From 9a526e368138a0e80aca712ff031a51e6bdbdb5c Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Wed, 12 Apr 2023 14:06:43 -0400 Subject: [PATCH] misc: add support for inline TLS settings for Prometheus-based components This updates the prometheus/common dependency to use a fork until prometheus/common#472 is merged. Components which use the prometheus/common dependency for TLS configs will automatically support inline TLS settings. Some components, particularly loki.source.kafka and loki.source.syslog had to be updated as they build their own TLS configs. --- CHANGELOG.md | 23 ++++++- component/common/config/types.go | 63 +++++++++++++++--- .../internal/kafkatarget/authentication.go | 30 --------- .../internal/kafkatarget/target_syncer.go | 5 +- .../kafkatarget/target_syncer_test.go | 2 +- .../syslog/internal/syslogtarget/transport.go | 65 ++++++++++++++++--- .../reference/components/tls-config-block.md | 14 ++++ go.mod | 3 + go.sum | 44 ++++--------- 9 files changed, 167 insertions(+), 82 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eb83590d70ae..779413a2bfda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,7 +36,7 @@ Main (unreleased) - `module.file` runs a Grafana Agent Flow module passed to the component by an expression containing a file. (@erikbaranowski) - `otelcol.auth.oauth2` performs OAuth 2.0 authentication for HTTP and gRPC - based OpenTelemetry exporters. (@ptodev) + based OpenTelemetry exporters. (@ptodev) - `otelcol.extension.jaeger_remote_sampling` provides an endpoint from which to pull Jaeger remote sampling documents. (@joe-elliott) - `prometheus.exporter.blackbox` collects metrics from Blackbox exporter. (@marctc) @@ -85,6 +85,27 @@ Main (unreleased) - Update Process Exporter dependency to v0.7.10. (@spartan0x117) +- Flow: support client TLS settings (CA, client certificate, client key) being + provided from other components for the following components: + + - `discovery.docker` + - `discovery.kubernetes` + - `loki.source.kafka` + - `loki.source.kubernetes` + - `loki.source.podlogs` + - `loki.write` + - `mimir.rules.kubernetes` + - `phlare.scrape` + - `phlare.write` + - `prometheus.remote_write` + - `prometheus.scrape` + - `remote.http` + +- Flow: support server TLS settings (client CA, server certificate, server key) + being provided from other components for the following components: + + - `loki.source.syslog` + ### Bugfixes - Flow: fix issue where Flow would return an error when trying to access a key diff --git a/component/common/config/types.go b/component/common/config/types.go index b28dfe268b54..3cebefd1615e 100644 --- a/component/common/config/types.go +++ b/component/common/config/types.go @@ -116,10 +116,12 @@ func (h *HTTPClientConfig) Convert() *config.HTTPClientConfig { OAuth2: h.OAuth2.Convert(), BearerToken: config.Secret(h.BearerToken), BearerTokenFile: h.BearerTokenFile, - ProxyURL: h.ProxyURL.Convert(), TLSConfig: *h.TLSConfig.Convert(), FollowRedirects: h.FollowRedirects, EnableHTTP2: h.EnableHTTP2, + ProxyConfig: config.ProxyConfig{ + ProxyURL: h.ProxyURL.Convert(), + }, } } @@ -231,12 +233,26 @@ func (tv *TLSVersion) UnmarshalText(text []byte) error { // TLSConfig sets up options for TLS connections. type TLSConfig struct { - CAFile string `river:"ca_file,attr,optional"` - CertFile string `river:"cert_file,attr,optional"` - KeyFile string `river:"key_file,attr,optional"` - ServerName string `river:"server_name,attr,optional"` - InsecureSkipVerify bool `river:"insecure_skip_verify,attr,optional"` - MinVersion TLSVersion `river:"min_version,attr,optional"` + CA string `river:"ca_pem,attr,optional"` + CAFile string `river:"ca_file,attr,optional"` + Cert string `river:"cert_pem,attr,optional"` + CertFile string `river:"cert_file,attr,optional"` + Key rivertypes.Secret `river:"key_pem,attr,optional"` + KeyFile string `river:"key_file,attr,optional"` + ServerName string `river:"server_name,attr,optional"` + InsecureSkipVerify bool `river:"insecure_skip_verify,attr,optional"` + MinVersion TLSVersion `river:"min_version,attr,optional"` +} + +// UnmarshalRiver implements river.Unmarshaler and reports whether the +// unmarshaled TLSConfig is valid. +func (t *TLSConfig) UnmarshalRiver(f func(interface{}) error) error { + type tlsConfig TLSConfig + if err := f((*tlsConfig)(t)); err != nil { + return err + } + + return t.Validate() } // Convert converts our type to the native prometheus type @@ -245,8 +261,11 @@ func (t *TLSConfig) Convert() *config.TLSConfig { return nil } return &config.TLSConfig{ + CA: t.CA, CAFile: t.CAFile, + Cert: t.Cert, CertFile: t.CertFile, + Key: config.Secret(t.Key), KeyFile: t.KeyFile, ServerName: t.ServerName, InsecureSkipVerify: t.InsecureSkipVerify, @@ -254,6 +273,32 @@ func (t *TLSConfig) Convert() *config.TLSConfig { } } +// Validate reports whether t is valid. +func (t *TLSConfig) Validate() error { + if len(t.CA) > 0 && len(t.CAFile) > 0 { + return fmt.Errorf("at most one of ca_pem and ca_file must be configured") + } + if len(t.Cert) > 0 && len(t.CertFile) > 0 { + return fmt.Errorf("at most one of cert_pem and cert_file must be configured") + } + if len(t.Key) > 0 && len(t.KeyFile) > 0 { + return fmt.Errorf("at most one of key_pem and key_file must be configured") + } + + var ( + usingClientCert = len(t.Cert) > 0 || len(t.CertFile) > 0 + usingClientKey = len(t.Key) > 0 || len(t.KeyFile) > 0 + ) + + if usingClientCert && !usingClientKey { + return fmt.Errorf("exactly one of key_pem or key_file must be configured when a client certificate is configured") + } else if usingClientKey && !usingClientCert { + return fmt.Errorf("exactly one of cert_pem or cert_file must be configured when a client key is configured") + } + + return nil +} + // OAuth2Config sets up the OAuth2 client. type OAuth2Config struct { ClientID string `river:"client_id,attr,optional"` @@ -278,7 +323,9 @@ func (o *OAuth2Config) Convert() *config.OAuth2 { Scopes: o.Scopes, TokenURL: o.TokenURL, EndpointParams: o.EndpointParams, - ProxyURL: o.ProxyURL.Convert(), TLSConfig: *o.TLSConfig.Convert(), + ProxyConfig: config.ProxyConfig{ + ProxyURL: o.ProxyURL.Convert(), + }, } } diff --git a/component/loki/source/internal/kafkatarget/authentication.go b/component/loki/source/internal/kafkatarget/authentication.go index f9d173b40fe3..ffd7fc6bb512 100644 --- a/component/loki/source/internal/kafkatarget/authentication.go +++ b/component/loki/source/internal/kafkatarget/authentication.go @@ -7,40 +7,10 @@ package kafkatarget import ( "crypto/sha256" "crypto/sha512" - "crypto/tls" - "crypto/x509" - "os" - promconfig "github.com/prometheus/common/config" "github.com/xdg-go/scram" ) -func createTLSConfig(cfg promconfig.TLSConfig) (*tls.Config, error) { - tc := &tls.Config{ - InsecureSkipVerify: cfg.InsecureSkipVerify, - ServerName: cfg.ServerName, - } - // load ca cert - if len(cfg.CAFile) > 0 { - caCert, err := os.ReadFile(cfg.CAFile) - if err != nil { - return nil, err - } - caCertPool := x509.NewCertPool() - caCertPool.AppendCertsFromPEM(caCert) - tc.RootCAs = caCertPool - } - // load client cert - if len(cfg.CertFile) > 0 && len(cfg.KeyFile) > 0 { - cert, err := tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile) - if err != nil { - return nil, err - } - tc.Certificates = []tls.Certificate{cert} - } - return tc, nil -} - // copied from https://github.com/Shopify/sarama/blob/44627b731c60bb90efe25573e7ef2b3f8df3fa23/examples/sasl_scram_client/scram_client.go var ( SHA256 scram.HashGeneratorFcn = sha256.New diff --git a/component/loki/source/internal/kafkatarget/target_syncer.go b/component/loki/source/internal/kafkatarget/target_syncer.go index 26e59efb1188..fbe5e2743200 100644 --- a/component/loki/source/internal/kafkatarget/target_syncer.go +++ b/component/loki/source/internal/kafkatarget/target_syncer.go @@ -15,6 +15,7 @@ import ( "github.com/go-kit/log" "github.com/go-kit/log/level" "github.com/prometheus/client_golang/prometheus" + promconfig "github.com/prometheus/common/config" "github.com/prometheus/common/model" "github.com/prometheus/prometheus/model/labels" @@ -136,7 +137,7 @@ func withAuthentication(cfg sarama.Config, authCfg Authentication) (*sarama.Conf func withSSLAuthentication(cfg sarama.Config, authCfg Authentication) (*sarama.Config, error) { cfg.Net.TLS.Enable = true - tc, err := createTLSConfig(authCfg.TLSConfig) + tc, err := promconfig.NewTLSConfig(&authCfg.TLSConfig) if err != nil { return nil, err } @@ -187,7 +188,7 @@ func withSASLAuthentication(cfg sarama.Config, authCfg Authentication) (*sarama. } if authCfg.SASLConfig.UseTLS { - tc, err := createTLSConfig(authCfg.SASLConfig.TLSConfig) + tc, err := promconfig.NewTLSConfig(&authCfg.SASLConfig.TLSConfig) if err != nil { return nil, err } diff --git a/component/loki/source/internal/kafkatarget/target_syncer_test.go b/component/loki/source/internal/kafkatarget/target_syncer_test.go index a14fffc651ab..b02534cfe3a9 100644 --- a/component/loki/source/internal/kafkatarget/target_syncer_test.go +++ b/component/loki/source/internal/kafkatarget/target_syncer_test.go @@ -217,7 +217,7 @@ func Test_withAuthentication(t *testing.T) { ServerName: "example.com", InsecureSkipVerify: true, } - expectedTLSConf, _ = createTLSConfig(config.TLSConfig{ + expectedTLSConf, _ = config.NewTLSConfig(&config.TLSConfig{ CAFile: "testdata/example.com.ca.pem", CertFile: "testdata/example.com.pem", KeyFile: "testdata/example.com-key.pem", diff --git a/component/loki/source/syslog/internal/syslogtarget/transport.go b/component/loki/source/syslog/internal/syslogtarget/transport.go index 5d3c4d6d6ecb..d8d2d8faa666 100644 --- a/component/loki/source/syslog/internal/syslogtarget/transport.go +++ b/component/loki/source/syslog/internal/syslogtarget/transport.go @@ -22,6 +22,7 @@ import ( "github.com/go-kit/log" "github.com/go-kit/log/level" "github.com/influxdata/go-syslog/v3" + "github.com/prometheus/common/config" "github.com/prometheus/prometheus/model/labels" "github.com/grafana/loki/clients/pkg/promtail/scrapeconfig" @@ -179,9 +180,18 @@ func (t *TCPTransport) Run() error { return fmt.Errorf("error setting up syslog target: %w", err) } - tlsEnabled := t.config.TLSConfig.CertFile != "" || t.config.TLSConfig.KeyFile != "" || t.config.TLSConfig.CAFile != "" + var ( + tlsConfig = t.config.TLSConfig + + configuredCA = len(tlsConfig.CA) > 0 || len(tlsConfig.CAFile) > 0 + configuredCert = len(tlsConfig.Cert) > 0 || len(tlsConfig.CertFile) > 0 + configuredKey = len(tlsConfig.Key) > 0 || len(tlsConfig.KeyFile) > 0 + + tlsEnabled = configuredCA || configuredCert || configuredKey + ) + if tlsEnabled { - tlsConfig, err := newTLSConfig(t.config.TLSConfig.CertFile, t.config.TLSConfig.KeyFile, t.config.TLSConfig.CAFile) + tlsConfig, err := newTLSConfig(tlsConfig) if err != nil { return fmt.Errorf("error setting up syslog target: %w", err) } @@ -197,12 +207,42 @@ func (t *TCPTransport) Run() error { return nil } -func newTLSConfig(certFile string, keyFile string, caFile string) (*tls.Config, error) { - if certFile == "" || keyFile == "" { - return nil, fmt.Errorf("certificate and key files are required") +// newTLSConfig creates TLS server settings from a [config.TLSConfig]. Use this +// function to create TLS server settings, and [config.NewTLSConfig] to create +// TLS client settings. +func newTLSConfig(config config.TLSConfig) (*tls.Config, error) { + var ( + configuredCert = len(config.Cert) > 0 || len(config.CertFile) > 0 + configuredKey = len(config.Key) > 0 || len(config.KeyFile) > 0 + ) + + if !configuredCert || !configuredKey { + return nil, fmt.Errorf("certificate and key must be configured") } - certs, err := tls.LoadX509KeyPair(certFile, keyFile) + var certBytes, keyBytes []byte + + if len(config.CertFile) > 0 { + bb, err := os.ReadFile(config.CertFile) + if err != nil { + return nil, fmt.Errorf("unable to load server certificate: %w", err) + } + certBytes = bb + } else if len(config.Cert) > 0 { + certBytes = []byte(config.Cert) + } + + if len(config.KeyFile) > 0 { + bb, err := os.ReadFile(config.KeyFile) + if err != nil { + return nil, fmt.Errorf("unable to load server key: %w", err) + } + keyBytes = bb + } else if len(config.Key) > 0 { + keyBytes = []byte(config.Key) + } + + certs, err := tls.X509KeyPair(certBytes, keyBytes) if err != nil { return nil, fmt.Errorf("unable to load server certificate or key: %w", err) } @@ -211,14 +251,21 @@ func newTLSConfig(certFile string, keyFile string, caFile string) (*tls.Config, Certificates: []tls.Certificate{certs}, } - if caFile != "" { - caCert, err := os.ReadFile(caFile) + var caBytes []byte + + if len(config.CAFile) > 0 { + bb, err := os.ReadFile(config.CAFile) if err != nil { return nil, fmt.Errorf("unable to load client CA certificate: %w", err) } + caBytes = bb + } else if len(config.CA) > 0 { + caBytes = []byte(config.CA) + } + if len(caBytes) > 0 { caCertPool := x509.NewCertPool() - if ok := caCertPool.AppendCertsFromPEM(caCert); !ok { + if ok := caCertPool.AppendCertsFromPEM(caBytes); !ok { return nil, fmt.Errorf("unable to parse client CA certificate") } diff --git a/docs/sources/shared/flow/reference/components/tls-config-block.md b/docs/sources/shared/flow/reference/components/tls-config-block.md index 25ac52675ba9..85718b9e072a 100644 --- a/docs/sources/shared/flow/reference/components/tls-config-block.md +++ b/docs/sources/shared/flow/reference/components/tls-config-block.md @@ -6,13 +6,27 @@ headless: true Name | Type | Description | Default | Required ---- | ---- | ----------- | ------- | -------- +`ca_pem` | `string` | CA PEM-encoded text to validate the server with. | | no `ca_file` | `string` | CA certificate to validate the server with. | | no +`cert_pem` | `string` | Certificate PEM-encoded text for client authentication. | | no `cert_file` | `string` | Certificate file for client authentication. | | no +`key_pem` | `secret` | Key PEM-encoded text for client authentication. | | no `key_file` | `string` | Key file for client authentication. | | no `server_name` | `string` | ServerName extension to indicate the name of the server. | | no `insecure_skip_verify` | `bool` | Disables validation of the server certificate. | | no `min_version` | `string` | Minimum acceptable TLS version. | | no +The following pairs of arguments are mutually exclusive and cannot both be set +simultaneously: + +* `ca_pem` and `ca_file` +* `cert_pem` and `cert_file` +* `key_pem` and `key_file` + +When configuring client authentication, both the client certificate (using +`cert_pem` or `cert_file`) and the client key (using `key_pem` or `key_file`) +must be provided. + When `min_version` is not provided, the minimum acceptable TLS version is inherited from Go's default minimum version, TLS 1.2. If `min_version` is provided, it must be set to one of the following strings: diff --git a/go.mod b/go.mod index f4aee654cf5c..3dea624e1591 100644 --- a/go.mod +++ b/go.mod @@ -704,3 +704,6 @@ replace github.com/github/smimesign => github.com/grafana/smimesign v0.2.1-0.202 // TODO(rfratto): remove once a new version of node_exporter is available that // uses a newer version of procfs. replace github.com/prometheus/procfs => github.com/prometheus/procfs v0.8.0 + +// TODO(rfratto): remove once prometheus/common#472 is merged. +replace github.com/prometheus/common => github.com/grafana/prometheus-common v0.39.1-0.20230411174203-bcb00f1c26d7 diff --git a/go.sum b/go.sum index 2988b5c82472..c0de77af29b1 100644 --- a/go.sum +++ b/go.sum @@ -646,6 +646,9 @@ github.com/aerospike/aerospike-client-go v1.27.0/go.mod h1:zj8LBEnWBDOVEIJt8LvaR github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= +github.com/alecthomas/kingpin v2.2.6+incompatible h1:5svnBTFgJjZvGKyYBtMB0+m5wvrbUHiqye8wRJMlnYI= +github.com/alecthomas/kingpin/v2 v2.3.1 h1:ANLJcKmQm4nIaog7xdr/id6FM6zm5hHnfZrvtKPxqGg= +github.com/alecthomas/kingpin/v2 v2.3.1/go.mod h1:oYL5vtsvEHZGHxU7DMp32Dvx+qL+ptGn6lWaot2vCNE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -1855,10 +1858,10 @@ github.com/grafana/phlare/api v0.1.2 h1:1jrwd3KnsXMzj/tJih9likx5EvbY3pbvLbDqAAYe github.com/grafana/phlare/api v0.1.2/go.mod h1:29vcLwFDmZBDce2jwFIMtzvof7fzPadT8VMKw9ks7FU= github.com/grafana/postgres_exporter v0.8.1-0.20210722175051-db35d7c2f520 h1:HnFWqxhoSF3WC7sKAdMZ+SRXvHLVZlZ3sbQjuUlTqkw= github.com/grafana/postgres_exporter v0.8.1-0.20210722175051-db35d7c2f520/go.mod h1:+HPXgiOV0InDHcZ2jNijL1SOKvo0eEPege5fQA0+ICI= -github.com/grafana/process-exporter v0.7.3-0.20210106202358-831154072e2a h1:JUnP/laSl2GylHT0+fqAqOZY+7XkLh1mLefLN0n8Mmk= -github.com/grafana/process-exporter v0.7.3-0.20210106202358-831154072e2a/go.mod h1:RMjrx3Qn8l2pgCD27g45xbko4UDpVVuHC8Cd2YXPtWA= github.com/grafana/prometheus v1.8.2-0.20230328154716-1d0e5416a0de h1:HjEfLfBCMlZktx4tGEtMSbTZNdHrhzaCouRsXkh13ps= github.com/grafana/prometheus v1.8.2-0.20230328154716-1d0e5416a0de/go.mod h1:Pfqb/MLnnR2KK+0vchiaH39jXxvLMBk+3lnIGP4N7Vk= +github.com/grafana/prometheus-common v0.39.1-0.20230411174203-bcb00f1c26d7 h1:xFCw/hvc6lOmFjTvjcnvoWJrgnx2VxF1wz+lR+eYBLo= +github.com/grafana/prometheus-common v0.39.1-0.20230411174203-bcb00f1c26d7/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd h1:PpuIBO5P3e9hpqBD0O/HjhShYuM6XE0i/lbE6J94kww= github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A= github.com/grafana/smimesign v0.2.1-0.20220408144937-2a5adf3481d3 h1:UPkAxuhlAcRmJT3/qd34OMTl+ZU7BLLfOO2+NXBlJpY= @@ -2233,7 +2236,6 @@ github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVY github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= @@ -2404,7 +2406,6 @@ github.com/mattn/go-xmlrpc v0.0.3 h1:Y6WEMLEsqs3RviBrAa1/7qmbGB7DVD3brZIbqMbQdGY github.com/mattn/go-xmlrpc v0.0.3/go.mod h1:mqc2dz7tP5x5BKlCahN/n+hs7OSZKJkS9JsHNBRlrxA= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= @@ -2530,7 +2531,6 @@ github.com/multiplay/go-ts3 v1.0.0/go.mod h1:14S6cS3fLNT3xOytrA/DkRyAFNuQLMLEqOY github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= @@ -2866,29 +2866,6 @@ github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20180326160409-38c53a9f4bfc/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.31.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.35.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= -github.com/prometheus/common v0.38.0/go.mod h1:MBXfmBQZrK5XpbCkjofnXs96LD2QQ7fEq4C0xjC/yec= -github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI= -github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4= github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= @@ -3269,6 +3246,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/xhit/go-str2duration v1.2.0 h1:BcV5u025cITWxEQKGWr1URRzrcXtu7uk8+luz3Yuhwc= +github.com/xhit/go-str2duration v1.2.0/go.mod h1:3cPSlfZlUHVlneIVfePFWcJZsuwf+P1v2SRTV4cUmp4= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/xo/dburl v0.13.0 h1:kq+oD1j/m8DnJ/p6G/LQXRosVchs8q5/AszEUKkvYfo= @@ -3655,7 +3634,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -3679,7 +3657,6 @@ golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220725212005-46097bf591d3/go.mod h1:AaygXjzTFtRAg2ttMY5RMuhpJ3cNnI0XpyFJD1iQRSM= -golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20220921155015-db77216a4ee9/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= @@ -3690,6 +3667,8 @@ golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20170807180024-9a379c6b3e95/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -3724,8 +3703,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= +golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -3925,6 +3904,7 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -3934,6 +3914,7 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3951,6 +3932,7 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=