) + if !ok { + return nil, fmt.Errorf("unsupported ClientSetKey: expected %T, but got %T", SeedClientSetKey(""), k) + } + + return NewClientFromFile( + "", + f.ClientConnectionConfig.Kubeconfig, + kubernetes.WithClientConnectionOptions(f.ClientConnectionConfig), + kubernetes.WithClientOptions( + client.Options{ + Scheme: kubernetes.SeedScheme, + }, + ), + kubernetes.WithUncached( + &corev1.Event{}, + &eventsv1.Event{}, + ), + ) +} + +// SeedClientSetKey is a ClientSetKey for a Seed cluster. +type SeedClientSetKey string + +// Key returns the string representation of the ClientSetKey. +func (k SeedClientSetKey) Key() string { + return string(k) +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/shoot_clientmap.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/shoot_clientmap.go new file mode 100644 index 000000000..74846fee2 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal/shoot_clientmap.go @@ -0,0 +1,215 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "context" + "fmt" + + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap" + shootpkg "github.com/gardener/gardener/pkg/operation/shoot" + "github.com/gardener/gardener/pkg/utils" + + "github.com/sirupsen/logrus" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + baseconfig "k8s.io/component-base/config" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// shootClientMap is a ClientMap for requesting and storing clients for Shoot clusters. +type shootClientMap struct { + clientmap.ClientMap +} + +// NewShootClientMap creates a new shootClientMap with the given factory and logger. +func NewShootClientMap(factory *ShootClientSetFactory, logger logrus.FieldLogger) clientmap.ClientMap { + factory.clientKeyToSeedInfo = make(map[ShootClientSetKey]seedInfo) + return &shootClientMap{ + ClientMap: NewGenericClientMap(factory, logger), + } +} + +// ShootClientSetFactory is a ClientSetFactory that can produce new ClientSets to Shoot clusters. +type ShootClientSetFactory struct { + // GetGardenClient is a func that will be used to get a client to the garden cluster to retrieve the Shoot's + // Project name (which is used for determining the Shoot's technical ID). + GetGardenClient func(ctx context.Context) (kubernetes.Interface, error) + // GetSeedClient is a func that will be used to get a client to the Shoot's Seed cluster to retrieve the Shoot's + // kubeconfig secret ('gardener-internal' or 'gardener'). + GetSeedClient func(ctx context.Context, name string) (kubernetes.Interface, error) + // ClientConnectionConfiguration is the configuration that will be used by created ClientSets. + ClientConnectionConfig baseconfig.ClientConnectionConfiguration + + // Log is a logger for logging entries related to creating Shoot ClientSets. + Log logrus.FieldLogger + + clientKeyToSeedInfo map[ShootClientSetKey]seedInfo +} + +type seedInfo struct { + namespace string + seedName string +} + +// CalculateClientSetHash calculates a SHA256 hash of the kubeconfig in the 'gardener' secret in the Shoot's Seed namespace. +func (f *ShootClientSetFactory) CalculateClientSetHash(ctx context.Context, k clientmap.ClientSetKey) (string, error) { + key, ok := k.(ShootClientSetKey) + if !ok { + return "", fmt.Errorf("unsupported ClientSetKey: expected %T got %T", ShootClientSetKey{}, k) + } + + seedNamespace, seedClient, err := f.getSeedNamespace(ctx, key) + if err != nil { + return "", err + } + + kubeconfigSecret := &corev1.Secret{} + if err := seedClient.Client().Get(ctx, client.ObjectKey{Namespace: seedNamespace, Name: v1beta1constants.SecretNameGardener}, kubeconfigSecret); err != nil { + return "", err + } + + return utils.ComputeSHA256Hex(kubeconfigSecret.Data[kubernetes.KubeConfig]), nil +} + +// NewClientSet creates a new ClientSet for a Shoot cluster. +func (f *ShootClientSetFactory) NewClientSet(ctx context.Context, k clientmap.ClientSetKey) (kubernetes.Interface, error) { + key, ok := k.(ShootClientSetKey) + if !ok { + return nil, fmt.Errorf("unsupported ClientSetKey: expected %T got %T", ShootClientSetKey{}, k) + } + + seedNamespace, seedClient, err := f.getSeedNamespace(ctx, key) + if err != nil { + return nil, err + } + + secretName := v1beta1constants.SecretNameGardener + // If the gardenlet runs in the same cluster like the API server of the shoot then use the internal kubeconfig + // and communicate internally. Otherwise, fall back to the "external" kubeconfig and communicate via the + // load balancer of the shoot API server. + addr, err := LookupHost(fmt.Sprintf("%s.%s.svc", v1beta1constants.DeploymentNameKubeAPIServer, seedNamespace)) + if err != nil { + f.Log.Warnf("service DNS name lookup of kube-apiserver failed (%+v), falling back to external kubeconfig", err) + } else if len(addr) > 0 { + secretName = v1beta1constants.SecretNameGardenerInternal + } + + clientOptions := client.Options{ + Scheme: kubernetes.ShootScheme, + } + + clientSet, err := NewClientFromSecret(ctx, seedClient.Client(), seedNamespace, secretName, + kubernetes.WithClientConnectionOptions(f.ClientConnectionConfig), + kubernetes.WithClientOptions(clientOptions), + kubernetes.WithDisabledCachedClient(), + ) + + if secretName == v1beta1constants.SecretNameGardenerInternal && err != nil && apierrors.IsNotFound(err) { + clientSet, err = NewClientFromSecret(ctx, seedClient.Client(), seedNamespace, v1beta1constants.SecretNameGardener, + kubernetes.WithClientConnectionOptions(f.ClientConnectionConfig), + kubernetes.WithClientOptions(clientOptions), + kubernetes.WithDisabledCachedClient(), + ) + } + + return clientSet, err +} + +var _ clientmap.Invalidate = &ShootClientSetFactory{} + +// InvalidateClient invalidates information cached for the given ClientSetKey in the factory. +func (f *ShootClientSetFactory) InvalidateClient(k clientmap.ClientSetKey) error { + key, ok := k.(ShootClientSetKey) + if !ok { + return fmt.Errorf("unsupported ClientSetKey: expected %T got %T", ShootClientSetKey{}, k) + } + delete(f.clientKeyToSeedInfo, key) + return nil +} + +func (f *ShootClientSetFactory) seedInfoFromCache(ctx context.Context, key ShootClientSetKey) (string, kubernetes.Interface, error) { + cache, ok := f.clientKeyToSeedInfo[key] + if !ok { + return "", nil, fmt.Errorf("no seed info cached for client %s", key) + } + seedClient, err := f.GetSeedClient(ctx, cache.seedName) + if err != nil { + return "", nil, fmt.Errorf("failed to get seed client from cached seed info %w", err) + } + + return cache.namespace, seedClient, nil +} + +func (f *ShootClientSetFactory) seedInfoToCache(key ShootClientSetKey, namespace, seedName string) { + f.clientKeyToSeedInfo[key] = seedInfo{ + namespace: namespace, + seedName: seedName, + } +} + +func (f *ShootClientSetFactory) getSeedNamespace(ctx context.Context, key ShootClientSetKey) (string, kubernetes.Interface, error) { + if namespace, seedClient, err := f.seedInfoFromCache(ctx, key); err == nil { + return namespace, seedClient, nil + } + + gardenClient, err := f.GetGardenClient(ctx) + if err != nil { + return "", nil, fmt.Errorf("failed to get garden client: %w", err) + } + + shoot := &gardencorev1beta1.Shoot{} + if err := gardenClient.Client().Get(ctx, client.ObjectKey{Namespace: key.Namespace, Name: key.Name}, shoot); err != nil { + return "", nil, fmt.Errorf("failed to get Shoot object %q: %w", key.Key(), err) + } + + seedName := shoot.Spec.SeedName + if seedName == nil { + return "", nil, fmt.Errorf("shoot %q is not scheduled yet", key.Key()) + } + + seedClient, err := f.GetSeedClient(ctx, *seedName) + if err != nil { + return "", nil, fmt.Errorf("failed to get seed client: %w", err) + } + + var namespace string + if len(shoot.Status.TechnicalID) > 0 { + namespace = shoot.Status.TechnicalID + } else { + project, err := ProjectForNamespaceFromReader(ctx, gardenClient.Client(), shoot.Namespace) + if err != nil { + return "", seedClient, fmt.Errorf("failed to get Project for Shoot %q: %w", key.Key(), err) + } + namespace = shootpkg.ComputeTechnicalID(project.Name, shoot) + } + + f.seedInfoToCache(key, namespace, *seedName) + + return namespace, seedClient, nil +} + +// ShootClientSetKey is a ClientSetKey for a Shoot cluster. +type ShootClientSetKey struct { + Namespace, Name string +} + +// Key returns the string representation of the ClientSetKey. +func (k ShootClientSetKey) Key() string { + return k.Namespace + "/" + k.Name +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/keys/keys.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/keys/keys.go new file mode 100644 index 000000000..1b243a61a --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/keys/keys.go @@ -0,0 +1,70 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package keys + +import ( + "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap" + "github.com/gardener/gardener/pkg/client/kubernetes/clientmap/internal" +) + +// ForGarden returns a key for retrieving a ClientSet for the Garden cluster. +func ForGarden() clientmap.ClientSetKey { + return internal.GardenClientSetKey{} +} + +// ForSeed returns a key for retrieving a ClientSet for the given Seed cluster. +func ForSeed(seed *v1beta1.Seed) clientmap.ClientSetKey { + return internal.SeedClientSetKey(seed.Name) +} + +// ForSeedWithName returns a key for retrieving a ClientSet for the Seed cluster with the given name. +func ForSeedWithName(name string) clientmap.ClientSetKey { + return internal.SeedClientSetKey(name) +} + +// ForShoot returns a key for retrieving a ClientSet for the given Shoot cluster. +func ForShoot(shoot *v1beta1.Shoot) clientmap.ClientSetKey { + return internal.ShootClientSetKey{ + Namespace: shoot.Namespace, + Name: shoot.Name, + } +} + +// ForShootWithNamespacedName returns a key for retrieving a ClientSet for the Shoot cluster with the given +// namespace and name. +func ForShootWithNamespacedName(namespace, name string) clientmap.ClientSetKey { + return internal.ShootClientSetKey{ + Namespace: namespace, + Name: name, + } +} + +// ForPlant returns a key for retrieving a ClientSet for the given Plant cluster. +func ForPlant(plant *v1beta1.Plant) clientmap.ClientSetKey { + return internal.PlantClientSetKey{ + Namespace: plant.Namespace, + Name: plant.Name, + } +} + +// ForPlantWithNamespacedName returns a key for retrieving a ClientSet for the Plant cluster with the given +// namespace and name. +func ForPlantWithNamespacedName(namespace, name string) clientmap.ClientSetKey { + return internal.PlantClientSetKey{ + Namespace: namespace, + Name: name, + } +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/types.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/types.go new file mode 100644 index 000000000..91a211b16 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientmap/types.go @@ -0,0 +1,62 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package clientmap + +import ( + "context" + + "github.com/gardener/gardener/pkg/client/kubernetes" +) + +// Invalidate is an interface used to invalidate client specific information. +type Invalidate interface { + // InvalidateClient removes cached client information identified by the given `ClientSetKey`. + InvalidateClient(key ClientSetKey) error +} + +// A ClientMap is a collection of kubernetes ClientSets, which can be used to dynamically create and lookup different +// ClientSets during runtime. ClientSets are identified by a ClientSetKey, which can have different forms, as there +// are different kinds of ClientMaps (for example one for Seed clients and one for Shoot clients). +// Implementations will provide suitable mechanisms to create a ClientSet for a given key and should come with some +// easy ways of constructing ClientSetKeys that their callers can use to lookup ClientSets in the map. +type ClientMap interface { + Invalidate + // GetClient returns the corresponding ClientSet for the given key in the ClientMap or creates a new ClientSet for + // it if the map does not contain a corresponding ClientSet. If the ClientMap was started before by a call to Start, + // newly created ClientSets will be started automatically using the stop channel provided to Start. + GetClient(ctx context.Context, key ClientSetKey) (kubernetes.Interface, error) + + // Start starts the ClientMap, i.e. starts all ClientSets already contained in the map and saves the stop channel + // for starting new ClientSets, when they are created. + Start(stopCh <-chan struct{}) error +} + +// A ClientSetKey is used to identify a ClientSet within a ClientMap. There can be different implementations for +// ClientSetKey as there are different kinds of ClientSets (e.g. for Shoot and Seed clusters) and therefore also +// different means of identifying the cluster to which a ClientSet belongs. +type ClientSetKey interface { + // Key is the string representation of the ClientSetKey. + Key() string +} + +// A ClientSetFactory can be used by ClientMaps to provide the individual mechanism for +// constructing new ClientSets for a given ClientSetKey +type ClientSetFactory interface { + // NewClientSet constructs a new ClientSet for the given key. + NewClientSet(ctx context.Context, key ClientSetKey) (kubernetes.Interface, error) + // CalculateClientSetHash calculates a hash for the configuration that is used to construct a ClientSet + // (e.g. kubeconfig secret) to detect if it has changed mid-air and the ClientSet should be refreshed. + CalculateClientSetHash(ctx context.Context, key ClientSetKey) (string, error) +} diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientset.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientset.go index e7cb96328..369d95498 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientset.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/clientset.go @@ -19,16 +19,11 @@ import ( "sync" "github.com/gardener/gardener/pkg/chartrenderer" - gardencoreclientset "github.com/gardener/gardener/pkg/client/core/clientset/versioned" - gardenoperationsclientset "github.com/gardener/gardener/pkg/client/operations/clientset/versioned" - gardenseedmanagementclientset "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned" "github.com/gardener/gardener/pkg/logger" - apiextensionclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" "k8s.io/apimachinery/pkg/version" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" - apiregistrationclientset "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -59,12 +54,7 @@ type clientSet struct { // startOnce guards starting the cache only once startOnce sync.Once - kubernetes kubernetes.Interface - gardenCore gardencoreclientset.Interface - gardenSeedManagement gardenseedmanagementclientset.Interface - gardenOperations gardenoperationsclientset.Interface - apiextension apiextensionclientset.Interface - apiregistration apiregistrationclientset.Interface + kubernetes kubernetes.Interface version string } @@ -109,31 +99,6 @@ func (c *clientSet) Kubernetes() kubernetes.Interface { return c.kubernetes } -// GardenCore will return the gardenCore attribute of the Client object. -func (c *clientSet) GardenCore() gardencoreclientset.Interface { - return c.gardenCore -} - -// GardenSeedManagement will return the gardenSeedManagement attribute of the Client object. -func (c *clientSet) GardenSeedManagement() gardenseedmanagementclientset.Interface { - return c.gardenSeedManagement -} - -// GardenOperations will return the gardenOperations attribute of the Client object. -func (c *clientSet) GardenOperations() gardenoperationsclientset.Interface { - return c.gardenOperations -} - -// APIExtension will return the apiextensions attribute of the Client object. -func (c *clientSet) APIExtension() apiextensionclientset.Interface { - return c.apiextension -} - -// APIRegistration will return the apiregistration attribute of the Client object. -func (c *clientSet) APIRegistration() apiregistrationclientset.Interface { - return c.apiregistration -} - // RESTClient will return the restClient attribute of the Client object. func (c *clientSet) RESTClient() rest.Interface { return c.restClient diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/manifestoptions.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/manifestoptions.go index 0dc9affd7..3e73cb742 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/manifestoptions.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/manifestoptions.go @@ -16,11 +16,11 @@ package kubernetes // DeleteManifestOption is some configuration that modifies options for a delete request. type DeleteManifestOption interface { - // MutateDeleteOptions applies this configuration to the given delete options. + // MutateDeleteManifestOptions applies this configuration to the given delete options. MutateDeleteManifestOptions(opts *DeleteManifestOptions) } -// DeleteOptions contains options for delete requests +// DeleteManifestOptions contains options for delete requests. type DeleteManifestOptions struct { // TolerateErrorFuncs are functions for which errors are tolerated. TolerateErrorFuncs []TolerateErrorFunc diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/mock/mocks.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/mock/mocks.go index 405a71345..0be6c0c6c 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/mock/mocks.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/mock/mocks.go @@ -9,16 +9,11 @@ import ( reflect "reflect" chartrenderer "github.com/gardener/gardener/pkg/chartrenderer" - versioned "github.com/gardener/gardener/pkg/client/core/clientset/versioned" kubernetes "github.com/gardener/gardener/pkg/client/kubernetes" - versioned0 "github.com/gardener/gardener/pkg/client/operations/clientset/versioned" - versioned1 "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned" gomock "github.com/golang/mock/gomock" - clientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" version "k8s.io/apimachinery/pkg/version" kubernetes0 "k8s.io/client-go/kubernetes" rest "k8s.io/client-go/rest" - clientset0 "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" cache "sigs.k8s.io/controller-runtime/pkg/cache" client "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -46,20 +41,6 @@ func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder { return m.recorder } -// APIExtension mocks base method. -func (m *MockInterface) APIExtension() clientset.Interface { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "APIExtension") - ret0, _ := ret[0].(clientset.Interface) - return ret0 -} - -// APIExtension indicates an expected call of APIExtension. -func (mr *MockInterfaceMockRecorder) APIExtension() *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "APIExtension", reflect.TypeOf((*MockInterface)(nil).APIExtension)) -} - // APIReader mocks base method. func (m *MockInterface) APIReader() client.Reader { m.ctrl.T.Helper() @@ -74,20 +55,6 @@ func (mr *MockInterfaceMockRecorder) APIReader() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "APIReader", reflect.TypeOf((*MockInterface)(nil).APIReader)) } -// APIRegistration mocks base method. -func (m *MockInterface) APIRegistration() clientset0.Interface { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "APIRegistration") - ret0, _ := ret[0].(clientset0.Interface) - return ret0 -} - -// APIRegistration indicates an expected call of APIRegistration. -func (mr *MockInterfaceMockRecorder) APIRegistration() *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "APIRegistration", reflect.TypeOf((*MockInterface)(nil).APIRegistration)) -} - // Applier mocks base method. func (m *MockInterface) Applier() kubernetes.Applier { m.ctrl.T.Helper() @@ -144,20 +111,6 @@ func (mr *MockInterfaceMockRecorder) ChartRenderer() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ChartRenderer", reflect.TypeOf((*MockInterface)(nil).ChartRenderer)) } -// CheckForwardPodPort mocks base method. -func (m *MockInterface) CheckForwardPodPort(arg0, arg1 string, arg2, arg3 int) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "CheckForwardPodPort", arg0, arg1, arg2, arg3) - ret0, _ := ret[0].(error) - return ret0 -} - -// CheckForwardPodPort indicates an expected call of CheckForwardPodPort. -func (mr *MockInterfaceMockRecorder) CheckForwardPodPort(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CheckForwardPodPort", reflect.TypeOf((*MockInterface)(nil).CheckForwardPodPort), arg0, arg1, arg2, arg3) -} - // Client mocks base method. func (m *MockInterface) Client() client.Client { m.ctrl.T.Helper() @@ -187,63 +140,6 @@ func (mr *MockInterfaceMockRecorder) DiscoverVersion() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DiscoverVersion", reflect.TypeOf((*MockInterface)(nil).DiscoverVersion)) } -// ForwardPodPort mocks base method. -func (m *MockInterface) ForwardPodPort(arg0, arg1 string, arg2, arg3 int) (chan struct{}, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "ForwardPodPort", arg0, arg1, arg2, arg3) - ret0, _ := ret[0].(chan struct{}) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// ForwardPodPort indicates an expected call of ForwardPodPort. -func (mr *MockInterfaceMockRecorder) ForwardPodPort(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ForwardPodPort", reflect.TypeOf((*MockInterface)(nil).ForwardPodPort), arg0, arg1, arg2, arg3) -} - -// GardenCore mocks base method. -func (m *MockInterface) GardenCore() versioned.Interface { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GardenCore") - ret0, _ := ret[0].(versioned.Interface) - return ret0 -} - -// GardenCore indicates an expected call of GardenCore. -func (mr *MockInterfaceMockRecorder) GardenCore() *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GardenCore", reflect.TypeOf((*MockInterface)(nil).GardenCore)) -} - -// GardenOperations mocks base method. -func (m *MockInterface) GardenOperations() versioned0.Interface { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GardenOperations") - ret0, _ := ret[0].(versioned0.Interface) - return ret0 -} - -// GardenOperations indicates an expected call of GardenOperations. -func (mr *MockInterfaceMockRecorder) GardenOperations() *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GardenOperations", reflect.TypeOf((*MockInterface)(nil).GardenOperations)) -} - -// GardenSeedManagement mocks base method. -func (m *MockInterface) GardenSeedManagement() versioned1.Interface { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GardenSeedManagement") - ret0, _ := ret[0].(versioned1.Interface) - return ret0 -} - -// GardenSeedManagement indicates an expected call of GardenSeedManagement. -func (mr *MockInterfaceMockRecorder) GardenSeedManagement() *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GardenSeedManagement", reflect.TypeOf((*MockInterface)(nil).GardenSeedManagement)) -} - // Kubernetes mocks base method. func (m *MockInterface) Kubernetes() kubernetes0.Interface { m.ctrl.T.Helper() diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/pods.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/pods.go index 277f68a22..2f6e4d534 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/pods.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/pods.go @@ -17,12 +17,10 @@ package kubernetes import ( "bytes" "context" - "errors" "fmt" "io" "net/http" "strings" - "time" "github.com/gardener/gardener/pkg/utils" @@ -103,68 +101,71 @@ func GetPodLogs(ctx context.Context, podInterface corev1client.PodInterface, nam return io.ReadAll(stream) } -// ForwardPodPort tries to forward the port of the pod with name in namespace to -// the port. If equals zero, a free port will be chosen randomly. -// It returns the stop channel which must be closed when the port forward connection should be terminated. -func (c *clientSet) ForwardPodPort(namespace, name string, local, remote int) (chan struct{}, error) { - fw, stopChan, err := c.setupForwardPodPort(namespace, name, local, remote) - if err != nil { - return nil, err - } - return stopChan, fw.ForwardPorts() -} - -// CheckForwardPodPort tries to forward the port of the pod with name in namespace to -// the port. If equals zero, a free port will be chosen randomly. -// It returns true if the port forward connection has been established successfully or false otherwise. -func (c *clientSet) CheckForwardPodPort(namespace, name string, local, remote int) error { - fw, stopChan, err := c.setupForwardPodPort(namespace, name, local, remote) - if err != nil { - return fmt.Errorf("could not setup pod port forwarding: %w", err) - } - - errChan := make(chan error) +// CheckForwardPodPort tries to open a portForward connection with the passed PortForwarder. +// It returns nil if the port forward connection has been established successfully or an error otherwise. +func CheckForwardPodPort(fw PortForwarder) error { + errChan := make(chan error, 1) go func() { errChan <- fw.ForwardPorts() }() - defer close(stopChan) select { - case err = <-errChan: + case err := <-errChan: return fmt.Errorf("error forwarding ports: %w", err) - case <-fw.Ready: + case <-fw.Ready(): return nil - case <-time.After(time.Second * 5): - return errors.New("port forward connection could not be established within five seconds") } } -func (c *clientSet) setupForwardPodPort(namespace, name string, local, remote int) (*portforward.PortForwarder, chan struct{}, error) { +// PortForwarder knows how to forward a port connection +// Ready channel is expected to be closed once the connection becomes ready +type PortForwarder interface { + ForwardPorts() error + Ready() chan struct{} +} + +// SetupPortForwarder sets up a PortForwarder which forwards the port of the pod with name in namespace +// to the port. If equals zero, a free port will be chosen randomly. +// When calling ForwardPorts on the returned PortForwarder, it will run until the given context is cancelled. +// Hence, the given context should carry a timeout and should be cancelled once the forwarding is no longer needed. +func SetupPortForwarder(ctx context.Context, config *rest.Config, namespace, name string, local, remote int) (PortForwarder, error) { var ( - stopChan = make(chan struct{}, 1) readyChan = make(chan struct{}, 1) out = io.Discard localPort int ) - u := c.kubernetes.CoreV1().RESTClient().Post().Resource("pods").Namespace(namespace).Name(name).SubResource("portforward").URL() + client, err := corev1client.NewForConfig(config) + if err != nil { + return nil, err + } - transport, upgrader, err := spdy.RoundTripperFor(c.config) + u := client.RESTClient().Post().Resource("pods").Namespace(namespace).Name(name).SubResource("portforward").URL() + + transport, upgrader, err := spdy.RoundTripperFor(config) if err != nil { - return nil, nil, err + return nil, err } dialer := spdy.NewDialer(upgrader, &http.Client{Transport: transport}, "POST", u) if local == 0 { localPort, err = utils.FindFreePort() if err != nil { - return nil, nil, err + return nil, err } } - fw, err := portforward.New(dialer, []string{fmt.Sprintf("%d:%d", localPort, remote)}, stopChan, readyChan, out, out) + fw, err := portforward.New(dialer, []string{fmt.Sprintf("%d:%d", localPort, remote)}, ctx.Done(), readyChan, out, out) if err != nil { - return nil, nil, err + return nil, err } - return fw, stopChan, nil + return portForwarder{fw}, nil +} + +type portForwarder struct { + *portforward.PortForwarder +} + +func (p portForwarder) Ready() chan struct{} { + return p.PortForwarder.Ready } diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go index d95b7f21f..8be9b5872 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go @@ -17,23 +17,12 @@ package kubernetes import ( "context" - "github.com/gardener/gardener/pkg/chartrenderer" - gardencoreclientset "github.com/gardener/gardener/pkg/client/core/clientset/versioned" - gardencorescheme "github.com/gardener/gardener/pkg/client/core/clientset/versioned/scheme" - gardenextensionsscheme "github.com/gardener/gardener/pkg/client/extensions/clientset/versioned/scheme" - gardenoperationsclientset "github.com/gardener/gardener/pkg/client/operations/clientset/versioned" - gardenoperationsscheme "github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme" - gardenseedmanagementclientset "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned" - gardenseedmanagementscheme "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned/scheme" - gardensettingsscheme "github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme" - druidv1alpha1 "github.com/gardener/etcd-druid/api/v1alpha1" dnsv1alpha1 "github.com/gardener/external-dns-management/pkg/apis/dns/v1alpha1" - resourcesscheme "github.com/gardener/gardener-resource-manager/api/resources/v1alpha1" + resourcesv1alpha1 "github.com/gardener/gardener-resource-manager/api/resources/v1alpha1" hvpav1alpha1 "github.com/gardener/hvpa-controller/api/v1alpha1" istionetworkingv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3" istionetworkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" - apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" apiextensionsscheme "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -42,14 +31,21 @@ import ( "k8s.io/apimachinery/pkg/runtime/serializer/json" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/version" - autoscalingscheme "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1beta2" + autoscalingv1beta2 "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1beta2" kubernetesclientset "k8s.io/client-go/kubernetes" - corescheme "k8s.io/client-go/kubernetes/scheme" + kubernetesscheme "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" - apiregistrationclientset "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" apiregistrationscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" + metricsv1beta1 "k8s.io/metrics/pkg/apis/metrics/v1beta1" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" + + gardenercoreinstall "github.com/gardener/gardener/pkg/apis/core/install" + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + gardenoperationsinstall "github.com/gardener/gardener/pkg/apis/operations/install" + gardenseedmanagementinstall "github.com/gardener/gardener/pkg/apis/seedmanagement/install" + gardensettingsinstall "github.com/gardener/gardener/pkg/apis/settings/install" + "github.com/gardener/gardener/pkg/chartrenderer" ) var ( @@ -95,21 +91,21 @@ func DefaultUpdateOptions() metav1.UpdateOptions { return metav1.UpdateOptions{} func init() { gardenSchemeBuilder := runtime.NewSchemeBuilder( - corescheme.AddToScheme, - gardencorescheme.AddToScheme, - gardenseedmanagementscheme.AddToScheme, - gardensettingsscheme.AddToScheme, - gardenoperationsscheme.AddToScheme, + kubernetesscheme.AddToScheme, + gardenercoreinstall.AddToScheme, + gardenseedmanagementinstall.AddToScheme, + gardensettingsinstall.AddToScheme, + gardenoperationsinstall.AddToScheme, apiregistrationscheme.AddToScheme, ) utilruntime.Must(gardenSchemeBuilder.AddToScheme(GardenScheme)) seedSchemeBuilder := runtime.NewSchemeBuilder( - corescheme.AddToScheme, + kubernetesscheme.AddToScheme, dnsv1alpha1.AddToScheme, - gardenextensionsscheme.AddToScheme, - resourcesscheme.AddToScheme, - autoscalingscheme.AddToScheme, + extensionsv1alpha1.AddToScheme, + resourcesv1alpha1.AddToScheme, + autoscalingv1beta2.AddToScheme, hvpav1alpha1.AddToScheme, druidv1alpha1.AddToScheme, apiextensionsscheme.AddToScheme, @@ -119,16 +115,16 @@ func init() { utilruntime.Must(seedSchemeBuilder.AddToScheme(SeedScheme)) shootSchemeBuilder := runtime.NewSchemeBuilder( - corescheme.AddToScheme, + kubernetesscheme.AddToScheme, apiextensionsscheme.AddToScheme, apiregistrationscheme.AddToScheme, - autoscalingscheme.AddToScheme, + autoscalingv1beta2.AddToScheme, + metricsv1beta1.AddToScheme, ) utilruntime.Must(shootSchemeBuilder.AddToScheme(ShootScheme)) plantSchemeBuilder := runtime.NewSchemeBuilder( - corescheme.AddToScheme, - gardencorescheme.AddToScheme, + kubernetesscheme.AddToScheme, ) utilruntime.Must(plantSchemeBuilder.AddToScheme(PlantScheme)) } @@ -171,15 +167,6 @@ type Interface interface { ChartApplier() ChartApplier Kubernetes() kubernetesclientset.Interface - GardenCore() gardencoreclientset.Interface - GardenSeedManagement() gardenseedmanagementclientset.Interface - GardenOperations() gardenoperationsclientset.Interface - APIExtension() apiextensionsclientset.Interface - APIRegistration() apiregistrationclientset.Interface - - // Deprecated: Use `Client()` and utils instead. - ForwardPodPort(string, string, int, int) (chan struct{}, error) - CheckForwardPodPort(string, string, int, int) error // Version returns the server version of the targeted Kubernetes cluster. Version() string diff --git a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/clientset.go b/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/clientset.go deleted file mode 100644 index 66d7990ea..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/clientset.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package versioned - -import ( - "fmt" - - operationsv1alpha1 "github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1" - discovery "k8s.io/client-go/discovery" - rest "k8s.io/client-go/rest" - flowcontrol "k8s.io/client-go/util/flowcontrol" -) - -type Interface interface { - Discovery() discovery.DiscoveryInterface - OperationsV1alpha1() operationsv1alpha1.OperationsV1alpha1Interface -} - -// Clientset contains the clients for groups. Each group has exactly one -// version included in a Clientset. -type Clientset struct { - *discovery.DiscoveryClient - operationsV1alpha1 *operationsv1alpha1.OperationsV1alpha1Client -} - -// OperationsV1alpha1 retrieves the OperationsV1alpha1Client -func (c *Clientset) OperationsV1alpha1() operationsv1alpha1.OperationsV1alpha1Interface { - return c.operationsV1alpha1 -} - -// Discovery retrieves the DiscoveryClient -func (c *Clientset) Discovery() discovery.DiscoveryInterface { - if c == nil { - return nil - } - return c.DiscoveryClient -} - -// NewForConfig creates a new Clientset for the given config. -// If config's RateLimiter is not set and QPS and Burst are acceptable, -// NewForConfig will generate a rate-limiter in configShallowCopy. -func NewForConfig(c *rest.Config) (*Clientset, error) { - configShallowCopy := *c - if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { - if configShallowCopy.Burst <= 0 { - return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") - } - configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) - } - var cs Clientset - var err error - cs.operationsV1alpha1, err = operationsv1alpha1.NewForConfig(&configShallowCopy) - if err != nil { - return nil, err - } - - cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) - if err != nil { - return nil, err - } - return &cs, nil -} - -// NewForConfigOrDie creates a new Clientset for the given config and -// panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *Clientset { - var cs Clientset - cs.operationsV1alpha1 = operationsv1alpha1.NewForConfigOrDie(c) - - cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) - return &cs -} - -// New creates a new Clientset for the given RESTClient. -func New(c rest.Interface) *Clientset { - var cs Clientset - cs.operationsV1alpha1 = operationsv1alpha1.New(c) - - cs.DiscoveryClient = discovery.NewDiscoveryClient(c) - return &cs -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/doc.go b/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/doc.go deleted file mode 100644 index 32d852285..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -// This package has the automatically generated clientset. -package versioned diff --git a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme/doc.go b/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme/doc.go deleted file mode 100644 index 7d4fb776b..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -// This package contains the scheme of the automatically generated clientset. -package scheme diff --git a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme/register.go b/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme/register.go deleted file mode 100644 index 46f939c63..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme/register.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package scheme - -import ( - operationsv1alpha1 "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - schema "k8s.io/apimachinery/pkg/runtime/schema" - serializer "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var Scheme = runtime.NewScheme() -var Codecs = serializer.NewCodecFactory(Scheme) -var ParameterCodec = runtime.NewParameterCodec(Scheme) -var localSchemeBuilder = runtime.SchemeBuilder{ - operationsv1alpha1.AddToScheme, -} - -// AddToScheme adds all types of this clientset into the given scheme. This allows composition -// of clientsets, like in: -// -// import ( -// "k8s.io/client-go/kubernetes" -// clientsetscheme "k8s.io/client-go/kubernetes/scheme" -// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" -// ) -// -// kclientset, _ := kubernetes.NewForConfig(c) -// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) -// -// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types -// correctly. -var AddToScheme = localSchemeBuilder.AddToScheme - -func init() { - v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) - utilruntime.Must(AddToScheme(Scheme)) -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/bastion.go b/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/bastion.go deleted file mode 100644 index 882c15a20..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/bastion.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// BastionsGetter has a method to return a BastionInterface. -// A group's client should implement this interface. -type BastionsGetter interface { - Bastions(namespace string) BastionInterface -} - -// BastionInterface has methods to work with Bastion resources. -type BastionInterface interface { - Create(ctx context.Context, bastion *v1alpha1.Bastion, opts v1.CreateOptions) (*v1alpha1.Bastion, error) - Update(ctx context.Context, bastion *v1alpha1.Bastion, opts v1.UpdateOptions) (*v1alpha1.Bastion, error) - UpdateStatus(ctx context.Context, bastion *v1alpha1.Bastion, opts v1.UpdateOptions) (*v1alpha1.Bastion, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Bastion, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.BastionList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Bastion, err error) - BastionExpansion -} - -// bastions implements BastionInterface -type bastions struct { - client rest.Interface - ns string -} - -// newBastions returns a Bastions -func newBastions(c *OperationsV1alpha1Client, namespace string) *bastions { - return &bastions{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the bastion, and returns the corresponding bastion object, and an error if there is any. -func (c *bastions) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Bastion, err error) { - result = &v1alpha1.Bastion{} - err = c.client.Get(). - Namespace(c.ns). - Resource("bastions"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Bastions that match those selectors. -func (c *bastions) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.BastionList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.BastionList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("bastions"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested bastions. -func (c *bastions) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("bastions"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a bastion and creates it. Returns the server's representation of the bastion, and an error, if there is any. -func (c *bastions) Create(ctx context.Context, bastion *v1alpha1.Bastion, opts v1.CreateOptions) (result *v1alpha1.Bastion, err error) { - result = &v1alpha1.Bastion{} - err = c.client.Post(). - Namespace(c.ns). - Resource("bastions"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(bastion). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a bastion and updates it. Returns the server's representation of the bastion, and an error, if there is any. -func (c *bastions) Update(ctx context.Context, bastion *v1alpha1.Bastion, opts v1.UpdateOptions) (result *v1alpha1.Bastion, err error) { - result = &v1alpha1.Bastion{} - err = c.client.Put(). - Namespace(c.ns). - Resource("bastions"). - Name(bastion.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(bastion). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *bastions) UpdateStatus(ctx context.Context, bastion *v1alpha1.Bastion, opts v1.UpdateOptions) (result *v1alpha1.Bastion, err error) { - result = &v1alpha1.Bastion{} - err = c.client.Put(). - Namespace(c.ns). - Resource("bastions"). - Name(bastion.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(bastion). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the bastion and deletes it. Returns an error if one occurs. -func (c *bastions) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("bastions"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *bastions) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("bastions"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched bastion. -func (c *bastions) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Bastion, err error) { - result = &v1alpha1.Bastion{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("bastions"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/doc.go b/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/doc.go deleted file mode 100644 index 828c8ebe1..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -// This package has the automatically generated typed clients. -package v1alpha1 diff --git a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/operations_client.go b/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/operations_client.go deleted file mode 100644 index 27568bca3..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/operations/clientset/versioned/typed/operations/v1alpha1/operations_client.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" - "github.com/gardener/gardener/pkg/client/operations/clientset/versioned/scheme" - rest "k8s.io/client-go/rest" -) - -type OperationsV1alpha1Interface interface { - RESTClient() rest.Interface - BastionsGetter -} - -// OperationsV1alpha1Client is used to interact with features provided by the operations.gardener.cloud group. -type OperationsV1alpha1Client struct { - restClient rest.Interface -} - -func (c *OperationsV1alpha1Client) Bastions(namespace string) BastionInterface { - return newBastions(c, namespace) -} - -// NewForConfig creates a new OperationsV1alpha1Client for the given config. -func NewForConfig(c *rest.Config) (*OperationsV1alpha1Client, error) { - config := *c - if err := setConfigDefaults(&config); err != nil { - return nil, err - } - client, err := rest.RESTClientFor(&config) - if err != nil { - return nil, err - } - return &OperationsV1alpha1Client{client}, nil -} - -// NewForConfigOrDie creates a new OperationsV1alpha1Client for the given config and -// panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *OperationsV1alpha1Client { - client, err := NewForConfig(c) - if err != nil { - panic(err) - } - return client -} - -// New creates a new OperationsV1alpha1Client for the given RESTClient. -func New(c rest.Interface) *OperationsV1alpha1Client { - return &OperationsV1alpha1Client{c} -} - -func setConfigDefaults(config *rest.Config) error { - gv := v1alpha1.SchemeGroupVersion - config.GroupVersion = &gv - config.APIPath = "/apis" - config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() - - if config.UserAgent == "" { - config.UserAgent = rest.DefaultKubernetesUserAgent() - } - - return nil -} - -// RESTClient returns a RESTClient that is used to communicate -// with API server by this client implementation. -func (c *OperationsV1alpha1Client) RESTClient() rest.Interface { - if c == nil { - return nil - } - return c.restClient -} diff --git a/vendor/github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme/doc.go b/vendor/github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme/doc.go deleted file mode 100644 index 7d4fb776b..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -// This package contains the scheme of the automatically generated clientset. -package scheme diff --git a/vendor/github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme/register.go b/vendor/github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme/register.go deleted file mode 100644 index 89313a4d1..000000000 --- a/vendor/github.com/gardener/gardener/pkg/client/settings/clientset/versioned/scheme/register.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package scheme - -import ( - settingsv1alpha1 "github.com/gardener/gardener/pkg/apis/settings/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - schema "k8s.io/apimachinery/pkg/runtime/schema" - serializer "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var Scheme = runtime.NewScheme() -var Codecs = serializer.NewCodecFactory(Scheme) -var ParameterCodec = runtime.NewParameterCodec(Scheme) -var localSchemeBuilder = runtime.SchemeBuilder{ - settingsv1alpha1.AddToScheme, -} - -// AddToScheme adds all types of this clientset into the given scheme. This allows composition -// of clientsets, like in: -// -// import ( -// "k8s.io/client-go/kubernetes" -// clientsetscheme "k8s.io/client-go/kubernetes/scheme" -// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" -// ) -// -// kclientset, _ := kubernetes.NewForConfig(c) -// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) -// -// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types -// correctly. -var AddToScheme = localSchemeBuilder.AddToScheme - -func init() { - v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) - utilruntime.Must(AddToScheme(Scheme)) -} diff --git a/vendor/github.com/gardener/gardener/pkg/controllerutils/finalizers.go b/vendor/github.com/gardener/gardener/pkg/controllerutils/finalizers.go index fe80244b0..b5043f0d3 100644 --- a/vendor/github.com/gardener/gardener/pkg/controllerutils/finalizers.go +++ b/vendor/github.com/gardener/gardener/pkg/controllerutils/finalizers.go @@ -23,23 +23,33 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -// PatchAddFinalizers adds the given finalizers to the object via a patch request. +// PatchAddFinalizers adds the given finalizers to the object via a merge patch request with optimistic locking. func PatchAddFinalizers(ctx context.Context, writer client.Writer, obj client.Object, finalizers ...string) error { - return patchFinalizers(ctx, writer, obj, controllerutil.AddFinalizer, finalizers...) + return patchFinalizers(ctx, writer, obj, mergeFromWithOptimisticLock, controllerutil.AddFinalizer, finalizers...) } -// PatchRemoveFinalizers removes the given finalizers from the object via a patch request. +// PatchRemoveFinalizers removes the given finalizers from the object via a merge patch request with optimistic locking. func PatchRemoveFinalizers(ctx context.Context, writer client.Writer, obj client.Object, finalizers ...string) error { - return patchFinalizers(ctx, writer, obj, controllerutil.RemoveFinalizer, finalizers...) + return patchFinalizers(ctx, writer, obj, mergeFromWithOptimisticLock, controllerutil.RemoveFinalizer, finalizers...) } -func patchFinalizers(ctx context.Context, writer client.Writer, obj client.Object, mutate func(client.Object, string), finalizers ...string) error { +func patchFinalizers(ctx context.Context, writer client.Writer, obj client.Object, patchFunc patchFn, mutate func(client.Object, string), finalizers ...string) error { beforePatch := obj.DeepCopyObject().(client.Object) for _, finalizer := range finalizers { mutate(obj, finalizer) } - return writer.Patch(ctx, obj, client.MergeFromWithOptions(beforePatch, client.MergeFromWithOptimisticLock{})) + return writer.Patch(ctx, obj, patchFunc(beforePatch)) +} + +// StrategicMergePatchAddFinalizers adds the given finalizers to the object via a strategic merge patch request +// (without optimistic locking). +// Note: we can't do the same for removing finalizers, because removing the last finalizer results in the following patch: +// {"metadata":{"finalizers":null}} +// which is not safe to issue without optimistic locking. Also, $deleteFromPrimitiveList is not idempotent, see +// https://github.com/kubernetes/kubernetes/issues/105146. +func StrategicMergePatchAddFinalizers(ctx context.Context, writer client.Writer, obj client.Object, finalizers ...string) error { + return patchFinalizers(ctx, writer, obj, strategicMergeFrom, controllerutil.AddFinalizer, finalizers...) } // EnsureFinalizer ensures that a finalizer of the given name is set on the given object with exponential backoff. @@ -75,7 +85,7 @@ func tryPatchFinalizers(ctx context.Context, reader client.Reader, writer client return err } - return patchFinalizers(ctx, writer, obj, mutate, finalizer) + return patchFinalizers(ctx, writer, obj, mergeFromWithOptimisticLock, mutate, finalizer) }) } @@ -91,5 +101,5 @@ func tryPatchObject(ctx context.Context, reader client.Reader, writer client.Wri func patchObject(ctx context.Context, writer client.Writer, obj client.Object, mutate func(client.Object)) error { beforePatch := obj.DeepCopyObject().(client.Object) mutate(obj) - return writer.Patch(ctx, obj, client.MergeFromWithOptions(beforePatch, client.MergeFromWithOptimisticLock{})) + return writer.Patch(ctx, obj, mergeFromWithOptimisticLock(beforePatch)) } diff --git a/vendor/github.com/gardener/gardener/pkg/controllerutils/patch.go b/vendor/github.com/gardener/gardener/pkg/controllerutils/patch.go index 301acb84a..03a0885d7 100644 --- a/vendor/github.com/gardener/gardener/pkg/controllerutils/patch.go +++ b/vendor/github.com/gardener/gardener/pkg/controllerutils/patch.go @@ -24,6 +24,21 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) +// patchFn returns a client.Patch with the given client.Object as the base object. +type patchFn func(client.Object) client.Patch + +func mergeFrom(obj client.Object) client.Patch { + return client.MergeFrom(obj) +} + +func mergeFromWithOptimisticLock(obj client.Object) client.Patch { + return client.MergeFromWithOptions(obj, client.MergeFromWithOptimisticLock{}) +} + +func strategicMergeFrom(obj client.Object) client.Patch { + return client.StrategicMergeFrom(obj) +} + // GetAndCreateOrMergePatch is similar to controllerutil.CreateOrPatch, but does not care about the object's status section. // It reads the object from the client, reconciles the desired state with the existing state using the given MutateFn // and creates or patches the object (using a merge patch) accordingly. @@ -32,7 +47,7 @@ import ( // // It returns the executed operation and an error. func GetAndCreateOrMergePatch(ctx context.Context, c client.Client, obj client.Object, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { - return getAndCreateOrPatch(ctx, c, obj, func(obj client.Object) client.Patch { return client.MergeFrom(obj) }, f) + return getAndCreateOrPatch(ctx, c, obj, mergeFrom, f) } // GetAndCreateOrStrategicMergePatch is similar to controllerutil.CreateOrPatch, but does not care about the object's status section. @@ -43,10 +58,10 @@ func GetAndCreateOrMergePatch(ctx context.Context, c client.Client, obj client.O // // It returns the executed operation and an error. func GetAndCreateOrStrategicMergePatch(ctx context.Context, c client.Client, obj client.Object, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { - return getAndCreateOrPatch(ctx, c, obj, func(obj client.Object) client.Patch { return client.StrategicMergeFrom(obj) }, f) + return getAndCreateOrPatch(ctx, c, obj, strategicMergeFrom, f) } -func getAndCreateOrPatch(ctx context.Context, c client.Client, obj client.Object, patchFunc func(client.Object) client.Patch, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { +func getAndCreateOrPatch(ctx context.Context, c client.Client, obj client.Object, patchFunc patchFn, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { key := client.ObjectKeyFromObject(obj) if err := c.Get(ctx, key, obj); err != nil { if !apierrors.IsNotFound(err) { @@ -78,7 +93,7 @@ func getAndCreateOrPatch(ctx context.Context, c client.Client, obj client.Object // // It returns the executed operation and an error. func CreateOrGetAndMergePatch(ctx context.Context, c client.Client, obj client.Object, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { - return createOrGetAndPatch(ctx, c, obj, func(obj client.Object) client.Patch { return client.MergeFrom(obj) }, f) + return createOrGetAndPatch(ctx, c, obj, mergeFrom, f) } // CreateOrGetAndStrategicMergePatch creates or gets and patches (using a strategic merge patch) the given object in the Kubernetes cluster. @@ -87,10 +102,10 @@ func CreateOrGetAndMergePatch(ctx context.Context, c client.Client, obj client.O // // It returns the executed operation and an error. func CreateOrGetAndStrategicMergePatch(ctx context.Context, c client.Client, obj client.Object, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { - return createOrGetAndPatch(ctx, c, obj, func(obj client.Object) client.Patch { return client.StrategicMergeFrom(obj) }, f) + return createOrGetAndPatch(ctx, c, obj, strategicMergeFrom, f) } -func createOrGetAndPatch(ctx context.Context, c client.Client, obj client.Object, patchFunc func(client.Object) client.Patch, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { +func createOrGetAndPatch(ctx context.Context, c client.Client, obj client.Object, patchFunc patchFn, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { var ( namespace = obj.GetNamespace() name = obj.GetName() diff --git a/vendor/github.com/gardener/gardener/pkg/controllerutils/worker.go b/vendor/github.com/gardener/gardener/pkg/controllerutils/worker.go index 847982469..030f5b419 100644 --- a/vendor/github.com/gardener/gardener/pkg/controllerutils/worker.go +++ b/vendor/github.com/gardener/gardener/pkg/controllerutils/worker.go @@ -35,7 +35,7 @@ import ( // added to the wait group when started and marked done when finished. // The given context is injected into the `reconciler` if it implements `inject.Stoppable`. // Optionally passed inject functions are called with the `reconciler` but potentially returned errors are disregarded. -func CreateWorker(ctx context.Context, queue workqueue.RateLimitingInterface, resourceType string, reconciler reconcile.Reconciler, waitGroup *sync.WaitGroup, workerCh chan int, injectFn ...inject.Func) { +func CreateWorker(ctx context.Context, queue workqueue.RateLimitingInterface, resourceType string, reconciler reconcile.Reconciler, waitGroup *sync.WaitGroup, workerCh chan<- int, injectFn ...inject.Func) { fns := append(injectFn, func(i interface{}) error { _, err := inject.StopChannelInto(ctx.Done(), i) return err diff --git a/vendor/github.com/gardener/gardener/pkg/extensions/customresources.go b/vendor/github.com/gardener/gardener/pkg/extensions/customresources.go index 47d933591..e53661258 100644 --- a/vendor/github.com/gardener/gardener/pkg/extensions/customresources.go +++ b/vendor/github.com/gardener/gardener/pkg/extensions/customresources.go @@ -57,18 +57,7 @@ func WaitUntilExtensionObjectReady( timeout time.Duration, postReadyFunc func() error, ) error { - return WaitUntilObjectReadyWithHealthFunction( - ctx, - c, - logger, - health.CheckExtensionObject, - obj, - kind, - interval, - severeThreshold, - timeout, - postReadyFunc, - ) + return WaitUntilObjectReadyWithHealthFunction(ctx, c, logger, health.CheckExtensionObject, obj, kind, interval, severeThreshold, timeout, postReadyFunc) } // WaitUntilObjectReadyWithHealthFunction waits until the given object has become ready. It takes the health check @@ -168,7 +157,7 @@ func DeleteExtensionObject( return client.IgnoreNotFound(c.Delete(ctx, obj, deleteOpts...)) } -// DeleteExtensionObjects lists all extension objects and loops over them. It executes the given for +// DeleteExtensionObjects lists all extension objects and loops over them. It executes the given predicateFunc for // each of them, and if it evaluates to true then the object will be deleted. func DeleteExtensionObjects( ctx context.Context, @@ -179,12 +168,7 @@ func DeleteExtensionObjects( deleteOpts ...client.DeleteOption, ) error { fns, err := applyFuncToExtensionObjects(ctx, c, listObj, namespace, predicateFunc, func(ctx context.Context, obj extensionsv1alpha1.Object) error { - return DeleteExtensionObject( - ctx, - c, - obj, - deleteOpts..., - ) + return DeleteExtensionObject(ctx, c, obj, deleteOpts...) }) if err != nil { return err @@ -194,8 +178,9 @@ func DeleteExtensionObjects( } // WaitUntilExtensionObjectsDeleted lists all extension objects and loops over them. It executes the given -// for each of them, and if it evaluates to true and the object is already marked for deletion, -// then it waits for the object to be deleted. +// predicateFunc for each of them, and if it evaluates to true, then it waits for the object to be deleted. +// If the component needs to wait for a given subset of all extension objects to be deleted (e.g. after deleting +// unwanted objects), it should pass a predicateFunc that filters objects to wait for by name. func WaitUntilExtensionObjectsDeleted( ctx context.Context, c client.Client, @@ -207,32 +192,9 @@ func WaitUntilExtensionObjectsDeleted( timeout time.Duration, predicateFunc func(obj extensionsv1alpha1.Object) bool, ) error { - fns, err := applyFuncToExtensionObjects( - ctx, - c, - listObj, - namespace, - func(obj extensionsv1alpha1.Object) bool { - if obj.GetDeletionTimestamp() == nil { - return false - } - if predicateFunc != nil && !predicateFunc(obj) { - return false - } - return true - }, - func(ctx context.Context, obj extensionsv1alpha1.Object) error { - return WaitUntilExtensionObjectDeleted( - ctx, - c, - logger, - obj, - kind, - interval, - timeout, - ) - }, - ) + fns, err := applyFuncToExtensionObjects(ctx, c, listObj, namespace, predicateFunc, func(ctx context.Context, obj extensionsv1alpha1.Object) error { + return WaitUntilExtensionObjectDeleted(ctx, c, logger, obj, kind, interval, timeout) + }) if err != nil { return err } @@ -448,13 +410,7 @@ func WaitUntilExtensionObjectsMigrated( timeout time.Duration, ) error { fns, err := applyFuncToExtensionObjects(ctx, c, listObj, namespace, nil, func(ctx context.Context, obj extensionsv1alpha1.Object) error { - return WaitUntilExtensionObjectMigrated( - ctx, - c, - obj, - interval, - timeout, - ) + return WaitUntilExtensionObjectMigrated(ctx, c, obj, interval, timeout) }) if err != nil { return err diff --git a/vendor/github.com/gardener/gardener/pkg/extensions/owner.go b/vendor/github.com/gardener/gardener/pkg/extensions/owner.go new file mode 100644 index 000000000..39729d630 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/extensions/owner.go @@ -0,0 +1,41 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package extensions + +import ( + "context" + + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + kutil "github.com/gardener/gardener/pkg/utils/kubernetes" + + "k8s.io/apimachinery/pkg/api/meta" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// GetOwnerNameAndID reads the owner domain name and ID from the owner DNSRecord extension resource in the given namespace. +// If the owner DNSRecord resource is not found, it returns empty strings. +func GetOwnerNameAndID(ctx context.Context, c client.Client, namespace, shootName string) (string, string, error) { + dns := &extensionsv1alpha1.DNSRecord{} + if err := c.Get(ctx, kutil.Key(namespace, shootName+"-owner"), dns); client.IgnoreNotFound(err) != nil && !meta.IsNoMatchError(err) { + return "", "", err + } + + var value string + if len(dns.Spec.Values) > 0 { + value = dns.Spec.Values[0] + } + + return dns.Spec.Name, value, nil +} diff --git a/vendor/github.com/gardener/gardener/pkg/features/features.go b/vendor/github.com/gardener/gardener/pkg/features/features.go index e0ed47a4b..8f835fb41 100644 --- a/vendor/github.com/gardener/gardener/pkg/features/features.go +++ b/vendor/github.com/gardener/gardener/pkg/features/features.go @@ -83,7 +83,7 @@ const ( // AdminKubeconfigRequest enables the AdminKubeconfigRequest endpoint on shoot resources. // owner: @mvladev - // alpha: v1.23.0 + // alpha: v1.24.0 AdminKubeconfigRequest featuregate.Feature = "AdminKubeconfigRequest" // UseDNSRecords enables using DNSRecords resources for Gardener DNS records instead of DNSProvider and DNSEntry resources. @@ -95,10 +95,16 @@ const ( // for shoots that are already in the deletion phase, i.e. `metadata.deletionTimestamp` is set // owner: @vpnachev // alpha: v1.28.0 + // beta: v1.32.0 DisallowKubeconfigRotationForShootInDeletion featuregate.Feature = "DisallowKubeconfigRotationForShootInDeletion" // RotateSSHKeypairOnMaintenance enables SSH keypair rotation in the maintenance controller of the gardener-controller-manager. // owner: @petersutter @xrstf // alpha: v1.28.0 RotateSSHKeypairOnMaintenance featuregate.Feature = "RotateSSHKeypairOnMaintenance" + + // DenyInvalidExtensionResources causes the seed-admission-controller to deny invalid extension resources (instead of just logging validation errors). + // owner: @vanjiii + // alpha: v1.31.0 + DenyInvalidExtensionResources featuregate.Feature = "DenyInvalidExtensionResources" ) diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go index 28cf4fa00..8ecd5ef68 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go @@ -52,6 +52,8 @@ type GardenletConfiguration struct { KubernetesLogLevel *klog.Level // Server defines the configuration of the HTTP server. Server *ServerConfiguration + // Debugging holds configuration for Debugging related features. + Debugging *componentbaseconfig.DebuggingConfiguration // FeatureGates is a map of feature names to bools that enable or disable alpha/experimental // features. This field modifies piecemeal the built-in default values from // "github.com/gardener/gardener/pkg/gardenlet/features/features.go". @@ -417,7 +419,7 @@ type ExposureClassHandler struct { SNI *SNI } -// LoadBalancerService contains configuration which is used to configure the underlying +// LoadBalancerServiceConfig contains configuration which is used to configure the underlying // load balancer to apply the control plane endpoint exposure strategy. type LoadBalancerServiceConfig struct { // Annotations is a key value map to annotate the underlying load balancer services. diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/conversions.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/conversions.go index a92b1dc10..fcd4a62ab 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/conversions.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/conversions.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//nolint:revive package v1alpha1 import ( diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go index e3b628c23..0f1fa70a1 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go @@ -117,6 +117,8 @@ func SetDefaults_GardenletConfiguration(obj *GardenletConfiguration) { obj.Server.HTTPS.Port = 2720 } + // TODO: consider enabling profiling by default (like in k8s components) + if obj.SNI == nil { obj.SNI = &SNI{} } diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go index e52eb55bd..e35960fec 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go @@ -63,6 +63,9 @@ type GardenletConfiguration struct { // Server defines the configuration of the HTTP server. // +optional Server *ServerConfiguration `json:"server,omitempty"` + // Debugging holds configuration for Debugging related features. + // +optional + Debugging *componentbaseconfigv1alpha1.DebuggingConfiguration `json:"debugging,omitempty"` // FeatureGates is a map of feature names to bools that enable or disable alpha/experimental // features. This field modifies piecemeal the built-in default values from // "github.com/gardener/gardener/pkg/gardenlet/features/features.go". @@ -497,7 +500,7 @@ type ExposureClassHandler struct { SNI *SNI `json:"sni,omitempty"` } -// LoadBalancerService contains configuration which is used to configure the underlying +// LoadBalancerServiceConfig contains configuration which is used to configure the underlying // load balancer to apply the control plane endpoint exposure strategy. type LoadBalancerServiceConfig struct { // Annotations is a key value map to annotate the underlying load balancer services. diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go index 7a0f439b7..330f11c03 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go @@ -30,6 +30,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" + componentbaseconfig "k8s.io/component-base/config" configv1alpha1 "k8s.io/component-base/config/v1alpha1" klog "k8s.io/klog" ) @@ -711,6 +712,15 @@ func autoConvert_v1alpha1_GardenletConfiguration_To_config_GardenletConfiguratio out.LogFormat = (*string)(unsafe.Pointer(in.LogFormat)) out.KubernetesLogLevel = (*klog.Level)(unsafe.Pointer(in.KubernetesLogLevel)) out.Server = (*config.ServerConfiguration)(unsafe.Pointer(in.Server)) + if in.Debugging != nil { + in, out := &in.Debugging, &out.Debugging + *out = new(componentbaseconfig.DebuggingConfiguration) + if err := configv1alpha1.Convert_v1alpha1_DebuggingConfiguration_To_config_DebuggingConfiguration(*in, *out, s); err != nil { + return err + } + } else { + out.Debugging = nil + } out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates)) if in.SeedConfig != nil { in, out := &in.SeedConfig, &out.SeedConfig @@ -783,6 +793,15 @@ func autoConvert_config_GardenletConfiguration_To_v1alpha1_GardenletConfiguratio out.LogFormat = (*string)(unsafe.Pointer(in.LogFormat)) out.KubernetesLogLevel = (*klog.Level)(unsafe.Pointer(in.KubernetesLogLevel)) out.Server = (*ServerConfiguration)(unsafe.Pointer(in.Server)) + if in.Debugging != nil { + in, out := &in.Debugging, &out.Debugging + *out = new(configv1alpha1.DebuggingConfiguration) + if err := configv1alpha1.Convert_config_DebuggingConfiguration_To_v1alpha1_DebuggingConfiguration(*in, *out, s); err != nil { + return err + } + } else { + out.Debugging = nil + } out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates)) if in.SeedConfig != nil { in, out := &in.SeedConfig, &out.SeedConfig diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go index d5b9f2c98..71c4b0ef3 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -25,6 +25,7 @@ import ( corev1 "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" + configv1alpha1 "k8s.io/component-base/config/v1alpha1" klog "k8s.io/klog" ) @@ -351,6 +352,11 @@ func (in *GardenletConfiguration) DeepCopyInto(out *GardenletConfiguration) { *out = new(ServerConfiguration) (*in).DeepCopyInto(*out) } + if in.Debugging != nil { + in, out := &in.Debugging, &out.Debugging + *out = new(configv1alpha1.DebuggingConfiguration) + (*in).DeepCopyInto(*out) + } if in.FeatureGates != nil { in, out := &in.FeatureGates, &out.FeatureGates *out = make(map[string]bool, len(*in)) diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go index 7752908c6..28449b175 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go @@ -25,6 +25,7 @@ import ( corev1 "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" + componentbaseconfig "k8s.io/component-base/config" klog "k8s.io/klog" ) @@ -351,6 +352,11 @@ func (in *GardenletConfiguration) DeepCopyInto(out *GardenletConfiguration) { *out = new(ServerConfiguration) (*in).DeepCopyInto(*out) } + if in.Debugging != nil { + in, out := &in.Debugging, &out.Debugging + *out = new(componentbaseconfig.DebuggingConfiguration) + **out = **in + } if in.FeatureGates != nil { in, out := &in.FeatureGates, &out.FeatureGates *out = make(map[string]bool, len(*in)) diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/features/features.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/features/features.go new file mode 100644 index 000000000..3047a5d6d --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/features/features.go @@ -0,0 +1,44 @@ +// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package features + +import ( + "github.com/gardener/gardener/pkg/features" + + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/component-base/featuregate" +) + +var ( + // FeatureGate is a shared global FeatureGate for Gardenlet flags. + FeatureGate = featuregate.NewFeatureGate() + featureGates = map[featuregate.Feature]featuregate.FeatureSpec{ + features.Logging: {Default: false, PreRelease: featuregate.Alpha}, + features.HVPA: {Default: false, PreRelease: featuregate.Alpha}, + features.HVPAForShootedSeed: {Default: false, PreRelease: featuregate.Alpha}, + features.ManagedIstio: {Default: true, PreRelease: featuregate.Beta}, + features.APIServerSNI: {Default: true, PreRelease: featuregate.Beta}, + features.CachedRuntimeClients: {Default: false, PreRelease: featuregate.Alpha}, + features.SeedKubeScheduler: {Default: false, PreRelease: featuregate.Alpha}, + features.ReversedVPN: {Default: false, PreRelease: featuregate.Alpha}, + features.UseDNSRecords: {Default: false, PreRelease: featuregate.Alpha}, + features.DenyInvalidExtensionResources: {Default: false, PreRelease: featuregate.Alpha}, + } +) + +// RegisterFeatureGates registers the feature gates of the Gardenlet. +func RegisterFeatureGates() { + utilruntime.Must(FeatureGate.Add(featureGates)) +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/addons.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/addons.go new file mode 100644 index 000000000..594062d7f --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/addons.go @@ -0,0 +1,566 @@ +// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package botanist + +import ( + "context" + "fmt" + "path/filepath" + "strings" + + "github.com/gardener/gardener/charts" + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" + extensionsv1alpha1helper "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/helper" + "github.com/gardener/gardener/pkg/chartrenderer" + netpol "github.com/gardener/gardener/pkg/operation/botanist/addons/networkpolicy" + "github.com/gardener/gardener/pkg/operation/botanist/component" + "github.com/gardener/gardener/pkg/operation/botanist/component/extensions/dns" + extensionsdnsrecord "github.com/gardener/gardener/pkg/operation/botanist/component/extensions/dnsrecord" + "github.com/gardener/gardener/pkg/operation/botanist/component/kubeapiserver" + "github.com/gardener/gardener/pkg/operation/botanist/component/vpnseedserver" + "github.com/gardener/gardener/pkg/operation/common" + "github.com/gardener/gardener/pkg/utils/managedresources" + "github.com/gardener/gardener/pkg/utils/secrets" + versionutils "github.com/gardener/gardener/pkg/utils/version" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/pointer" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + // SecretLabelKeyManagedResource is a key for a label on a secret with the value 'managed-resource'. + SecretLabelKeyManagedResource = "managed-resource" +) + +// GenerateKubernetesDashboardConfig generates the values which are required to render the chart of +// the kubernetes-dashboard properly. +func (b *Botanist) GenerateKubernetesDashboardConfig() (map[string]interface{}, error) { + var ( + enabled = gardencorev1beta1helper.KubernetesDashboardEnabled(b.Shoot.GetInfo().Spec.Addons) + values = map[string]interface{}{} + ) + + if b.APIServerSNIEnabled() { + values["kubeAPIServerHost"] = b.outOfClusterAPIServerFQDN() + } + + if enabled && b.Shoot.GetInfo().Spec.Addons.KubernetesDashboard.AuthenticationMode != nil { + values["authenticationMode"] = *b.Shoot.GetInfo().Spec.Addons.KubernetesDashboard.AuthenticationMode + } + + return common.GenerateAddonConfig(values, enabled), nil +} + +// DeployIngressDNS deploys the nginx ingress DNSEntry and DNSOwner resources. +func (b *Botanist) DeployIngressDNS(ctx context.Context) error { + if b.NeedsIngressDNS() { + if b.isRestorePhase() { + return dnsRestoreDeployer{ + entry: b.Shoot.Components.Extensions.DNS.NginxEntry, + owner: b.Shoot.Components.Extensions.DNS.NginxOwner, + }.Deploy(ctx) + } + + return component.OpWaiter( + b.Shoot.Components.Extensions.DNS.NginxOwner, + b.Shoot.Components.Extensions.DNS.NginxEntry, + ).Deploy(ctx) + } + + return component.OpWaiter( + b.Shoot.Components.Extensions.DNS.NginxEntry, + b.Shoot.Components.Extensions.DNS.NginxOwner, + ).Deploy(ctx) +} + +// DestroyIngressDNS destroys the nginx ingress DNSEntry and DNSOwner resources. +func (b *Botanist) DestroyIngressDNS(ctx context.Context) error { + return component.OpDestroyAndWait( + b.Shoot.Components.Extensions.DNS.NginxEntry, + b.Shoot.Components.Extensions.DNS.NginxOwner, + ).Destroy(ctx) +} + +// MigrateIngressDNS destroys the nginx ingress DNSEntry and DNSOwner resources, +// without removing the entry from the DNS provider. +func (b *Botanist) MigrateIngressDNS(ctx context.Context) error { + return component.OpDestroyAndWait( + b.Shoot.Components.Extensions.DNS.NginxOwner, + b.Shoot.Components.Extensions.DNS.NginxEntry, + ).Destroy(ctx) +} + +// DefaultNginxIngressDNSEntry returns a Deployer which removes existing nginx ingress DNSEntry. +func (b *Botanist) DefaultNginxIngressDNSEntry() component.DeployWaiter { + return component.OpDestroy(dns.NewEntry( + b.Logger, + b.K8sSeedClient.Client(), + b.Shoot.SeedNamespace, + &dns.EntryValues{ + Name: common.ShootDNSIngressName, + TTL: *b.Config.Controllers.Shoot.DNSEntryTTLSeconds, + }, + )) +} + +// DefaultNginxIngressDNSOwner returns DeployWaiter which removes the nginx ingress DNSOwner. +func (b *Botanist) DefaultNginxIngressDNSOwner() component.DeployWaiter { + return component.OpDestroy(dns.NewOwner( + b.K8sSeedClient.Client(), + b.Shoot.SeedNamespace, + &dns.OwnerValues{ + Name: common.ShootDNSIngressName, + }, + )) +} + +// NeedsIngressDNS returns true if the Shoot cluster needs ingress DNS. +func (b *Botanist) NeedsIngressDNS() bool { + return b.NeedsExternalDNS() && gardencorev1beta1helper.NginxIngressEnabled(b.Shoot.GetInfo().Spec.Addons) +} + +// DefaultIngressDNSRecord creates the default deployer for the ingress DNSRecord resource. +func (b *Botanist) DefaultIngressDNSRecord() extensionsdnsrecord.Interface { + values := &extensionsdnsrecord.Values{ + Name: b.Shoot.GetInfo().Name + "-" + common.ShootDNSIngressName, + SecretName: b.Shoot.GetInfo().Name + "-" + DNSExternalName, + Namespace: b.Shoot.SeedNamespace, + TTL: b.Config.Controllers.Shoot.DNSEntryTTLSeconds, + } + if b.NeedsIngressDNS() { + values.Type = b.Shoot.ExternalDomain.Provider + if b.Shoot.ExternalDomain.Zone != "" { + values.Zone = &b.Shoot.ExternalDomain.Zone + } + values.SecretData = b.Shoot.ExternalDomain.SecretData + values.DNSName = b.Shoot.GetIngressFQDN("*") + } + return extensionsdnsrecord.New( + b.Logger, + b.K8sSeedClient.Client(), + values, + extensionsdnsrecord.DefaultInterval, + extensionsdnsrecord.DefaultSevereThreshold, + extensionsdnsrecord.DefaultTimeout, + ) +} + +// DeployOrDestroyIngressDNSRecord deploys, restores, or destroys the ingress DNSRecord and waits for the operation to complete. +func (b *Botanist) DeployOrDestroyIngressDNSRecord(ctx context.Context) error { + if b.NeedsIngressDNS() { + return b.deployIngressDNSRecord(ctx) + } + return b.DestroyIngressDNSRecord(ctx) +} + +// deployIngressDNSRecord deploys or restores the ingress DNSRecord and waits for the operation to complete. +func (b *Botanist) deployIngressDNSRecord(ctx context.Context) error { + if err := b.deployOrRestoreDNSRecord(ctx, b.Shoot.Components.Extensions.IngressDNSRecord); err != nil { + return err + } + return b.Shoot.Components.Extensions.IngressDNSRecord.Wait(ctx) +} + +// DestroyIngressDNSRecord destroys the ingress DNSRecord and waits for the operation to complete. +func (b *Botanist) DestroyIngressDNSRecord(ctx context.Context) error { + if err := b.Shoot.Components.Extensions.IngressDNSRecord.Destroy(ctx); err != nil { + return err + } + return b.Shoot.Components.Extensions.IngressDNSRecord.WaitCleanup(ctx) +} + +// MigrateIngressDNSRecord migrates the ingress DNSRecord and waits for the operation to complete. +func (b *Botanist) MigrateIngressDNSRecord(ctx context.Context) error { + if err := b.Shoot.Components.Extensions.IngressDNSRecord.Migrate(ctx); err != nil { + return err + } + return b.Shoot.Components.Extensions.IngressDNSRecord.WaitMigrate(ctx) +} + +// SetNginxIngressAddress sets the IP address of the API server's LoadBalancer. +func (b *Botanist) SetNginxIngressAddress(address string, seedClient client.Client) { + if b.NeedsIngressDNS() { + ownerID := *b.Shoot.GetInfo().Status.ClusterIdentity + "-" + common.ShootDNSIngressName + b.Shoot.Components.Extensions.DNS.NginxOwner = dns.NewOwner( + seedClient, + b.Shoot.SeedNamespace, + &dns.OwnerValues{ + Name: common.ShootDNSIngressName, + Active: pointer.Bool(true), + OwnerID: ownerID, + }, + ) + b.Shoot.Components.Extensions.DNS.NginxEntry = dns.NewEntry( + b.Logger, + seedClient, + b.Shoot.SeedNamespace, + &dns.EntryValues{ + Name: common.ShootDNSIngressName, + DNSName: b.Shoot.GetIngressFQDN("*"), + Targets: []string{address}, + OwnerID: ownerID, + TTL: *b.Config.Controllers.Shoot.DNSEntryTTLSeconds, + }, + ) + + b.Shoot.Components.Extensions.IngressDNSRecord.SetRecordType(extensionsv1alpha1helper.GetDNSRecordType(address)) + b.Shoot.Components.Extensions.IngressDNSRecord.SetValues([]string{address}) + } +} + +// GenerateNginxIngressConfig generates the values which are required to render the chart of +// the nginx-ingress properly. +func (b *Botanist) GenerateNginxIngressConfig() (map[string]interface{}, error) { + var ( + enabled = gardencorev1beta1helper.NginxIngressEnabled(b.Shoot.GetInfo().Spec.Addons) + values map[string]interface{} + ) + + if enabled { + values = map[string]interface{}{ + "controller": map[string]interface{}{ + "customConfig": b.Shoot.GetInfo().Spec.Addons.NginxIngress.Config, + "service": map[string]interface{}{ + "loadBalancerSourceRanges": b.Shoot.GetInfo().Spec.Addons.NginxIngress.LoadBalancerSourceRanges, + "externalTrafficPolicy": *b.Shoot.GetInfo().Spec.Addons.NginxIngress.ExternalTrafficPolicy, + }, + }, + } + + if b.APIServerSNIEnabled() { + values["kubeAPIServerHost"] = b.outOfClusterAPIServerFQDN() + } + } + + return common.GenerateAddonConfig(values, enabled), nil +} + +// DeployManagedResourceForAddons deploys all the ManagedResource CRDs for the gardener-resource-manager. +func (b *Botanist) DeployManagedResourceForAddons(ctx context.Context) error { + for name, chartRenderFunc := range map[string]func(context.Context) (*chartrenderer.RenderedChart, error){ + common.ManagedResourceShootCoreName: b.generateCoreAddonsChart, + common.ManagedResourceAddonsName: b.generateOptionalAddonsChart, + } { + renderedChart, err := chartRenderFunc(ctx) + if err != nil { + return fmt.Errorf("error rendering %q chart: %+v", name, err) + } + + if err := managedresources.CreateForShoot(ctx, b.K8sSeedClient.Client(), b.Shoot.SeedNamespace, name, false, renderedChart.AsSecretData()); err != nil { + return err + } + } + + return nil +} + +// generateCoreAddonsChart renders the gardener-resource-manager configuration for the core addons. After that it +// creates a ManagedResource CRD that references the rendered manifests and creates it. +func (b *Botanist) generateCoreAddonsChart(ctx context.Context) (*chartrenderer.RenderedChart, error) { + var ( + kasFQDN = b.outOfClusterAPIServerFQDN() + kubeProxySecret = b.LoadSecret("kube-proxy") + global = map[string]interface{}{ + "kubernetesVersion": b.Shoot.GetInfo().Spec.Kubernetes.Version, + "podNetwork": b.Shoot.Networks.Pods.String(), + "vpaEnabled": b.Shoot.WantsVerticalPodAutoscaler, + } + nodeLocalDNSConfig = map[string]interface{}{ + "domain": gardencorev1beta1.DefaultDomain, + } + + podSecurityPolicies = map[string]interface{}{ + "allowPrivilegedContainers": *b.Shoot.GetInfo().Spec.Kubernetes.AllowPrivilegedContainers, + } + kubeProxyConfig = map[string]interface{}{ + "kubeconfig": kubeProxySecret.Data["kubeconfig"], + "kubernetesVersion": b.Shoot.GetInfo().Spec.Kubernetes.Version, + "podAnnotations": map[string]interface{}{ + "checksum/secret-kube-proxy": b.LoadCheckSum("kube-proxy"), + }, + "enableIPVS": b.Shoot.IPVSEnabled(), + } + verticalPodAutoscaler = map[string]interface{}{ + "application": map[string]interface{}{ + "clusterType": "shoot", + "admissionController": map[string]interface{}{ + "enableServiceAccount": false, + "controlNamespace": b.Shoot.SeedNamespace, + }, + "exporter": map[string]interface{}{"enableServiceAccount": false}, + "recommender": map[string]interface{}{"enableServiceAccount": false}, + "updater": map[string]interface{}{"enableServiceAccount": false}, + }, + } + + shootInfo = map[string]interface{}{ + "projectName": b.Garden.Project.Name, + "shootName": b.Shoot.GetInfo().Name, + "provider": b.Shoot.GetInfo().Spec.Provider.Type, + "region": b.Shoot.GetInfo().Spec.Region, + "kubernetesVersion": b.Shoot.GetInfo().Spec.Kubernetes.Version, + "podNetwork": b.Shoot.Networks.Pods.String(), + "serviceNetwork": b.Shoot.Networks.Services.String(), + "maintenanceBegin": b.Shoot.GetInfo().Spec.Maintenance.TimeWindow.Begin, + "maintenanceEnd": b.Shoot.GetInfo().Spec.Maintenance.TimeWindow.End, + } + nodeExporterConfig = map[string]interface{}{} + blackboxExporterConfig = map[string]interface{}{} + nodeProblemDetectorConfig = map[string]interface{}{} + networkPolicyConfig = netpol.ShootNetworkPolicyValues{ + Enabled: true, + NodeLocalDNS: netpol.NodeLocalDNSValues{ + Enabled: b.Shoot.NodeLocalDNSEnabled, + KubeDNSClusterIP: b.Shoot.Networks.CoreDNS.String(), + }, + } + + nodeNetwork = b.Shoot.GetInfo().Spec.Networking.Nodes + ) + + if b.Shoot.IPVSEnabled() { + networkPolicyConfig.NodeLocalDNS.KubeDNSClusterIP = common.NodeLocalIPVSAddress + } + + if b.APIServerSNIEnabled() { + nodeProblemDetectorConfig["env"] = []interface{}{ + map[string]interface{}{ + "name": "KUBERNETES_SERVICE_HOST", + "value": kasFQDN, + }, + } + } + + if vpaSecret := b.LoadSecret(common.VPASecretName); vpaSecret != nil { + verticalPodAutoscaler["application"].(map[string]interface{})["admissionController"].(map[string]interface{})["caCert"] = vpaSecret.Data[secrets.DataKeyCertificateCA] + } + + proxyConfig := b.Shoot.GetInfo().Spec.Kubernetes.KubeProxy + kubeProxyEnabled := true + if proxyConfig != nil { + kubeProxyConfig["featureGates"] = proxyConfig.FeatureGates + if proxyConfig.Enabled != nil { + kubeProxyEnabled = *proxyConfig.Enabled + } + } + + if domain := b.Shoot.ExternalClusterDomain; domain != nil { + shootInfo["domain"] = *domain + } + var extensions []string + for extensionType := range b.Shoot.Components.Extensions.Extension.Extensions() { + extensions = append(extensions, extensionType) + } + shootInfo["extensions"] = strings.Join(extensions, ",") + + // The node-local-dns interface cannot bind the kube-dns cluster IP since the interface + // used for IPVS load-balancing already uses this address. + if b.Shoot.IPVSEnabled() { + nodeLocalDNSConfig["clusterDNS"] = b.Shoot.Networks.CoreDNS.String() + } else { + nodeLocalDNSConfig["dnsServer"] = b.Shoot.Networks.CoreDNS.String() + } + + nodelocalDNS, err := b.InjectShootShootImages(nodeLocalDNSConfig, charts.ImageNameNodeLocalDns) + if err != nil { + return nil, err + } + + nodeProblemDetector, err := b.InjectShootShootImages(nodeProblemDetectorConfig, charts.ImageNameNodeProblemDetector) + if err != nil { + return nil, err + } + + kubeProxy, err := b.InjectShootShootImages(kubeProxyConfig, charts.ImageNameKubeProxy, charts.ImageNameAlpine) + if err != nil { + return nil, err + } + + nodeExporter, err := b.InjectShootShootImages(nodeExporterConfig, charts.ImageNameNodeExporter) + if err != nil { + return nil, err + } + blackboxExporter, err := b.InjectShootShootImages(blackboxExporterConfig, charts.ImageNameBlackboxExporter) + if err != nil { + return nil, err + } + + apiserverProxyConfig := map[string]interface{}{ + "advertiseIPAddress": b.APIServerClusterIP, + "proxySeedServer": map[string]interface{}{ + "host": kasFQDN, + "port": "8443", + }, + "webhook": map[string]interface{}{ + "caBundle": b.LoadSecret(v1beta1constants.SecretNameCACluster).Data[secrets.DataKeyCertificateCA], + }, + "podMutatorEnabled": b.APIServerSNIPodMutatorEnabled(), + } + + apiserverProxy, err := b.InjectShootShootImages(apiserverProxyConfig, charts.ImageNameApiserverProxySidecar, charts.ImageNameApiserverProxy) + if err != nil { + return nil, err + } + + if nodeNetwork != nil { + shootInfo["nodeNetwork"] = *nodeNetwork + } + + values := map[string]interface{}{ + "global": global, + "coredns": common.GenerateAddonConfig(nil, true), + "node-local-dns": common.GenerateAddonConfig(nodelocalDNS, b.Shoot.NodeLocalDNSEnabled), + "kube-apiserver-kubelet": common.GenerateAddonConfig(nil, true), + "apiserver-proxy": common.GenerateAddonConfig(apiserverProxy, b.APIServerSNIEnabled()), + "kube-proxy": common.GenerateAddonConfig(kubeProxy, kubeProxyEnabled), + "monitoring": common.GenerateAddonConfig(map[string]interface{}{ + "node-exporter": nodeExporter, + "blackbox-exporter": blackboxExporter, + }, b.Shoot.Purpose != gardencorev1beta1.ShootPurposeTesting), + "network-policies": networkPolicyConfig, + "node-problem-detector": common.GenerateAddonConfig(nodeProblemDetector, true), + "podsecuritypolicies": common.GenerateAddonConfig(podSecurityPolicies, true), + "shoot-info": common.GenerateAddonConfig(shootInfo, true), + "vertical-pod-autoscaler": common.GenerateAddonConfig(verticalPodAutoscaler, b.Shoot.WantsVerticalPodAutoscaler), + "cluster-identity": map[string]interface{}{"clusterIdentity": b.Shoot.GetInfo().Status.ClusterIdentity}, + } + + if b.Shoot.ReversedVPNEnabled { + var ( + vpnTLSAuthSecret = b.LoadSecret(vpnseedserver.VpnSeedServerTLSAuth) + vpnShootSecret = b.LoadSecret(vpnseedserver.VpnShootSecretName) + vpnShootConfig = map[string]interface{}{ + "endpoint": b.outOfClusterAPIServerFQDN(), + "port": "8132", + "podNetwork": b.Shoot.Networks.Pods.String(), + "serviceNetwork": b.Shoot.Networks.Services.String(), + "tlsAuth": vpnTLSAuthSecret.Data["vpn.tlsauth"], + "vpnShootSecretData": map[string]interface{}{ + "ca": vpnShootSecret.Data["ca.crt"], + "tlsCrt": vpnShootSecret.Data["tls.crt"], + "tlsKey": vpnShootSecret.Data["tls.key"], + }, + "reversedVPN": map[string]interface{}{ + "enabled": true, + }, + "podAnnotations": map[string]interface{}{ + "checksum/secret-vpn-shoot-client": b.LoadCheckSum(vpnseedserver.VpnShootSecretName), + }, + } + ) + + if nodeNetwork != nil { + vpnShootConfig["nodeNetwork"] = *nodeNetwork + } + + vpnShoot, err := b.InjectShootShootImages(vpnShootConfig, charts.ImageNameVpnShootClient) + if err != nil { + return nil, err + } + + values["vpn-shoot"] = common.GenerateAddonConfig(vpnShoot, true) + } else { + var ( + vpnTLSAuthSecret = b.LoadSecret(kubeapiserver.SecretNameVPNSeedTLSAuth) + vpnShootSecret = b.LoadSecret("vpn-shoot") + vpnShootConfig = map[string]interface{}{ + "podNetwork": b.Shoot.Networks.Pods.String(), + "serviceNetwork": b.Shoot.Networks.Services.String(), + "tlsAuth": vpnTLSAuthSecret.Data["vpn.tlsauth"], + "vpnShootSecretData": map[string]interface{}{ + "ca": vpnShootSecret.Data["ca.crt"], + "tlsCrt": vpnShootSecret.Data["tls.crt"], + "tlsKey": vpnShootSecret.Data["tls.key"], + }, + "reversedVPN": map[string]interface{}{ + "enabled": false, + }, + "podAnnotations": map[string]interface{}{ + "checksum/secret-vpn-shoot": b.LoadCheckSum("vpn-shoot"), + }, + } + ) + + // OpenVPN related values + if openvpnDiffieHellmanSecret := b.LoadSecret(v1beta1constants.GardenRoleOpenVPNDiffieHellman); openvpnDiffieHellmanSecret != nil { + vpnShootConfig["diffieHellmanKey"] = openvpnDiffieHellmanSecret.Data["dh2048.pem"] + } + + if nodeNetwork != nil { + vpnShootConfig["nodeNetwork"] = *nodeNetwork + } + + vpnShoot, err := b.InjectShootShootImages(vpnShootConfig, charts.ImageNameVpnShoot) + if err != nil { + return nil, err + } + + values["vpn-shoot"] = common.GenerateAddonConfig(vpnShoot, true) + } + + return b.K8sShootClient.ChartRenderer().Render(filepath.Join(charts.Path, "shoot-core", "components"), "shoot-core", metav1.NamespaceSystem, values) +} + +// generateOptionalAddonsChart renders the gardener-resource-manager chart for the optional addons. After that it +// creates a ManagedResource CRD that references the rendered manifests and creates it. +func (b *Botanist) generateOptionalAddonsChart(_ context.Context) (*chartrenderer.RenderedChart, error) { + global := map[string]interface{}{ + "vpaEnabled": b.Shoot.WantsVerticalPodAutoscaler, + } + + kubernetesDashboardConfig, err := b.GenerateKubernetesDashboardConfig() + if err != nil { + return nil, err + } + kubernetesDashboardImagesToInject := []string{charts.ImageNameKubernetesDashboard} + + k8sVersionLessThan116, err := versionutils.CompareVersions(b.Shoot.GetInfo().Spec.Kubernetes.Version, "<", "1.16") + if err != nil { + return nil, err + } + if !k8sVersionLessThan116 { + kubernetesDashboardImagesToInject = append(kubernetesDashboardImagesToInject, charts.ImageNameKubernetesDashboardMetricsScraper) + } + + kubernetesDashboard, err := b.InjectShootShootImages(kubernetesDashboardConfig, kubernetesDashboardImagesToInject...) + if err != nil { + return nil, err + } + + nginxIngressConfig, err := b.GenerateNginxIngressConfig() + if err != nil { + return nil, err + } + nginxIngress, err := b.InjectShootShootImages(nginxIngressConfig, charts.ImageNameNginxIngressController, charts.ImageNameIngressDefaultBackend) + if err != nil { + return nil, err + } + + return b.K8sShootClient.ChartRenderer().Render(filepath.Join(charts.Path, "shoot-addons"), "addons", metav1.NamespaceSystem, map[string]interface{}{ + "global": global, + "kubernetes-dashboard": kubernetesDashboard, + "nginx-ingress": nginxIngress, + }) +} + +// outOfClusterAPIServerFQDN returns the Fully Qualified Domain Name of the apiserver +// with dot "." suffix. It'll prevent extra requests to the DNS in case the record is not +// available. +func (b *Botanist) outOfClusterAPIServerFQDN() string { + return fmt.Sprintf("%s.", b.Shoot.ComputeOutOfClusterAPIServerAddress(b.APIServerAddress, true)) +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/addons/networkpolicy/shoot_network_policy.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/addons/networkpolicy/shoot_network_policy.go new file mode 100644 index 000000000..3c1e3ab12 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/addons/networkpolicy/shoot_network_policy.go @@ -0,0 +1,30 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package networkpolicy + +// ShootNetworkPolicyValues contain NodeLocalDNS configuration for +// network-policy charts used in the kube-system namespace in the Shoot +// cluster. +type ShootNetworkPolicyValues struct { + Enabled bool `json:"enabled,omitempty"` + NodeLocalDNS NodeLocalDNSValues `json:"nodeLocalDNS,omitempty"` +} + +// NodeLocalDNSValues contain optional IP address of the kube-dns +// which should be allowed in the network policies. +type NodeLocalDNSValues struct { + Enabled bool `json:"enabled,omitempty"` + KubeDNSClusterIP string `json:"kubeDNSClusterIP,omitempty"` +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/backupentry.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/backupentry.go new file mode 100644 index 000000000..8a42de1d1 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/backupentry.go @@ -0,0 +1,55 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package botanist + +import ( + "context" + + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "github.com/gardener/gardener/pkg/operation/botanist/component" + corebackupentry "github.com/gardener/gardener/pkg/operation/botanist/component/backupentry" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/pointer" +) + +// DefaultCoreBackupEntry creates the default deployer for the core.gardener.cloud/v1beta1.BackupEntry resource. +func (b *Botanist) DefaultCoreBackupEntry() component.DeployMigrateWaiter { + ownerRef := metav1.NewControllerRef(b.Shoot.GetInfo(), gardencorev1beta1.SchemeGroupVersion.WithKind("Shoot")) + ownerRef.BlockOwnerDeletion = pointer.Bool(false) + + return corebackupentry.New( + b.Logger, + b.K8sGardenClient.Client(), + &corebackupentry.Values{ + Namespace: b.Shoot.GetInfo().Namespace, + Name: b.Shoot.BackupEntryName, + ShootPurpose: b.Shoot.GetInfo().Spec.Purpose, + OwnerReference: ownerRef, + SeedName: b.Shoot.GetInfo().Spec.SeedName, + BucketName: string(b.Seed.GetInfo().UID), + }, + corebackupentry.DefaultInterval, + corebackupentry.DefaultTimeout, + ) +} + +// DeployBackupEntry deploys the BackupEntry resource in the Garden cluster and triggers the restore operation in case +// the Shoot is in the restore phase of the control plane migration. +func (b *Botanist) DeployBackupEntry(ctx context.Context) error { + if b.isRestorePhase() { + return b.Shoot.Components.BackupEntry.Restore(ctx, b.GetShootState()) + } + return b.Shoot.Components.BackupEntry.Deploy(ctx) +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/botanist.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/botanist.go new file mode 100644 index 000000000..507cc5c67 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/botanist.go @@ -0,0 +1,221 @@ +// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package botanist + +import ( + "context" + "fmt" + "sort" + "strings" + "time" + + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + "github.com/gardener/gardener/pkg/features" + gardenletfeatures "github.com/gardener/gardener/pkg/gardenlet/features" + "github.com/gardener/gardener/pkg/operation" + "github.com/gardener/gardener/pkg/operation/botanist/component/etcd" + "github.com/gardener/gardener/pkg/operation/botanist/component/logging" + shootpkg "github.com/gardener/gardener/pkg/operation/shoot" + + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + // DefaultInterval is the default interval for retry operations. + DefaultInterval = 5 * time.Second +) + +// New takes an operation object and creates a new Botanist object. It checks whether the given Shoot DNS +// domain is covered by a default domain, and if so, it sets the attribute on the Botanist +// object. +func New(ctx context.Context, o *operation.Operation) (*Botanist, error) { + var ( + b = &Botanist{Operation: o} + err error + ) + + // Determine all default domain secrets and check whether the used Shoot domain matches a default domain. + if o.Shoot != nil && o.Shoot.GetInfo().Spec.DNS != nil && o.Shoot.GetInfo().Spec.DNS.Domain != nil { + var ( + prefix = fmt.Sprintf("%s-", v1beta1constants.GardenRoleDefaultDomain) + defaultDomainKeys = o.GetSecretKeysOfRole(v1beta1constants.GardenRoleDefaultDomain) + ) + sort.Slice(defaultDomainKeys, func(i, j int) bool { return len(defaultDomainKeys[i]) >= len(defaultDomainKeys[j]) }) + for _, key := range defaultDomainKeys { + defaultDomain := strings.SplitAfter(key, prefix)[1] + if strings.HasSuffix(*(o.Shoot.GetInfo().Spec.DNS.Domain), defaultDomain) { + b.DefaultDomainSecret = b.LoadSecret(prefix + defaultDomain) + break + } + } + } + + if err = b.InitializeSeedClients(ctx); err != nil { + return nil, err + } + + // extension components + o.Shoot.Components.Extensions.ContainerRuntime = b.DefaultContainerRuntime() + o.Shoot.Components.Extensions.ControlPlane = b.DefaultControlPlane(extensionsv1alpha1.Normal) + o.Shoot.Components.Extensions.ControlPlaneExposure = b.DefaultControlPlane(extensionsv1alpha1.Exposure) + o.Shoot.Components.Extensions.DNS.ExternalProvider = b.DefaultExternalDNSProvider() + o.Shoot.Components.Extensions.DNS.ExternalOwner = b.DefaultExternalDNSOwner() + o.Shoot.Components.Extensions.DNS.ExternalEntry = b.DefaultExternalDNSEntry() + o.Shoot.Components.Extensions.DNS.InternalProvider = b.DefaultInternalDNSProvider() + o.Shoot.Components.Extensions.DNS.InternalOwner = b.DefaultInternalDNSOwner() + o.Shoot.Components.Extensions.DNS.InternalEntry = b.DefaultInternalDNSEntry() + o.Shoot.Components.Extensions.DNS.NginxOwner = b.DefaultNginxIngressDNSOwner() + o.Shoot.Components.Extensions.DNS.NginxEntry = b.DefaultNginxIngressDNSEntry() + o.Shoot.Components.Extensions.DNS.AdditionalProviders, err = b.AdditionalDNSProviders(ctx) + o.Shoot.Components.Extensions.ExternalDNSRecord = b.DefaultExternalDNSRecord() + o.Shoot.Components.Extensions.InternalDNSRecord = b.DefaultInternalDNSRecord() + o.Shoot.Components.Extensions.IngressDNSRecord = b.DefaultIngressDNSRecord() + o.Shoot.Components.Extensions.OwnerDNSRecord = b.DefaultOwnerDNSRecord() + if err != nil { + return nil, err + } + o.Shoot.Components.Extensions.Extension, err = b.DefaultExtension(ctx) + if err != nil { + return nil, err + } + o.Shoot.Components.Extensions.Infrastructure = b.DefaultInfrastructure() + o.Shoot.Components.Extensions.Network = b.DefaultNetwork() + o.Shoot.Components.Extensions.OperatingSystemConfig, err = b.DefaultOperatingSystemConfig() + if err != nil { + return nil, err + } + o.Shoot.Components.Extensions.Worker = b.DefaultWorker() + + sniPhase, err := b.SNIPhase(ctx) + if err != nil { + return nil, err + } + + // control plane components + o.Shoot.Components.ControlPlane.EtcdMain, err = b.DefaultEtcd(v1beta1constants.ETCDRoleMain, etcd.ClassImportant) + if err != nil { + return nil, err + } + o.Shoot.Components.ControlPlane.EtcdEvents, err = b.DefaultEtcd(v1beta1constants.ETCDRoleEvents, etcd.ClassNormal) + if err != nil { + return nil, err + } + o.Shoot.Components.ControlPlane.KubeAPIServerService = b.DefaultKubeAPIServerService(sniPhase) + o.Shoot.Components.ControlPlane.KubeAPIServerSNI = b.DefaultKubeAPIServerSNI() + o.Shoot.Components.ControlPlane.KubeAPIServerSNIPhase = sniPhase + o.Shoot.Components.ControlPlane.KubeAPIServer, err = b.DefaultKubeAPIServer(ctx) + if err != nil { + return nil, err + } + o.Shoot.Components.ControlPlane.KubeScheduler, err = b.DefaultKubeScheduler() + if err != nil { + return nil, err + } + o.Shoot.Components.ControlPlane.KubeControllerManager, err = b.DefaultKubeControllerManager() + if err != nil { + return nil, err + } + o.Shoot.Components.ControlPlane.ResourceManager, err = b.DefaultResourceManager() + if err != nil { + return nil, err + } + o.Shoot.Components.ControlPlane.ClusterAutoscaler, err = b.DefaultClusterAutoscaler() + if err != nil { + return nil, err + } + o.Shoot.Components.ControlPlane.VPNSeedServer, err = b.DefaultVPNSeedServer() + if err != nil { + return nil, err + } + + // system components + o.Shoot.Components.SystemComponents.ClusterIdentity = b.DefaultClusterIdentity() + o.Shoot.Components.SystemComponents.Namespaces = b.DefaultShootNamespaces() + o.Shoot.Components.SystemComponents.CoreDNS, err = b.DefaultCoreDNS() + if err != nil { + return nil, err + } + o.Shoot.Components.SystemComponents.MetricsServer, err = b.DefaultMetricsServer() + if err != nil { + return nil, err + } + + // other components + o.Shoot.Components.BackupEntry = b.DefaultCoreBackupEntry() + o.Shoot.Components.NetworkPolicies, err = b.DefaultNetworkPolicies(sniPhase) + if err != nil { + return nil, err + } + + // Logging + o.Shoot.Components.Logging.ShootRBACProxy, err = logging.NewKubeRBACProxy(&logging.KubeRBACProxyOptions{ + Client: b.K8sSeedClient.Client(), + Namespace: b.Shoot.SeedNamespace, + IsShootNodeLoggingEnabled: b.isShootNodeLoggingEnabled(), + }) + if err != nil { + return nil, err + } + + return b, nil +} + +// RequiredExtensionsReady checks whether all required extensions needed for a shoot operation exist and are ready. +func (b *Botanist) RequiredExtensionsReady(ctx context.Context) error { + controllerRegistrationList := &gardencorev1beta1.ControllerRegistrationList{} + if err := b.K8sGardenClient.Client().List(ctx, controllerRegistrationList); err != nil { + return err + } + + controllerInstallationList := &gardencorev1beta1.ControllerInstallationList{} + if err := b.K8sGardenClient.Client().List(ctx, controllerInstallationList); err != nil { + return err + } + + requiredExtensions := shootpkg.ComputeRequiredExtensions(b.Shoot.GetInfo(), b.Seed.GetInfo(), controllerRegistrationList, b.Garden.InternalDomain, b.Shoot.ExternalDomain, + gardenletfeatures.FeatureGate.Enabled(features.UseDNSRecords)) + + for _, controllerInstallation := range controllerInstallationList.Items { + if controllerInstallation.Spec.SeedRef.Name != b.Seed.GetInfo().Name { + continue + } + + controllerRegistration := &gardencorev1beta1.ControllerRegistration{} + if err := b.K8sGardenClient.Client().Get(ctx, client.ObjectKey{Name: controllerInstallation.Spec.RegistrationRef.Name}, controllerRegistration); err != nil { + return err + } + + for _, kindType := range requiredExtensions.UnsortedList() { + split := strings.Split(kindType, "/") + if len(split) != 2 { + return fmt.Errorf("unexpected required extension: %q", kindType) + } + extensionKind, extensionType := split[0], split[1] + + if helper.IsResourceSupported(controllerRegistration.Spec.Resources, extensionKind, extensionType) && helper.IsControllerInstallationSuccessful(controllerInstallation) { + requiredExtensions.Delete(kindType) + } + } + } + + if len(requiredExtensions) > 0 { + return fmt.Errorf("extension controllers missing or unready: %+v", requiredExtensions) + } + + return nil +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/cleanup.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/cleanup.go new file mode 100644 index 000000000..8442cc75d --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/cleanup.go @@ -0,0 +1,326 @@ +// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package botanist + +import ( + "context" + "strconv" + + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" + "github.com/gardener/gardener/pkg/utils" + "github.com/gardener/gardener/pkg/utils/flow" + utilclient "github.com/gardener/gardener/pkg/utils/kubernetes/client" + "github.com/gardener/gardener/pkg/utils/retry" + "github.com/gardener/gardener/pkg/utils/version" + + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" + appsv1 "k8s.io/api/apps/v1" + batchv1 "k8s.io/api/batch/v1" + batchv1beta1 "k8s.io/api/batch/v1beta1" + corev1 "k8s.io/api/core/v1" + extensionsv1beta1 "k8s.io/api/extensions/v1beta1" + networkingv1 "k8s.io/api/networking/v1" + storagev1 "k8s.io/api/storage/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" + apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" + "k8s.io/kube-aggregator/pkg/controllers/autoregister" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + // Provider is the kubernetes provider label. + Provider = "provider" + // KubernetesProvider is the 'kubernetes' value of the Provider label. + KubernetesProvider = "kubernetes" + + // KubeAggregatorAutoManaged is the label whether an APIService is automanaged by kube-aggregator. + KubeAggregatorAutoManaged = autoregister.AutoRegisterManagedLabel + + // MetadataNameField ist the `metadata.name` field for a field selector. + MetadataNameField = "metadata.name" +) + +var ( + // FinalizeAfterFiveMinutes is an option to finalize resources after five minutes. + FinalizeAfterFiveMinutes = utilclient.FinalizeGracePeriodSeconds(5 * 60) + + // FinalizeAfterOneHour is an option to finalize resources after one hour. + FinalizeAfterOneHour = utilclient.FinalizeGracePeriodSeconds(60 * 60) + + // ZeroGracePeriod can be used for deleting resources with no grace period. + ZeroGracePeriod = client.GracePeriodSeconds(0) + // GracePeriodFiveMinutes can be used for deleting resources with a grace period of five minutes. + GracePeriodFiveMinutes = client.GracePeriodSeconds(5 * 60) + + // NotSystemComponent is a requirement that something doesn't have the GardenRole GardenRoleSystemComponent. + NotSystemComponent = utils.MustNewRequirement(v1beta1constants.GardenRole, selection.NotEquals, v1beta1constants.GardenRoleSystemComponent) + // NoCleanupPrevention is a requirement that the ShootNoCleanup label of something is not true. + NoCleanupPrevention = utils.MustNewRequirement(v1beta1constants.ShootNoCleanup, selection.NotEquals, "true") + // NotKubernetesProvider is a requirement that the Provider label of something is not KubernetesProvider. + NotKubernetesProvider = utils.MustNewRequirement(Provider, selection.NotEquals, KubernetesProvider) + // NotKubeAggregatorAutoManaged is a requirement that something is not auto-managed by Kube-Aggregator. + NotKubeAggregatorAutoManaged = utils.MustNewRequirement(KubeAggregatorAutoManaged, selection.DoesNotExist) + + // CleanupSelector is a selector that excludes system components and all resources not considered for auto cleanup. + CleanupSelector = labels.NewSelector().Add(NotSystemComponent).Add(NoCleanupPrevention) + + // NoCleanupPreventionListOption are CollectionMatching that exclude system components or non-auto cleaned up resource. + NoCleanupPreventionListOption = client.MatchingLabelsSelector{Selector: CleanupSelector} + + // MutatingWebhookConfigurationCleanOption is the delete selector for MutatingWebhookConfigurations. + MutatingWebhookConfigurationCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // ValidatingWebhookConfigurationCleanOption is the delete selector for ValidatingWebhookConfigurations. + ValidatingWebhookConfigurationCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // CustomResourceDefinitionCleanOption is the delete selector for CustomResources. + CustomResourceDefinitionCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // DaemonSetCleanOption is the delete selector for DaemonSets. + DaemonSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // DeploymentCleanOption is the delete selector for Deployments. + DeploymentCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // StatefulSetCleanOption is the delete selector for StatefulSets. + StatefulSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // ServiceCleanOption is the delete selector for Services. + ServiceCleanOption = utilclient.ListWith{ + client.MatchingLabelsSelector{ + Selector: labels.NewSelector().Add(NotKubernetesProvider, NotSystemComponent, NoCleanupPrevention), + }, + } + + // NamespaceMatchingLabelsSelector is the delete label selector for Namespaces. + NamespaceMatchingLabelsSelector = utilclient.ListWith{&NoCleanupPreventionListOption} + + // NamespaceMatchingFieldsSelector is the delete field selector for Namespaces. + NamespaceMatchingFieldsSelector = utilclient.ListWith{ + client.MatchingFieldsSelector{ + Selector: fields.AndSelectors( + fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespacePublic), + fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespaceSystem), + fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespaceDefault), + fields.OneTermNotEqualSelector(MetadataNameField, corev1.NamespaceNodeLease), + ), + }, + } + + // APIServiceCleanOption is the delete selector for APIServices. + APIServiceCleanOption = utilclient.ListWith{ + client.MatchingLabelsSelector{ + Selector: labels.NewSelector().Add(NotSystemComponent, NotKubeAggregatorAutoManaged), + }, + } + + // CronJobCleanOption is the delete selector for CronJobs. + CronJobCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // IngressCleanOption is the delete selector for Ingresses. + IngressCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // JobCleanOption is the delete selector for Jobs. + JobCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // PodCleanOption is the delete selector for Pods. + PodCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // ReplicaSetCleanOption is the delete selector for ReplicaSets. + ReplicaSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // ReplicationControllerCleanOption is the delete selector for ReplicationControllers. + ReplicationControllerCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // PersistentVolumeClaimCleanOption is the delete selector for PersistentVolumeClaims. + PersistentVolumeClaimCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} + + // NamespaceErrorToleration are the errors to be tolerated during deletion. + NamespaceErrorToleration = utilclient.TolerateErrors{apierrors.IsConflict} +) + +func cleanResourceFn(cleanOps utilclient.CleanOps, c client.Client, list client.ObjectList, opts ...utilclient.CleanOption) flow.TaskFn { + return func(ctx context.Context) error { + return retry.Until(ctx, DefaultInterval, func(ctx context.Context) (done bool, err error) { + if err := cleanOps.CleanAndEnsureGone(ctx, c, list, opts...); err != nil { + if utilclient.AreObjectsRemaining(err) { + return retry.MinorError(helper.NewErrorWithCodes(err.Error(), gardencorev1beta1.ErrorCleanupClusterResources)) + } + return retry.SevereError(err) + } + return retry.Ok() + }) + } +} + +// CleanWebhooks deletes all Webhooks in the Shoot cluster that are not being managed by the addon manager. +func (b *Botanist) CleanWebhooks(ctx context.Context) error { + var ( + c = b.K8sShootClient.Client() + ensurer = utilclient.GoneBeforeEnsurer(b.Shoot.GetInfo().GetDeletionTimestamp().Time) + ops = utilclient.NewCleanOps(utilclient.DefaultCleaner(), ensurer) + ) + + cleanOptions, err := b.getCleanOptions(GracePeriodFiveMinutes, FinalizeAfterFiveMinutes, v1beta1constants.AnnotationShootCleanupWebhooksFinalizeGracePeriodSeconds, 1) + if err != nil { + return err + } + + if version.ConstraintK8sLessEqual115.Check(b.Shoot.KubernetesVersion) { + return flow.Parallel( + cleanResourceFn(ops, c, &admissionregistrationv1beta1.MutatingWebhookConfigurationList{}, MutatingWebhookConfigurationCleanOption, cleanOptions), + cleanResourceFn(ops, c, &admissionregistrationv1beta1.ValidatingWebhookConfigurationList{}, ValidatingWebhookConfigurationCleanOption, cleanOptions), + )(ctx) + } + + return flow.Parallel( + cleanResourceFn(ops, c, &admissionregistrationv1.MutatingWebhookConfigurationList{}, MutatingWebhookConfigurationCleanOption, cleanOptions), + cleanResourceFn(ops, c, &admissionregistrationv1.ValidatingWebhookConfigurationList{}, ValidatingWebhookConfigurationCleanOption, cleanOptions), + )(ctx) +} + +// CleanExtendedAPIs removes API extensions like CRDs and API services from the Shoot cluster. +func (b *Botanist) CleanExtendedAPIs(ctx context.Context) error { + var ( + c = b.K8sShootClient.Client() + ensurer = utilclient.GoneBeforeEnsurer(b.Shoot.GetInfo().GetDeletionTimestamp().Time) + defaultOps = utilclient.NewCleanOps(utilclient.DefaultCleaner(), ensurer) + crdCleanOps = utilclient.NewCleanOps(utilclient.DefaultCleaner(), ensurer) + ) + + cleanOptions, err := b.getCleanOptions(GracePeriodFiveMinutes, FinalizeAfterOneHour, v1beta1constants.AnnotationShootCleanupExtendedAPIsFinalizeGracePeriodSeconds, 0.1) + if err != nil { + return err + } + + var crdList client.ObjectList = &apiextensionsv1.CustomResourceDefinitionList{} + + if version.ConstraintK8sLessEqual115.Check(b.Shoot.KubernetesVersion) { + crdList = &apiextensionsv1beta1.CustomResourceDefinitionList{} + } + + return flow.Parallel( + cleanResourceFn(defaultOps, c, &apiregistrationv1.APIServiceList{}, APIServiceCleanOption, cleanOptions), + cleanResourceFn(crdCleanOps, c, crdList, CustomResourceDefinitionCleanOption, cleanOptions), + )(ctx) +} + +// CleanKubernetesResources deletes all the Kubernetes resources in the Shoot cluster +// other than those stored in the exceptions map. It will check whether all the Kubernetes resources +// in the Shoot cluster other than those stored in the exceptions map have been deleted. +// It will return an error in case it has not finished yet, and nil if all resources are gone. +func (b *Botanist) CleanKubernetesResources(ctx context.Context) error { + var ( + c = b.K8sShootClient.Client() + ensurer = utilclient.GoneBeforeEnsurer(b.Shoot.GetInfo().GetDeletionTimestamp().Time) + ops = utilclient.NewCleanOps(utilclient.DefaultCleaner(), ensurer) + ) + + cleanOptions, err := b.getCleanOptions(GracePeriodFiveMinutes, FinalizeAfterFiveMinutes, v1beta1constants.AnnotationShootCleanupKubernetesResourcesFinalizeGracePeriodSeconds, 1) + if err != nil { + return err + } + + if metav1.HasAnnotation(b.Shoot.GetInfo().ObjectMeta, v1beta1constants.AnnotationShootSkipCleanup) { + return flow.Parallel( + cleanResourceFn(ops, c, &corev1.ServiceList{}, ServiceCleanOption, cleanOptions), + cleanResourceFn(ops, c, &corev1.PersistentVolumeClaimList{}, PersistentVolumeClaimCleanOption, cleanOptions), + )(ctx) + } + + var ingressList client.ObjectList = &networkingv1.IngressList{} + if version.ConstraintK8sLess119.Check(b.Shoot.KubernetesVersion) { + ingressList = &extensionsv1beta1.IngressList{} + } + + return flow.Parallel( + cleanResourceFn(ops, c, &batchv1beta1.CronJobList{}, CronJobCleanOption, cleanOptions), + cleanResourceFn(ops, c, &appsv1.DaemonSetList{}, DaemonSetCleanOption, cleanOptions), + cleanResourceFn(ops, c, &appsv1.DeploymentList{}, DeploymentCleanOption, cleanOptions), + cleanResourceFn(ops, c, ingressList, IngressCleanOption, cleanOptions), + cleanResourceFn(ops, c, &batchv1.JobList{}, JobCleanOption, cleanOptions), + cleanResourceFn(ops, c, &corev1.PodList{}, PodCleanOption, cleanOptions), + cleanResourceFn(ops, c, &appsv1.ReplicaSetList{}, ReplicaSetCleanOption, cleanOptions), + cleanResourceFn(ops, c, &corev1.ReplicationControllerList{}, ReplicationControllerCleanOption, cleanOptions), + cleanResourceFn(ops, c, &corev1.ServiceList{}, ServiceCleanOption, cleanOptions), + cleanResourceFn(ops, c, &appsv1.StatefulSetList{}, StatefulSetCleanOption, cleanOptions), + cleanResourceFn(ops, c, &corev1.PersistentVolumeClaimList{}, PersistentVolumeClaimCleanOption, cleanOptions), + )(ctx) +} + +// CleanShootNamespaces deletes all non-system namespaces in the Shoot cluster. +// It assumes that all workload resources are cleaned up in previous step(s). +func (b *Botanist) CleanShootNamespaces(ctx context.Context) error { + var ( + c = b.K8sShootClient.Client() + namespaceCleaner = utilclient.NewNamespaceCleaner(b.K8sShootClient.Kubernetes().CoreV1().Namespaces()) + namespaceCleanOps = utilclient.NewCleanOps(namespaceCleaner, utilclient.DefaultGoneEnsurer()) + ) + + cleanOptions, err := b.getCleanOptions(ZeroGracePeriod, FinalizeAfterFiveMinutes, v1beta1constants.AnnotationShootCleanupNamespaceResourcesFinalizeGracePeriodSeconds, 0) + if err != nil { + return err + } + + return cleanResourceFn(namespaceCleanOps, c, &corev1.NamespaceList{}, cleanOptions, NamespaceMatchingLabelsSelector, NamespaceMatchingFieldsSelector, NamespaceErrorToleration)(ctx) +} + +// CleanVolumeAttachments cleans up all VolumeAttachments in the cluster, waits for them to be gone and finalizes any +// remaining ones after five minutes. +func CleanVolumeAttachments(ctx context.Context, c client.Client) error { + return cleanResourceFn(utilclient.DefaultCleanOps(), c, &storagev1.VolumeAttachmentList{}, utilclient.DeleteWith{ZeroGracePeriod}, FinalizeAfterFiveMinutes)(ctx) +} + +func (b *Botanist) getCleanOptions( + defaultGracePeriodSeconds client.GracePeriodSeconds, + defaultFinalizeAfter utilclient.FinalizeGracePeriodSeconds, + annotationKey string, + gracePeriodSecondsFactor float64, +) ( + *utilclient.CleanOptions, + error, +) { + var ( + gracePeriodSeconds = defaultGracePeriodSeconds + finalizeAfter = defaultFinalizeAfter + ) + + if v, ok := b.Shoot.GetInfo().Annotations[annotationKey]; ok { + seconds, err := strconv.Atoi(v) + if err != nil { + return nil, err + } + + if int64(seconds) < int64(defaultFinalizeAfter) { + gracePeriodSeconds = client.GracePeriodSeconds(int(float64(seconds) * gracePeriodSecondsFactor)) + finalizeAfter = utilclient.FinalizeGracePeriodSeconds(seconds) + } + } + + cleanOpts := &utilclient.CleanOptions{} + utilclient.DeleteWith{gracePeriodSeconds}.ApplyToClean(cleanOpts) + finalizeAfter.ApplyToClean(cleanOpts) + + return cleanOpts, nil +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/clusterautoscaler.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/clusterautoscaler.go new file mode 100644 index 000000000..b1ff2ed49 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/clusterautoscaler.go @@ -0,0 +1,55 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package botanist + +import ( + "context" + + "github.com/gardener/gardener/charts" + "github.com/gardener/gardener/pkg/operation/botanist/component" + "github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler" + "github.com/gardener/gardener/pkg/utils/imagevector" +) + +// DefaultClusterAutoscaler returns a deployer for the cluster-autoscaler. +func (b *Botanist) DefaultClusterAutoscaler() (clusterautoscaler.Interface, error) { + image, err := b.ImageVector.FindImage(charts.ImageNameClusterAutoscaler, imagevector.RuntimeVersion(b.SeedVersion()), imagevector.TargetVersion(b.ShootVersion())) + if err != nil { + return nil, err + } + + return clusterautoscaler.New( + b.K8sSeedClient.Client(), + b.Shoot.SeedNamespace, + image.String(), + b.Shoot.GetReplicas(1), + b.Shoot.GetInfo().Spec.Kubernetes.ClusterAutoscaler, + ), nil +} + +// DeployClusterAutoscaler deploys the Kubernetes cluster-autoscaler. +func (b *Botanist) DeployClusterAutoscaler(ctx context.Context) error { + if b.Shoot.WantsClusterAutoscaler { + b.Shoot.Components.ControlPlane.ClusterAutoscaler.SetSecrets(clusterautoscaler.Secrets{ + Kubeconfig: component.Secret{Name: clusterautoscaler.SecretName, Checksum: b.LoadCheckSum(clusterautoscaler.SecretName)}, + }) + b.Shoot.Components.ControlPlane.ClusterAutoscaler.SetNamespaceUID(b.SeedNamespaceObject.UID) + b.Shoot.Components.ControlPlane.ClusterAutoscaler.SetMachineDeployments(b.Shoot.Components.Extensions.Worker.MachineDeployments()) + + return b.Shoot.Components.ControlPlane.ClusterAutoscaler.Deploy(ctx) + } + + return b.Shoot.Components.ControlPlane.ClusterAutoscaler.Destroy(ctx) +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/clusteridentity.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/clusteridentity.go new file mode 100644 index 000000000..b68ec54f4 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/clusteridentity.go @@ -0,0 +1,59 @@ +// Copyright (c) 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package botanist + +import ( + "context" + "fmt" + + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "github.com/gardener/gardener/pkg/extensions" + "github.com/gardener/gardener/pkg/operation/botanist/component/clusteridentity" +) + +// EnsureShootClusterIdentity ensures that Shoot's `status.clusterIdentity` field is set and updates the Cluster resource in +// the seed if necessary. +func (b *Botanist) EnsureShootClusterIdentity(ctx context.Context) error { + if b.Shoot.GetInfo().Status.ClusterIdentity == nil { + clusterIdentity := fmt.Sprintf("%s-%s-%s", b.Shoot.SeedNamespace, b.Shoot.GetInfo().Status.UID, b.GardenClusterIdentity) + + if err := b.Shoot.UpdateInfoStatus(ctx, b.K8sGardenClient.Client(), false, func(shoot *gardencorev1beta1.Shoot) error { + shoot.Status.ClusterIdentity = &clusterIdentity + return nil + }); err != nil { + return err + } + + if err := extensions.SyncClusterResourceToSeed(ctx, b.K8sSeedClient.Client(), b.Shoot.SeedNamespace, b.Shoot.GetInfo(), nil, nil); err != nil { + return err + } + } + + return nil +} + +// DefaultClusterIdentity returns a deployer for the shoot's cluster-identity. +func (b *Botanist) DefaultClusterIdentity() clusteridentity.Interface { + return clusteridentity.NewForShoot(b.K8sSeedClient.Client(), b.Shoot.SeedNamespace, "") +} + +// DeployClusterIdentity deploys the shoot's cluster-identity. +func (b *Botanist) DeployClusterIdentity(ctx context.Context) error { + if v := b.Shoot.GetInfo().Status.ClusterIdentity; v != nil { + b.Shoot.Components.SystemComponents.ClusterIdentity.SetIdentity(*v) + } + + return b.Shoot.Components.SystemComponents.ClusterIdentity.Deploy(ctx) +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/backupentry/backupentry.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/backupentry/backupentry.go new file mode 100644 index 000000000..4c3b293ec --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/backupentry/backupentry.go @@ -0,0 +1,188 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package backupentry + +import ( + "context" + "time" + + gardencorev1alpha1 "github.com/gardener/gardener/pkg/apis/core/v1alpha1" + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + "github.com/gardener/gardener/pkg/controllerutils" + "github.com/gardener/gardener/pkg/extensions" + "github.com/gardener/gardener/pkg/operation/botanist/component" + kutil "github.com/gardener/gardener/pkg/utils/kubernetes" + "github.com/gardener/gardener/pkg/utils/kubernetes/health" + + "github.com/sirupsen/logrus" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + // DefaultInterval is the default interval for retry operations. + DefaultInterval = 5 * time.Second + // DefaultTimeout is the default timeout and defines how long Gardener should wait + // for a successful reconciliation of a BackupEntry resource. + DefaultTimeout = 10 * time.Minute +) + +// TimeNow returns the current time. Exposed for testing. +var TimeNow = time.Now + +// Values contains the values used to create a BackupEntry resource. +type Values struct { + // Namespace is the namespace of the BackupEntry resource. + Namespace string + // Name is the name of the BackupEntry resource. + Name string + // ShootPurpose is the purpose of the shoot. + ShootPurpose *gardencorev1beta1.ShootPurpose + // OwnerReference is a reference to an owner for BackupEntry resource. + OwnerReference *metav1.OwnerReference + // SeedName is the name of the seed to which the BackupEntry shall be scheduled. + SeedName *string + // BucketName is the name of the bucket in which the BackupEntry shall be reconciled. This value is only used if the + // BackupEntry does not exist yet. Otherwise, the existing `.spec.bucketName` will be kept even if the BucketName in + // these values differs. + BucketName string +} + +// New creates a new instance of DeployWaiter for a BackupEntry. +func New( + logger logrus.FieldLogger, + client client.Client, + values *Values, + waitInterval time.Duration, + waitTimeout time.Duration, +) component.DeployMigrateWaiter { + return &backupEntry{ + client: client, + logger: logger, + values: values, + waitInterval: waitInterval, + waitTimeout: waitTimeout, + + backupEntry: &gardencorev1beta1.BackupEntry{ + ObjectMeta: metav1.ObjectMeta{ + Name: values.Name, + Namespace: values.Namespace, + }, + }, + } +} + +type backupEntry struct { + values *Values + logger logrus.FieldLogger + client client.Client + waitInterval time.Duration + waitTimeout time.Duration + + backupEntry *gardencorev1beta1.BackupEntry +} + +// Deploy uses the garden client to create or update the BackupEntry resource in the project namespace in the Garden. +func (b *backupEntry) Deploy(ctx context.Context) error { + var ( + bucketName = b.values.BucketName + seedName = b.values.SeedName + ) + + if err := b.client.Get(ctx, client.ObjectKeyFromObject(b.backupEntry), b.backupEntry); err == nil { + bucketName = b.backupEntry.Spec.BucketName + seedName = b.backupEntry.Spec.SeedName + } else if client.IgnoreNotFound(err) != nil { + return err + } + + return b.reconcile(ctx, b.backupEntry, seedName, bucketName, v1beta1constants.GardenerOperationReconcile) +} + +// Wait waits until the BackupEntry resource is ready. +func (b *backupEntry) Wait(ctx context.Context) error { + if err := extensions.WaitUntilObjectReadyWithHealthFunction( + ctx, + b.client, + b.logger, + health.CheckBackupEntry, + b.backupEntry, + "BackupEntry", + b.waitInterval, + b.waitTimeout, + b.waitTimeout, + nil, + ); err != nil { + b.logger.Error(err) + return err + } + return nil +} + +// Migrate uses the garden client to deschedule the BackupEntry from its current seed. +func (b *backupEntry) Migrate(ctx context.Context) error { + _, err := controllerutils.GetAndCreateOrMergePatch(ctx, b.client, b.backupEntry, func() error { + b.backupEntry.Spec.SeedName = b.values.SeedName + return nil + }) + return err +} + +// WaitMigrate waits until the BackupEntry is migrated +func (b *backupEntry) WaitMigrate(ctx context.Context) error { + return b.Wait(ctx) +} + +// Restore uses the garden client to update the BackupEntry and set the name of the new seed to which it shall be scheduled. +// If the BackupEntry was deleted it will be recreated. +func (b *backupEntry) Restore(ctx context.Context, _ *gardencorev1alpha1.ShootState) error { + bucketName := b.values.BucketName + + if err := b.client.Get(ctx, kutil.Key(b.values.Namespace, b.values.Name), b.backupEntry); err == nil { + bucketName = b.backupEntry.Spec.BucketName + } else if client.IgnoreNotFound(err) != nil { + return err + } + return b.reconcile(ctx, b.backupEntry, b.values.SeedName, bucketName, v1beta1constants.GardenerOperationRestore) +} + +func (b *backupEntry) reconcile(ctx context.Context, backupEntry *gardencorev1beta1.BackupEntry, seedName *string, bucketName string, operation string) error { + _, err := controllerutils.GetAndCreateOrStrategicMergePatch(ctx, b.client, backupEntry, func() error { + metav1.SetMetaDataAnnotation(&backupEntry.ObjectMeta, v1beta1constants.GardenerOperation, operation) + metav1.SetMetaDataAnnotation(&backupEntry.ObjectMeta, v1beta1constants.GardenerTimestamp, TimeNow().UTC().String()) + + if b.values.ShootPurpose != nil { + metav1.SetMetaDataAnnotation(&backupEntry.ObjectMeta, v1beta1constants.ShootPurpose, string(*b.values.ShootPurpose)) + } + + if b.values.OwnerReference != nil { + backupEntry.ObjectMeta.OwnerReferences = []metav1.OwnerReference{*b.values.OwnerReference} + } + + backupEntry.Spec.BucketName = bucketName + backupEntry.Spec.SeedName = seedName + + return nil + }) + + return err +} + +// Destroy is not implemented yet. +func (b *backupEntry) Destroy(_ context.Context) error { return nil } + +// WaitCleanup is not implemented yet. +func (b *backupEntry) WaitCleanup(_ context.Context) error { return nil } diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/bootstrap.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/bootstrap.go new file mode 100644 index 000000000..0ba8862e3 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/bootstrap.go @@ -0,0 +1,95 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package clusterautoscaler + +import ( + "context" + "time" + + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/operation/botanist/component" + "github.com/gardener/gardener/pkg/utils/managedresources" + + machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + clusterRoleControlName = "system:cluster-autoscaler-seed" + managedResourceControlName = "cluster-autoscaler" +) + +// NewBootstrapper creates a new instance of DeployWaiter for the cluster-autoscaler bootstrapper. +func NewBootstrapper(client client.Client, namespace string) component.DeployWaiter { + return &bootstrapper{ + client: client, + namespace: namespace, + } +} + +type bootstrapper struct { + client client.Client + namespace string +} + +func (b *bootstrapper) Deploy(ctx context.Context) error { + var ( + registry = managedresources.NewRegistry(kubernetes.SeedScheme, kubernetes.SeedCodec, kubernetes.SeedSerializer) + + clusterRole = &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: clusterRoleControlName, + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{machinev1alpha1.GroupName}, + Resources: []string{"*"}, + Verbs: []string{"create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"}, + }, + }, + } + ) + + resources, err := registry.AddAllAndSerialize(clusterRole) + if err != nil { + return err + } + + return managedresources.CreateForSeed(ctx, b.client, b.namespace, managedResourceControlName, false, resources) +} + +func (b *bootstrapper) Destroy(ctx context.Context) error { + return managedresources.DeleteForSeed(ctx, b.client, b.namespace, managedResourceControlName) +} + +// TimeoutWaitForManagedResource is the timeout used while waiting for the ManagedResources to become healthy +// or deleted. +var TimeoutWaitForManagedResource = 2 * time.Minute + +func (b *bootstrapper) Wait(ctx context.Context) error { + timeoutCtx, cancel := context.WithTimeout(ctx, TimeoutWaitForManagedResource) + defer cancel() + + return managedresources.WaitUntilHealthy(timeoutCtx, b.client, b.namespace, managedResourceControlName) +} + +func (b *bootstrapper) WaitCleanup(ctx context.Context) error { + timeoutCtx, cancel := context.WithTimeout(ctx, TimeoutWaitForManagedResource) + defer cancel() + + return managedresources.WaitUntilDeleted(timeoutCtx, b.client, b.namespace, managedResourceControlName) +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/cluster_autoscaler.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/cluster_autoscaler.go new file mode 100644 index 000000000..ff79cba07 --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/cluster_autoscaler.go @@ -0,0 +1,489 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package clusterautoscaler + +import ( + "context" + "fmt" + + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/controllerutils" + "github.com/gardener/gardener/pkg/operation/botanist/component" + "github.com/gardener/gardener/pkg/utils" + kutil "github.com/gardener/gardener/pkg/utils/kubernetes" + "github.com/gardener/gardener/pkg/utils/managedresources" + "github.com/gardener/gardener/pkg/utils/secrets" + + resourcesv1alpha1 "github.com/gardener/gardener-resource-manager/api/resources/v1alpha1" + appsv1 "k8s.io/api/apps/v1" + autoscalingv1 "k8s.io/api/autoscaling/v1" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + autoscalingv1beta2 "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1beta2" + "k8s.io/utils/pointer" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + // ServiceName is the name of the service of the cluster-autoscaler. + ServiceName = "cluster-autoscaler" + // SecretName is a constant for the secret name for the cluster-autoscaler's kubeconfig secret. + SecretName = "cluster-autoscaler" + // UserName is the name that should be used for the secret that the cluster-autoscaler uses to + // authenticate itself with the kube-apiserver (e.g., the common name in its client certificate). + UserName = "system:cluster-autoscaler" + + managedResourceTargetName = "shoot-core-cluster-autoscaler" + containerName = v1beta1constants.DeploymentNameClusterAutoscaler + + portNameMetrics = "metrics" + portMetrics int32 = 8085 + volumeMountPathKubeconfig = "/var/lib/cluster-autoscaler" +) + +// Interface contains functions for a cluster-autoscaler deployer. +type Interface interface { + component.DeployWaiter + component.MonitoringComponent + // SetSecrets sets the secrets. + SetSecrets(Secrets) + // SetNamespaceUID sets the UID of the namespace into which the cluster-autoscaler shall be deployed. + SetNamespaceUID(types.UID) + // SetMachineDeployments sets the machine deployments. + SetMachineDeployments([]extensionsv1alpha1.MachineDeployment) +} + +// New creates a new instance of DeployWaiter for the cluster-autoscaler. +func New( + client client.Client, + namespace string, + image string, + replicas int32, + config *gardencorev1beta1.ClusterAutoscaler, +) Interface { + return &clusterAutoscaler{ + client: client, + namespace: namespace, + image: image, + replicas: replicas, + config: config, + } +} + +type clusterAutoscaler struct { + client client.Client + namespace string + image string + replicas int32 + config *gardencorev1beta1.ClusterAutoscaler + + secrets Secrets + namespaceUID types.UID + machineDeployments []extensionsv1alpha1.MachineDeployment +} + +func (c *clusterAutoscaler) Deploy(ctx context.Context) error { + if c.secrets.Kubeconfig.Name == "" || c.secrets.Kubeconfig.Checksum == "" { + return fmt.Errorf("missing kubeconfig secret information") + } + + var ( + serviceAccount = c.emptyServiceAccount() + clusterRoleBinding = c.emptyClusterRoleBinding() + vpa = c.emptyVPA() + service = c.emptyService() + deployment = c.emptyDeployment() + + vpaUpdateMode = autoscalingv1beta2.UpdateModeAuto + command = c.computeCommand() + ) + + if err := c.client.Create(ctx, serviceAccount); kutil.IgnoreAlreadyExists(err) != nil { + return err + } + + if _, err := controllerutils.GetAndCreateOrStrategicMergePatch(ctx, c.client, clusterRoleBinding, func() error { + clusterRoleBinding.OwnerReferences = []metav1.OwnerReference{{ + APIVersion: "v1", + Kind: "Namespace", + Name: c.namespace, + UID: c.namespaceUID, + Controller: pointer.Bool(true), + BlockOwnerDeletion: pointer.Bool(true), + }} + clusterRoleBinding.RoleRef = rbacv1.RoleRef{ + APIGroup: rbacv1.GroupName, + Kind: "ClusterRole", + Name: clusterRoleControlName, + } + clusterRoleBinding.Subjects = []rbacv1.Subject{{ + Kind: rbacv1.ServiceAccountKind, + Name: serviceAccount.Name, + Namespace: c.namespace, + }} + return nil + }); err != nil { + return err + } + + if _, err := controllerutils.GetAndCreateOrMergePatch(ctx, c.client, service, func() error { + service.Labels = getLabels() + service.Spec.Selector = getLabels() + service.Spec.Type = corev1.ServiceTypeClusterIP + service.Spec.ClusterIP = corev1.ClusterIPNone + desiredPorts := []corev1.ServicePort{ + { + Name: portNameMetrics, + Protocol: corev1.ProtocolTCP, + Port: portMetrics, + }, + } + service.Spec.Ports = kutil.ReconcileServicePorts(service.Spec.Ports, desiredPorts, corev1.ServiceTypeClusterIP) + return nil + }); err != nil { + return err + } + + if _, err := controllerutils.GetAndCreateOrMergePatch(ctx, c.client, deployment, func() error { + deployment.Labels = utils.MergeStringMaps(getLabels(), map[string]string{ + v1beta1constants.GardenRole: v1beta1constants.GardenRoleControlPlane, + }) + deployment.Spec.Replicas = &c.replicas + deployment.Spec.RevisionHistoryLimit = pointer.Int32(1) + deployment.Spec.Selector = &metav1.LabelSelector{MatchLabels: getLabels()} + deployment.Spec.Template = corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "checksum/secret-" + c.secrets.Kubeconfig.Name: c.secrets.Kubeconfig.Checksum, + }, + Labels: utils.MergeStringMaps(getLabels(), map[string]string{ + v1beta1constants.GardenRole: v1beta1constants.GardenRoleControlPlane, + v1beta1constants.DeprecatedGardenRole: v1beta1constants.GardenRoleControlPlane, + v1beta1constants.LabelNetworkPolicyToDNS: v1beta1constants.LabelNetworkPolicyAllowed, + v1beta1constants.LabelNetworkPolicyToShootAPIServer: v1beta1constants.LabelNetworkPolicyAllowed, + v1beta1constants.LabelNetworkPolicyToSeedAPIServer: v1beta1constants.LabelNetworkPolicyAllowed, + v1beta1constants.LabelNetworkPolicyFromPrometheus: v1beta1constants.LabelNetworkPolicyAllowed, + }), + }, + Spec: corev1.PodSpec{ + ServiceAccountName: serviceAccount.Name, + TerminationGracePeriodSeconds: pointer.Int64(5), + Containers: []corev1.Container{ + { + Name: containerName, + Image: c.image, + ImagePullPolicy: corev1.PullIfNotPresent, + Command: command, + Ports: []corev1.ContainerPort{ + { + Name: portNameMetrics, + ContainerPort: portMetrics, + Protocol: corev1.ProtocolTCP, + }, + }, + Env: []corev1.EnvVar{ + { + Name: "CONTROL_NAMESPACE", + Value: c.namespace, + }, + { + Name: "TARGET_KUBECONFIG", + Value: volumeMountPathKubeconfig + "/" + secrets.DataKeyKubeconfig, + }, + }, + Resources: corev1.ResourceRequirements{ + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("100m"), + corev1.ResourceMemory: resource.MustParse("300Mi"), + }, + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("1"), + corev1.ResourceMemory: resource.MustParse("3000Mi"), + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: c.secrets.Kubeconfig.Name, + MountPath: volumeMountPathKubeconfig, + ReadOnly: true, + }, + }, + }, + }, + Volumes: []corev1.Volume{ + { + Name: c.secrets.Kubeconfig.Name, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: c.secrets.Kubeconfig.Name, + }, + }, + }, + }, + }, + } + return nil + }); err != nil { + return err + } + + if _, err := controllerutils.GetAndCreateOrMergePatch(ctx, c.client, vpa, func() error { + vpa.Spec.TargetRef = &autoscalingv1.CrossVersionObjectReference{ + APIVersion: appsv1.SchemeGroupVersion.String(), + Kind: "Deployment", + Name: v1beta1constants.DeploymentNameClusterAutoscaler, + } + vpa.Spec.UpdatePolicy = &autoscalingv1beta2.PodUpdatePolicy{ + UpdateMode: &vpaUpdateMode, + } + vpa.Spec.ResourcePolicy = &autoscalingv1beta2.PodResourcePolicy{ + ContainerPolicies: []autoscalingv1beta2.ContainerResourcePolicy{ + { + ContainerName: autoscalingv1beta2.DefaultContainerResourcePolicy, + MinAllowed: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("20m"), + corev1.ResourceMemory: resource.MustParse("50Mi"), + }, + }, + }, + } + return nil + }); err != nil { + return err + } + + data, err := c.computeShootResourcesData() + if err != nil { + return err + } + + return managedresources.CreateForShoot(ctx, c.client, c.namespace, managedResourceTargetName, false, data) +} + +func getLabels() map[string]string { + return map[string]string{ + v1beta1constants.LabelApp: v1beta1constants.LabelKubernetes, + v1beta1constants.LabelRole: v1beta1constants.DeploymentNameClusterAutoscaler, + } +} + +func (c *clusterAutoscaler) Destroy(ctx context.Context) error { + return kutil.DeleteObjects( + ctx, + c.client, + c.emptyManagedResource(), + c.emptyManagedResourceSecret(), + c.emptyVPA(), + c.emptyDeployment(), + c.emptyClusterRoleBinding(), + c.emptyService(), + c.emptyServiceAccount(), + ) +} + +func (c *clusterAutoscaler) Wait(_ context.Context) error { return nil } +func (c *clusterAutoscaler) WaitCleanup(_ context.Context) error { return nil } +func (c *clusterAutoscaler) SetSecrets(secrets Secrets) { c.secrets = secrets } +func (c *clusterAutoscaler) SetNamespaceUID(uid types.UID) { c.namespaceUID = uid } +func (c *clusterAutoscaler) SetMachineDeployments(machineDeployments []extensionsv1alpha1.MachineDeployment) { + c.machineDeployments = machineDeployments +} + +func (c *clusterAutoscaler) emptyClusterRoleBinding() *rbacv1.ClusterRoleBinding { + return &rbacv1.ClusterRoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "cluster-autoscaler-" + c.namespace}} +} + +func (c *clusterAutoscaler) emptyServiceAccount() *corev1.ServiceAccount { + return &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: "cluster-autoscaler", Namespace: c.namespace}} +} + +func (c *clusterAutoscaler) emptyVPA() *autoscalingv1beta2.VerticalPodAutoscaler { + return &autoscalingv1beta2.VerticalPodAutoscaler{ObjectMeta: metav1.ObjectMeta{Name: "cluster-autoscaler-vpa", Namespace: c.namespace}} +} + +func (c *clusterAutoscaler) emptyService() *corev1.Service { + return &corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: ServiceName, Namespace: c.namespace}} +} + +func (c *clusterAutoscaler) emptyDeployment() *appsv1.Deployment { + return &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameClusterAutoscaler, Namespace: c.namespace}} +} + +func (c *clusterAutoscaler) emptyManagedResource() *resourcesv1alpha1.ManagedResource { + return &resourcesv1alpha1.ManagedResource{ObjectMeta: metav1.ObjectMeta{Name: managedResourceTargetName, Namespace: c.namespace}} +} + +func (c *clusterAutoscaler) emptyManagedResourceSecret() *corev1.Secret { + return &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: managedresources.SecretName(managedResourceTargetName, true), Namespace: c.namespace}} +} + +func (c *clusterAutoscaler) computeCommand() []string { + var ( + command = []string{ + "./cluster-autoscaler", + fmt.Sprintf("--address=:%d", portMetrics), + fmt.Sprintf("--kubeconfig=%s", volumeMountPathKubeconfig+"/"+secrets.DataKeyKubeconfig), + "--cloud-provider=mcm", + "--stderrthreshold=info", + "--skip-nodes-with-system-pods=false", + "--skip-nodes-with-local-storage=false", + "--expendable-pods-priority-cutoff=-10", + "--balance-similar-node-groups=true", + "--v=2", + } + ) + + if c.config == nil { + c.config = &gardencorev1beta1.ClusterAutoscaler{} + } + gardencorev1beta1.SetDefaults_ClusterAutoscaler(c.config) + + command = append(command, + fmt.Sprintf("--expander=%s", *c.config.Expander), + fmt.Sprintf("--max-graceful-termination-sec=%d", *c.config.MaxGracefulTerminationSeconds), + fmt.Sprintf("--max-node-provision-time=%s", c.config.MaxNodeProvisionTime.Duration), + fmt.Sprintf("--scale-down-utilization-threshold=%f", *c.config.ScaleDownUtilizationThreshold), + fmt.Sprintf("--scale-down-unneeded-time=%s", c.config.ScaleDownUnneededTime.Duration), + fmt.Sprintf("--scale-down-delay-after-add=%s", c.config.ScaleDownDelayAfterAdd.Duration), + fmt.Sprintf("--scale-down-delay-after-delete=%s", c.config.ScaleDownDelayAfterDelete.Duration), + fmt.Sprintf("--scale-down-delay-after-failure=%s", c.config.ScaleDownDelayAfterFailure.Duration), + fmt.Sprintf("--scan-interval=%s", c.config.ScanInterval.Duration), + ) + + for _, machineDeployment := range c.machineDeployments { + command = append(command, fmt.Sprintf("--nodes=%d:%d:%s.%s", machineDeployment.Minimum, machineDeployment.Maximum, c.namespace, machineDeployment.Name)) + } + + return command +} + +func (c *clusterAutoscaler) computeShootResourcesData() (map[string][]byte, error) { + var ( + registry = managedresources.NewRegistry(kubernetes.ShootScheme, kubernetes.ShootCodec, kubernetes.ShootSerializer) + + clusterRole = &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: "system:cluster-autoscaler-shoot", + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"events", "endpoints"}, + Verbs: []string{"create", "patch"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"pods/eviction", "configmaps"}, + Verbs: []string{"create"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"pods/status"}, + Verbs: []string{"update"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"endpoints"}, + ResourceNames: []string{ServiceName}, + Verbs: []string{"get", "update"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"nodes"}, + Verbs: []string{"watch", "list", "get", "update"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"pods", "services", "replicationcontrollers", "persistentvolumeclaims", "persistentvolumes"}, + Verbs: []string{"watch", "list", "get"}, + }, + { + APIGroups: []string{"apps", "extensions"}, + Resources: []string{"daemonsets", "replicasets", "statefulsets"}, + Verbs: []string{"watch", "list", "get"}, + }, + { + APIGroups: []string{"policy"}, + Resources: []string{"poddisruptionbudgets"}, + Verbs: []string{"watch", "list"}, + }, + { + APIGroups: []string{"storage.k8s.io"}, + Resources: []string{"storageclasses", "csinodes"}, + Verbs: []string{"watch", "list", "get"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"configmaps"}, + ResourceNames: []string{"cluster-autoscaler-status"}, + Verbs: []string{"delete", "get", "update"}, + }, + { + APIGroups: []string{"coordination.k8s.io"}, + Resources: []string{"leases"}, + Verbs: []string{"create"}, + }, + { + APIGroups: []string{"coordination.k8s.io"}, + Resources: []string{"leases"}, + ResourceNames: []string{"cluster-autoscaler"}, + Verbs: []string{"get", "update"}, + }, + { + APIGroups: []string{"batch", "extensions"}, + Resources: []string{"jobs"}, + Verbs: []string{"get", "list", "patch", "watch"}, + }, + { + APIGroups: []string{"batch"}, + Resources: []string{"jobs", "cronjobs"}, + Verbs: []string{"get", "list", "watch"}, + }, + }, + } + + clusterRoleBinding = &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "system:cluster-autoscaler-shoot", + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: rbacv1.GroupName, + Kind: "ClusterRole", + Name: clusterRole.Name, + }, + Subjects: []rbacv1.Subject{{ + Kind: rbacv1.UserKind, + Name: UserName, + }}, + } + ) + + return registry.AddAllAndSerialize( + clusterRole, + clusterRoleBinding, + ) +} + +// Secrets is collection of secrets for the cluster-autoscaler. +type Secrets struct { + // Kubeconfig is a secret which can be used by the cluster-autoscaler to communicate to the kube-apiserver. + Kubeconfig component.Secret +} diff --git a/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/logging.go b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/logging.go new file mode 100644 index 000000000..8e1abfa5b --- /dev/null +++ b/vendor/github.com/gardener/gardener/pkg/operation/botanist/component/clusterautoscaler/logging.go @@ -0,0 +1,43 @@ +// Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package clusterautoscaler + +import ( + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + "github.com/gardener/gardener/pkg/operation/botanist/component" +) + +const ( + loggingParserName = "clusterAutoscalerParser" + loggingParser = `[PARSER] + Name ` + loggingParserName + ` + Format regex + Regex ^(?\w)(?