diff --git a/go.mod b/go.mod index f17af4ff4b..f1178c8242 100644 --- a/go.mod +++ b/go.mod @@ -8,14 +8,14 @@ require ( github.com/go-logr/logr v1.4.3 github.com/golang/mock v1.6.0 github.com/googleapis/gnostic v0.5.5 - github.com/grpc-ecosystem/grpc-health-probe v0.4.40 + github.com/grpc-ecosystem/grpc-health-probe v0.4.41 github.com/maxbrunsfeld/counterfeiter/v6 v6.12.0 github.com/mikefarah/yq/v3 v3.0.0-20201202084205-8846255d1c37 github.com/onsi/ginkgo/v2 v2.27.2 - github.com/openshift/api v0.0.0-20251023193535-8691c3014652 + github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7 github.com/operator-framework/api v0.36.0 github.com/operator-framework/operator-lifecycle-manager v0.0.0-00010101000000-000000000000 - github.com/operator-framework/operator-registry v1.60.0 + github.com/operator-framework/operator-registry v1.61.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/stretchr/testify v1.11.1 @@ -26,8 +26,8 @@ require ( k8s.io/apimachinery v0.34.1 k8s.io/client-go v0.34.1 k8s.io/code-generator v0.34.1 - k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 + k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 sigs.k8s.io/controller-runtime v0.22.4 sigs.k8s.io/controller-tools v0.19.0 ) @@ -83,7 +83,7 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.6.2 // indirect github.com/go-git/go-git/v5 v5.16.2 // indirect - github.com/go-jose/go-jose/v4 v4.1.2 // indirect + github.com/go-jose/go-jose/v4 v4.1.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.21.1 // indirect @@ -101,7 +101,7 @@ require ( github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/go-containerregistry v0.20.6 // indirect - github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect + github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect @@ -166,7 +166,7 @@ require ( github.com/sigstore/sigstore v1.9.5 // indirect github.com/smallstep/pkcs7 v0.2.1 // indirect github.com/spf13/pflag v1.0.10 // indirect - github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect + github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/stoewer/go-strcase v1.3.1 // indirect github.com/tidwall/btree v1.8.1 // indirect @@ -175,7 +175,6 @@ require ( github.com/vbatts/tar-split v0.12.1 // indirect github.com/vbauerster/mpb/v8 v8.10.2 // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/zeebo/errs v1.4.0 // indirect go.etcd.io/bbolt v1.4.3 // indirect go.etcd.io/etcd/api/v3 v3.6.4 // indirect go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect @@ -204,17 +203,16 @@ require ( golang.org/x/mod v0.29.0 // indirect golang.org/x/net v0.46.0 // indirect golang.org/x/oauth2 v0.32.0 // indirect - golang.org/x/sync v0.17.0 // indirect - golang.org/x/sys v0.37.0 // indirect + golang.org/x/sync v0.18.0 // indirect + golang.org/x/sys v0.38.0 // indirect golang.org/x/term v0.36.0 // indirect golang.org/x/text v0.30.0 // indirect golang.org/x/time v0.14.0 // indirect golang.org/x/tools v0.38.0 // indirect - golang.org/x/tools/go/expect v0.1.1-deprecated // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251110190251-83f479183930 // indirect google.golang.org/grpc v1.76.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 2124af4592..7cea6edd87 100644 --- a/go.sum +++ b/go.sum @@ -177,8 +177,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM= github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= -github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI= -github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo= +github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= +github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -279,8 +279,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d h1:KJIErDwbSHjnp/SGzE5ed8Aol7JsKiI5X7yWKAtzhM0= +github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -311,8 +311,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c9 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.0 h1:+epNPbD5EqgpEMm5wrl4Hqts3jZt8+kYaqUisuuIGTk= github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.0/go.mod h1:Zanoh4+gvIgluNqcfMVTJueD4wSS5hT7zTt4Mrutd90= -github.com/grpc-ecosystem/grpc-health-probe v0.4.40 h1:Lr1E28yjpR3D1V42tNDjrFB0Vk+4X0TCDSVfiWXo008= -github.com/grpc-ecosystem/grpc-health-probe v0.4.40/go.mod h1:qP6bjrKrR9n8fKY8wSqcTcPZpchwcog4jTcIPOsqvVY= +github.com/grpc-ecosystem/grpc-health-probe v0.4.41 h1:CUEfHjjmS2dqe6y3Ge4UiQTgjQ7f8ol5zbLIpWLE0NU= +github.com/grpc-ecosystem/grpc-health-probe v0.4.41/go.mod h1:zKKD5raX5byCWAdkiLno5gd10RT6q50VtVTuEhe1DiU= github.com/h2non/filetype v1.1.3 h1:FKkx9QbD7HR/zjK1Ia5XiBsq9zdLi5Kf3zGyFTAFkGg= github.com/h2non/filetype v1.1.3/go.mod h1:319b3zT68BvV+WRj7cwy856M2ehB3HqNOt6sy1HndBY= github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c h1:fEE5/5VNnYUoBOj2I9TP8Jc+a7lge3QWn9DKE7NCwfc= @@ -479,8 +479,8 @@ github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgr github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/openshift/api v0.0.0-20200326152221-912866ddb162/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE= -github.com/openshift/api v0.0.0-20251023193535-8691c3014652 h1:iFo7XEz9/q6qxZey/MCCBTqCC88DXbtUz7mUWtGkQzg= -github.com/openshift/api v0.0.0-20251023193535-8691c3014652/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= +github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7 h1:fdvcDJySvjVJctbPbdLPoMiMk+bls34+eq6tWOqdFZg= +github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= github.com/openshift/build-machinery-go v0.0.0-20200211121458-5e3d6e570160/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0 h1:kMiuiZXH1GdfbiMwsuAQOqGaMxlo9NCUk0wT4XAdfNM= github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0/go.mod h1:uUQ4LClRO+fg5MF/P6QxjMCb1C9f7Oh4RKepftDnEJE= @@ -570,8 +570,8 @@ github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= -github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= +github.com/spiffe/go-spiffe/v2 v2.6.0 h1:l+DolpxNWYgruGQVV0xsfeya3CsC7m8iBzDnMpsbLuo= +github.com/spiffe/go-spiffe/v2 v2.6.0/go.mod h1:gm2SeUoMZEtpnzPNs2Csc0D/gX33k1xIx7lEzqblHEs= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= @@ -626,8 +626,6 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM= -github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo= go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E= @@ -797,8 +795,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -833,8 +831,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= -golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -889,8 +887,8 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= -golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= -golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= +golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY= +golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -915,8 +913,8 @@ google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuO google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc= google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b h1:zPKJod4w6F1+nRGDI9ubnXYhU9NSWoFAijkHkUXeTK8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251110190251-83f479183930 h1:tK4fkUnnRhig9TsTp4otV1FxwBFYgbKUq1RY0V6KZ4U= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251110190251-83f479183930/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1015,13 +1013,13 @@ k8s.io/kms v0.34.1/go.mod h1:s1CFkLG7w9eaTYvctOxosx88fl4spqmixnNpys0JAtM= k8s.io/kube-aggregator v0.34.1 h1:WNLV0dVNoFKmuyvdWLd92iDSyD/TSTjqwaPj0U9XAEU= k8s.io/kube-aggregator v0.34.1/go.mod h1:RU8j+5ERfp0h+gIvWtxRPfsa5nK7rboDm8RST8BJfYQ= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/kubectl v0.33.2 h1:7XKZ6DYCklu5MZQzJe+CkCjoGZwD1wWl7t/FxzhMz7Y= k8s.io/kubectl v0.33.2/go.mod h1:8rC67FB8tVTYraovAGNi/idWIK90z2CHFNMmGJZJ3KI= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0= diff --git a/vendor/github.com/go-jose/go-jose/v4/README.md b/vendor/github.com/go-jose/go-jose/v4/README.md index ca5f1d790b..55c5509176 100644 --- a/vendor/github.com/go-jose/go-jose/v4/README.md +++ b/vendor/github.com/go-jose/go-jose/v4/README.md @@ -37,7 +37,7 @@ Version 4 is the current stable version: import "github.com/go-jose/go-jose/v4" It supports at least the current and previous Golang release. Currently it -requires Golang 1.23. +requires Golang 1.24. Version 3 is only receiving critical security updates. Migration to Version 4 is recommended. diff --git a/vendor/github.com/go-jose/go-jose/v4/crypter.go b/vendor/github.com/go-jose/go-jose/v4/crypter.go index ab02a28e26..31290fc871 100644 --- a/vendor/github.com/go-jose/go-jose/v4/crypter.go +++ b/vendor/github.com/go-jose/go-jose/v4/crypter.go @@ -454,13 +454,9 @@ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) return nil, errors.New("go-jose/go-jose: too many recipients in payload; expecting only one") } - critical, err := headers.getCritical() + err := headers.checkNoCritical() if err != nil { - return nil, fmt.Errorf("go-jose/go-jose: invalid crit header") - } - - if len(critical) > 0 { - return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header") + return nil, err } key, err := tryJWKS(decryptionKey, obj.Header) @@ -527,13 +523,9 @@ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) { globalHeaders := obj.mergedHeaders(nil) - critical, err := globalHeaders.getCritical() + err := globalHeaders.checkNoCritical() if err != nil { - return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: invalid crit header") - } - - if len(critical) > 0 { - return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header") + return -1, Header{}, nil, err } key, err := tryJWKS(decryptionKey, obj.Header) diff --git a/vendor/github.com/go-jose/go-jose/v4/shared.go b/vendor/github.com/go-jose/go-jose/v4/shared.go index 56a81b258d..35130b3aa8 100644 --- a/vendor/github.com/go-jose/go-jose/v4/shared.go +++ b/vendor/github.com/go-jose/go-jose/v4/shared.go @@ -22,6 +22,7 @@ import ( "encoding/base64" "errors" "fmt" + "github.com/go-jose/go-jose/v4/json" ) @@ -76,6 +77,9 @@ var ( // ErrUnsupportedEllipticCurve indicates unsupported or unknown elliptic curve has been found. ErrUnsupportedEllipticCurve = errors.New("go-jose/go-jose: unsupported/unknown elliptic curve") + + // ErrUnsupportedCriticalHeader is returned when a header is marked critical but not supported by go-jose. + ErrUnsupportedCriticalHeader = errors.New("go-jose/go-jose: unsupported critical header") ) // Key management algorithms @@ -166,8 +170,8 @@ const ( ) // supportedCritical is the set of supported extensions that are understood and processed. -var supportedCritical = map[string]bool{ - headerB64: true, +var supportedCritical = map[string]struct{}{ + headerB64: {}, } // rawHeader represents the JOSE header for JWE/JWS objects (used for parsing). @@ -345,6 +349,32 @@ func (parsed rawHeader) getCritical() ([]string, error) { return q, nil } +// checkNoCritical verifies there are no critical headers present. +func (parsed rawHeader) checkNoCritical() error { + if _, ok := parsed[headerCritical]; ok { + return ErrUnsupportedCriticalHeader + } + + return nil +} + +// checkSupportedCritical verifies there are no unsupported critical headers. +// Supported headers are passed in as a set: map of names to empty structs +func (parsed rawHeader) checkSupportedCritical(supported map[string]struct{}) error { + crit, err := parsed.getCritical() + if err != nil { + return err + } + + for _, name := range crit { + if _, ok := supported[name]; !ok { + return ErrUnsupportedCriticalHeader + } + } + + return nil +} + // getS2C extracts parsed "p2c" from the raw JSON. func (parsed rawHeader) getP2C() (int, error) { v := parsed[headerP2C] diff --git a/vendor/github.com/go-jose/go-jose/v4/signing.go b/vendor/github.com/go-jose/go-jose/v4/signing.go index 3dec0112b6..5dbd04c278 100644 --- a/vendor/github.com/go-jose/go-jose/v4/signing.go +++ b/vendor/github.com/go-jose/go-jose/v4/signing.go @@ -404,15 +404,23 @@ func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey inter } signature := obj.Signatures[0] - headers := signature.mergedHeaders() - critical, err := headers.getCritical() - if err != nil { - return err + + if signature.header != nil { + // Per https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11, + // 4.1.11. "crit" (Critical) Header Parameter + // "When used, this Header Parameter MUST be integrity + // protected; therefore, it MUST occur only within the JWS + // Protected Header." + err = signature.header.checkNoCritical() + if err != nil { + return err + } } - for _, name := range critical { - if !supportedCritical[name] { - return ErrCryptoFailure + if signature.protected != nil { + err = signature.protected.checkSupportedCritical(supportedCritical) + if err != nil { + return err } } @@ -421,6 +429,7 @@ func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey inter return ErrCryptoFailure } + headers := signature.mergedHeaders() alg := headers.getSignatureAlgorithm() err = verifier.verifyPayload(input, signature.Signature, alg) if err == nil { @@ -469,14 +478,22 @@ func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey outer: for i, signature := range obj.Signatures { - headers := signature.mergedHeaders() - critical, err := headers.getCritical() - if err != nil { - continue + if signature.header != nil { + // Per https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11, + // 4.1.11. "crit" (Critical) Header Parameter + // "When used, this Header Parameter MUST be integrity + // protected; therefore, it MUST occur only within the JWS + // Protected Header." + err = signature.header.checkNoCritical() + if err != nil { + continue outer + } } - for _, name := range critical { - if !supportedCritical[name] { + if signature.protected != nil { + // Check for only supported critical headers + err = signature.protected.checkSupportedCritical(supportedCritical) + if err != nil { continue outer } } @@ -486,6 +503,7 @@ outer: continue } + headers := signature.mergedHeaders() alg := headers.getSignatureAlgorithm() err = verifier.verifyPayload(input, signature.Signature, alg) if err == nil { diff --git a/vendor/github.com/go-jose/go-jose/v4/symmetric.go b/vendor/github.com/go-jose/go-jose/v4/symmetric.go index 6176e06074..09efefb265 100644 --- a/vendor/github.com/go-jose/go-jose/v4/symmetric.go +++ b/vendor/github.com/go-jose/go-jose/v4/symmetric.go @@ -21,6 +21,7 @@ import ( "crypto/aes" "crypto/cipher" "crypto/hmac" + "crypto/pbkdf2" "crypto/rand" "crypto/sha256" "crypto/sha512" @@ -328,7 +329,7 @@ func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipie // derive key keyLen, h := getPbkdf2Params(alg) - key, err := pbkdf2Key(h, string(ctx.key), salt, ctx.p2c, keyLen) + key, err := pbkdf2.Key(h, string(ctx.key), salt, ctx.p2c, keyLen) if err != nil { return recipientInfo{}, nil } @@ -433,7 +434,7 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien // derive key keyLen, h := getPbkdf2Params(alg) - key, err := pbkdf2Key(h, string(ctx.key), salt, p2c, keyLen) + key, err := pbkdf2.Key(h, string(ctx.key), salt, p2c, keyLen) if err != nil { return nil, err } diff --git a/vendor/github.com/go-jose/go-jose/v4/symmetric_go124.go b/vendor/github.com/go-jose/go-jose/v4/symmetric_go124.go deleted file mode 100644 index 6c5a4e7f20..0000000000 --- a/vendor/github.com/go-jose/go-jose/v4/symmetric_go124.go +++ /dev/null @@ -1,28 +0,0 @@ -//go:build go1.24 - -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto/pbkdf2" - "hash" -) - -func pbkdf2Key(h func() hash.Hash, password string, salt []byte, iter, keyLen int) ([]byte, error) { - return pbkdf2.Key(h, password, salt, iter, keyLen) -} diff --git a/vendor/github.com/go-jose/go-jose/v4/symmetric_legacy.go b/vendor/github.com/go-jose/go-jose/v4/symmetric_legacy.go deleted file mode 100644 index bdfc3d7663..0000000000 --- a/vendor/github.com/go-jose/go-jose/v4/symmetric_legacy.go +++ /dev/null @@ -1,29 +0,0 @@ -//go:build !go1.24 - -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "hash" - - "golang.org/x/crypto/pbkdf2" -) - -func pbkdf2Key(h func() hash.Hash, password string, salt []byte, iter, keyLen int) ([]byte, error) { - return pbkdf2.Key([]byte(password), salt, iter, keyLen, h), nil -} diff --git a/vendor/github.com/google/pprof/profile/proto.go b/vendor/github.com/google/pprof/profile/proto.go index a15696ba16..31bf6bca63 100644 --- a/vendor/github.com/google/pprof/profile/proto.go +++ b/vendor/github.com/google/pprof/profile/proto.go @@ -36,6 +36,7 @@ package profile import ( "errors" "fmt" + "slices" ) type buffer struct { @@ -187,6 +188,16 @@ func le32(p []byte) uint32 { return uint32(p[0]) | uint32(p[1])<<8 | uint32(p[2])<<16 | uint32(p[3])<<24 } +func peekNumVarints(data []byte) (numVarints int) { + for ; len(data) > 0; numVarints++ { + var err error + if _, data, err = decodeVarint(data); err != nil { + break + } + } + return numVarints +} + func decodeVarint(data []byte) (uint64, []byte, error) { var u uint64 for i := 0; ; i++ { @@ -286,6 +297,9 @@ func decodeInt64(b *buffer, x *int64) error { func decodeInt64s(b *buffer, x *[]int64) error { if b.typ == 2 { // Packed encoding + dataLen := peekNumVarints(b.data) + *x = slices.Grow(*x, dataLen) + data := b.data for len(data) > 0 { var u uint64 @@ -316,8 +330,11 @@ func decodeUint64(b *buffer, x *uint64) error { func decodeUint64s(b *buffer, x *[]uint64) error { if b.typ == 2 { - data := b.data // Packed encoding + dataLen := peekNumVarints(b.data) + *x = slices.Grow(*x, dataLen) + + data := b.data for len(data) > 0 { var u uint64 var err error diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 7929f4b625..e5aad151ea 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -727,7 +727,7 @@ type Update struct { // operator and you have verified the authenticity of the provided // image yourself. // The provided image will run with full administrative access - // to the cluster. Do not use this flag with images that comes from unknown + // to the cluster. Do not use this flag with images that come from unknown // or potentially malicious sources. // // +optional diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 0d8587e1dc..be7d462a50 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -878,7 +878,7 @@ var map_Update = map[string]string{ "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", "version": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", - "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", + "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", } func (Update) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go index ebd3cacd47..78cdaddfca 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go @@ -4,6 +4,7 @@ import ( "crypto" "encoding/json" "errors" + "fmt" "io" "os" "sync" @@ -11,11 +12,8 @@ import ( "github.com/go-jose/go-jose/v4" "github.com/spiffe/go-spiffe/v2/internal/jwtutil" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var jwtbundleErr = errs.Class("jwtbundle") - // Bundle is a collection of trusted JWT authorities for a trust domain. type Bundle struct { trustDomain spiffeid.TrustDomain @@ -44,7 +42,7 @@ func FromJWTAuthorities(trustDomain spiffeid.TrustDomain, jwtAuthorities map[str func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { bundleBytes, err := os.ReadFile(path) if err != nil { - return nil, jwtbundleErr.New("unable to read JWT bundle: %w", err) + return nil, wrapJwtbundleErr(fmt.Errorf("unable to read JWT bundle: %w", err)) } return Parse(trustDomain, bundleBytes) @@ -54,7 +52,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { b, err := io.ReadAll(r) if err != nil { - return nil, jwtbundleErr.New("unable to read: %v", err) + return nil, wrapJwtbundleErr(fmt.Errorf("unable to read: %v", err)) } return Parse(trustDomain, b) @@ -64,13 +62,13 @@ func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error) { jwks := new(jose.JSONWebKeySet) if err := json.Unmarshal(bundleBytes, jwks); err != nil { - return nil, jwtbundleErr.New("unable to parse JWKS: %v", err) + return nil, wrapJwtbundleErr(fmt.Errorf("unable to parse JWKS: %v", err)) } bundle := New(trustDomain) for i, key := range jwks.Keys { if err := bundle.AddJWTAuthority(key.KeyID, key.Key); err != nil { - return nil, jwtbundleErr.New("error adding authority %d of JWKS: %v", i, errors.Unwrap(err)) + return nil, wrapJwtbundleErr(fmt.Errorf("error adding authority %d of JWKS: %v", i, errors.Unwrap(err))) } } @@ -116,7 +114,7 @@ func (b *Bundle) HasJWTAuthority(keyID string) bool { // under the given key ID, it is replaced. A key ID must be specified. func (b *Bundle) AddJWTAuthority(keyID string, jwtAuthority crypto.PublicKey) error { if keyID == "" { - return jwtbundleErr.New("keyID cannot be empty") + return wrapJwtbundleErr(errors.New("keyID cannot be empty")) } b.mtx.Lock() @@ -193,8 +191,12 @@ func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (* defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, jwtbundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapJwtbundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return b, nil } + +func wrapJwtbundleErr(err error) error { + return fmt.Errorf("jwtbundle: %w", err) +} diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/set.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/set.go index 048dd0d8a8..ec0836ec77 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/set.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/set.go @@ -1,6 +1,7 @@ package jwtbundle import ( + "fmt" "sort" "sync" @@ -98,7 +99,7 @@ func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bun bundle, ok := s.bundles[trustDomain] if !ok { - return nil, jwtbundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapJwtbundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return bundle, nil diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go index 13b103e24c..712ec636bd 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go @@ -5,6 +5,7 @@ import ( "crypto/x509" "encoding/json" "errors" + "fmt" "io" "os" "sync" @@ -16,7 +17,6 @@ import ( "github.com/spiffe/go-spiffe/v2/internal/jwtutil" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) const ( @@ -24,8 +24,6 @@ const ( jwtSVIDUse = "jwt-svid" ) -var spiffebundleErr = errs.Class("spiffebundle") - type bundleDoc struct { jose.JSONWebKeySet SequenceNumber *uint64 `json:"spiffe_sequence,omitempty"` @@ -59,7 +57,7 @@ func New(trustDomain spiffeid.TrustDomain) *Bundle { func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { bundleBytes, err := os.ReadFile(path) if err != nil { - return nil, spiffebundleErr.New("unable to read SPIFFE bundle: %w", err) + return nil, wrapSpiffebundleErr(fmt.Errorf("unable to read SPIFFE bundle: %w", err)) } return Parse(trustDomain, bundleBytes) @@ -70,7 +68,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { b, err := io.ReadAll(r) if err != nil { - return nil, spiffebundleErr.New("unable to read: %v", err) + return nil, wrapSpiffebundleErr(fmt.Errorf("unable to read: %v", err)) } return Parse(trustDomain, b) @@ -81,7 +79,7 @@ func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error) { jwks := &bundleDoc{} if err := json.Unmarshal(bundleBytes, jwks); err != nil { - return nil, spiffebundleErr.New("unable to parse JWKS: %v", err) + return nil, wrapSpiffebundleErr(fmt.Errorf("unable to parse JWKS: %v", err)) } bundle := New(trustDomain) @@ -95,19 +93,19 @@ func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error if jwks.Keys == nil { // The parameter keys MUST be present. // https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md#413-keys - return nil, spiffebundleErr.New("no authorities found") + return nil, wrapSpiffebundleErr(errors.New("no authorities found")) } for i, key := range jwks.Keys { switch key.Use { // Two SVID types are supported: x509-svid and jwt-svid. case x509SVIDUse: if len(key.Certificates) != 1 { - return nil, spiffebundleErr.New("expected a single certificate in %s entry %d; got %d", x509SVIDUse, i, len(key.Certificates)) + return nil, wrapSpiffebundleErr(fmt.Errorf("expected a single certificate in %s entry %d; got %d", x509SVIDUse, i, len(key.Certificates))) } bundle.AddX509Authority(key.Certificates[0]) case jwtSVIDUse: if err := bundle.AddJWTAuthority(key.KeyID, key.Key); err != nil { - return nil, spiffebundleErr.New("error adding authority %d of JWKS: %v", i, errors.Unwrap(err)) + return nil, wrapSpiffebundleErr(fmt.Errorf("error adding authority %d of JWKS: %v", i, errors.Unwrap(err))) } } } @@ -239,7 +237,7 @@ func (b *Bundle) HasJWTAuthority(keyID string) bool { // under the given key ID, it is replaced. A key ID must be specified. func (b *Bundle) AddJWTAuthority(keyID string, jwtAuthority crypto.PublicKey) error { if keyID == "" { - return spiffebundleErr.New("keyID cannot be empty") + return wrapSpiffebundleErr(errors.New("keyID cannot be empty")) } b.mtx.Lock() @@ -405,7 +403,7 @@ func (b *Bundle) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bun defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, spiffebundleErr.New("no SPIFFE bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no SPIFFE bundle for trust domain %q", trustDomain)) } return b, nil @@ -419,7 +417,7 @@ func (b *Bundle) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) ( defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, spiffebundleErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return b.X509Bundle(), nil @@ -433,7 +431,7 @@ func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (* defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, spiffebundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return b.JWTBundle(), nil @@ -483,3 +481,7 @@ func copySequenceNumber(sequenceNumber *uint64) *uint64 { copied := *sequenceNumber return &copied } + +func wrapSpiffebundleErr(err error) error { + return fmt.Errorf("spiffebundle: %w", err) +} diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/set.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/set.go index 2738135c04..e0d5d4568b 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/set.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/set.go @@ -1,6 +1,7 @@ package spiffebundle import ( + "fmt" "sort" "sync" @@ -100,7 +101,7 @@ func (s *Set) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle bundle, ok := s.bundles[trustDomain] if !ok { - return nil, spiffebundleErr.New("no SPIFFE bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no SPIFFE bundle for trust domain %q", trustDomain)) } return bundle, nil @@ -114,7 +115,7 @@ func (s *Set) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*x5 bundle, ok := s.bundles[trustDomain] if !ok { - return nil, spiffebundleErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return bundle.X509Bundle(), nil @@ -128,7 +129,7 @@ func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*jwt bundle, ok := s.bundles[trustDomain] if !ok { - return nil, spiffebundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return bundle.JWTBundle(), nil diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go index a70bb62fd7..4cc816d24f 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go @@ -2,6 +2,7 @@ package x509bundle import ( "crypto/x509" + "fmt" "io" "os" "sync" @@ -9,11 +10,8 @@ import ( "github.com/spiffe/go-spiffe/v2/internal/pemutil" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var x509bundleErr = errs.Class("x509bundle") - // Bundle is a collection of trusted X.509 authorities for a trust domain. type Bundle struct { trustDomain spiffeid.TrustDomain @@ -42,7 +40,7 @@ func FromX509Authorities(trustDomain spiffeid.TrustDomain, authorities []*x509.C func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { fileBytes, err := os.ReadFile(path) if err != nil { - return nil, x509bundleErr.New("unable to load X.509 bundle file: %w", err) + return nil, wrapX509bundleErr(fmt.Errorf("unable to load X.509 bundle file: %w", err)) } return Parse(trustDomain, fileBytes) @@ -53,7 +51,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { b, err := io.ReadAll(r) if err != nil { - return nil, x509bundleErr.New("unable to read X.509 bundle: %v", err) + return nil, wrapX509bundleErr(fmt.Errorf("unable to read X.509 bundle: %v", err)) } return Parse(trustDomain, b) @@ -69,7 +67,7 @@ func Parse(trustDomain spiffeid.TrustDomain, b []byte) (*Bundle, error) { certs, err := pemutil.ParseCertificates(b) if err != nil { - return nil, x509bundleErr.New("cannot parse certificate: %v", err) + return nil, wrapX509bundleErr(fmt.Errorf("cannot parse certificate: %v", err)) } for _, cert := range certs { bundle.AddX509Authority(cert) @@ -87,7 +85,7 @@ func ParseRaw(trustDomain spiffeid.TrustDomain, b []byte) (*Bundle, error) { certs, err := x509.ParseCertificates(b) if err != nil { - return nil, x509bundleErr.New("cannot parse certificate: %v", err) + return nil, wrapX509bundleErr(fmt.Errorf("cannot parse certificate: %v", err)) } for _, cert := range certs { bundle.AddX509Authority(cert) @@ -195,8 +193,12 @@ func (b *Bundle) Clone() *Bundle { // returned if the trust domain does not match that of the bundle. func (b *Bundle) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error) { if b.trustDomain != trustDomain { - return nil, x509bundleErr.New("no X.509 bundle found for trust domain: %q", trustDomain) + return nil, wrapX509bundleErr(fmt.Errorf("no X.509 bundle found for trust domain: %q", trustDomain)) } return b, nil } + +func wrapX509bundleErr(err error) error { + return fmt.Errorf("x509bundle: %w", err) +} diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/set.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/set.go index 522e249265..9a90d40e63 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/set.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/set.go @@ -1,6 +1,7 @@ package x509bundle import ( + "fmt" "sort" "sync" @@ -98,7 +99,7 @@ func (s *Set) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bu bundle, ok := s.bundles[trustDomain] if !ok { - return nil, x509bundleErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapX509bundleErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return bundle, nil diff --git a/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload.pb.go b/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload.pb.go index d5fd87acfe..46f4251194 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload.pb.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.14.0 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: workload.proto package workload @@ -12,6 +12,7 @@ import ( structpb "google.golang.org/protobuf/types/known/structpb" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -24,18 +25,16 @@ const ( // The X509SVIDRequest message conveys parameters for requesting an X.509-SVID. // There are currently no request parameters. type X509SVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509SVIDRequest) Reset() { *x = X509SVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509SVIDRequest) String() string { @@ -46,7 +45,7 @@ func (*X509SVIDRequest) ProtoMessage() {} func (x *X509SVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -65,10 +64,7 @@ func (*X509SVIDRequest) Descriptor() ([]byte, []int) { // including a set of global CRLs and a list of bundles the workload may use // for federating with foreign trust domains. type X509SVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. A list of X509SVID messages, each of which includes a single // X.509-SVID, its private key, and the bundle for the trust domain. Svids []*X509SVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"` @@ -77,16 +73,16 @@ type X509SVIDResponse struct { // Optional. CA certificate bundles belonging to foreign trust domains that // the workload should trust, keyed by the SPIFFE ID of the foreign trust // domain. Bundles are ASN.1 DER encoded. - FederatedBundles map[string][]byte `protobuf:"bytes,3,rep,name=federated_bundles,json=federatedBundles,proto3" json:"federated_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + FederatedBundles map[string][]byte `protobuf:"bytes,3,rep,name=federated_bundles,json=federatedBundles,proto3" json:"federated_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509SVIDResponse) Reset() { *x = X509SVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509SVIDResponse) String() string { @@ -97,7 +93,7 @@ func (*X509SVIDResponse) ProtoMessage() {} func (x *X509SVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -136,10 +132,7 @@ func (x *X509SVIDResponse) GetFederatedBundles() map[string][]byte { // The X509SVID message carries a single SVID and all associated information, // including the X.509 bundle for the trust domain. type X509SVID struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The SPIFFE ID of the SVID in this entry SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Required. ASN.1 DER encoded certificate chain. MAY include @@ -153,16 +146,16 @@ type X509SVID struct { // identity should be used by a workload when more than one SVID is returned. // For example, `internal` and `external` to indicate an SVID for internal or // external use, respectively. - Hint string `protobuf:"bytes,5,opt,name=hint,proto3" json:"hint,omitempty"` + Hint string `protobuf:"bytes,5,opt,name=hint,proto3" json:"hint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509SVID) Reset() { *x = X509SVID{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509SVID) String() string { @@ -173,7 +166,7 @@ func (*X509SVID) ProtoMessage() {} func (x *X509SVID) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -226,18 +219,16 @@ func (x *X509SVID) GetHint() string { // The X509BundlesRequest message conveys parameters for requesting X.509 // bundles. There are currently no such parameters. type X509BundlesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509BundlesRequest) Reset() { *x = X509BundlesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509BundlesRequest) String() string { @@ -248,7 +239,7 @@ func (*X509BundlesRequest) ProtoMessage() {} func (x *X509BundlesRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -266,25 +257,22 @@ func (*X509BundlesRequest) Descriptor() ([]byte, []int) { // The X509BundlesResponse message carries a set of global CRLs and a map of // trust bundles the workload should trust. type X509BundlesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Optional. ASN.1 DER encoded certificate revocation lists. Crl [][]byte `protobuf:"bytes,1,rep,name=crl,proto3" json:"crl,omitempty"` // Required. CA certificate bundles belonging to trust domains that the // workload should trust, keyed by the SPIFFE ID of the trust domain. // Bundles are ASN.1 DER encoded. - Bundles map[string][]byte `protobuf:"bytes,2,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Bundles map[string][]byte `protobuf:"bytes,2,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509BundlesResponse) Reset() { *x = X509BundlesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509BundlesResponse) String() string { @@ -295,7 +283,7 @@ func (*X509BundlesResponse) ProtoMessage() {} func (x *X509BundlesResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -325,24 +313,21 @@ func (x *X509BundlesResponse) GetBundles() map[string][]byte { } type JWTSVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The audience(s) the workload intends to authenticate against. Audience []string `protobuf:"bytes,1,rep,name=audience,proto3" json:"audience,omitempty"` // Optional. The requested SPIFFE ID for the JWT-SVID. If unset, all // JWT-SVIDs to which the workload is entitled are requested. - SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` + SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTSVIDRequest) Reset() { *x = JWTSVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTSVIDRequest) String() string { @@ -353,7 +338,7 @@ func (*JWTSVIDRequest) ProtoMessage() {} func (x *JWTSVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -384,21 +369,18 @@ func (x *JWTSVIDRequest) GetSpiffeId() string { // The JWTSVIDResponse message conveys JWT-SVIDs. type JWTSVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The list of returned JWT-SVIDs. - Svids []*JWTSVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"` + Svids []*JWTSVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTSVIDResponse) Reset() { *x = JWTSVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTSVIDResponse) String() string { @@ -409,7 +391,7 @@ func (*JWTSVIDResponse) ProtoMessage() {} func (x *JWTSVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -433,10 +415,7 @@ func (x *JWTSVIDResponse) GetSvids() []*JWTSVID { // The JWTSVID message carries the JWT-SVID token and associated metadata. type JWTSVID struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The SPIFFE ID of the JWT-SVID. SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Required. Encoded JWT using JWS Compact Serialization. @@ -445,16 +424,16 @@ type JWTSVID struct { // identity should be used by a workload when more than one SVID is returned. // For example, `internal` and `external` to indicate an SVID for internal or // external use, respectively. - Hint string `protobuf:"bytes,3,opt,name=hint,proto3" json:"hint,omitempty"` + Hint string `protobuf:"bytes,3,opt,name=hint,proto3" json:"hint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTSVID) Reset() { *x = JWTSVID{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTSVID) String() string { @@ -465,7 +444,7 @@ func (*JWTSVID) ProtoMessage() {} func (x *JWTSVID) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -504,18 +483,16 @@ func (x *JWTSVID) GetHint() string { // The JWTBundlesRequest message conveys parameters for requesting JWT bundles. // There are currently no such parameters. type JWTBundlesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTBundlesRequest) Reset() { *x = JWTBundlesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTBundlesRequest) String() string { @@ -526,7 +503,7 @@ func (*JWTBundlesRequest) ProtoMessage() {} func (x *JWTBundlesRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -543,22 +520,19 @@ func (*JWTBundlesRequest) Descriptor() ([]byte, []int) { // The JWTBundlesReponse conveys JWT bundles. type JWTBundlesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. JWK encoded JWT bundles, keyed by the SPIFFE ID of the trust // domain. - Bundles map[string][]byte `protobuf:"bytes,1,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Bundles map[string][]byte `protobuf:"bytes,1,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTBundlesResponse) Reset() { *x = JWTBundlesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTBundlesResponse) String() string { @@ -569,7 +543,7 @@ func (*JWTBundlesResponse) ProtoMessage() {} func (x *JWTBundlesResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -594,26 +568,23 @@ func (x *JWTBundlesResponse) GetBundles() map[string][]byte { // The ValidateJWTSVIDRequest message conveys request parameters for // JWT-SVID validation. type ValidateJWTSVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The audience of the validating party. The JWT-SVID must // contain an audience claim which contains this value in order to // succesfully validate. Audience string `protobuf:"bytes,1,opt,name=audience,proto3" json:"audience,omitempty"` // Required. The JWT-SVID to validate, encoded using JWS Compact // Serialization. - Svid string `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"` + Svid string `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *ValidateJWTSVIDRequest) Reset() { *x = ValidateJWTSVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ValidateJWTSVIDRequest) String() string { @@ -624,7 +595,7 @@ func (*ValidateJWTSVIDRequest) ProtoMessage() {} func (x *ValidateJWTSVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -655,24 +626,21 @@ func (x *ValidateJWTSVIDRequest) GetSvid() string { // The ValidateJWTSVIDReponse message conveys the JWT-SVID validation results. type ValidateJWTSVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The SPIFFE ID of the validated JWT-SVID. SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Optional. Arbitrary claims contained within the payload of the validated // JWT-SVID. - Claims *structpb.Struct `protobuf:"bytes,2,opt,name=claims,proto3" json:"claims,omitempty"` + Claims *structpb.Struct `protobuf:"bytes,2,opt,name=claims,proto3" json:"claims,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *ValidateJWTSVIDResponse) Reset() { *x = ValidateJWTSVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ValidateJWTSVIDResponse) String() string { @@ -683,7 +651,7 @@ func (*ValidateJWTSVIDResponse) ProtoMessage() {} func (x *ValidateJWTSVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -714,122 +682,72 @@ func (x *ValidateJWTSVIDResponse) GetClaims() *structpb.Struct { var File_workload_proto protoreflect.FileDescriptor -var file_workload_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x11, - 0x0a, 0x0f, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x22, 0xe0, 0x01, 0x0a, 0x10, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x05, 0x73, 0x76, 0x69, 0x64, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, - 0x52, 0x05, 0x73, 0x76, 0x69, 0x64, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x72, 0x6c, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x72, 0x6c, 0x12, 0x54, 0x0a, 0x11, 0x66, 0x65, 0x64, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x46, 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x64, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x66, - 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, - 0x43, 0x0a, 0x15, 0x46, 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x42, 0x75, 0x6e, 0x64, - 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x94, 0x01, 0x0a, 0x08, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, - 0x44, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x1b, - 0x0a, 0x09, 0x78, 0x35, 0x30, 0x39, 0x5f, 0x73, 0x76, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x08, 0x78, 0x35, 0x30, 0x39, 0x53, 0x76, 0x69, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x78, - 0x35, 0x30, 0x39, 0x5f, 0x73, 0x76, 0x69, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x0b, 0x78, 0x35, 0x30, 0x39, 0x53, 0x76, 0x69, 0x64, 0x4b, 0x65, 0x79, 0x12, - 0x16, 0x0a, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x58, - 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x22, 0xa0, 0x01, 0x0a, 0x13, 0x58, 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, - 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x72, 0x6c, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x72, 0x6c, 0x12, 0x3b, 0x0a, 0x07, 0x62, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x58, - 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x07, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x42, 0x75, 0x6e, 0x64, - 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0e, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, - 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x22, - 0x31, 0x0a, 0x0f, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x05, 0x73, 0x76, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x08, 0x2e, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x05, 0x73, 0x76, 0x69, - 0x64, 0x73, 0x22, 0x4e, 0x0a, 0x07, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x12, 0x1b, 0x0a, - 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x76, - 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x76, 0x69, 0x64, 0x12, 0x12, - 0x0a, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x69, - 0x6e, 0x74, 0x22, 0x13, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x8c, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x54, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3a, - 0x0a, 0x07, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x07, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x48, 0x0a, 0x16, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, - 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, - 0x73, 0x76, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x76, 0x69, 0x64, - 0x22, 0x67, 0x0a, 0x17, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, - 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, - 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x06, 0x63, 0x6c, 0x61, 0x69, - 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, - 0x74, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x32, 0xc3, 0x02, 0x0a, 0x11, 0x53, 0x70, - 0x69, 0x66, 0x66, 0x65, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x50, 0x49, 0x12, - 0x36, 0x0a, 0x0d, 0x46, 0x65, 0x74, 0x63, 0x68, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, - 0x12, 0x10, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x12, 0x3f, 0x0a, 0x10, 0x46, 0x65, 0x74, 0x63, 0x68, - 0x58, 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x13, 0x2e, 0x58, 0x35, - 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x14, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x12, 0x31, 0x0a, 0x0c, 0x46, 0x65, 0x74, 0x63, - 0x68, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x12, 0x0f, 0x2e, 0x4a, 0x57, 0x54, 0x53, 0x56, - 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x4a, 0x57, 0x54, 0x53, - 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3c, 0x0a, 0x0f, 0x46, - 0x65, 0x74, 0x63, 0x68, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x12, - 0x2e, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x12, 0x44, 0x0a, 0x0f, 0x56, 0x61, 0x6c, - 0x69, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x12, 0x17, 0x2e, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, - 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, - 0x3f, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, - 0x69, 0x66, 0x66, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x76, - 0x32, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x77, - 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x3b, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_workload_proto_rawDesc = "" + + "\n" + + "\x0eworkload.proto\x1a\x1cgoogle/protobuf/struct.proto\"\x11\n" + + "\x0fX509SVIDRequest\"\xe0\x01\n" + + "\x10X509SVIDResponse\x12\x1f\n" + + "\x05svids\x18\x01 \x03(\v2\t.X509SVIDR\x05svids\x12\x10\n" + + "\x03crl\x18\x02 \x03(\fR\x03crl\x12T\n" + + "\x11federated_bundles\x18\x03 \x03(\v2'.X509SVIDResponse.FederatedBundlesEntryR\x10federatedBundles\x1aC\n" + + "\x15FederatedBundlesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value:\x028\x01\"\x94\x01\n" + + "\bX509SVID\x12\x1b\n" + + "\tspiffe_id\x18\x01 \x01(\tR\bspiffeId\x12\x1b\n" + + "\tx509_svid\x18\x02 \x01(\fR\bx509Svid\x12\"\n" + + "\rx509_svid_key\x18\x03 \x01(\fR\vx509SvidKey\x12\x16\n" + + "\x06bundle\x18\x04 \x01(\fR\x06bundle\x12\x12\n" + + "\x04hint\x18\x05 \x01(\tR\x04hint\"\x14\n" + + "\x12X509BundlesRequest\"\xa0\x01\n" + + "\x13X509BundlesResponse\x12\x10\n" + + "\x03crl\x18\x01 \x03(\fR\x03crl\x12;\n" + + "\abundles\x18\x02 \x03(\v2!.X509BundlesResponse.BundlesEntryR\abundles\x1a:\n" + + "\fBundlesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value:\x028\x01\"I\n" + + "\x0eJWTSVIDRequest\x12\x1a\n" + + "\baudience\x18\x01 \x03(\tR\baudience\x12\x1b\n" + + "\tspiffe_id\x18\x02 \x01(\tR\bspiffeId\"1\n" + + "\x0fJWTSVIDResponse\x12\x1e\n" + + "\x05svids\x18\x01 \x03(\v2\b.JWTSVIDR\x05svids\"N\n" + + "\aJWTSVID\x12\x1b\n" + + "\tspiffe_id\x18\x01 \x01(\tR\bspiffeId\x12\x12\n" + + "\x04svid\x18\x02 \x01(\tR\x04svid\x12\x12\n" + + "\x04hint\x18\x03 \x01(\tR\x04hint\"\x13\n" + + "\x11JWTBundlesRequest\"\x8c\x01\n" + + "\x12JWTBundlesResponse\x12:\n" + + "\abundles\x18\x01 \x03(\v2 .JWTBundlesResponse.BundlesEntryR\abundles\x1a:\n" + + "\fBundlesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value:\x028\x01\"H\n" + + "\x16ValidateJWTSVIDRequest\x12\x1a\n" + + "\baudience\x18\x01 \x01(\tR\baudience\x12\x12\n" + + "\x04svid\x18\x02 \x01(\tR\x04svid\"g\n" + + "\x17ValidateJWTSVIDResponse\x12\x1b\n" + + "\tspiffe_id\x18\x01 \x01(\tR\bspiffeId\x12/\n" + + "\x06claims\x18\x02 \x01(\v2\x17.google.protobuf.StructR\x06claims2\xc3\x02\n" + + "\x11SpiffeWorkloadAPI\x126\n" + + "\rFetchX509SVID\x12\x10.X509SVIDRequest\x1a\x11.X509SVIDResponse0\x01\x12?\n" + + "\x10FetchX509Bundles\x12\x13.X509BundlesRequest\x1a\x14.X509BundlesResponse0\x01\x121\n" + + "\fFetchJWTSVID\x12\x0f.JWTSVIDRequest\x1a\x10.JWTSVIDResponse\x12<\n" + + "\x0fFetchJWTBundles\x12\x12.JWTBundlesRequest\x1a\x13.JWTBundlesResponse0\x01\x12D\n" + + "\x0fValidateJWTSVID\x12\x17.ValidateJWTSVIDRequest\x1a\x18.ValidateJWTSVIDResponseB?Z=github.com/spiffe/go-spiffe/v2/proto/spiffe/workload;workloadb\x06proto3" var ( file_workload_proto_rawDescOnce sync.Once - file_workload_proto_rawDescData = file_workload_proto_rawDesc + file_workload_proto_rawDescData []byte ) func file_workload_proto_rawDescGZIP() []byte { file_workload_proto_rawDescOnce.Do(func() { - file_workload_proto_rawDescData = protoimpl.X.CompressGZIP(file_workload_proto_rawDescData) + file_workload_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_workload_proto_rawDesc), len(file_workload_proto_rawDesc))) }) return file_workload_proto_rawDescData } var file_workload_proto_msgTypes = make([]protoimpl.MessageInfo, 15) -var file_workload_proto_goTypes = []interface{}{ +var file_workload_proto_goTypes = []any{ (*X509SVIDRequest)(nil), // 0: X509SVIDRequest (*X509SVIDResponse)(nil), // 1: X509SVIDResponse (*X509SVID)(nil), // 2: X509SVID @@ -876,157 +794,11 @@ func file_workload_proto_init() { if File_workload_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_workload_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509SVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509SVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509SVID); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509BundlesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509BundlesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTSVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTSVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTSVID); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTBundlesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTBundlesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ValidateJWTSVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ValidateJWTSVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_workload_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_workload_proto_rawDesc), len(file_workload_proto_rawDesc)), NumEnums: 0, NumMessages: 15, NumExtensions: 0, @@ -1037,7 +809,6 @@ func file_workload_proto_init() { MessageInfos: file_workload_proto_msgTypes, }.Build() File_workload_proto = out.File - file_workload_proto_rawDesc = nil file_workload_proto_goTypes = nil file_workload_proto_depIdxs = nil } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload_grpc.pb.go b/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload_grpc.pb.go index 4dcb38736c..0203d5f7a4 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload_grpc.pb.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/proto/spiffe/workload/workload_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: workload.proto package workload @@ -11,7 +15,16 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + SpiffeWorkloadAPI_FetchX509SVID_FullMethodName = "/SpiffeWorkloadAPI/FetchX509SVID" + SpiffeWorkloadAPI_FetchX509Bundles_FullMethodName = "/SpiffeWorkloadAPI/FetchX509Bundles" + SpiffeWorkloadAPI_FetchJWTSVID_FullMethodName = "/SpiffeWorkloadAPI/FetchJWTSVID" + SpiffeWorkloadAPI_FetchJWTBundles_FullMethodName = "/SpiffeWorkloadAPI/FetchJWTBundles" + SpiffeWorkloadAPI_ValidateJWTSVID_FullMethodName = "/SpiffeWorkloadAPI/ValidateJWTSVID" +) // SpiffeWorkloadAPIClient is the client API for SpiffeWorkloadAPI service. // @@ -21,12 +34,12 @@ type SpiffeWorkloadAPIClient interface { // as well as related information like trust bundles and CRLs. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509SVIDClient, error) + FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509SVIDResponse], error) // Fetch trust bundles and CRLs. Useful for clients that only need to // validate SVIDs without obtaining an SVID for themself. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509BundlesClient, error) + FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509BundlesResponse], error) // Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to, // for the requested audience. If an optional SPIFFE ID is requested, only // the JWT-SVID for that SPIFFE ID is returned. @@ -34,7 +47,7 @@ type SpiffeWorkloadAPIClient interface { // Fetches the JWT bundles, formatted as JWKS documents, keyed by the // SPIFFE ID of the trust domain. As this information changes, subsequent // messages will be streamed from the server. - FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchJWTBundlesClient, error) + FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[JWTBundlesResponse], error) // Validates a JWT-SVID against the requested audience. Returns the SPIFFE // ID of the JWT-SVID and JWT claims. ValidateJWTSVID(ctx context.Context, in *ValidateJWTSVIDRequest, opts ...grpc.CallOption) (*ValidateJWTSVIDResponse, error) @@ -48,12 +61,13 @@ func NewSpiffeWorkloadAPIClient(cc grpc.ClientConnInterface) SpiffeWorkloadAPICl return &spiffeWorkloadAPIClient{cc} } -func (c *spiffeWorkloadAPIClient) FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509SVIDClient, error) { - stream, err := c.cc.NewStream(ctx, &_SpiffeWorkloadAPI_serviceDesc.Streams[0], "/SpiffeWorkloadAPI/FetchX509SVID", opts...) +func (c *spiffeWorkloadAPIClient) FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509SVIDResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &SpiffeWorkloadAPI_ServiceDesc.Streams[0], SpiffeWorkloadAPI_FetchX509SVID_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &spiffeWorkloadAPIFetchX509SVIDClient{stream} + x := &grpc.GenericClientStream[X509SVIDRequest, X509SVIDResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -63,29 +77,16 @@ func (c *spiffeWorkloadAPIClient) FetchX509SVID(ctx context.Context, in *X509SVI return x, nil } -type SpiffeWorkloadAPI_FetchX509SVIDClient interface { - Recv() (*X509SVIDResponse, error) - grpc.ClientStream -} - -type spiffeWorkloadAPIFetchX509SVIDClient struct { - grpc.ClientStream -} - -func (x *spiffeWorkloadAPIFetchX509SVIDClient) Recv() (*X509SVIDResponse, error) { - m := new(X509SVIDResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509SVIDClient = grpc.ServerStreamingClient[X509SVIDResponse] -func (c *spiffeWorkloadAPIClient) FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509BundlesClient, error) { - stream, err := c.cc.NewStream(ctx, &_SpiffeWorkloadAPI_serviceDesc.Streams[1], "/SpiffeWorkloadAPI/FetchX509Bundles", opts...) +func (c *spiffeWorkloadAPIClient) FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509BundlesResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &SpiffeWorkloadAPI_ServiceDesc.Streams[1], SpiffeWorkloadAPI_FetchX509Bundles_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &spiffeWorkloadAPIFetchX509BundlesClient{stream} + x := &grpc.GenericClientStream[X509BundlesRequest, X509BundlesResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -95,38 +96,26 @@ func (c *spiffeWorkloadAPIClient) FetchX509Bundles(ctx context.Context, in *X509 return x, nil } -type SpiffeWorkloadAPI_FetchX509BundlesClient interface { - Recv() (*X509BundlesResponse, error) - grpc.ClientStream -} - -type spiffeWorkloadAPIFetchX509BundlesClient struct { - grpc.ClientStream -} - -func (x *spiffeWorkloadAPIFetchX509BundlesClient) Recv() (*X509BundlesResponse, error) { - m := new(X509BundlesResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509BundlesClient = grpc.ServerStreamingClient[X509BundlesResponse] func (c *spiffeWorkloadAPIClient) FetchJWTSVID(ctx context.Context, in *JWTSVIDRequest, opts ...grpc.CallOption) (*JWTSVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(JWTSVIDResponse) - err := c.cc.Invoke(ctx, "/SpiffeWorkloadAPI/FetchJWTSVID", in, out, opts...) + err := c.cc.Invoke(ctx, SpiffeWorkloadAPI_FetchJWTSVID_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } return out, nil } -func (c *spiffeWorkloadAPIClient) FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchJWTBundlesClient, error) { - stream, err := c.cc.NewStream(ctx, &_SpiffeWorkloadAPI_serviceDesc.Streams[2], "/SpiffeWorkloadAPI/FetchJWTBundles", opts...) +func (c *spiffeWorkloadAPIClient) FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[JWTBundlesResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &SpiffeWorkloadAPI_ServiceDesc.Streams[2], SpiffeWorkloadAPI_FetchJWTBundles_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &spiffeWorkloadAPIFetchJWTBundlesClient{stream} + x := &grpc.GenericClientStream[JWTBundlesRequest, JWTBundlesResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -136,26 +125,13 @@ func (c *spiffeWorkloadAPIClient) FetchJWTBundles(ctx context.Context, in *JWTBu return x, nil } -type SpiffeWorkloadAPI_FetchJWTBundlesClient interface { - Recv() (*JWTBundlesResponse, error) - grpc.ClientStream -} - -type spiffeWorkloadAPIFetchJWTBundlesClient struct { - grpc.ClientStream -} - -func (x *spiffeWorkloadAPIFetchJWTBundlesClient) Recv() (*JWTBundlesResponse, error) { - m := new(JWTBundlesResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchJWTBundlesClient = grpc.ServerStreamingClient[JWTBundlesResponse] func (c *spiffeWorkloadAPIClient) ValidateJWTSVID(ctx context.Context, in *ValidateJWTSVIDRequest, opts ...grpc.CallOption) (*ValidateJWTSVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(ValidateJWTSVIDResponse) - err := c.cc.Invoke(ctx, "/SpiffeWorkloadAPI/ValidateJWTSVID", in, out, opts...) + err := c.cc.Invoke(ctx, SpiffeWorkloadAPI_ValidateJWTSVID_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -164,18 +140,18 @@ func (c *spiffeWorkloadAPIClient) ValidateJWTSVID(ctx context.Context, in *Valid // SpiffeWorkloadAPIServer is the server API for SpiffeWorkloadAPI service. // All implementations must embed UnimplementedSpiffeWorkloadAPIServer -// for forward compatibility +// for forward compatibility. type SpiffeWorkloadAPIServer interface { // Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to, // as well as related information like trust bundles and CRLs. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509SVID(*X509SVIDRequest, SpiffeWorkloadAPI_FetchX509SVIDServer) error + FetchX509SVID(*X509SVIDRequest, grpc.ServerStreamingServer[X509SVIDResponse]) error // Fetch trust bundles and CRLs. Useful for clients that only need to // validate SVIDs without obtaining an SVID for themself. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509Bundles(*X509BundlesRequest, SpiffeWorkloadAPI_FetchX509BundlesServer) error + FetchX509Bundles(*X509BundlesRequest, grpc.ServerStreamingServer[X509BundlesResponse]) error // Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to, // for the requested audience. If an optional SPIFFE ID is requested, only // the JWT-SVID for that SPIFFE ID is returned. @@ -183,33 +159,37 @@ type SpiffeWorkloadAPIServer interface { // Fetches the JWT bundles, formatted as JWKS documents, keyed by the // SPIFFE ID of the trust domain. As this information changes, subsequent // messages will be streamed from the server. - FetchJWTBundles(*JWTBundlesRequest, SpiffeWorkloadAPI_FetchJWTBundlesServer) error + FetchJWTBundles(*JWTBundlesRequest, grpc.ServerStreamingServer[JWTBundlesResponse]) error // Validates a JWT-SVID against the requested audience. Returns the SPIFFE // ID of the JWT-SVID and JWT claims. ValidateJWTSVID(context.Context, *ValidateJWTSVIDRequest) (*ValidateJWTSVIDResponse, error) mustEmbedUnimplementedSpiffeWorkloadAPIServer() } -// UnimplementedSpiffeWorkloadAPIServer must be embedded to have forward compatible implementations. -type UnimplementedSpiffeWorkloadAPIServer struct { -} +// UnimplementedSpiffeWorkloadAPIServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedSpiffeWorkloadAPIServer struct{} -func (UnimplementedSpiffeWorkloadAPIServer) FetchX509SVID(*X509SVIDRequest, SpiffeWorkloadAPI_FetchX509SVIDServer) error { +func (UnimplementedSpiffeWorkloadAPIServer) FetchX509SVID(*X509SVIDRequest, grpc.ServerStreamingServer[X509SVIDResponse]) error { return status.Errorf(codes.Unimplemented, "method FetchX509SVID not implemented") } -func (UnimplementedSpiffeWorkloadAPIServer) FetchX509Bundles(*X509BundlesRequest, SpiffeWorkloadAPI_FetchX509BundlesServer) error { +func (UnimplementedSpiffeWorkloadAPIServer) FetchX509Bundles(*X509BundlesRequest, grpc.ServerStreamingServer[X509BundlesResponse]) error { return status.Errorf(codes.Unimplemented, "method FetchX509Bundles not implemented") } func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTSVID(context.Context, *JWTSVIDRequest) (*JWTSVIDResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method FetchJWTSVID not implemented") } -func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTBundles(*JWTBundlesRequest, SpiffeWorkloadAPI_FetchJWTBundlesServer) error { +func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTBundles(*JWTBundlesRequest, grpc.ServerStreamingServer[JWTBundlesResponse]) error { return status.Errorf(codes.Unimplemented, "method FetchJWTBundles not implemented") } func (UnimplementedSpiffeWorkloadAPIServer) ValidateJWTSVID(context.Context, *ValidateJWTSVIDRequest) (*ValidateJWTSVIDResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ValidateJWTSVID not implemented") } func (UnimplementedSpiffeWorkloadAPIServer) mustEmbedUnimplementedSpiffeWorkloadAPIServer() {} +func (UnimplementedSpiffeWorkloadAPIServer) testEmbeddedByValue() {} // UnsafeSpiffeWorkloadAPIServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to SpiffeWorkloadAPIServer will @@ -219,7 +199,14 @@ type UnsafeSpiffeWorkloadAPIServer interface { } func RegisterSpiffeWorkloadAPIServer(s grpc.ServiceRegistrar, srv SpiffeWorkloadAPIServer) { - s.RegisterService(&_SpiffeWorkloadAPI_serviceDesc, srv) + // If the following call pancis, it indicates UnimplementedSpiffeWorkloadAPIServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&SpiffeWorkloadAPI_ServiceDesc, srv) } func _SpiffeWorkloadAPI_FetchX509SVID_Handler(srv interface{}, stream grpc.ServerStream) error { @@ -227,42 +214,22 @@ func _SpiffeWorkloadAPI_FetchX509SVID_Handler(srv interface{}, stream grpc.Serve if err := stream.RecvMsg(m); err != nil { return err } - return srv.(SpiffeWorkloadAPIServer).FetchX509SVID(m, &spiffeWorkloadAPIFetchX509SVIDServer{stream}) + return srv.(SpiffeWorkloadAPIServer).FetchX509SVID(m, &grpc.GenericServerStream[X509SVIDRequest, X509SVIDResponse]{ServerStream: stream}) } -type SpiffeWorkloadAPI_FetchX509SVIDServer interface { - Send(*X509SVIDResponse) error - grpc.ServerStream -} - -type spiffeWorkloadAPIFetchX509SVIDServer struct { - grpc.ServerStream -} - -func (x *spiffeWorkloadAPIFetchX509SVIDServer) Send(m *X509SVIDResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509SVIDServer = grpc.ServerStreamingServer[X509SVIDResponse] func _SpiffeWorkloadAPI_FetchX509Bundles_Handler(srv interface{}, stream grpc.ServerStream) error { m := new(X509BundlesRequest) if err := stream.RecvMsg(m); err != nil { return err } - return srv.(SpiffeWorkloadAPIServer).FetchX509Bundles(m, &spiffeWorkloadAPIFetchX509BundlesServer{stream}) + return srv.(SpiffeWorkloadAPIServer).FetchX509Bundles(m, &grpc.GenericServerStream[X509BundlesRequest, X509BundlesResponse]{ServerStream: stream}) } -type SpiffeWorkloadAPI_FetchX509BundlesServer interface { - Send(*X509BundlesResponse) error - grpc.ServerStream -} - -type spiffeWorkloadAPIFetchX509BundlesServer struct { - grpc.ServerStream -} - -func (x *spiffeWorkloadAPIFetchX509BundlesServer) Send(m *X509BundlesResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509BundlesServer = grpc.ServerStreamingServer[X509BundlesResponse] func _SpiffeWorkloadAPI_FetchJWTSVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(JWTSVIDRequest) @@ -274,7 +241,7 @@ func _SpiffeWorkloadAPI_FetchJWTSVID_Handler(srv interface{}, ctx context.Contex } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/SpiffeWorkloadAPI/FetchJWTSVID", + FullMethod: SpiffeWorkloadAPI_FetchJWTSVID_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SpiffeWorkloadAPIServer).FetchJWTSVID(ctx, req.(*JWTSVIDRequest)) @@ -287,21 +254,11 @@ func _SpiffeWorkloadAPI_FetchJWTBundles_Handler(srv interface{}, stream grpc.Ser if err := stream.RecvMsg(m); err != nil { return err } - return srv.(SpiffeWorkloadAPIServer).FetchJWTBundles(m, &spiffeWorkloadAPIFetchJWTBundlesServer{stream}) + return srv.(SpiffeWorkloadAPIServer).FetchJWTBundles(m, &grpc.GenericServerStream[JWTBundlesRequest, JWTBundlesResponse]{ServerStream: stream}) } -type SpiffeWorkloadAPI_FetchJWTBundlesServer interface { - Send(*JWTBundlesResponse) error - grpc.ServerStream -} - -type spiffeWorkloadAPIFetchJWTBundlesServer struct { - grpc.ServerStream -} - -func (x *spiffeWorkloadAPIFetchJWTBundlesServer) Send(m *JWTBundlesResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchJWTBundlesServer = grpc.ServerStreamingServer[JWTBundlesResponse] func _SpiffeWorkloadAPI_ValidateJWTSVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(ValidateJWTSVIDRequest) @@ -313,7 +270,7 @@ func _SpiffeWorkloadAPI_ValidateJWTSVID_Handler(srv interface{}, ctx context.Con } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/SpiffeWorkloadAPI/ValidateJWTSVID", + FullMethod: SpiffeWorkloadAPI_ValidateJWTSVID_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SpiffeWorkloadAPIServer).ValidateJWTSVID(ctx, req.(*ValidateJWTSVIDRequest)) @@ -321,7 +278,10 @@ func _SpiffeWorkloadAPI_ValidateJWTSVID_Handler(srv interface{}, ctx context.Con return interceptor(ctx, in, info, handler) } -var _SpiffeWorkloadAPI_serviceDesc = grpc.ServiceDesc{ +// SpiffeWorkloadAPI_ServiceDesc is the grpc.ServiceDesc for SpiffeWorkloadAPI service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var SpiffeWorkloadAPI_ServiceDesc = grpc.ServiceDesc{ ServiceName: "SpiffeWorkloadAPI", HandlerType: (*SpiffeWorkloadAPIServer)(nil), Methods: []grpc.MethodDesc{ diff --git a/vendor/github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig/config.go b/vendor/github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig/config.go index 0ef3969a02..0331fc198d 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig/config.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig/config.go @@ -221,6 +221,7 @@ func getTLSCertificate(svid x509svid.Source, trace Trace) (*tls.Certificate, err cert := &tls.Certificate{ Certificate: make([][]byte, 0, len(s.Certificates)), PrivateKey: s.PrivateKey, + Leaf: s.Certificates[0], } for _, svidCert := range s.Certificates { diff --git a/vendor/github.com/spiffe/go-spiffe/v2/svid/jwtsvid/svid.go b/vendor/github.com/spiffe/go-spiffe/v2/svid/jwtsvid/svid.go index d46f80035d..15aabc532c 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/svid/jwtsvid/svid.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/svid/jwtsvid/svid.go @@ -1,13 +1,14 @@ package jwtsvid import ( + "errors" + "fmt" "time" "github.com/go-jose/go-jose/v4" "github.com/go-jose/go-jose/v4/jwt" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) var ( @@ -22,8 +23,6 @@ var ( jose.PS384, jose.PS512, } - - jwtsvidErr = errs.Class("jwtsvid") ) // tokenValidator validates the token and returns the claims @@ -54,25 +53,25 @@ func ParseAndValidate(token string, bundles jwtbundle.Source, audience []string) // Obtain the key ID from the header keyID := tok.Headers[0].KeyID if keyID == "" { - return nil, jwtsvidErr.New("token header missing key id") + return nil, wrapJwtsvidErr(errors.New("token header missing key id")) } // Get JWT Bundle bundle, err := bundles.GetJWTBundleForTrustDomain(trustDomain) if err != nil { - return nil, jwtsvidErr.New("no bundle found for trust domain %q", trustDomain) + return nil, wrapJwtsvidErr(fmt.Errorf("no bundle found for trust domain %q", trustDomain)) } // Find JWT authority using the key ID from the token header authority, ok := bundle.FindJWTAuthority(keyID) if !ok { - return nil, jwtsvidErr.New("no JWT authority %q found for trust domain %q", keyID, trustDomain) + return nil, wrapJwtsvidErr(fmt.Errorf("no JWT authority %q found for trust domain %q", keyID, trustDomain)) } // Obtain and verify the token claims using the obtained JWT authority claimsMap := make(map[string]interface{}) if err := tok.Claims(authority, &claimsMap); err != nil { - return nil, jwtsvidErr.New("unable to get claims from token: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("unable to get claims from token: %v", err)) } return claimsMap, nil @@ -86,7 +85,7 @@ func ParseInsecure(token string, audience []string) (*SVID, error) { // Obtain the token claims insecurely, i.e. without signature verification claimsMap := make(map[string]interface{}) if err := tok.UnsafeClaimsWithoutVerification(&claimsMap); err != nil { - return nil, jwtsvidErr.New("unable to get claims from token: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("unable to get claims from token: %v", err)) } return claimsMap, nil @@ -103,26 +102,31 @@ func parse(token string, audience []string, getClaims tokenValidator) (*SVID, er // Parse serialized token tok, err := jwt.ParseSigned(token, allowedSignatureAlgorithms) if err != nil { - return nil, jwtsvidErr.New("unable to parse JWT token") + return nil, wrapJwtsvidErr(errors.New("unable to parse JWT token")) + } + + // forbid tokens which have the `typ` header, which is not either "JOSE" or "JWT" + if typ, present := tok.Headers[0].ExtraHeaders[jose.HeaderType]; present && typ != "JOSE" && typ != "JWT" { + return nil, wrapJwtsvidErr(errors.New("token header type not equal to either JWT or JOSE")) } // Parse out the unverified claims. We need to look up the key by the trust // domain of the SPIFFE ID. var claims jwt.Claims if err := tok.UnsafeClaimsWithoutVerification(&claims); err != nil { - return nil, jwtsvidErr.New("unable to get claims from token: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("unable to get claims from token: %v", err)) } switch { case claims.Subject == "": - return nil, jwtsvidErr.New("token missing subject claim") + return nil, wrapJwtsvidErr(errors.New("token missing subject claim")) case claims.Expiry == nil: - return nil, jwtsvidErr.New("token missing exp claim") + return nil, wrapJwtsvidErr(errors.New("token missing exp claim")) } spiffeID, err := spiffeid.FromString(claims.Subject) if err != nil { - return nil, jwtsvidErr.New("token has an invalid subject claim: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("token has an invalid subject claim: %v", err)) } // Create generic map of claims @@ -139,9 +143,9 @@ func parse(token string, audience []string, getClaims tokenValidator) (*SVID, er // Convert expected validation errors for pretty errors switch err { case jwt.ErrExpired: - err = jwtsvidErr.New("token has expired") + err = wrapJwtsvidErr(errors.New("token has expired")) case jwt.ErrInvalidAudience: - err = jwtsvidErr.New("expected audience in %q (audience=%q)", audience, claims.Audience) + err = wrapJwtsvidErr(fmt.Errorf("expected audience in %q (audience=%q)", audience, claims.Audience)) } return nil, err } @@ -154,3 +158,7 @@ func parse(token string, audience []string, getClaims tokenValidator) (*SVID, er token: token, }, nil } + +func wrapJwtsvidErr(err error) error { + return fmt.Errorf("jwtsvid: %w", err) +} diff --git a/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go b/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go index 7302f3a573..c2e234d77a 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go @@ -7,12 +7,13 @@ import ( "crypto/ed25519" "crypto/rsa" "crypto/x509" + "errors" + "fmt" "os" "github.com/spiffe/go-spiffe/v2/internal/pemutil" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) // SVID represents a SPIFFE X509-SVID. @@ -39,12 +40,12 @@ type SVID struct { func Load(certFile, keyFile string) (*SVID, error) { certBytes, err := os.ReadFile(certFile) if err != nil { - return nil, x509svidErr.New("cannot read certificate file: %w", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot read certificate file: %w", err)) } keyBytes, err := os.ReadFile(keyFile) if err != nil { - return nil, x509svidErr.New("cannot read key file: %w", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot read key file: %w", err)) } return Parse(certBytes, keyBytes) @@ -56,12 +57,12 @@ func Load(certFile, keyFile string) (*SVID, error) { func Parse(certBytes, keyBytes []byte) (*SVID, error) { certs, err := pemutil.ParseCertificates(certBytes) if err != nil { - return nil, x509svidErr.New("cannot parse PEM encoded certificate: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse PEM encoded certificate: %v", err)) } privateKey, err := pemutil.ParsePrivateKey(keyBytes) if err != nil { - return nil, x509svidErr.New("cannot parse PEM encoded private key: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse PEM encoded private key: %v", err)) } return newSVID(certs, privateKey) @@ -74,12 +75,12 @@ func Parse(certBytes, keyBytes []byte) (*SVID, error) { func ParseRaw(certBytes, keyBytes []byte) (*SVID, error) { certificates, err := x509.ParseCertificates(certBytes) if err != nil { - return nil, x509svidErr.New("cannot parse DER encoded certificate: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse DER encoded certificate: %v", err)) } privateKey, err := x509.ParsePKCS8PrivateKey(keyBytes) if err != nil { - return nil, x509svidErr.New("cannot parse DER encoded private key: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse DER encoded private key: %v", err)) } return newSVID(certificates, privateKey) @@ -89,12 +90,12 @@ func ParseRaw(certBytes, keyBytes []byte) (*SVID, error) { // and private key. func (s *SVID) Marshal() ([]byte, []byte, error) { if len(s.Certificates) == 0 { - return nil, nil, x509svidErr.New("no certificates to marshal") + return nil, nil, wrapX509svidErr(errors.New("no certificates to marshal")) } certBytes := pemutil.EncodeCertificates(s.Certificates) keyBytes, err := pemutil.EncodePKCS8PrivateKey(s.PrivateKey) if err != nil { - return nil, nil, x509svidErr.New("cannot encode private key: %v", err) + return nil, nil, wrapX509svidErr(fmt.Errorf("cannot encode private key: %v", err)) } return certBytes, keyBytes, nil @@ -106,11 +107,11 @@ func (s *SVID) Marshal() ([]byte, []byte, error) { func (s *SVID) MarshalRaw() ([]byte, []byte, error) { key, err := x509.MarshalPKCS8PrivateKey(s.PrivateKey) if err != nil { - return nil, nil, x509svidErr.New("cannot marshal private key: %v", err) + return nil, nil, wrapX509svidErr(fmt.Errorf("cannot marshal private key: %v", err)) } if len(s.Certificates) == 0 { - return nil, nil, x509svidErr.New("no certificates to marshal") + return nil, nil, wrapX509svidErr(errors.New("no certificates to marshal")) } certs := x509util.ConcatRawCertsFromCerts(s.Certificates) @@ -125,12 +126,12 @@ func (s *SVID) GetX509SVID() (*SVID, error) { func newSVID(certificates []*x509.Certificate, privateKey crypto.PrivateKey) (*SVID, error) { spiffeID, err := validateCertificates(certificates) if err != nil { - return nil, x509svidErr.New("certificate validation failed: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("certificate validation failed: %v", err)) } signer, err := validatePrivateKey(privateKey, certificates[0]) if err != nil { - return nil, x509svidErr.New("private key validation failed: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("private key validation failed: %v", err)) } return &SVID{ @@ -144,7 +145,7 @@ func newSVID(certificates []*x509.Certificate, privateKey crypto.PrivateKey) (*S // to the spiffe standard and returns the spiffe id of the leaf certificate func validateCertificates(certificates []*x509.Certificate) (*spiffeid.ID, error) { if len(certificates) == 0 { - return nil, errs.New("no certificates found") + return nil, errors.New("no certificates found") } leafID, err := validateLeafCertificate(certificates[0]) @@ -163,10 +164,10 @@ func validateCertificates(certificates []*x509.Certificate) (*spiffeid.ID, error func validateLeafCertificate(leaf *x509.Certificate) (*spiffeid.ID, error) { leafID, err := IDFromCert(leaf) if err != nil { - return nil, errs.New("cannot get leaf certificate SPIFFE ID: %v", err) + return nil, fmt.Errorf("cannot get leaf certificate SPIFFE ID: %v", err) } if leaf.IsCA { - return nil, errs.New("leaf certificate must not have CA flag set to true") + return nil, errors.New("leaf certificate must not have CA flag set to true") } err = validateKeyUsage(leaf) @@ -180,10 +181,10 @@ func validateLeafCertificate(leaf *x509.Certificate) (*spiffeid.ID, error) { func validateSigningCertificates(signingCerts []*x509.Certificate) error { for _, cert := range signingCerts { if !cert.IsCA { - return errs.New("signing certificate must have CA flag set to true") + return errors.New("signing certificate must have CA flag set to true") } if cert.KeyUsage&x509.KeyUsageCertSign == 0 { - return errs.New("signing certificate must have 'keyCertSign' set as key usage") + return errors.New("signing certificate must have 'keyCertSign' set as key usage") } } @@ -193,18 +194,18 @@ func validateSigningCertificates(signingCerts []*x509.Certificate) error { func validateKeyUsage(leaf *x509.Certificate) error { switch { case leaf.KeyUsage&x509.KeyUsageDigitalSignature == 0: - return errs.New("leaf certificate must have 'digitalSignature' set as key usage") + return errors.New("leaf certificate must have 'digitalSignature' set as key usage") case leaf.KeyUsage&x509.KeyUsageCertSign > 0: - return errs.New("leaf certificate must not have 'keyCertSign' set as key usage") + return errors.New("leaf certificate must not have 'keyCertSign' set as key usage") case leaf.KeyUsage&x509.KeyUsageCRLSign > 0: - return errs.New("leaf certificate must not have 'cRLSign' set as key usage") + return errors.New("leaf certificate must not have 'cRLSign' set as key usage") } return nil } func validatePrivateKey(privateKey crypto.PrivateKey, leaf *x509.Certificate) (crypto.Signer, error) { if privateKey == nil { - return nil, errs.New("no private key found") + return nil, errors.New("no private key found") } matched, err := keyMatches(privateKey, leaf.PublicKey) @@ -212,12 +213,12 @@ func validatePrivateKey(privateKey crypto.PrivateKey, leaf *x509.Certificate) (c return nil, err } if !matched { - return nil, errs.New("leaf certificate does not match private key") + return nil, errors.New("leaf certificate does not match private key") } signer, ok := privateKey.(crypto.Signer) if !ok { - return nil, errs.New("expected crypto.Signer; got %T", privateKey) + return nil, fmt.Errorf("expected crypto.Signer; got %T", privateKey) } return signer, nil @@ -235,7 +236,7 @@ func keyMatches(privateKey crypto.PrivateKey, publicKey crypto.PublicKey) (bool, ed25519PublicKey, ok := publicKey.(ed25519.PublicKey) return ok && bytes.Equal(privateKey.Public().(ed25519.PublicKey), ed25519PublicKey), nil default: - return false, errs.New("unsupported private key type %T", privateKey) + return false, fmt.Errorf("unsupported private key type %T", privateKey) } } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/verify.go b/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/verify.go index 681d2844a1..178450166a 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/verify.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/verify.go @@ -2,16 +2,15 @@ package x509svid import ( "crypto/x509" + "errors" + "fmt" "time" "github.com/spiffe/go-spiffe/v2/bundle/x509bundle" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var x509svidErr = errs.Class("x509svid") - // VerifyOption is an option used when verifying X509-SVIDs. type VerifyOption interface { apply(config *verifyConfig) @@ -36,29 +35,29 @@ func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, opts ...V switch { case len(certs) == 0: - return spiffeid.ID{}, nil, x509svidErr.New("empty certificates chain") + return spiffeid.ID{}, nil, wrapX509svidErr(errors.New("empty certificates chain")) case bundleSource == nil: - return spiffeid.ID{}, nil, x509svidErr.New("bundleSource is required") + return spiffeid.ID{}, nil, wrapX509svidErr(errors.New("bundleSource is required")) } leaf := certs[0] id, err := IDFromCert(leaf) if err != nil { - return spiffeid.ID{}, nil, x509svidErr.New("could not get leaf SPIFFE ID: %w", err) + return spiffeid.ID{}, nil, wrapX509svidErr(fmt.Errorf("could not get leaf SPIFFE ID: %w", err)) } switch { case leaf.IsCA: - return id, nil, x509svidErr.New("leaf certificate with CA flag set to true") + return id, nil, wrapX509svidErr(errors.New("leaf certificate with CA flag set to true")) case leaf.KeyUsage&x509.KeyUsageCertSign > 0: - return id, nil, x509svidErr.New("leaf certificate with KeyCertSign key usage") + return id, nil, wrapX509svidErr(errors.New("leaf certificate with KeyCertSign key usage")) case leaf.KeyUsage&x509.KeyUsageCRLSign > 0: - return id, nil, x509svidErr.New("leaf certificate with KeyCrlSign key usage") + return id, nil, wrapX509svidErr(errors.New("leaf certificate with KeyCrlSign key usage")) } bundle, err := bundleSource.GetX509BundleForTrustDomain(id.TrustDomain()) if err != nil { - return id, nil, x509svidErr.New("could not get X509 bundle: %w", err) + return id, nil, wrapX509svidErr(fmt.Errorf("could not get X509 bundle: %w", err)) } verifiedChains, err := leaf.Verify(x509.VerifyOptions{ @@ -68,7 +67,7 @@ func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, opts ...V CurrentTime: config.now, }) if err != nil { - return id, nil, x509svidErr.New("could not verify leaf certificate: %w", err) + return id, nil, wrapX509svidErr(fmt.Errorf("could not verify leaf certificate: %w", err)) } return id, verifiedChains, nil @@ -82,7 +81,7 @@ func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...V for _, rawCert := range rawCerts { cert, err := x509.ParseCertificate(rawCert) if err != nil { - return spiffeid.ID{}, nil, x509svidErr.New("unable to parse certificate: %w", err) + return spiffeid.ID{}, nil, wrapX509svidErr(fmt.Errorf("unable to parse certificate: %w", err)) } certs = append(certs, cert) } @@ -95,9 +94,9 @@ func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...V func IDFromCert(cert *x509.Certificate) (spiffeid.ID, error) { switch { case len(cert.URIs) == 0: - return spiffeid.ID{}, errs.New("certificate contains no URI SAN") + return spiffeid.ID{}, errors.New("certificate contains no URI SAN") case len(cert.URIs) > 1: - return spiffeid.ID{}, errs.New("certificate contains more than one URI SAN") + return spiffeid.ID{}, errors.New("certificate contains more than one URI SAN") } return spiffeid.FromURI(cert.URIs[0]) } @@ -111,3 +110,7 @@ type verifyOption func(config *verifyConfig) func (fn verifyOption) apply(config *verifyConfig) { fn(config) } + +func wrapX509svidErr(err error) error { + return fmt.Errorf("x509svid: %w", err) +} diff --git a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/bundlesource.go b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/bundlesource.go index 2a253efc7d..81c7de5cb2 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/bundlesource.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/bundlesource.go @@ -4,17 +4,16 @@ import ( "context" "crypto" "crypto/x509" + "errors" + "fmt" "sync" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" "github.com/spiffe/go-spiffe/v2/bundle/x509bundle" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var bundlesourceErr = errs.Class("bundlesource") - // BundleSource is a source of SPIFFE bundles maintained via the Workload API. type BundleSource struct { watcher *watcher @@ -73,7 +72,7 @@ func (s *BundleSource) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) x509Authorities, hasX509Authorities := s.x509Authorities[trustDomain] jwtAuthorities, hasJWTAuthorities := s.jwtAuthorities[trustDomain] if !hasX509Authorities && !hasJWTAuthorities { - return nil, bundlesourceErr.New("no SPIFFE bundle for trust domain %q", trustDomain) + return nil, wrapBundlesourceErr(fmt.Errorf("no SPIFFE bundle for trust domain %q", trustDomain)) } bundle := spiffebundle.New(trustDomain) if hasX509Authorities { @@ -96,7 +95,7 @@ func (s *BundleSource) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDom x509Authorities, hasX509Authorities := s.x509Authorities[trustDomain] if !hasX509Authorities { - return nil, bundlesourceErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapBundlesourceErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return x509bundle.FromX509Authorities(trustDomain, x509Authorities), nil } @@ -112,7 +111,7 @@ func (s *BundleSource) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDoma jwtAuthorities, hasJWTAuthorities := s.jwtAuthorities[trustDomain] if !hasJWTAuthorities { - return nil, bundlesourceErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapBundlesourceErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return jwtbundle.FromJWTAuthorities(trustDomain, jwtAuthorities), nil } @@ -182,7 +181,11 @@ func (s *BundleSource) checkClosed() error { s.closeMtx.RLock() defer s.closeMtx.RUnlock() if s.closed { - return bundlesourceErr.New("source is closed") + return wrapBundlesourceErr(errors.New("source is closed")) } return nil } + +func wrapBundlesourceErr(err error) error { + return fmt.Errorf("bundlesource: %w", err) +} diff --git a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/jwtsource.go b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/jwtsource.go index 1122353903..247f5cc6fb 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/jwtsource.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/jwtsource.go @@ -2,16 +2,15 @@ package workloadapi import ( "context" + "errors" + "fmt" "sync" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" - "github.com/zeebo/errs" ) -var jwtsourceErr = errs.Class("jwtsource") - // JWTSource is a source of JWT-SVID and JWT bundles maintained via the // Workload API. type JWTSource struct { @@ -121,7 +120,11 @@ func (s *JWTSource) checkClosed() error { s.closeMtx.RLock() defer s.closeMtx.RUnlock() if s.closed { - return jwtsourceErr.New("source is closed") + return wrapJwtsourceErr(errors.New("source is closed")) } return nil } + +func wrapJwtsourceErr(err error) error { + return fmt.Errorf("jwtsource: %w", err) +} diff --git a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go index a105a60d76..f72e03b2d4 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go @@ -2,11 +2,11 @@ package workloadapi import ( "context" + "errors" "sync" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" - "github.com/zeebo/errs" ) type sourceClient interface { @@ -58,7 +58,7 @@ func newWatcher(ctx context.Context, config watcherConfig, x509ContextFn func(*X // If this function fails, we need to clean up the source. defer func() { if err != nil { - err = errs.Combine(err, w.Close()) + err = errors.Join(err, w.Close()) } }() diff --git a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/x509source.go b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/x509source.go index 28287f68ed..2a942a96ed 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/x509source.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/x509source.go @@ -2,16 +2,15 @@ package workloadapi import ( "context" + "errors" + "fmt" "sync" "github.com/spiffe/go-spiffe/v2/bundle/x509bundle" "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/go-spiffe/v2/svid/x509svid" - "github.com/zeebo/errs" ) -var x509sourceErr = errs.Class("x509source") - // X509Source is a source of X509-SVIDs and X.509 bundles maintained via the // Workload API. type X509Source struct { @@ -74,7 +73,7 @@ func (s *X509Source) GetX509SVID() (*x509svid.SVID, error) { // This is a defensive check and should be unreachable since the source // waits for the initial Workload API update before returning from // New(). - return nil, x509sourceErr.New("missing X509-SVID") + return nil, wrapX509sourceErr(errors.New("missing X509-SVID")) } return svid, nil } @@ -118,7 +117,11 @@ func (s *X509Source) checkClosed() error { s.closeMtx.RLock() defer s.closeMtx.RUnlock() if s.closed { - return x509sourceErr.New("source is closed") + return wrapX509sourceErr(errors.New("source is closed")) } return nil } + +func wrapX509sourceErr(err error) error { + return fmt.Errorf("x509source: %w", err) +} diff --git a/vendor/github.com/zeebo/errs/.gitignore b/vendor/github.com/zeebo/errs/.gitignore deleted file mode 100644 index 722d5e71d9..0000000000 --- a/vendor/github.com/zeebo/errs/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.vscode diff --git a/vendor/github.com/zeebo/errs/AUTHORS b/vendor/github.com/zeebo/errs/AUTHORS deleted file mode 100644 index 6246e7403d..0000000000 --- a/vendor/github.com/zeebo/errs/AUTHORS +++ /dev/null @@ -1,5 +0,0 @@ -Egon Elbre -Jeff Wendling -JT Olio -Kaloyan Raev -paul cannon diff --git a/vendor/github.com/zeebo/errs/LICENSE b/vendor/github.com/zeebo/errs/LICENSE deleted file mode 100644 index 3ba91930ed..0000000000 --- a/vendor/github.com/zeebo/errs/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2017 The Authors - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/zeebo/errs/README.md b/vendor/github.com/zeebo/errs/README.md deleted file mode 100644 index 0f72bf7b01..0000000000 --- a/vendor/github.com/zeebo/errs/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# errs - -[![GoDoc](https://godoc.org/github.com/zeebo/errs?status.svg)](https://godoc.org/github.com/zeebo/errs) -[![Sourcegraph](https://sourcegraph.com/github.com/zeebo/errs/-/badge.svg)](https://sourcegraph.com/github.com/zeebo/errs?badge) -[![Go Report Card](https://goreportcard.com/badge/github.com/zeebo/errs)](https://goreportcard.com/report/github.com/zeebo/errs) - -errs is a package for making errors friendly and easy. - -### Creating Errors - -The easiest way to use it, is to use the package level [New][New] function. -It's much like `fmt.Errorf`, but better. For example: - -```go -func checkThing() error { - return errs.New("what's up with %q?", "zeebo") -} -``` - -Why is it better? Errors come with a stack trace that is only printed -when a `"+"` character is used in the format string. This should retain the -benefits of being able to diagnose where and why errors happen, without all of -the noise of printing a stack trace in every situation. For example: - -```go -func doSomeRealWork() { - err := checkThing() - if err != nil { - fmt.Printf("%+v\n", err) // contains stack trace if it's a errs error. - fmt.Printf("%v\n", err) // does not contain a stack trace - return - } -} -``` - -### Error Classes - -You can create a [Class][Class] of errors and check if any error was created by -that class. The class name is prefixed to all of the errors it creates. For example: - -```go -var Unauthorized = errs.Class("unauthorized") - -func checkUser(username, password string) error { - if username != "zeebo" { - return Unauthorized.New("who is %q?", username) - } - if password != "hunter2" { - return Unauthorized.New("that's not a good password, jerkmo!") - } - return nil -} - -func handleRequest() { - if err := checkUser("zeebo", "hunter3"); Unauthorized.Has(err) { - fmt.Println(err) - } - - // output: - // unauthorized: that's not a good password, jerkmo! -} -``` - -Classes can also [Wrap][ClassWrap] other errors, and errors may be wrapped -multiple times. For example: - -```go -var ( - Error = errs.Class("mypackage") - Unauthorized = errs.Class("unauthorized") -) - -func deep3() error { - return fmt.Errorf("ouch") -} - -func deep2() error { - return Unauthorized.Wrap(deep3()) -} - -func deep1() error { - return Error.Wrap(deep2()) -} - -func deep() { - fmt.Println(deep1()) - - // output: - // mypackage: unauthorized: ouch -} -``` - -In the above example, both `Error.Has(deep1())` and `Unauthorized.Has(deep1())` -would return `true`, and the stack trace would only be recorded once at the -`deep2` call. - -In addition, when an error has been wrapped, wrapping it again with the same class will -not do anything. For example: - -```go -func doubleWrap() { - fmt.Println(Error.Wrap(Error.New("foo"))) - - // output: - // mypackage: foo -} -``` - -This is to make it an easier decision if you should wrap or not (you should). - -### Utilities - -[Classes][Classes] is a helper function to get a slice of classes that an error -has. The latest wrap is first in the slice. For example: - -```go -func getClasses() { - classes := errs.Classes(deep1()) - fmt.Println(classes[0] == &Error) - fmt.Println(classes[1] == &Unauthorized) - - // output: - // true - // true -} -``` - -Finally, a helper function, [Unwrap][Unwrap] is provided to get the -wrapped error in cases where you might want to inspect details. For -example: - -```go -var Error = errs.Class("mypackage") - -func getHandle() (*os.File, error) { - fh, err := os.Open("neat_things") - if err != nil { - return nil, Error.Wrap(err) - } - return fh, nil -} - -func checkForNeatThings() { - fh, err := getHandle() - if os.IsNotExist(errs.Unwrap(err)) { - panic("no neat things?!") - } - if err != nil { - panic("phew, at least there are neat things, even if i can't see them") - } - fh.Close() -} -``` - -It knows about both the `Unwrap() error` and `Unwrap() []error` methods that are -often used in the community, and will call them as many times as possible. - -### Defer - -The package also provides [WrapP][WrapP] versions of [Wrap][Wrap] that are useful -in defer contexts. For example: - -```go -func checkDefer() (err error) { - defer Error.WrapP(&err) - - fh, err := os.Open("secret_stash") - if err != nil { - return nil, err - } - return fh.Close() -} -``` - -### Groups - -[Groups][Group] allow one to collect a set of errors. For example: - -```go -func tonsOfErrors() error { - var group errs.Group - for _, work := range someWork { - group.Add(maybeErrors(work)) - } - return group.Err() -} -``` - -Some things to note: - -- The [Add][GroupAdd] method only adds to the group if the passed in error is non-nil. -- The [Err][GroupErr] method returns an error only if non-nil errors have been added, and - additionally returns just the error if only one error was added. Thus, we always - have that if you only call `group.Add(err)`, then `group.Err() == err`. - -The returned error will format itself similarly: - -```go -func groupFormat() { - var group errs.Group - group.Add(errs.New("first")) - group.Add(errs.New("second")) - err := group.Err() - - fmt.Printf("%v\n", err) - fmt.Println() - fmt.Printf("%+v\n", err) - - // output: - // first; second - // - // group: - // --- first - // ... stack trace - // --- second - // ... stack trace -} -``` - -### Contributing - -errs is released under an MIT License. If you want to contribute, be sure to -add yourself to the list in AUTHORS. - -[New]: https://godoc.org/github.com/zeebo/errs#New -[Wrap]: https://godoc.org/github.com/zeebo/errs#Wrap -[WrapP]: https://godoc.org/github.com/zeebo/errs#WrapP -[Class]: https://godoc.org/github.com/zeebo/errs#Class -[ClassNew]: https://godoc.org/github.com/zeebo/errs#Class.New -[ClassWrap]: https://godoc.org/github.com/zeebo/errs#Class.Wrap -[Unwrap]: https://godoc.org/github.com/zeebo/errs#Unwrap -[Classes]: https://godoc.org/github.com/zeebo/errs#Classes -[Group]: https://godoc.org/github.com/zeebo/errs#Group -[GroupAdd]: https://godoc.org/github.com/zeebo/errs#Group.Add -[GroupErr]: https://godoc.org/github.com/zeebo/errs#Group.Err diff --git a/vendor/github.com/zeebo/errs/errs.go b/vendor/github.com/zeebo/errs/errs.go deleted file mode 100644 index 9a42e3da87..0000000000 --- a/vendor/github.com/zeebo/errs/errs.go +++ /dev/null @@ -1,298 +0,0 @@ -// Package errs provides a simple error package with stack traces. -package errs - -import ( - "fmt" - "io" - "runtime" -) - -// Namer is implemented by all errors returned in this package. It returns a -// name for the class of error it is, and a boolean indicating if the name is -// valid. -type Namer interface{ Name() (string, bool) } - -// Causer is implemented by all errors returned in this package. It returns -// the underlying cause of the error, or nil if there is no underlying cause. -// -// Deprecated: check for the 'Unwrap()' interface from the stdlib errors package -// instead. -type Causer interface{ Cause() error } - -// New returns an error not contained in any class. This is the same as calling -// fmt.Errorf(...) except it captures a stack trace on creation. -func New(format string, args ...interface{}) error { - return (*Class).create(nil, 3, fmt.Errorf(format, args...)) -} - -// Wrap returns an error not contained in any class. It just associates a stack -// trace with the error. Wrap returns nil if err is nil. -func Wrap(err error) error { - return (*Class).create(nil, 3, err) -} - -// WrapP stores into the error pointer if it contains a non-nil error an error not -// contained in any class. It just associates a stack trace with the error. WrapP -// does nothing if the pointer or pointed at error is nil. -func WrapP(err *error) { - if err != nil && *err != nil { - *err = (*Class).create(nil, 3, *err) - } -} - -// Often, we call Unwrap as much as possible. Since comparing arbitrary -// interfaces with equality isn't panic safe, we only loop up to 100 -// times to ensure that a poor implementation that causes a cycle does -// not run forever. -const maxUnwrap = 100 - -// Unwrap returns the final, most underlying error, if any, or just the error. -// -// Deprecated: Prefer errors.Is() and errors.As(). -func Unwrap(err error) error { - for i := 0; err != nil && i < maxUnwrap; i++ { - var nerr error - - switch e := err.(type) { - case Causer: - nerr = e.Cause() - - case interface{ Unwrap() error }: - nerr = e.Unwrap() - - case interface{ Ungroup() []error }: - // consider the first error to be the "main" error. - errs := e.Ungroup() - if len(errs) > 0 { - nerr = errs[0] - } - case interface{ Unwrap() []error }: - // consider the first error to be the "main" error. - errs := e.Unwrap() - if len(errs) > 0 { - nerr = errs[0] - } - } - - if nerr == nil { - return err - } - err = nerr - } - - return err -} - -// Classes returns all the classes that have wrapped the error. -func Classes(err error) (classes []*Class) { - IsFunc(err, func(err error) bool { - if e, ok := err.(*errorT); ok { - classes = append(classes, e.class) - } - return false - }) - return classes -} - -// IsFunc checks if any of the underlying errors matches the func -func IsFunc(err error, is func(err error) bool) bool { - for { - if is(err) { - return true - } - - switch u := err.(type) { - case interface{ Unwrap() error }: - err = u.Unwrap() - case Causer: - err = u.Cause() - - case interface{ Ungroup() []error }: - for _, err := range u.Ungroup() { - if IsFunc(err, is) { - return true - } - } - return false - case interface{ Unwrap() []error }: - for _, err := range u.Unwrap() { - if IsFunc(err, is) { - return true - } - } - return false - - default: - return false - } - } -} - -// -// error classes -// - -// Class represents a class of errors. You can construct errors, and check if -// errors are part of the class. -type Class string - -// Has returns true if the passed in error (or any error wrapped by it) has -// this class. -func (c *Class) Has(err error) bool { - return IsFunc(err, func(err error) bool { - errt, ok := err.(*errorT) - return ok && errt.class == c - }) -} - -// New constructs an error with the format string that will be contained by -// this class. This is the same as calling Wrap(fmt.Errorf(...)). -func (c *Class) New(format string, args ...interface{}) error { - return c.create(3, fmt.Errorf(format, args...)) -} - -// Wrap returns a new error based on the passed in error that is contained in -// this class. Wrap returns nil if err is nil. -func (c *Class) Wrap(err error) error { - return c.create(3, err) -} - -// WrapP stores into the error pointer if it contains a non-nil error an error contained -// in this class. WrapP does nothing if the pointer or pointed at error is nil. -func (c *Class) WrapP(err *error) { - if err != nil && *err != nil { - *err = c.create(3, *err) - } -} - -// Instance creates a class membership object which implements the error -// interface and allows errors.Is() to check whether given errors are -// (or contain) an instance of this class. -// -// This makes possible a construct like the following: -// -// if errors.Is(err, MyClass.Instance()) { -// fmt.Printf("err is an instance of MyClass") -// } -// -// ..without requiring the Class type to implement the error interface itself, -// as that would open the door to sundry misunderstandings and misusage. -func (c *Class) Instance() error { - return (*classMembershipChecker)(c) -} - -// create constructs the error, or just adds the class to the error, keeping -// track of the stack if it needs to construct it. -func (c *Class) create(depth int, err error) error { - if err == nil { - return nil - } - - var pcs []uintptr - if err, ok := err.(*errorT); ok { - if c == nil || err.class == c { - return err - } - pcs = err.pcs - } - - errt := &errorT{ - class: c, - err: err, - pcs: pcs, - } - - if errt.pcs == nil { - errt.pcs = make([]uintptr, 64) - n := runtime.Callers(depth, errt.pcs) - errt.pcs = errt.pcs[:n:n] - } - - return errt -} - -type classMembershipChecker Class - -func (cmc *classMembershipChecker) Error() string { - panic("classMembershipChecker used as concrete error! don't do that") -} - -// -// errors -// - -// errorT is the type of errors returned from this package. -type errorT struct { - class *Class - err error - pcs []uintptr -} - -var ( // ensure *errorT implements the helper interfaces. - _ Namer = (*errorT)(nil) - _ Causer = (*errorT)(nil) - _ error = (*errorT)(nil) -) - -// Stack returns the pcs for the stack trace associated with the error. -func (e *errorT) Stack() []uintptr { return e.pcs } - -// errorT implements the error interface. -func (e *errorT) Error() string { - return fmt.Sprintf("%v", e) -} - -// Format handles the formatting of the error. Using a "+" on the format string -// specifier will also write the stack trace. -func (e *errorT) Format(f fmt.State, c rune) { - sep := "" - if e.class != nil && *e.class != "" { - fmt.Fprintf(f, "%s", string(*e.class)) - sep = ": " - } - if text := e.err.Error(); len(text) > 0 { - fmt.Fprintf(f, "%s%v", sep, text) - } - if f.Flag(int('+')) { - summarizeStack(f, e.pcs) - } -} - -// Cause implements the interface wrapping errors were previously -// expected to implement to allow getting at underlying causes. -func (e *errorT) Cause() error { - return e.err -} - -// Unwrap returns the immediate underlying error. -func (e *errorT) Unwrap() error { - return e.err -} - -// Name returns the name for the error, which is the first wrapping class. -func (e *errorT) Name() (string, bool) { - if e.class == nil { - return "", false - } - return string(*e.class), true -} - -// Is determines whether an error is an instance of the given error class. -// -// Use with (*Class).Instance(). -func (e *errorT) Is(err error) bool { - cmc, ok := err.(*classMembershipChecker) - return ok && e.class == (*Class)(cmc) -} - -// summarizeStack writes stack line entries to the writer. -func summarizeStack(w io.Writer, pcs []uintptr) { - frames := runtime.CallersFrames(pcs) - for { - frame, more := frames.Next() - if !more { - return - } - fmt.Fprintf(w, "\n\t%s:%d", frame.Function, frame.Line) - } -} diff --git a/vendor/github.com/zeebo/errs/group.go b/vendor/github.com/zeebo/errs/group.go deleted file mode 100644 index 22b824aaf8..0000000000 --- a/vendor/github.com/zeebo/errs/group.go +++ /dev/null @@ -1,85 +0,0 @@ -package errs - -import ( - "fmt" - "io" -) - -// Group is a list of errors. -type Group []error - -// Combine combines multiple non-empty errors into a single error. -func Combine(errs ...error) error { - var group Group - group.Add(errs...) - return group.Err() -} - -// Add adds non-empty errors to the Group. -func (group *Group) Add(errs ...error) { - for _, err := range errs { - if err != nil { - *group = append(*group, err) - } - } -} - -// Err returns an error containing all of the non-nil errors. -// If there was only one error, it will return it. -// If there were none, it returns nil. -func (group Group) Err() error { - sanitized := group.sanitize() - if len(sanitized) == 0 { - return nil - } - if len(sanitized) == 1 { - return sanitized[0] - } - return combinedError(sanitized) -} - -// sanitize returns group that doesn't contain nil-s -func (group Group) sanitize() Group { - // sanity check for non-nil errors - for i, err := range group { - if err == nil { - sanitized := make(Group, 0, len(group)-1) - sanitized = append(sanitized, group[:i]...) - sanitized.Add(group[i+1:]...) - return sanitized - } - } - - return group -} - -// combinedError is a list of non-empty errors -type combinedError []error - -// Unwrap returns the first error. -func (group combinedError) Unwrap() []error { return group } - -// Error returns error string delimited by semicolons. -func (group combinedError) Error() string { return fmt.Sprintf("%v", group) } - -// Format handles the formatting of the error. Using a "+" on the format -// string specifier will cause the errors to be formatted with "+" and -// delimited by newlines. They are delimited by semicolons otherwise. -func (group combinedError) Format(f fmt.State, c rune) { - delim := "; " - if f.Flag(int('+')) { - io.WriteString(f, "group:\n--- ") - delim = "\n--- " - } - - for i, err := range group { - if i != 0 { - io.WriteString(f, delim) - } - if formatter, ok := err.(fmt.Formatter); ok { - formatter.Format(f, c) - } else { - fmt.Fprintf(f, "%v", err) - } - } -} diff --git a/vendor/github.com/zeebo/errs/is_go1.20.go b/vendor/github.com/zeebo/errs/is_go1.20.go deleted file mode 100644 index 6f8799aa48..0000000000 --- a/vendor/github.com/zeebo/errs/is_go1.20.go +++ /dev/null @@ -1,8 +0,0 @@ -//go:build go1.20 - -package errs - -import "errors" - -// Is checks if any of the underlying errors matches target -func Is(err, target error) bool { return errors.Is(err, target) } diff --git a/vendor/github.com/zeebo/errs/is_go_other.go b/vendor/github.com/zeebo/errs/is_go_other.go deleted file mode 100644 index 92f3b5b61f..0000000000 --- a/vendor/github.com/zeebo/errs/is_go_other.go +++ /dev/null @@ -1,17 +0,0 @@ -//go:build !go1.20 -// +build !go1.20 - -package errs - -// Is checks if any of the underlying errors matches target -func Is(err, target error) bool { - return IsFunc(err, func(err error) bool { - if err == target { - return true - } - if x, ok := err.(interface{ Is(error) bool }); ok && x.Is(target) { - return true - } - return false - }) -} diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go index 1d8cffae8c..2f45dbc86e 100644 --- a/vendor/golang.org/x/sync/errgroup/errgroup.go +++ b/vendor/golang.org/x/sync/errgroup/errgroup.go @@ -3,7 +3,7 @@ // license that can be found in the LICENSE file. // Package errgroup provides synchronization, error propagation, and Context -// cancelation for groups of goroutines working on subtasks of a common task. +// cancellation for groups of goroutines working on subtasks of a common task. // // [errgroup.Group] is related to [sync.WaitGroup] but adds handling of tasks // returning errors. diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go index 63541994ef..34c9ae76ef 100644 --- a/vendor/golang.org/x/sys/cpu/cpu.go +++ b/vendor/golang.org/x/sys/cpu/cpu.go @@ -92,6 +92,9 @@ var ARM64 struct { HasSHA2 bool // SHA2 hardware implementation HasCRC32 bool // CRC32 hardware implementation HasATOMICS bool // Atomic memory operation instruction set + HasHPDS bool // Hierarchical permission disables in translations tables + HasLOR bool // Limited ordering regions + HasPAN bool // Privileged access never HasFPHP bool // Half precision floating-point instruction set HasASIMDHP bool // Advanced SIMD half precision instruction set HasCPUID bool // CPUID identification scheme registers diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go index af2aa99f9f..f449c679fe 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go @@ -65,10 +65,10 @@ func setMinimalFeatures() { func readARM64Registers() { Initialized = true - parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0()) + parseARM64SystemRegisters(getisar0(), getisar1(), getmmfr1(), getpfr0()) } -func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) { +func parseARM64SystemRegisters(isar0, isar1, mmfr1, pfr0 uint64) { // ID_AA64ISAR0_EL1 switch extractBits(isar0, 4, 7) { case 1: @@ -152,6 +152,22 @@ func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) { ARM64.HasI8MM = true } + // ID_AA64MMFR1_EL1 + switch extractBits(mmfr1, 12, 15) { + case 1, 2: + ARM64.HasHPDS = true + } + + switch extractBits(mmfr1, 16, 19) { + case 1: + ARM64.HasLOR = true + } + + switch extractBits(mmfr1, 20, 23) { + case 1, 2, 3: + ARM64.HasPAN = true + } + // ID_AA64PFR0_EL1 switch extractBits(pfr0, 16, 19) { case 0: diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s index 22cc99844a..a4f24b3b0c 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s @@ -9,31 +9,34 @@ // func getisar0() uint64 TEXT ·getisar0(SB),NOSPLIT,$0-8 // get Instruction Set Attributes 0 into x0 - // mrs x0, ID_AA64ISAR0_EL1 = d5380600 - WORD $0xd5380600 + MRS ID_AA64ISAR0_EL1, R0 MOVD R0, ret+0(FP) RET // func getisar1() uint64 TEXT ·getisar1(SB),NOSPLIT,$0-8 // get Instruction Set Attributes 1 into x0 - // mrs x0, ID_AA64ISAR1_EL1 = d5380620 - WORD $0xd5380620 + MRS ID_AA64ISAR1_EL1, R0 + MOVD R0, ret+0(FP) + RET + +// func getmmfr1() uint64 +TEXT ·getmmfr1(SB),NOSPLIT,$0-8 + // get Memory Model Feature Register 1 into x0 + MRS ID_AA64MMFR1_EL1, R0 MOVD R0, ret+0(FP) RET // func getpfr0() uint64 TEXT ·getpfr0(SB),NOSPLIT,$0-8 // get Processor Feature Register 0 into x0 - // mrs x0, ID_AA64PFR0_EL1 = d5380400 - WORD $0xd5380400 + MRS ID_AA64PFR0_EL1, R0 MOVD R0, ret+0(FP) RET // func getzfr0() uint64 TEXT ·getzfr0(SB),NOSPLIT,$0-8 // get SVE Feature Register 0 into x0 - // mrs x0, ID_AA64ZFR0_EL1 = d5380480 - WORD $0xd5380480 + MRS ID_AA64ZFR0_EL1, R0 MOVD R0, ret+0(FP) RET diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go index 6ac6e1efb2..e3fc5a8d31 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go @@ -8,5 +8,6 @@ package cpu func getisar0() uint64 func getisar1() uint64 +func getmmfr1() uint64 func getpfr0() uint64 func getzfr0() uint64 diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go index 7f1946780b..8df2079e15 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go @@ -8,4 +8,5 @@ package cpu func getisar0() uint64 { return 0 } func getisar1() uint64 { return 0 } +func getmmfr1() uint64 { return 0 } func getpfr0() uint64 { return 0 } diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go index ebfb3fc8e7..19aea0633e 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go @@ -167,7 +167,7 @@ func doinit() { setMinimalFeatures() return } - parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0) + parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64mmfr1, cpuid.aa64pfr0) Initialized = true } diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go index 85b64d5ccb..87fd3a7780 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go @@ -59,7 +59,7 @@ func doinit() { if !ok { return } - parseARM64SystemRegisters(isar0, isar1, 0) + parseARM64SystemRegisters(isar0, isar1, 0, 0) Initialized = true } diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index d1c8b2640e..42517077c4 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -226,6 +226,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -529,6 +530,7 @@ ccflags="$@" $2 ~ /^O[CNPFPL][A-Z]+[^_][A-Z]+$/ || $2 ~ /^(NL|CR|TAB|BS|VT|FF)DLY$/ || $2 ~ /^(NL|CR|TAB|BS|VT|FF)[0-9]$/ || + $2 ~ /^(DT|EI|ELF|EV|NN|NT|PF|SHF|SHN|SHT|STB|STT|VER)_/ || $2 ~ /^O?XTABS$/ || $2 ~ /^TC[IO](ON|OFF)$/ || $2 ~ /^IN_/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 9439af961d..06c0eea6fb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -2643,3 +2643,9 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) { //sys Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) //sys Mseal(b []byte, flags uint) (err error) + +//sys setMemPolicy(mode int, mask *CPUSet, size int) (err error) = SYS_SET_MEMPOLICY + +func SetMemPolicy(mode int, mask *CPUSet) error { + return setMemPolicy(mode, mask, _CPU_SETSIZE) +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index b6db27d937..d0a75da572 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -853,20 +853,86 @@ const ( DM_VERSION_MAJOR = 0x4 DM_VERSION_MINOR = 0x32 DM_VERSION_PATCHLEVEL = 0x0 + DT_ADDRRNGHI = 0x6ffffeff + DT_ADDRRNGLO = 0x6ffffe00 DT_BLK = 0x6 DT_CHR = 0x2 + DT_DEBUG = 0x15 DT_DIR = 0x4 + DT_ENCODING = 0x20 DT_FIFO = 0x1 + DT_FINI = 0xd + DT_FLAGS_1 = 0x6ffffffb + DT_GNU_HASH = 0x6ffffef5 + DT_HASH = 0x4 + DT_HIOS = 0x6ffff000 + DT_HIPROC = 0x7fffffff + DT_INIT = 0xc + DT_JMPREL = 0x17 DT_LNK = 0xa + DT_LOOS = 0x6000000d + DT_LOPROC = 0x70000000 + DT_NEEDED = 0x1 + DT_NULL = 0x0 + DT_PLTGOT = 0x3 + DT_PLTREL = 0x14 + DT_PLTRELSZ = 0x2 DT_REG = 0x8 + DT_REL = 0x11 + DT_RELA = 0x7 + DT_RELACOUNT = 0x6ffffff9 + DT_RELAENT = 0x9 + DT_RELASZ = 0x8 + DT_RELCOUNT = 0x6ffffffa + DT_RELENT = 0x13 + DT_RELSZ = 0x12 + DT_RPATH = 0xf DT_SOCK = 0xc + DT_SONAME = 0xe + DT_STRSZ = 0xa + DT_STRTAB = 0x5 + DT_SYMBOLIC = 0x10 + DT_SYMENT = 0xb + DT_SYMTAB = 0x6 + DT_TEXTREL = 0x16 DT_UNKNOWN = 0x0 + DT_VALRNGHI = 0x6ffffdff + DT_VALRNGLO = 0x6ffffd00 + DT_VERDEF = 0x6ffffffc + DT_VERDEFNUM = 0x6ffffffd + DT_VERNEED = 0x6ffffffe + DT_VERNEEDNUM = 0x6fffffff + DT_VERSYM = 0x6ffffff0 DT_WHT = 0xe ECHO = 0x8 ECRYPTFS_SUPER_MAGIC = 0xf15f EFD_SEMAPHORE = 0x1 EFIVARFS_MAGIC = 0xde5e81e4 EFS_SUPER_MAGIC = 0x414a53 + EI_CLASS = 0x4 + EI_DATA = 0x5 + EI_MAG0 = 0x0 + EI_MAG1 = 0x1 + EI_MAG2 = 0x2 + EI_MAG3 = 0x3 + EI_NIDENT = 0x10 + EI_OSABI = 0x7 + EI_PAD = 0x8 + EI_VERSION = 0x6 + ELFCLASS32 = 0x1 + ELFCLASS64 = 0x2 + ELFCLASSNONE = 0x0 + ELFCLASSNUM = 0x3 + ELFDATA2LSB = 0x1 + ELFDATA2MSB = 0x2 + ELFDATANONE = 0x0 + ELFMAG = "\177ELF" + ELFMAG0 = 0x7f + ELFMAG1 = 'E' + ELFMAG2 = 'L' + ELFMAG3 = 'F' + ELFOSABI_LINUX = 0x3 + ELFOSABI_NONE = 0x0 EM_386 = 0x3 EM_486 = 0x6 EM_68K = 0x4 @@ -1152,14 +1218,24 @@ const ( ETH_P_WCCP = 0x883e ETH_P_X25 = 0x805 ETH_P_XDSA = 0xf8 + ET_CORE = 0x4 + ET_DYN = 0x3 + ET_EXEC = 0x2 + ET_HIPROC = 0xffff + ET_LOPROC = 0xff00 + ET_NONE = 0x0 + ET_REL = 0x1 EV_ABS = 0x3 EV_CNT = 0x20 + EV_CURRENT = 0x1 EV_FF = 0x15 EV_FF_STATUS = 0x17 EV_KEY = 0x1 EV_LED = 0x11 EV_MAX = 0x1f EV_MSC = 0x4 + EV_NONE = 0x0 + EV_NUM = 0x2 EV_PWR = 0x16 EV_REL = 0x2 EV_REP = 0x14 @@ -2276,7 +2352,167 @@ const ( NLM_F_REPLACE = 0x100 NLM_F_REQUEST = 0x1 NLM_F_ROOT = 0x100 + NN_386_IOPERM = "LINUX" + NN_386_TLS = "LINUX" + NN_ARC_V2 = "LINUX" + NN_ARM_FPMR = "LINUX" + NN_ARM_GCS = "LINUX" + NN_ARM_HW_BREAK = "LINUX" + NN_ARM_HW_WATCH = "LINUX" + NN_ARM_PACA_KEYS = "LINUX" + NN_ARM_PACG_KEYS = "LINUX" + NN_ARM_PAC_ENABLED_KEYS = "LINUX" + NN_ARM_PAC_MASK = "LINUX" + NN_ARM_POE = "LINUX" + NN_ARM_SSVE = "LINUX" + NN_ARM_SVE = "LINUX" + NN_ARM_SYSTEM_CALL = "LINUX" + NN_ARM_TAGGED_ADDR_CTRL = "LINUX" + NN_ARM_TLS = "LINUX" + NN_ARM_VFP = "LINUX" + NN_ARM_ZA = "LINUX" + NN_ARM_ZT = "LINUX" + NN_AUXV = "CORE" + NN_FILE = "CORE" + NN_GNU_PROPERTY_TYPE_0 = "GNU" + NN_LOONGARCH_CPUCFG = "LINUX" + NN_LOONGARCH_CSR = "LINUX" + NN_LOONGARCH_HW_BREAK = "LINUX" + NN_LOONGARCH_HW_WATCH = "LINUX" + NN_LOONGARCH_LASX = "LINUX" + NN_LOONGARCH_LBT = "LINUX" + NN_LOONGARCH_LSX = "LINUX" + NN_MIPS_DSP = "LINUX" + NN_MIPS_FP_MODE = "LINUX" + NN_MIPS_MSA = "LINUX" + NN_PPC_DEXCR = "LINUX" + NN_PPC_DSCR = "LINUX" + NN_PPC_EBB = "LINUX" + NN_PPC_HASHKEYR = "LINUX" + NN_PPC_PKEY = "LINUX" + NN_PPC_PMU = "LINUX" + NN_PPC_PPR = "LINUX" + NN_PPC_SPE = "LINUX" + NN_PPC_TAR = "LINUX" + NN_PPC_TM_CDSCR = "LINUX" + NN_PPC_TM_CFPR = "LINUX" + NN_PPC_TM_CGPR = "LINUX" + NN_PPC_TM_CPPR = "LINUX" + NN_PPC_TM_CTAR = "LINUX" + NN_PPC_TM_CVMX = "LINUX" + NN_PPC_TM_CVSX = "LINUX" + NN_PPC_TM_SPR = "LINUX" + NN_PPC_VMX = "LINUX" + NN_PPC_VSX = "LINUX" + NN_PRFPREG = "CORE" + NN_PRPSINFO = "CORE" + NN_PRSTATUS = "CORE" + NN_PRXFPREG = "LINUX" + NN_RISCV_CSR = "LINUX" + NN_RISCV_TAGGED_ADDR_CTRL = "LINUX" + NN_RISCV_VECTOR = "LINUX" + NN_S390_CTRS = "LINUX" + NN_S390_GS_BC = "LINUX" + NN_S390_GS_CB = "LINUX" + NN_S390_HIGH_GPRS = "LINUX" + NN_S390_LAST_BREAK = "LINUX" + NN_S390_PREFIX = "LINUX" + NN_S390_PV_CPU_DATA = "LINUX" + NN_S390_RI_CB = "LINUX" + NN_S390_SYSTEM_CALL = "LINUX" + NN_S390_TDB = "LINUX" + NN_S390_TIMER = "LINUX" + NN_S390_TODCMP = "LINUX" + NN_S390_TODPREG = "LINUX" + NN_S390_VXRS_HIGH = "LINUX" + NN_S390_VXRS_LOW = "LINUX" + NN_SIGINFO = "CORE" + NN_TASKSTRUCT = "CORE" + NN_VMCOREDD = "LINUX" + NN_X86_SHSTK = "LINUX" + NN_X86_XSAVE_LAYOUT = "LINUX" + NN_X86_XSTATE = "LINUX" NSFS_MAGIC = 0x6e736673 + NT_386_IOPERM = 0x201 + NT_386_TLS = 0x200 + NT_ARC_V2 = 0x600 + NT_ARM_FPMR = 0x40e + NT_ARM_GCS = 0x410 + NT_ARM_HW_BREAK = 0x402 + NT_ARM_HW_WATCH = 0x403 + NT_ARM_PACA_KEYS = 0x407 + NT_ARM_PACG_KEYS = 0x408 + NT_ARM_PAC_ENABLED_KEYS = 0x40a + NT_ARM_PAC_MASK = 0x406 + NT_ARM_POE = 0x40f + NT_ARM_SSVE = 0x40b + NT_ARM_SVE = 0x405 + NT_ARM_SYSTEM_CALL = 0x404 + NT_ARM_TAGGED_ADDR_CTRL = 0x409 + NT_ARM_TLS = 0x401 + NT_ARM_VFP = 0x400 + NT_ARM_ZA = 0x40c + NT_ARM_ZT = 0x40d + NT_AUXV = 0x6 + NT_FILE = 0x46494c45 + NT_GNU_PROPERTY_TYPE_0 = 0x5 + NT_LOONGARCH_CPUCFG = 0xa00 + NT_LOONGARCH_CSR = 0xa01 + NT_LOONGARCH_HW_BREAK = 0xa05 + NT_LOONGARCH_HW_WATCH = 0xa06 + NT_LOONGARCH_LASX = 0xa03 + NT_LOONGARCH_LBT = 0xa04 + NT_LOONGARCH_LSX = 0xa02 + NT_MIPS_DSP = 0x800 + NT_MIPS_FP_MODE = 0x801 + NT_MIPS_MSA = 0x802 + NT_PPC_DEXCR = 0x111 + NT_PPC_DSCR = 0x105 + NT_PPC_EBB = 0x106 + NT_PPC_HASHKEYR = 0x112 + NT_PPC_PKEY = 0x110 + NT_PPC_PMU = 0x107 + NT_PPC_PPR = 0x104 + NT_PPC_SPE = 0x101 + NT_PPC_TAR = 0x103 + NT_PPC_TM_CDSCR = 0x10f + NT_PPC_TM_CFPR = 0x109 + NT_PPC_TM_CGPR = 0x108 + NT_PPC_TM_CPPR = 0x10e + NT_PPC_TM_CTAR = 0x10d + NT_PPC_TM_CVMX = 0x10a + NT_PPC_TM_CVSX = 0x10b + NT_PPC_TM_SPR = 0x10c + NT_PPC_VMX = 0x100 + NT_PPC_VSX = 0x102 + NT_PRFPREG = 0x2 + NT_PRPSINFO = 0x3 + NT_PRSTATUS = 0x1 + NT_PRXFPREG = 0x46e62b7f + NT_RISCV_CSR = 0x900 + NT_RISCV_TAGGED_ADDR_CTRL = 0x902 + NT_RISCV_VECTOR = 0x901 + NT_S390_CTRS = 0x304 + NT_S390_GS_BC = 0x30c + NT_S390_GS_CB = 0x30b + NT_S390_HIGH_GPRS = 0x300 + NT_S390_LAST_BREAK = 0x306 + NT_S390_PREFIX = 0x305 + NT_S390_PV_CPU_DATA = 0x30e + NT_S390_RI_CB = 0x30d + NT_S390_SYSTEM_CALL = 0x307 + NT_S390_TDB = 0x308 + NT_S390_TIMER = 0x301 + NT_S390_TODCMP = 0x302 + NT_S390_TODPREG = 0x303 + NT_S390_VXRS_HIGH = 0x30a + NT_S390_VXRS_LOW = 0x309 + NT_SIGINFO = 0x53494749 + NT_TASKSTRUCT = 0x4 + NT_VMCOREDD = 0x700 + NT_X86_SHSTK = 0x204 + NT_X86_XSAVE_LAYOUT = 0x205 + NT_X86_XSTATE = 0x202 OCFS2_SUPER_MAGIC = 0x7461636f OCRNL = 0x8 OFDEL = 0x80 @@ -2463,6 +2699,59 @@ const ( PERF_RECORD_MISC_USER = 0x2 PERF_SAMPLE_BRANCH_PLM_ALL = 0x7 PERF_SAMPLE_WEIGHT_TYPE = 0x1004000 + PF_ALG = 0x26 + PF_APPLETALK = 0x5 + PF_ASH = 0x12 + PF_ATMPVC = 0x8 + PF_ATMSVC = 0x14 + PF_AX25 = 0x3 + PF_BLUETOOTH = 0x1f + PF_BRIDGE = 0x7 + PF_CAIF = 0x25 + PF_CAN = 0x1d + PF_DECnet = 0xc + PF_ECONET = 0x13 + PF_FILE = 0x1 + PF_IB = 0x1b + PF_IEEE802154 = 0x24 + PF_INET = 0x2 + PF_INET6 = 0xa + PF_IPX = 0x4 + PF_IRDA = 0x17 + PF_ISDN = 0x22 + PF_IUCV = 0x20 + PF_KCM = 0x29 + PF_KEY = 0xf + PF_LLC = 0x1a + PF_LOCAL = 0x1 + PF_MAX = 0x2e + PF_MCTP = 0x2d + PF_MPLS = 0x1c + PF_NETBEUI = 0xd + PF_NETLINK = 0x10 + PF_NETROM = 0x6 + PF_NFC = 0x27 + PF_PACKET = 0x11 + PF_PHONET = 0x23 + PF_PPPOX = 0x18 + PF_QIPCRTR = 0x2a + PF_R = 0x4 + PF_RDS = 0x15 + PF_ROSE = 0xb + PF_ROUTE = 0x10 + PF_RXRPC = 0x21 + PF_SECURITY = 0xe + PF_SMC = 0x2b + PF_SNA = 0x16 + PF_TIPC = 0x1e + PF_UNIX = 0x1 + PF_UNSPEC = 0x0 + PF_VSOCK = 0x28 + PF_W = 0x2 + PF_WANPIPE = 0x19 + PF_X = 0x1 + PF_X25 = 0x9 + PF_XDP = 0x2c PID_FS_MAGIC = 0x50494446 PIPEFS_MAGIC = 0x50495045 PPPIOCGNPMODE = 0xc008744c @@ -2758,6 +3047,23 @@ const ( PTRACE_SYSCALL_INFO_NONE = 0x0 PTRACE_SYSCALL_INFO_SECCOMP = 0x3 PTRACE_TRACEME = 0x0 + PT_AARCH64_MEMTAG_MTE = 0x70000002 + PT_DYNAMIC = 0x2 + PT_GNU_EH_FRAME = 0x6474e550 + PT_GNU_PROPERTY = 0x6474e553 + PT_GNU_RELRO = 0x6474e552 + PT_GNU_STACK = 0x6474e551 + PT_HIOS = 0x6fffffff + PT_HIPROC = 0x7fffffff + PT_INTERP = 0x3 + PT_LOAD = 0x1 + PT_LOOS = 0x60000000 + PT_LOPROC = 0x70000000 + PT_NOTE = 0x4 + PT_NULL = 0x0 + PT_PHDR = 0x6 + PT_SHLIB = 0x5 + PT_TLS = 0x7 P_ALL = 0x0 P_PGID = 0x2 P_PID = 0x1 @@ -3091,6 +3397,47 @@ const ( SEEK_MAX = 0x4 SEEK_SET = 0x0 SELINUX_MAGIC = 0xf97cff8c + SHF_ALLOC = 0x2 + SHF_EXCLUDE = 0x8000000 + SHF_EXECINSTR = 0x4 + SHF_GROUP = 0x200 + SHF_INFO_LINK = 0x40 + SHF_LINK_ORDER = 0x80 + SHF_MASKOS = 0xff00000 + SHF_MASKPROC = 0xf0000000 + SHF_MERGE = 0x10 + SHF_ORDERED = 0x4000000 + SHF_OS_NONCONFORMING = 0x100 + SHF_RELA_LIVEPATCH = 0x100000 + SHF_RO_AFTER_INIT = 0x200000 + SHF_STRINGS = 0x20 + SHF_TLS = 0x400 + SHF_WRITE = 0x1 + SHN_ABS = 0xfff1 + SHN_COMMON = 0xfff2 + SHN_HIPROC = 0xff1f + SHN_HIRESERVE = 0xffff + SHN_LIVEPATCH = 0xff20 + SHN_LOPROC = 0xff00 + SHN_LORESERVE = 0xff00 + SHN_UNDEF = 0x0 + SHT_DYNAMIC = 0x6 + SHT_DYNSYM = 0xb + SHT_HASH = 0x5 + SHT_HIPROC = 0x7fffffff + SHT_HIUSER = 0xffffffff + SHT_LOPROC = 0x70000000 + SHT_LOUSER = 0x80000000 + SHT_NOBITS = 0x8 + SHT_NOTE = 0x7 + SHT_NULL = 0x0 + SHT_NUM = 0xc + SHT_PROGBITS = 0x1 + SHT_REL = 0x9 + SHT_RELA = 0x4 + SHT_SHLIB = 0xa + SHT_STRTAB = 0x3 + SHT_SYMTAB = 0x2 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -3317,6 +3664,16 @@ const ( STATX_UID = 0x8 STATX_WRITE_ATOMIC = 0x10000 STATX__RESERVED = 0x80000000 + STB_GLOBAL = 0x1 + STB_LOCAL = 0x0 + STB_WEAK = 0x2 + STT_COMMON = 0x5 + STT_FILE = 0x4 + STT_FUNC = 0x2 + STT_NOTYPE = 0x0 + STT_OBJECT = 0x1 + STT_SECTION = 0x3 + STT_TLS = 0x6 SYNC_FILE_RANGE_WAIT_AFTER = 0x4 SYNC_FILE_RANGE_WAIT_BEFORE = 0x1 SYNC_FILE_RANGE_WRITE = 0x2 @@ -3553,6 +3910,8 @@ const ( UTIME_OMIT = 0x3ffffffe V9FS_MAGIC = 0x1021997 VERASE = 0x2 + VER_FLG_BASE = 0x1 + VER_FLG_WEAK = 0x2 VINTR = 0x0 VKILL = 0x3 VLNEXT = 0xf diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 5cc1e8eb2f..8935d10a31 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -2238,3 +2238,13 @@ func Mseal(b []byte, flags uint) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setMemPolicy(mode int, mask *CPUSet, size int) (err error) { + _, _, e1 := Syscall(SYS_SET_MEMPOLICY, uintptr(mode), uintptr(unsafe.Pointer(mask)), uintptr(size)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 944e75a11c..c1a4670171 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -3590,6 +3590,8 @@ type Nhmsg struct { Flags uint32 } +const SizeofNhmsg = 0x8 + type NexthopGrp struct { Id uint32 Weight uint8 @@ -3597,6 +3599,8 @@ type NexthopGrp struct { Resvd2 uint16 } +const SizeofNexthopGrp = 0x8 + const ( NHA_UNSPEC = 0x0 NHA_ID = 0x1 @@ -6332,3 +6336,30 @@ type SockDiagReq struct { } const RTM_NEWNVLAN = 0x70 + +const ( + MPOL_BIND = 0x2 + MPOL_DEFAULT = 0x0 + MPOL_F_ADDR = 0x2 + MPOL_F_MEMS_ALLOWED = 0x4 + MPOL_F_MOF = 0x8 + MPOL_F_MORON = 0x10 + MPOL_F_NODE = 0x1 + MPOL_F_NUMA_BALANCING = 0x2000 + MPOL_F_RELATIVE_NODES = 0x4000 + MPOL_F_SHARED = 0x1 + MPOL_F_STATIC_NODES = 0x8000 + MPOL_INTERLEAVE = 0x3 + MPOL_LOCAL = 0x4 + MPOL_MAX = 0x7 + MPOL_MF_INTERNAL = 0x10 + MPOL_MF_LAZY = 0x8 + MPOL_MF_MOVE_ALL = 0x4 + MPOL_MF_MOVE = 0x2 + MPOL_MF_STRICT = 0x1 + MPOL_MF_VALID = 0x7 + MPOL_MODE_FLAGS = 0xe000 + MPOL_PREFERRED = 0x1 + MPOL_PREFERRED_MANY = 0x5 + MPOL_WEIGHTED_INTERLEAVE = 0x6 +) diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index bd51337306..69439df2a4 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -892,8 +892,12 @@ const socket_error = uintptr(^uint32(0)) //sys MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar //sys getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) = iphlpapi.GetBestInterfaceEx //sys GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) = iphlpapi.GetIfEntry2Ex +//sys GetIpForwardEntry2(row *MibIpForwardRow2) (errcode error) = iphlpapi.GetIpForwardEntry2 +//sys GetIpForwardTable2(family uint16, table **MibIpForwardTable2) (errcode error) = iphlpapi.GetIpForwardTable2 //sys GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) = iphlpapi.GetUnicastIpAddressEntry +//sys FreeMibTable(memory unsafe.Pointer) = iphlpapi.FreeMibTable //sys NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyIpInterfaceChange +//sys NotifyRouteChange2(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyRouteChange2 //sys NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyUnicastIpAddressChange //sys CancelMibChangeNotify2(notificationHandle Handle) (errcode error) = iphlpapi.CancelMibChangeNotify2 @@ -916,6 +920,17 @@ type RawSockaddrInet6 struct { Scope_id uint32 } +// RawSockaddrInet is a union that contains an IPv4, an IPv6 address, or an address family. See +// https://learn.microsoft.com/en-us/windows/win32/api/ws2ipdef/ns-ws2ipdef-sockaddr_inet. +// +// A [*RawSockaddrInet] may be converted to a [*RawSockaddrInet4] or [*RawSockaddrInet6] using +// unsafe, depending on the address family. +type RawSockaddrInet struct { + Family uint16 + Port uint16 + Data [6]uint32 +} + type RawSockaddr struct { Family uint16 Data [14]int8 diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 358be3c7f5..6e4f50eb48 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2320,6 +2320,82 @@ type MibIfRow2 struct { OutQLen uint64 } +// IP_ADDRESS_PREFIX stores an IP address prefix. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-ip_address_prefix. +type IpAddressPrefix struct { + Prefix RawSockaddrInet + PrefixLength uint8 +} + +// NL_ROUTE_ORIGIN enumeration from nldef.h or +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_route_origin. +const ( + NlroManual = 0 + NlroWellKnown = 1 + NlroDHCP = 2 + NlroRouterAdvertisement = 3 + Nlro6to4 = 4 +) + +// NL_ROUTE_ORIGIN enumeration from nldef.h or +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_route_protocol. +const ( + MIB_IPPROTO_OTHER = 1 + MIB_IPPROTO_LOCAL = 2 + MIB_IPPROTO_NETMGMT = 3 + MIB_IPPROTO_ICMP = 4 + MIB_IPPROTO_EGP = 5 + MIB_IPPROTO_GGP = 6 + MIB_IPPROTO_HELLO = 7 + MIB_IPPROTO_RIP = 8 + MIB_IPPROTO_IS_IS = 9 + MIB_IPPROTO_ES_IS = 10 + MIB_IPPROTO_CISCO = 11 + MIB_IPPROTO_BBN = 12 + MIB_IPPROTO_OSPF = 13 + MIB_IPPROTO_BGP = 14 + MIB_IPPROTO_IDPR = 15 + MIB_IPPROTO_EIGRP = 16 + MIB_IPPROTO_DVMRP = 17 + MIB_IPPROTO_RPL = 18 + MIB_IPPROTO_DHCP = 19 + MIB_IPPROTO_NT_AUTOSTATIC = 10002 + MIB_IPPROTO_NT_STATIC = 10006 + MIB_IPPROTO_NT_STATIC_NON_DOD = 10007 +) + +// MIB_IPFORWARD_ROW2 stores information about an IP route entry. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipforward_row2. +type MibIpForwardRow2 struct { + InterfaceLuid uint64 + InterfaceIndex uint32 + DestinationPrefix IpAddressPrefix + NextHop RawSockaddrInet + SitePrefixLength uint8 + ValidLifetime uint32 + PreferredLifetime uint32 + Metric uint32 + Protocol uint32 + Loopback uint8 + AutoconfigureAddress uint8 + Publish uint8 + Immortal uint8 + Age uint32 + Origin uint32 +} + +// MIB_IPFORWARD_TABLE2 contains a table of IP route entries. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipforward_table2. +type MibIpForwardTable2 struct { + NumEntries uint32 + Table [1]MibIpForwardRow2 +} + +// Rows returns the IP route entries in the table. +func (t *MibIpForwardTable2) Rows() []MibIpForwardRow2 { + return unsafe.Slice(&t.Table[0], t.NumEntries) +} + // MIB_UNICASTIPADDRESS_ROW stores information about a unicast IP address. See // https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_unicastipaddress_row. type MibUnicastIpAddressRow struct { diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 426151a019..f25b7308a1 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -182,13 +182,17 @@ var ( procDwmGetWindowAttribute = moddwmapi.NewProc("DwmGetWindowAttribute") procDwmSetWindowAttribute = moddwmapi.NewProc("DwmSetWindowAttribute") procCancelMibChangeNotify2 = modiphlpapi.NewProc("CancelMibChangeNotify2") + procFreeMibTable = modiphlpapi.NewProc("FreeMibTable") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") procGetIfEntry2Ex = modiphlpapi.NewProc("GetIfEntry2Ex") + procGetIpForwardEntry2 = modiphlpapi.NewProc("GetIpForwardEntry2") + procGetIpForwardTable2 = modiphlpapi.NewProc("GetIpForwardTable2") procGetUnicastIpAddressEntry = modiphlpapi.NewProc("GetUnicastIpAddressEntry") procNotifyIpInterfaceChange = modiphlpapi.NewProc("NotifyIpInterfaceChange") + procNotifyRouteChange2 = modiphlpapi.NewProc("NotifyRouteChange2") procNotifyUnicastIpAddressChange = modiphlpapi.NewProc("NotifyUnicastIpAddressChange") procAddDllDirectory = modkernel32.NewProc("AddDllDirectory") procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") @@ -1624,6 +1628,11 @@ func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { return } +func FreeMibTable(memory unsafe.Pointer) { + syscall.SyscallN(procFreeMibTable.Addr(), uintptr(memory)) + return +} + func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) { r0, _, _ := syscall.SyscallN(procGetAdaptersAddresses.Addr(), uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer))) if r0 != 0 { @@ -1664,6 +1673,22 @@ func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { return } +func GetIpForwardEntry2(row *MibIpForwardRow2) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetIpForwardEntry2.Addr(), uintptr(unsafe.Pointer(row))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + +func GetIpForwardTable2(family uint16, table **MibIpForwardTable2) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetIpForwardTable2.Addr(), uintptr(family), uintptr(unsafe.Pointer(table))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) { r0, _, _ := syscall.SyscallN(procGetUnicastIpAddressEntry.Addr(), uintptr(unsafe.Pointer(row))) if r0 != 0 { @@ -1684,6 +1709,18 @@ func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsa return } +func NotifyRouteChange2(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { + var _p0 uint32 + if initialNotification { + _p0 = 1 + } + r0, _, _ := syscall.SyscallN(procNotifyRouteChange2.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { var _p0 uint32 if initialNotification { diff --git a/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go b/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go index 153784ed9b..7634c727b3 100644 --- a/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go +++ b/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go @@ -33,6 +33,12 @@ type Args struct { // by API linter. If specified, API rule violations will be printed to report file. // Otherwise default value "-" will be used which indicates stdout. ReportFilename string + + // OutputModelNameFile is the name of the file to be generated for OpenAPI schema name + // accessor functions. If empty, no model name accessor functions are generated. + // When this is specified, the OpenAPI spec generator will use the function names + // instead of Go type names for schema names. + OutputModelNameFile string } // New returns default arguments for the generator. Returning the arguments instead @@ -54,6 +60,13 @@ func (args *Args) AddFlags(fs *pflag.FlagSet) { "the base Go import-path under which to generate results") fs.StringVar(&args.OutputFile, "output-file", "generated.openapi.go", "the name of the file to be generated") + fs.StringVar(&args.OutputModelNameFile, "output-model-name-file", "", + `The filename for generated model name accessor functions. +If specified, a file with this name will be created in each package containing +a "+k8s:openapi-model-package" tag. The generated functions return fully qualified +model names, which are used in the OpenAPI spec as schema references instead of +Go type names. If empty, no model name accessor functions are generated and names +are inferred from Go type names.`) fs.StringVar(&args.GoHeaderFile, "go-header-file", "", "the path to a file containing boilerplate header text; the string \"YEAR\" will be replaced with the current 4-digit year") fs.StringVarP(&args.ReportFilename, "report-filename", "r", args.ReportFilename, diff --git a/vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go b/vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go index b466019ad6..b19da6f63b 100644 --- a/vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go +++ b/vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go @@ -25,6 +25,7 @@ import ( "log" "github.com/spf13/pflag" + "k8s.io/gengo/v2" "k8s.io/gengo/v2/generator" "k8s.io/klog/v2" @@ -45,15 +46,35 @@ func main() { log.Fatalf("Arguments validation error: %v", err) } - myTargets := func(context *generator.Context) []generator.Target { - return generators.GetTargets(context, args) + boilerplate, err := gengo.GoBoilerplate(args.GoHeaderFile, gengo.StdBuildTag, gengo.StdGeneratedBy) + if err != nil { + log.Fatalf("Failed loading boilerplate: %v", err) + } + + // Generates the code for model name accessors. + if len(args.OutputModelNameFile) > 0 { + modelNameTargets := func(context *generator.Context) []generator.Target { + return generators.GetModelNameTargets(context, args, boilerplate) + } + if err := gengo.Execute( + generators.NameSystems(), + generators.DefaultNameSystem(), + modelNameTargets, + gengo.StdBuildTag, + pflag.Args(), + ); err != nil { + log.Fatalf("Model name code generation error: %v", err) + } } // Generates the code for the OpenAPIDefinitions. + openAPITargets := func(context *generator.Context) []generator.Target { + return generators.GetOpenAPITargets(context, args, boilerplate) + } if err := gengo.Execute( generators.NameSystems(), generators.DefaultNameSystem(), - myTargets, + openAPITargets, gengo.StdBuildTag, pflag.Args(), ); err != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/config.go b/vendor/k8s.io/kube-openapi/pkg/generators/config.go index 1fbd775985..1bcf2a5231 100644 --- a/vendor/k8s.io/kube-openapi/pkg/generators/config.go +++ b/vendor/k8s.io/kube-openapi/pkg/generators/config.go @@ -19,7 +19,6 @@ package generators import ( "path" - "k8s.io/gengo/v2" "k8s.io/gengo/v2/generator" "k8s.io/gengo/v2/namer" "k8s.io/gengo/v2/types" @@ -49,12 +48,8 @@ func DefaultNameSystem() string { return "sorting_namer" } -func GetTargets(context *generator.Context, args *args.Args) []generator.Target { - boilerplate, err := gengo.GoBoilerplate(args.GoHeaderFile, gengo.StdBuildTag, gengo.StdGeneratedBy) - if err != nil { - klog.Fatalf("Failed loading boilerplate: %v", err) - } - +// GetOpenAPITargets returns the targets for OpenAPI definition generation. +func GetOpenAPITargets(context *generator.Context, args *args.Args, boilerplate []byte) []generator.Target { reportPath := "-" if args.ReportFilename != "" { reportPath = args.ReportFilename @@ -82,3 +77,56 @@ func GetTargets(context *generator.Context, args *args.Args) []generator.Target }, } } + +// GetModelNameTargets returns the targets for model name generation. +func GetModelNameTargets(context *generator.Context, args *args.Args, boilerplate []byte) []generator.Target { + var targets []generator.Target + for _, i := range context.Inputs { + klog.V(5).Infof("Considering pkg %q", i) + + pkg := context.Universe[i] + + openAPISchemaNamePackage, err := extractOpenAPISchemaNamePackage(pkg.Comments) + if err != nil { + klog.Fatalf("Package %v: invalid %s:%v", i, tagModelPackage, err) + } + hasPackageTag := len(openAPISchemaNamePackage) > 0 + + hasCandidates := false + for _, t := range pkg.Types { + v, err := singularTag(tagModelPackage, t.CommentLines) + if err != nil { + klog.Fatalf("Type %v: invalid %s:%v", t.Name, tagModelPackage, err) + } + hasTag := hasPackageTag || v != nil + hasModel := isSchemaNameType(t) + if hasModel && hasTag { + hasCandidates = true + break + } + } + if !hasCandidates { + klog.V(5).Infof(" skipping package") + continue + } + + klog.V(3).Infof("Generating package %q", pkg.Path) + + targets = append(targets, + &generator.SimpleTarget{ + PkgName: path.Base(pkg.Path), + PkgPath: pkg.Path, + PkgDir: pkg.Dir, // output pkg is the same as the input + HeaderComment: boilerplate, + FilterFunc: func(c *generator.Context, t *types.Type) bool { + return t.Name.Package == pkg.Path + }, + GeneratorsFunc: func(c *generator.Context) (generators []generator.Generator) { + return []generator.Generator{ + NewSchemaNameGen(args.OutputModelNameFile, pkg.Path, openAPISchemaNamePackage), + } + }, + }) + } + return targets +} diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/model_names.go b/vendor/k8s.io/kube-openapi/pkg/generators/model_names.go new file mode 100644 index 0000000000..783e975d44 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/generators/model_names.go @@ -0,0 +1,177 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generators + +import ( + "fmt" + "io" + "strings" + + "k8s.io/gengo/v2" + "k8s.io/gengo/v2/generator" + "k8s.io/gengo/v2/namer" + "k8s.io/gengo/v2/types" + "k8s.io/klog/v2" +) + +const ( + tagModelPackage = "k8s:openapi-model-package" +) + +func extractOpenAPISchemaNamePackage(comments []string) (string, error) { + v, err := singularTag(tagModelPackage, comments) + if v == nil || err != nil { + return "", err + } + return v.Value, nil +} + +func singularTag(tagName string, comments []string) (*gengo.Tag, error) { + tags, err := gengo.ExtractFunctionStyleCommentTags("+", []string{tagName}, comments) + if err != nil { + return nil, err + } + if len(tags) == 0 { + return nil, nil + } + if len(tags) > 1 { + return nil, fmt.Errorf("multiple %s tags found", tagName) + } + tag := tags[tagName] + if len(tag) == 0 { + return nil, nil + } + if len(tag) > 1 { + klog.V(5).Infof("multiple %s tags found, using the first one", tagName) + } + value := tag[0] + return &value, nil +} + +// genSchemaName produces a file with autogenerated openapi schema name functions. +type genSchemaName struct { + generator.GoGenerator + targetPackage string + imports namer.ImportTracker + typesForInit []*types.Type + openAPISchemaNamePackage string +} + +// NewSchemaNameGen creates a generator +func NewSchemaNameGen(outputFilename, targetPackage string, openAPISchemaNamePackage string) generator.Generator { + return &genSchemaName{ + GoGenerator: generator.GoGenerator{ + OutputFilename: outputFilename, + }, + targetPackage: targetPackage, + imports: generator.NewImportTracker(), + typesForInit: make([]*types.Type, 0), + openAPISchemaNamePackage: openAPISchemaNamePackage, + } +} + +func (g *genSchemaName) Namers(c *generator.Context) namer.NameSystems { + return namer.NameSystems{ + "public": namer.NewPublicNamer(1), + "local": namer.NewPublicNamer(0), + "raw": namer.NewRawNamer("", nil), + } +} + +func (g *genSchemaName) Filter(c *generator.Context, t *types.Type) bool { + // Filter out types not being processed or not copyable within the package. + if !isSchemaNameType(t) { + klog.V(2).Infof("Type %v is not a valid target for OpenAPI schema name", t) + return false + } + g.typesForInit = append(g.typesForInit, t) + return true +} + +// isSchemaNameType indicates whether or not a type could be used to serve an API. +func isSchemaNameType(t *types.Type) bool { + // Filter out private types. + if namer.IsPrivateGoName(t.Name.Name) { + return false + } + + for t.Kind == types.Alias { + t = t.Underlying + } + + if t.Kind != types.Struct { + return false + } + return true +} + +func (g *genSchemaName) isOtherPackage(pkg string) bool { + if pkg == g.targetPackage { + return false + } + if strings.HasSuffix(pkg, ""+g.targetPackage+"") { + return false + } + return true +} + +func (g *genSchemaName) Imports(c *generator.Context) (imports []string) { + importLines := []string{} + for _, singleImport := range g.imports.ImportLines() { + if g.isOtherPackage(singleImport) { + importLines = append(importLines, singleImport) + } + } + return importLines +} + +func (g *genSchemaName) Init(c *generator.Context, w io.Writer) error { + return nil +} + +func (g *genSchemaName) GenerateType(c *generator.Context, t *types.Type, w io.Writer) error { + klog.V(3).Infof("Generating openapi schema name for type %v", t) + + openAPISchemaNamePackage := g.openAPISchemaNamePackage + v, err := singularTag(tagModelPackage, t.CommentLines) + if err != nil { + return fmt.Errorf("type %v: invalid %s:%v", t.Name, tagModelPackage, err) + } + if v != nil && v.Value != "" { + openAPISchemaNamePackage = v.Value + } + + if openAPISchemaNamePackage == "" { + return nil + } + + schemaName := openAPISchemaNamePackage + "." + t.Name.Name + + a := map[string]interface{}{ + "type": t, + "schemaName": schemaName, + } + + sw := generator.NewSnippetWriter(w, c, "$", "$") + + sw.Do("// OpenAPIModelName returns the OpenAPI model name for this type.\n", a) + sw.Do("func (in $.type|local$) OpenAPIModelName() string {\n", a) + sw.Do("\treturn \"$.schemaName$\"\n", a) + sw.Do("}\n\n", nil) + + return sw.Error() +} diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go b/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go index c5c0093818..5d58754a77 100644 --- a/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go +++ b/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go @@ -295,6 +295,40 @@ func hasOpenAPIV3OneOfMethod(t *types.Type) bool { return false } +func hasOpenAPIModelName(t *types.Type) bool { + for mn, mt := range t.Methods { + if mn != "OpenAPIModelName" { + continue + } + return methodReturnsValue(mt, "", "string") + } + return false +} + +func (g openAPITypeWriter) shouldUseOpenAPIModelName(t *types.Type) bool { + // Finds non-generated OpenAPIModelName() functions. + // Generated OpenAPIModelName() are ignored due to the 'ignore_autogenerated' build tag + // but are handled below by checking for use of the +k8s:openapi-model-package. + // This approach allows code generators to be called in any order. + if hasOpenAPIModelName(t) { + return true + } + + value, err := extractOpenAPISchemaNamePackage(t.CommentLines) + if err != nil { + klog.Fatalf("Type %v: invalid %s:%v", t, tagModelPackage, err) + } + if value != "" { + return true + } + pkg := g.context.Universe.Package(t.Name.Package) + value, err = extractOpenAPISchemaNamePackage(pkg.Comments) + if err != nil { + klog.Fatalf("Package %v: invalid %s:%v", pkg, tagModelPackage, err) + } + return value != "" +} + // typeShortName returns short package name (e.g. the name x appears in package x definition) dot type name. func typeShortName(t *types.Type) string { // `path` vs. `filepath` because packages use '/' @@ -339,8 +373,18 @@ func (g openAPITypeWriter) generateCall(t *types.Type) error { // Only generate for struct type and ignore the rest switch t.Kind { case types.Struct: + if namer.IsPrivateGoName(t.Name.Name) { // skip private types + return nil + } + args := argsFromType(t) - g.Do("\"$.$\": ", t.Name) + + if g.shouldUseOpenAPIModelName(t) { + g.Do("$.|raw${}.OpenAPIModelName(): ", t) + } else { + // Legacy case: use the "canonical type name" + g.Do("\"$.$\": ", t.Name) + } hasV2Definition := hasOpenAPIDefinitionMethod(t) hasV2DefinitionTypeAndFormat := hasOpenAPIDefinitionMethods(t) @@ -657,6 +701,9 @@ func (g openAPITypeWriter) generate(t *types.Type) error { deps := []string{} for _, k := range keys { v := g.refTypes[k] + if t.Kind != types.Struct { + continue + } if t, _ := openapi.OpenAPITypeFormat(v.String()); t != "" { // This is a known type, we do not need a reference to it // Will eliminate special case of time.Time @@ -667,7 +714,12 @@ func (g openAPITypeWriter) generate(t *types.Type) error { if len(deps) > 0 { g.Do("Dependencies: []string{\n", args) for _, k := range deps { - g.Do("\"$.$\",", k) + t := g.refTypes[k] + if g.shouldUseOpenAPIModelName(t) { + g.Do("$.|raw${}.OpenAPIModelName(),", t) + } else { + g.Do("\"$.$\",", k) + } } g.Do("},\n", nil) } @@ -1011,8 +1063,10 @@ func (g openAPITypeWriter) generateProperty(m *types.Member, parent *types.Type) if err := g.generateSliceProperty(t); err != nil { return fmt.Errorf("failed to generate slice property in %v: %v: %v", parent, m.Name, err) } - case types.Struct, types.Interface: + case types.Struct: g.generateReferenceProperty(t) + case types.Interface: + // Don't generate references to interfaces since we don't declare them default: return fmt.Errorf("cannot generate spec for type %v", t) } @@ -1027,7 +1081,11 @@ func (g openAPITypeWriter) generateSimpleProperty(typeString, format string) { func (g openAPITypeWriter) generateReferenceProperty(t *types.Type) { g.refTypes[t.Name.String()] = t - g.Do("Ref: ref(\"$.$\"),\n", t.Name.String()) + if g.shouldUseOpenAPIModelName(t) { + g.Do("Ref: ref($.|raw${}.OpenAPIModelName()),\n", t) + } else { + g.Do("Ref: ref(\"$.$\"),\n", t.Name.String()) + } } func resolvePtrType(t *types.Type) *types.Type { diff --git a/vendor/k8s.io/kube-openapi/pkg/util/util.go b/vendor/k8s.io/kube-openapi/pkg/util/util.go index 6eee935b22..830ec3ca09 100644 --- a/vendor/k8s.io/kube-openapi/pkg/util/util.go +++ b/vendor/k8s.io/kube-openapi/pkg/util/util.go @@ -92,10 +92,21 @@ type OpenAPICanonicalTypeNamer interface { OpenAPICanonicalTypeName() string } +// OpenAPIModelNamer is an interface Go types may implement to provide an OpenAPI model name. +// +// This takes precedence over OpenAPICanonicalTypeNamer, and should be used when a Go type has a model +// name that differs from its canonical type name as determined by Go package name reflection. +type OpenAPIModelNamer interface { + OpenAPIModelName() string +} + // GetCanonicalTypeName will find the canonical type name of a sample object, removing // the "vendor" part of the path func GetCanonicalTypeName(model interface{}) string { - if namer, ok := model.(OpenAPICanonicalTypeNamer); ok { + switch namer := model.(type) { + case OpenAPIModelNamer: + return namer.OpenAPIModelName() + case OpenAPICanonicalTypeNamer: return namer.OpenAPICanonicalTypeName() } t := reflect.TypeOf(model) diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/default.go b/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/default.go index 97b2f989e9..23109816eb 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/default.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/default.go @@ -17,7 +17,6 @@ package strfmt import ( "encoding/base64" "encoding/json" - "fmt" "net/mail" "regexp" "strings" @@ -247,29 +246,6 @@ func (b *Base64) UnmarshalText(data []byte) error { // validation is performed l return nil } -// Scan read a value from a database driver -func (b *Base64) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - dbuf := make([]byte, base64.StdEncoding.DecodedLen(len(v))) - n, err := base64.StdEncoding.Decode(dbuf, v) - if err != nil { - return err - } - *b = dbuf[:n] - case string: - vv, err := base64.StdEncoding.DecodeString(v) - if err != nil { - return err - } - *b = Base64(vv) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.Base64 from: %#v", v) - } - - return nil -} - func (b Base64) String() string { return base64.StdEncoding.EncodeToString([]byte(b)) } @@ -324,20 +300,6 @@ func (u *URI) UnmarshalText(data []byte) error { // validation is performed late return nil } -// Scan read a value from a database driver -func (u *URI) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = URI(string(v)) - case string: - *u = URI(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.URI from: %#v", v) - } - - return nil -} - func (u URI) String() string { return string(u) } @@ -388,20 +350,6 @@ func (e *Email) UnmarshalText(data []byte) error { // validation is performed la return nil } -// Scan read a value from a database driver -func (e *Email) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *e = Email(string(v)) - case string: - *e = Email(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.Email from: %#v", v) - } - - return nil -} - func (e Email) String() string { return string(e) } @@ -452,20 +400,6 @@ func (h *Hostname) UnmarshalText(data []byte) error { // validation is performed return nil } -// Scan read a value from a database driver -func (h *Hostname) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *h = Hostname(string(v)) - case string: - *h = Hostname(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.Hostname from: %#v", v) - } - - return nil -} - func (h Hostname) String() string { return string(h) } @@ -516,20 +450,6 @@ func (u *IPv4) UnmarshalText(data []byte) error { // validation is performed lat return nil } -// Scan read a value from a database driver -func (u *IPv4) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = IPv4(string(v)) - case string: - *u = IPv4(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.IPv4 from: %#v", v) - } - - return nil -} - func (u IPv4) String() string { return string(u) } @@ -580,20 +500,6 @@ func (u *IPv6) UnmarshalText(data []byte) error { // validation is performed lat return nil } -// Scan read a value from a database driver -func (u *IPv6) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = IPv6(string(v)) - case string: - *u = IPv6(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.IPv6 from: %#v", v) - } - - return nil -} - func (u IPv6) String() string { return string(u) } @@ -644,20 +550,6 @@ func (u *CIDR) UnmarshalText(data []byte) error { // validation is performed lat return nil } -// Scan read a value from a database driver -func (u *CIDR) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = CIDR(string(v)) - case string: - *u = CIDR(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.CIDR from: %#v", v) - } - - return nil -} - func (u CIDR) String() string { return string(u) } @@ -708,20 +600,6 @@ func (u *MAC) UnmarshalText(data []byte) error { // validation is performed late return nil } -// Scan read a value from a database driver -func (u *MAC) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = MAC(string(v)) - case string: - *u = MAC(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.IPv4 from: %#v", v) - } - - return nil -} - func (u MAC) String() string { return string(u) } @@ -772,20 +650,6 @@ func (u *UUID) UnmarshalText(data []byte) error { // validation is performed lat return nil } -// Scan read a value from a database driver -func (u *UUID) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = UUID(string(v)) - case string: - *u = UUID(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.UUID from: %#v", v) - } - - return nil -} - func (u UUID) String() string { return string(u) } @@ -839,20 +703,6 @@ func (u *UUID3) UnmarshalText(data []byte) error { // validation is performed la return nil } -// Scan read a value from a database driver -func (u *UUID3) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = UUID3(string(v)) - case string: - *u = UUID3(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.UUID3 from: %#v", v) - } - - return nil -} - func (u UUID3) String() string { return string(u) } @@ -906,20 +756,6 @@ func (u *UUID4) UnmarshalText(data []byte) error { // validation is performed la return nil } -// Scan read a value from a database driver -func (u *UUID4) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = UUID4(string(v)) - case string: - *u = UUID4(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.UUID4 from: %#v", v) - } - - return nil -} - func (u UUID4) String() string { return string(u) } @@ -973,20 +809,6 @@ func (u *UUID5) UnmarshalText(data []byte) error { // validation is performed la return nil } -// Scan read a value from a database driver -func (u *UUID5) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = UUID5(string(v)) - case string: - *u = UUID5(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.UUID5 from: %#v", v) - } - - return nil -} - func (u UUID5) String() string { return string(u) } @@ -1040,20 +862,6 @@ func (u *ISBN) UnmarshalText(data []byte) error { // validation is performed lat return nil } -// Scan read a value from a database driver -func (u *ISBN) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = ISBN(string(v)) - case string: - *u = ISBN(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.ISBN from: %#v", v) - } - - return nil -} - func (u ISBN) String() string { return string(u) } @@ -1107,20 +915,6 @@ func (u *ISBN10) UnmarshalText(data []byte) error { // validation is performed l return nil } -// Scan read a value from a database driver -func (u *ISBN10) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = ISBN10(string(v)) - case string: - *u = ISBN10(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.ISBN10 from: %#v", v) - } - - return nil -} - func (u ISBN10) String() string { return string(u) } @@ -1174,20 +968,6 @@ func (u *ISBN13) UnmarshalText(data []byte) error { // validation is performed l return nil } -// Scan read a value from a database driver -func (u *ISBN13) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = ISBN13(string(v)) - case string: - *u = ISBN13(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.ISBN13 from: %#v", v) - } - - return nil -} - func (u ISBN13) String() string { return string(u) } @@ -1241,20 +1021,6 @@ func (u *CreditCard) UnmarshalText(data []byte) error { // validation is perform return nil } -// Scan read a value from a database driver -func (u *CreditCard) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = CreditCard(string(v)) - case string: - *u = CreditCard(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.CreditCard from: %#v", v) - } - - return nil -} - func (u CreditCard) String() string { return string(u) } @@ -1308,20 +1074,6 @@ func (u *SSN) UnmarshalText(data []byte) error { // validation is performed late return nil } -// Scan read a value from a database driver -func (u *SSN) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *u = SSN(string(v)) - case string: - *u = SSN(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.SSN from: %#v", v) - } - - return nil -} - func (u SSN) String() string { return string(u) } @@ -1375,20 +1127,6 @@ func (h *HexColor) UnmarshalText(data []byte) error { // validation is performed return nil } -// Scan read a value from a database driver -func (h *HexColor) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *h = HexColor(string(v)) - case string: - *h = HexColor(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.HexColor from: %#v", v) - } - - return nil -} - func (h HexColor) String() string { return string(h) } @@ -1442,20 +1180,6 @@ func (r *RGBColor) UnmarshalText(data []byte) error { // validation is performed return nil } -// Scan read a value from a database driver -func (r *RGBColor) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *r = RGBColor(string(v)) - case string: - *r = RGBColor(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.RGBColor from: %#v", v) - } - - return nil -} - func (r RGBColor) String() string { return string(r) } @@ -1510,20 +1234,6 @@ func (r *Password) UnmarshalText(data []byte) error { // validation is performed return nil } -// Scan read a value from a database driver -func (r *Password) Scan(raw interface{}) error { - switch v := raw.(type) { - case []byte: - *r = Password(string(v)) - case string: - *r = Password(v) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.Password from: %#v", v) - } - - return nil -} - func (r Password) String() string { return string(r) } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/duration.go b/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/duration.go index 8fbeb635fb..04545296bd 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/duration.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/duration.go @@ -119,23 +119,6 @@ func ParseDuration(cand string) (time.Duration, error) { return 0, fmt.Errorf("unable to parse %s as duration", cand) } -// Scan reads a Duration value from database driver type. -func (d *Duration) Scan(raw interface{}) error { - switch v := raw.(type) { - // TODO: case []byte: // ? - case int64: - *d = Duration(v) - case float64: - *d = Duration(int64(v)) - case nil: - *d = Duration(0) - default: - return fmt.Errorf("cannot sql.Scan() strfmt.Duration from: %#v", v) - } - - return nil -} - // String converts this duration to a string func (d Duration) String() string { return time.Duration(d).String() diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/time.go b/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/time.go index b2324db052..d0fd31a9db 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/time.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/strfmt/time.go @@ -16,7 +16,6 @@ package strfmt import ( "encoding/json" - "fmt" "regexp" "strings" "time" @@ -114,25 +113,6 @@ func (t *DateTime) UnmarshalText(text []byte) error { return nil } -// Scan scans a DateTime value from database driver type. -func (t *DateTime) Scan(raw interface{}) error { - // TODO: case int64: and case float64: ? - switch v := raw.(type) { - case []byte: - return t.UnmarshalText(v) - case string: - return t.UnmarshalText([]byte(v)) - case time.Time: - *t = DateTime(v) - case nil: - *t = DateTime{} - default: - return fmt.Errorf("cannot sql.Scan() strfmt.DateTime from: %#v", v) - } - - return nil -} - // MarshalJSON returns the DateTime as JSON func (t DateTime) MarshalJSON() ([]byte, error) { return json.Marshal(time.Time(t).Format(MarshalFormat)) diff --git a/vendor/k8s.io/utils/net/multi_listen.go b/vendor/k8s.io/utils/net/multi_listen.go index 7cb7795bec..e5d508055d 100644 --- a/vendor/k8s.io/utils/net/multi_listen.go +++ b/vendor/k8s.io/utils/net/multi_listen.go @@ -21,6 +21,7 @@ import ( "fmt" "net" "sync" + "sync/atomic" ) // connErrPair pairs conn and error which is returned by accept on sub-listeners. @@ -38,6 +39,7 @@ type multiListener struct { connCh chan connErrPair // stopCh communicates from parent to child listeners. stopCh chan struct{} + closed atomic.Bool } // compile time check to ensure *multiListener implements net.Listener @@ -150,10 +152,8 @@ func (ml *multiListener) Accept() (net.Conn, error) { // the go-routines to exit. func (ml *multiListener) Close() error { // Make sure this can be called repeatedly without explosions. - select { - case <-ml.stopCh: + if !ml.closed.CompareAndSwap(false, true) { return fmt.Errorf("use of closed network connection") - default: } // Tell all sub-listeners to stop. diff --git a/vendor/modules.txt b/vendor/modules.txt index ea5c5f7410..fc80c28160 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -267,8 +267,8 @@ github.com/go-git/go-git/v5/internal/path_util github.com/go-git/go-git/v5/plumbing/format/config github.com/go-git/go-git/v5/plumbing/format/gitignore github.com/go-git/go-git/v5/utils/ioutil -# github.com/go-jose/go-jose/v4 v4.1.2 -## explicit; go 1.23.0 +# github.com/go-jose/go-jose/v4 v4.1.3 +## explicit; go 1.24.0 github.com/go-jose/go-jose/v4 github.com/go-jose/go-jose/v4/cipher github.com/go-jose/go-jose/v4/json @@ -377,7 +377,7 @@ github.com/google/go-cmp/cmp/internal/value # github.com/google/go-containerregistry v0.20.6 ## explicit; go 1.24 github.com/google/go-containerregistry/pkg/name -# github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 +# github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d ## explicit; go 1.24.0 github.com/google/pprof/profile # github.com/google/uuid v1.6.0 @@ -416,8 +416,8 @@ github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options github.com/grpc-ecosystem/grpc-gateway/v2/runtime github.com/grpc-ecosystem/grpc-gateway/v2/utilities -# github.com/grpc-ecosystem/grpc-health-probe v0.4.40 -## explicit; go 1.23.0 +# github.com/grpc-ecosystem/grpc-health-probe v0.4.41 +## explicit; go 1.24.0 github.com/grpc-ecosystem/grpc-health-probe # github.com/h2non/filetype v1.1.3 ## explicit; go 1.13 @@ -593,7 +593,7 @@ github.com/opencontainers/image-spec/specs-go/v1 # github.com/opencontainers/runtime-spec v1.2.1 ## explicit github.com/opencontainers/runtime-spec/specs-go -# github.com/openshift/api v0.0.0-20251023193535-8691c3014652 +# github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7 ## explicit; go 1.24.0 github.com/openshift/api/config/v1 # github.com/openshift/client-go v0.0.0-20220525160904-9e1acff93e4a => github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0 @@ -721,7 +721,7 @@ github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/stor github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/version github.com/operator-framework/operator-lifecycle-manager/pkg/version github.com/operator-framework/operator-lifecycle-manager/util/cpb -# github.com/operator-framework/operator-registry v1.60.0 => ./staging/operator-registry +# github.com/operator-framework/operator-registry v1.61.0 => ./staging/operator-registry ## explicit; go 1.24.4 github.com/operator-framework/operator-registry/alpha/action github.com/operator-framework/operator-registry/alpha/action/migrations @@ -852,8 +852,8 @@ github.com/spf13/cobra # github.com/spf13/pflag v1.0.10 ## explicit; go 1.12 github.com/spf13/pflag -# github.com/spiffe/go-spiffe/v2 v2.5.0 -## explicit; go 1.22.11 +# github.com/spiffe/go-spiffe/v2 v2.6.0 +## explicit; go 1.24.0 github.com/spiffe/go-spiffe/v2/bundle/jwtbundle github.com/spiffe/go-spiffe/v2/bundle/spiffebundle github.com/spiffe/go-spiffe/v2/bundle/x509bundle @@ -905,9 +905,6 @@ github.com/vbauerster/mpb/v8/internal # github.com/x448/float16 v0.8.4 ## explicit; go 1.11 github.com/x448/float16 -# github.com/zeebo/errs v1.4.0 -## explicit; go 1.12 -github.com/zeebo/errs # go.etcd.io/bbolt v1.4.3 ## explicit; go 1.23 go.etcd.io/bbolt @@ -1171,12 +1168,12 @@ golang.org/x/net/websocket ## explicit; go 1.24.0 golang.org/x/oauth2 golang.org/x/oauth2/internal -# golang.org/x/sync v0.17.0 +# golang.org/x/sync v0.18.0 ## explicit; go 1.24.0 golang.org/x/sync/errgroup golang.org/x/sync/semaphore golang.org/x/sync/singleflight -# golang.org/x/sys v0.37.0 +# golang.org/x/sys v0.38.0 ## explicit; go 1.24.0 golang.org/x/sys/cpu golang.org/x/sys/plan9 @@ -1236,8 +1233,6 @@ golang.org/x/tools/internal/stdlib golang.org/x/tools/internal/typeparams golang.org/x/tools/internal/typesinternal golang.org/x/tools/internal/versions -# golang.org/x/tools/go/expect v0.1.1-deprecated -## explicit; go 1.23.0 # gomodules.xyz/jsonpatch/v2 v2.4.0 ## explicit; go 1.20 gomodules.xyz/jsonpatch/v2 @@ -1250,8 +1245,8 @@ google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations google.golang.org/genproto/googleapis/api/expr/v1alpha1 google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b -## explicit; go 1.23.0 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20251110190251-83f479183930 +## explicit; go 1.24.0 google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status # google.golang.org/grpc v1.76.0 @@ -2189,8 +2184,8 @@ k8s.io/kube-aggregator/pkg/client/informers/externalversions/apiregistration/v1b k8s.io/kube-aggregator/pkg/client/informers/externalversions/internalinterfaces k8s.io/kube-aggregator/pkg/client/listers/apiregistration/v1 k8s.io/kube-aggregator/pkg/client/listers/apiregistration/v1beta1 -# k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b -## explicit; go 1.23 +# k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 +## explicit; go 1.23.0 k8s.io/kube-openapi/cmd/openapi-gen k8s.io/kube-openapi/cmd/openapi-gen/args k8s.io/kube-openapi/pkg/builder @@ -2222,7 +2217,7 @@ k8s.io/kube-openapi/pkg/validation/validate k8s.io/kubectl/pkg/util/interrupt k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term -# k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 +# k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 ## explicit; go 1.18 k8s.io/utils/buffer k8s.io/utils/clock