diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fbeb852d46f..f6bbe0a189d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ Main (unreleased) - New Grafana Agent Flow components: - `prometheus.operator.servicemonitors` discovers ServiceMonitor resources in your Kubernetes cluster and scrape the targets they reference. (@captncraig, @marctc, @jcreixell) + - `remote.vault` retrieves a secret from Vault. (@rfratto) - Added new Grafana Agent Flow components: - `loki.source.api` - receive Loki log entries over HTTP (e.g. from other agents). (@thampiotr) diff --git a/component/all/all.go b/component/all/all.go index d39db794cd12..202bb8f8d81a 100644 --- a/component/all/all.go +++ b/component/all/all.go @@ -80,4 +80,5 @@ import ( _ "github.com/grafana/agent/component/prometheus/scrape" // Import prometheus.scrape _ "github.com/grafana/agent/component/remote/http" // Import remote.http _ "github.com/grafana/agent/component/remote/s3" // Import remote.s3 + _ "github.com/grafana/agent/component/remote/vault" // Import remote.vault ) diff --git a/component/remote/vault/auth.go b/component/remote/vault/auth.go new file mode 100644 index 000000000000..f7a1ed98117f --- /dev/null +++ b/component/remote/vault/auth.go @@ -0,0 +1,503 @@ +package vault + +import ( + "context" + "fmt" + + "github.com/grafana/agent/pkg/flow/rivertypes" + vault "github.com/hashicorp/vault/api" + "github.com/hashicorp/vault/api/auth/approle" + "github.com/hashicorp/vault/api/auth/aws" + "github.com/hashicorp/vault/api/auth/azure" + "github.com/hashicorp/vault/api/auth/gcp" + "github.com/hashicorp/vault/api/auth/kubernetes" + "github.com/hashicorp/vault/api/auth/ldap" + "github.com/hashicorp/vault/api/auth/userpass" +) + +// An authMethod can configure a Vault client to be authenticated using a +// specific authentication method. +// +// The vaultAuthenticate method will be called each time a new token is needed +// (e.g., if renewal failed). vaultAuthenticate method may return a nil secret +// if the authentication method does not generate a secret. +type authMethod interface { + vaultAuthenticate(context.Context, *vault.Client) (*vault.Secret, error) +} + +// AuthArguments defines a single authenticationstring type in a remote.vault +// component instance. These are embedded as an enum field so only one may be +// set per AuthArguments. +type AuthArguments struct { + AuthToken *AuthToken `river:"token,block,optional"` + AuthAppRole *AuthAppRole `river:"approle,block,optional"` + AuthAWS *AuthAWS `river:"aws,block,optional"` + AuthAzure *AuthAzure `river:"azure,block,optional"` + AuthGCP *AuthGCP `river:"gcp,block,optional"` + AuthKubernetes *AuthKubernetes `river:"kubernetes,block,optional"` + AuthLDAP *AuthLDAP `river:"ldap,block,optional"` + AuthUserPass *AuthUserPass `river:"userpass,block,optional"` + AuthCustom *AuthCustom `river:"custom,block,optional"` +} + +func (a *AuthArguments) authMethod() authMethod { + switch { + case a.AuthToken != nil: + return a.AuthToken + case a.AuthAppRole != nil: + return a.AuthAppRole + case a.AuthAWS != nil: + return a.AuthAWS + case a.AuthAzure != nil: + return a.AuthAzure + case a.AuthGCP != nil: + return a.AuthGCP + case a.AuthKubernetes != nil: + return a.AuthKubernetes + case a.AuthLDAP != nil: + return a.AuthLDAP + case a.AuthUserPass != nil: + return a.AuthUserPass + case a.AuthCustom != nil: + return a.AuthCustom + } + + // Return a default authMethod which always fails. This code should not be + // reachable unless this function was mistakenly not updated after + // implemeneting a new auth block. + return invalidAuth{} +} + +// AuthToken authenticates against Vault with a token. +type AuthToken struct { + Token rivertypes.Secret `river:"token,attr"` +} + +func (a *AuthToken) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + cli.SetToken(string(a.Token)) + return nil, nil +} + +// AuthAppRole authenticates against Vault with AppRole. +type AuthAppRole struct { + RoleID string `river:"role_id,attr"` + Secret rivertypes.Secret `river:"secret,attr"` + WrappingToken bool `river:"wrapping_token,attr,optional"` + MountPath string `river:"mount_path,attr,optional"` +} + +// DefaultAuthAppRole provides default settings for AuthAppRole. +var DefaultAuthAppRole = AuthAppRole{ + MountPath: "approle", +} + +// UnmarshalRiver implements river.Unmarshaler and applies default settings. +func (a *AuthAppRole) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultAuthAppRole + + type authAppRole AuthAppRole + return f((*authAppRole)(a)) +} + +func (a *AuthAppRole) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + secret := &approle.SecretID{FromString: string(a.Secret)} + + var opts []approle.LoginOption + if a.WrappingToken { + opts = append(opts, approle.WithWrappingToken()) + } + if a.MountPath != "" { + opts = append(opts, approle.WithMountPath(a.MountPath)) + } + + auth, err := approle.NewAppRoleAuth(a.RoleID, secret, opts...) + if err != nil { + return nil, fmt.Errorf("auth.approle: %w", err) + } + s, err := cli.Auth().Login(ctx, auth) + if err != nil { + return nil, fmt.Errorf("auth.approle: %w", err) + } + return s, nil +} + +// AuthAWS authenticates against Vault with AWS. +type AuthAWS struct { + // Type specifies the mechanism used to authenticate with AWS. Should be + // either ec2 or iam. + Type string `river:"type,attr"` + Region string `river:"region,attr,optional"` + Role string `river:"role,attr,optional"` + IAMServerIDHeader string `river:"iam_server_id_header,attr,optional"` + // EC2SignatureType specifies the signature to use against EC2. Only used + // when Type is ec2. Valid options are identity and pkcs7 (default). + EC2SignatureType string `river:"ec2_signature_type,attr,optional"` + MountPath string `river:"mount_path,attr,optional"` +} + +const ( + authAWSTypeEC2 = "ec2" + authAWSTypeIAM = "iam" +) + +// DefaultAuthAWS provides default settings for AuthAWS. +var DefaultAuthAWS = AuthAWS{ + MountPath: "aws", + Type: authAWSTypeIAM, + Region: "us-east-1", + EC2SignatureType: "pkcs7", +} + +// UnmarshalRiver implements river.Unmarshaler and applies default settings. +func (a *AuthAWS) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultAuthAWS + + type authAWS AuthAWS + if err := f((*authAWS)(a)); err != nil { + return err + } + + return a.Validate() +} + +// Validate validates settings for AuthAWS. +func (a *AuthAWS) Validate() error { + switch a.Type { + case "": + return fmt.Errorf("type must not be empty") + case authAWSTypeEC2, authAWSTypeIAM: + // no-op + default: + return fmt.Errorf("unrecognized type %q, expected one of ec2,iam", a.Type) + } + + switch a.EC2SignatureType { + case "": + return fmt.Errorf("ec2_signature_type must not be empty") + case "pkcs7", "identity": + // no-op + default: + return fmt.Errorf(": unrecognized ec2_signature_type %q, expected one of pkcs7,identity", a.Type) + } + + return nil +} + +func (a *AuthAWS) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + // Re-validate for safety. + if err := a.Validate(); err != nil { + return nil, err + } + + var opts []aws.LoginOption + + switch a.Type { + case authAWSTypeEC2: + opts = append(opts, aws.WithEC2Auth()) + case authAWSTypeIAM: + opts = append(opts, aws.WithIAMAuth()) + } + if a.Region != "" { + opts = append(opts, aws.WithRegion(a.Region)) + } + if a.Role != "" { + opts = append(opts, aws.WithRole(a.Role)) + } + if a.IAMServerIDHeader != "" { + opts = append(opts, aws.WithIAMServerIDHeader(a.IAMServerIDHeader)) + } + switch a.EC2SignatureType { + case "", "pkcs7": + opts = append(opts, aws.WithPKCS7Signature()) + case "identity": + opts = append(opts, aws.WithIdentitySignature()) + } + if a.MountPath != "" { + opts = append(opts, aws.WithMountPath(a.MountPath)) + } + + auth, err := aws.NewAWSAuth(opts...) + if err != nil { + return nil, fmt.Errorf("auth.aws: %w", err) + } + s, err := cli.Auth().Login(ctx, auth) + if err != nil { + return nil, fmt.Errorf("auth.aws: %w", err) + } + return s, nil +} + +// AuthAzure authenticates against Vault with Azure. +type AuthAzure struct { + Role string `river:"role,attr"` + ResourceURL string `river:"resource_url,attr,optional"` + MountPath string `river:"mount_path,attr,optional"` +} + +// DefaultAuthAzure provides default settings for AuthAzure. +var DefaultAuthAzure = AuthAzure{ + MountPath: "azure", + ResourceURL: "https://management.azure.com/", +} + +// UnmarshalRiver implements river.Unmarshaler and applies default settings. +func (a *AuthAzure) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultAuthAzure + + type authAzure AuthAzure + return f((*authAzure)(a)) +} + +func (a *AuthAzure) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + var opts []azure.LoginOption + + if a.ResourceURL != "" { + opts = append(opts, azure.WithResource(a.ResourceURL)) + } + if a.MountPath != "" { + opts = append(opts, azure.WithMountPath(a.MountPath)) + } + + auth, err := azure.NewAzureAuth(a.Role, opts...) + if err != nil { + return nil, fmt.Errorf("auth.azure: %w", err) + } + s, err := cli.Auth().Login(ctx, auth) + if err != nil { + return nil, fmt.Errorf("auth.azure: %w", err) + } + return s, nil +} + +// AuthGCP authenticates against Vault with GCP. +type AuthGCP struct { + Role string `river:"role,attr"` + // Type specifies the mechanism used to authenticate with GCS. Should be + // either gce or iam. + Type string `river:"type,attr"` + IAMServiceAccount string `river:"iam_service_account,attr,optional"` + MountPath string `river:"mount_path,attr,optional"` +} + +const ( + authGCPTypeGCE = "gce" + authGCPTypeIAM = "iam" +) + +// DefaultAuthGCP provides default settings for AuthGCP. +var DefaultAuthGCP = AuthGCP{ + MountPath: "gcp", + Type: authGCPTypeGCE, +} + +// UnmarshalRiver implements river.Unmarshaler and applies default settings. +func (a *AuthGCP) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultAuthGCP + + type authGCP AuthGCP + if err := f((*authGCP)(a)); err != nil { + return err + } + + return a.Validate() +} + +// Validate returns a non-nil error if AuthGCP is invalid. +func (a *AuthGCP) Validate() error { + switch a.Type { + case authGCPTypeGCE: + // no-op + case authGCPTypeIAM: + if a.IAMServiceAccount == "" { + return fmt.Errorf("iam_service_account must be provided when type is iam") + } + default: + return fmt.Errorf("unrecognized type %q, expected one of gce,iam", a.Type) + } + + return nil +} + +func (a *AuthGCP) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + // Re-validate for safety. + if err := a.Validate(); err != nil { + return nil, err + } + + var opts []gcp.LoginOption + + switch a.Type { + case authGCPTypeGCE: + opts = append(opts, gcp.WithGCEAuth()) + case authGCPTypeIAM: + opts = append(opts, gcp.WithIAMAuth(a.IAMServiceAccount)) + } + + if a.MountPath != "" { + opts = append(opts, gcp.WithMountPath(a.MountPath)) + } + + auth, err := gcp.NewGCPAuth(a.Role, opts...) + if err != nil { + return nil, fmt.Errorf("auth.gcp: %w", err) + } + s, err := cli.Auth().Login(ctx, auth) + if err != nil { + return nil, fmt.Errorf("auth.gcp: %w", err) + } + return s, nil +} + +// AuthKubernetes authenticates against Vault with Kubernetes. +type AuthKubernetes struct { + Role string `river:"role,attr"` + ServiceAccountTokenFile string `river:"service_account_file,attr,optional"` + MountPath string `river:"mount_path,attr,optional"` +} + +// DefaultAuthKubernetes provides default settings for AuthKubernetes. +var DefaultAuthKubernetes = AuthKubernetes{ + MountPath: "kubernetes", + ServiceAccountTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token", +} + +// UnmarshalRiver implements river.Unmarshaler and applies default settings. +func (a *AuthKubernetes) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultAuthKubernetes + + type authKubernetes AuthKubernetes + return f((*authKubernetes)(a)) +} + +func (a *AuthKubernetes) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + var opts []kubernetes.LoginOption + + if a.ServiceAccountTokenFile != "" { + opts = append(opts, kubernetes.WithServiceAccountTokenPath(a.ServiceAccountTokenFile)) + } + if a.MountPath != "" { + opts = append(opts, kubernetes.WithMountPath(a.MountPath)) + } + + auth, err := kubernetes.NewKubernetesAuth(a.Role, opts...) + if err != nil { + return nil, fmt.Errorf("auth.kubernetes: %w", err) + } + s, err := cli.Auth().Login(ctx, auth) + if err != nil { + return nil, fmt.Errorf("auth.kubernetes: %w", err) + } + return s, nil +} + +// AuthLDAP authenticates against Vault with LDAP. +type AuthLDAP struct { + Username string `river:"username,attr"` + Password rivertypes.Secret `river:"password,attr"` + MountPath string `river:"mount_path,attr,optional"` +} + +// DefaultAuthLDAP provides default settings for AuthLDAP. +var DefaultAuthLDAP = AuthLDAP{ + MountPath: "ldap", +} + +// UnmarshalRiver implements river.Unmarshaler and applies default settings. +func (a *AuthLDAP) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultAuthLDAP + + type authLDAP AuthLDAP + return f((*authLDAP)(a)) +} + +func (a *AuthLDAP) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + secret := &ldap.Password{FromString: string(a.Password)} + + var opts []ldap.LoginOption + + if a.MountPath != "" { + opts = append(opts, ldap.WithMountPath(a.MountPath)) + } + + auth, err := ldap.NewLDAPAuth(a.Username, secret, opts...) + if err != nil { + return nil, fmt.Errorf("auth.ldap: %w", err) + } + s, err := cli.Auth().Login(ctx, auth) + if err != nil { + return nil, fmt.Errorf("auth.ldap: %w", err) + } + return s, nil +} + +// AuthUserPass authenticates against Vault with a username and password. +type AuthUserPass struct { + Username string `river:"username,attr"` + Password rivertypes.Secret `river:"password,attr"` + MountPath string `river:"mount_path,attr,optional"` +} + +// DefaultAuthUserPass provides default settings for AuthUserPass. +var DefaultAuthUserPass = AuthUserPass{ + MountPath: "userpass", +} + +// UnmarshalRiver implements river.Unmarshaler and applies default settings. +func (a *AuthUserPass) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultAuthUserPass + + type authUserPass AuthUserPass + return f((*authUserPass)(a)) +} + +func (a *AuthUserPass) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + secret := &userpass.Password{FromString: string(a.Password)} + + var opts []userpass.LoginOption + + if a.MountPath != "" { + opts = append(opts, userpass.WithMountPath(a.MountPath)) + } + + auth, err := userpass.NewUserpassAuth(a.Username, secret, opts...) + if err != nil { + return nil, fmt.Errorf("auth.userpass: %w", err) + } + s, err := cli.Auth().Login(ctx, auth) + if err != nil { + return nil, fmt.Errorf("auth.userpass: %w", err) + } + return s, nil +} + +// AuthCustom provides a custom authentication method. +type AuthCustom struct { + // Path to use for logging in (e.g., auth/kubernetes/login, etc.) + Path string `river:"path,attr"` + Data map[string]rivertypes.Secret `river:"data,attr"` +} + +// Login implements vault.AuthMethod. +func (a *AuthCustom) Login(ctx context.Context, client *vault.Client) (*vault.Secret, error) { + data := make(map[string]interface{}, len(a.Data)) + for k, v := range a.Data { + data[k] = string(v) + } + return client.Logical().WriteWithContext(ctx, a.Path, data) +} + +func (a *AuthCustom) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + s, err := cli.Auth().Login(ctx, a) + if err != nil { + return nil, fmt.Errorf("auth.custom: %w", err) + } + return s, nil +} + +type invalidAuth struct { + Name string +} + +func (a invalidAuth) vaultAuthenticate(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + return nil, fmt.Errorf("unsupported auth method configured") +} diff --git a/component/remote/vault/client.go b/component/remote/vault/client.go new file mode 100644 index 000000000000..09dd566ecb73 --- /dev/null +++ b/component/remote/vault/client.go @@ -0,0 +1,38 @@ +package vault + +import ( + "context" + "fmt" + "strings" + + vault "github.com/hashicorp/vault/api" +) + +// secretStore abstracts away the details for how a secret is retrieved from a +// vault.Client. +type secretStore interface { + Read(ctx context.Context, args *Arguments) (*vault.Secret, error) +} + +// TODO(rfratto): support logical stores. + +type kvStore struct{ c *vault.Client } + +func (ks *kvStore) Read(ctx context.Context, args *Arguments) (*vault.Secret, error) { + // Split the path so we know which kv mount we want to use. + pathParts := strings.SplitN(args.Path, "/", 2) + if len(pathParts) != 2 { + return nil, fmt.Errorf("missing mount path in %q", args.Path) + } + + kv := ks.c.KVv2(pathParts[0]) + kvSecret, err := kv.Get(ctx, pathParts[1]) + if err != nil { + return nil, err + } + + // kvSecret.Data contains unwrapped data. Let's assign that to the raw secret + // and return it. This is a bit of a hack, but should work just fine. + kvSecret.Raw.Data = kvSecret.Data + return kvSecret.Raw, nil +} diff --git a/component/remote/vault/metrics.go b/component/remote/vault/metrics.go new file mode 100644 index 000000000000..91179b502a6f --- /dev/null +++ b/component/remote/vault/metrics.go @@ -0,0 +1,44 @@ +package vault + +import "github.com/prometheus/client_golang/prometheus" + +type metrics struct { + authTotal prometheus.Counter + secretReadTotal prometheus.Counter + + authLeaseRenewalTotal prometheus.Counter + secretLeaseRenewalTotal prometheus.Counter +} + +func newMetrics(r prometheus.Registerer) *metrics { + var m metrics + + m.authTotal = prometheus.NewCounter(prometheus.CounterOpts{ + Name: "remote_vault_auth_total", + Help: "Total number of times this component authenticated to Vault", + }) + m.secretReadTotal = prometheus.NewCounter(prometheus.CounterOpts{ + Name: "remote_vault_secret_reads_total", + Help: "Total number of times the secret was read from Vault", + }) + + m.authLeaseRenewalTotal = prometheus.NewCounter(prometheus.CounterOpts{ + Name: "remote_vault_auth_lease_renewal_total", + Help: "Total number of times this component renewed its auth token lease", + }) + m.secretLeaseRenewalTotal = prometheus.NewCounter(prometheus.CounterOpts{ + Name: "remote_vault_secret_lease_renewal_total", + Help: "Total number of times this component renewed its secret lease", + }) + + if r != nil { + r.MustRegister( + m.authTotal, + m.secretReadTotal, + + m.authLeaseRenewalTotal, + m.secretLeaseRenewalTotal, + ) + } + return &m +} diff --git a/component/remote/vault/refresher.go b/component/remote/vault/refresher.go new file mode 100644 index 000000000000..d3689886de43 --- /dev/null +++ b/component/remote/vault/refresher.go @@ -0,0 +1,292 @@ +package vault + +import ( + "context" + "fmt" + "sync" + "time" + + "github.com/go-kit/log" + "github.com/go-kit/log/level" + "github.com/grafana/agent/component" + vault "github.com/hashicorp/vault/api" + "github.com/prometheus/client_golang/prometheus" +) + +const tokenManagerInitializeTimeout = time.Minute + +type getTokenFunc func(ctx context.Context, client *vault.Client) (*vault.Secret, error) + +// A tokenManager retrieves and manages the lifecycle of tokens. tokenManager, +// when running, will renew tokens before expiry, and will retrieve new tokens +// once expired tokens can no longer be renewed. +type tokenManager struct { + log log.Logger + refreshTicker *ticker + getter getTokenFunc + onStateChange chan struct{} // Written to when cli or token changes. + + readCounter prometheus.Counter + refreshCounter prometheus.Counter + + mut sync.RWMutex + cli *vault.Client + token *vault.Secret + + healthMut sync.RWMutex + health component.Health + + debugMut sync.RWMutex + debugInfo secretInfo +} + +type tokenManagerOptions struct { + Log log.Logger + Getter getTokenFunc + + ReadCounter, RefreshCounter prometheus.Counter + + Client *vault.Client + RefreshInterval time.Duration +} + +// newTokenManager creates a new, unstarted tokenManager. tokenManager will +// retrieve the initial token from getter. +func newTokenManager(opts tokenManagerOptions) (*tokenManager, error) { + ctx, cancel := context.WithTimeout(context.Background(), tokenManagerInitializeTimeout) + defer cancel() + + tm := &tokenManager{ + log: opts.Log, + refreshTicker: newTicker(opts.RefreshInterval), + getter: opts.Getter, + onStateChange: make(chan struct{}, 1), + + readCounter: opts.ReadCounter, + refreshCounter: opts.RefreshCounter, + + cli: opts.Client, + } + if err := tm.updateToken(ctx); err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + return tm, nil +} + +// updateToken attempts to update the token, logging an error if getting the +// token failed. +func (tm *tokenManager) updateToken(ctx context.Context) (err error) { + defer func() { + if err != nil { + tm.updateHealth(component.Health{ + Health: component.HealthTypeUnhealthy, + Message: fmt.Sprintf("failed to retrieve token: %s", err), + UpdateTime: time.Now(), + }) + } else { + tm.updateHealth(component.Health{ + Health: component.HealthTypeHealthy, + Message: "retrieved token", + UpdateTime: time.Now(), + }) + } + + tm.updateDebugInfo(time.Now()) + }() + + tm.mut.Lock() + defer tm.mut.Unlock() + + token, err := tm.getter(ctx, tm.cli) + if err != nil { + level.Error(tm.log).Log("msg", "failed to get token", "err", err) + return err + } + + tm.readCounter.Inc() + + tm.token = token + + select { + case tm.onStateChange <- struct{}{}: + default: + } + + return nil +} + +// Run runs the tokenManager, blocking until the provided context is canceled. +func (tm *tokenManager) Run(ctx context.Context) { + var cancelLifecycleWatcher context.CancelFunc + defer func() { + if cancelLifecycleWatcher != nil { + cancelLifecycleWatcher() + } + }() + + for { + select { + case <-ctx.Done(): + return + + case <-tm.refreshTicker.Chan(): + level.Info(tm.log).Log("msg", "refreshing token") + // Error is handled via setting health and debug info. + _ = tm.updateToken(ctx) + + case <-tm.onStateChange: + if cancelLifecycleWatcher != nil { + cancelLifecycleWatcher() + } + + ctx, cancel := context.WithCancel(ctx) + cancelLifecycleWatcher = cancel + + tm.updateLifecycleWatcher(ctx) + } + } +} + +func (tm *tokenManager) updateHealth(h component.Health) { + tm.healthMut.Lock() + defer tm.healthMut.Unlock() + + tm.health = h +} + +func (tm *tokenManager) updateDebugInfo(updateTime time.Time) { + tm.mut.RLock() + token := tm.token + tm.mut.RUnlock() + + tm.debugMut.Lock() + defer tm.debugMut.Unlock() + + tm.debugInfo = getSecretInfo(token, updateTime) +} + +func (tm *tokenManager) updateLifecycleWatcher(ctx context.Context) { + tm.mut.RLock() + defer tm.mut.RUnlock() + + if !needsLifecycleWatcher(tm.token) { + return + } + + lw, err := tm.cli.NewLifetimeWatcher(&vault.LifetimeWatcherInput{ + Secret: tm.token, + RenewBehavior: vault.RenewBehaviorIgnoreErrors, + }) + if err != nil { + level.Error(tm.log).Log("msg", "failed to create lifetime watcher, lease will not renew automatically", "err", err) + return + } + + go lw.Start() + + go func() { + for { + select { + case <-ctx.Done(): + lw.Stop() + return + + case <-lw.DoneCh(): + if ctx.Err() != nil { + return + } + // Error is logged as health and debug info. + _ = tm.updateToken(ctx) + + case output := <-lw.RenewCh(): + tm.refreshCounter.Inc() + level.Debug(tm.log).Log("msg", "token has renewed") + tm.updateDebugInfo(output.RenewedAt) + } + } + }() +} + +// needsLifecycleWatcher determines if a secret needs a lifecycle watcher. +// Secrets only need a lifecycle watcher if they are renewable or have a lease +// duration. +func needsLifecycleWatcher(secret *vault.Secret) bool { + if secret == nil { + return false + } + + if secret.Auth != nil { + return secret.Auth.Renewable || secret.Auth.LeaseDuration > 0 + } + return secret.Renewable || secret.LeaseDuration > 0 +} + +// SetClient updates the client associated with the tokenManager. This will +// force a new retrieval of the token. +func (tm *tokenManager) SetClient(cli *vault.Client) { + tm.mut.Lock() + tm.cli = cli + tm.mut.Unlock() + + ctx, cancel := context.WithTimeout(context.Background(), tokenManagerInitializeTimeout) + defer cancel() + + // Error is handled via setting health and debug info. + _ = tm.updateToken(ctx) +} + +// SetRefreshInterval sets a forced refresh interval, separate from automatic +// renewal based on the token lease. +func (tm *tokenManager) SetRefreshInterval(interval time.Duration) { + tm.refreshTicker.Reset(interval) +} + +// CurrentHealth returns the health of the tokenManager. +func (tm *tokenManager) CurrentHealth() component.Health { + tm.healthMut.RLock() + defer tm.healthMut.RUnlock() + + return tm.health +} + +// DebugInfo returns the current DebugInfo for the tokenManager. +func (tm *tokenManager) DebugInfo() secretInfo { + tm.debugMut.RLock() + defer tm.debugMut.RUnlock() + + return tm.debugInfo +} + +type secretInfo struct { + LatestRequestID string `river:"latest_request_id,attr"` + LastUpdateTime time.Time `river:"last_update_time,attr"` + SecretExpireTime time.Time `river:"secret_expire_time,attr"` + Renewable bool `river:"renewable,attr"` + Warnings []string `river:"warnings,attr"` +} + +func getSecretInfo(secret *vault.Secret, updateTime time.Time) secretInfo { + if secret == nil { + return secretInfo{ + LastUpdateTime: updateTime, + Warnings: []string{"no secret necessary for configured auth mechanism"}, + } + } + + return secretInfo{ + LatestRequestID: secret.RequestID, + LastUpdateTime: updateTime, + SecretExpireTime: secretExpireTime(secret), + Renewable: secret.Renewable, + Warnings: secret.Warnings, + } +} + +func secretExpireTime(secret *vault.Secret) time.Time { + ttl, err := secret.TokenTTL() + if err != nil || ttl == 0 { + return time.Time{} + } + + return time.Now().UTC().Add(ttl) +} diff --git a/component/remote/vault/ticker.go b/component/remote/vault/ticker.go new file mode 100644 index 000000000000..3c5b3260333c --- /dev/null +++ b/component/remote/vault/ticker.go @@ -0,0 +1,43 @@ +package vault + +import ( + "time" +) + +// ticker is a wrapper around time.Ticker which allows the tick time to be 0. +// ticker is not goroutine safe; do not call Chan at the same time as Reset. +type ticker struct { + ch <-chan time.Time + + inner *time.Ticker +} + +func newTicker(d time.Duration) *ticker { + var t ticker + t.Reset(d) + + return &t +} + +func (t *ticker) Chan() <-chan time.Time { return t.ch } + +func (t *ticker) Reset(d time.Duration) { + if d == 0 { + t.Stop() + return + } + + if t.inner == nil { + t.inner = time.NewTicker(d) + t.ch = t.inner.C + } else { + t.inner.Reset(d) + } +} + +func (t *ticker) Stop() { + if t.inner != nil { + t.inner.Stop() + t.inner = nil + } +} diff --git a/component/remote/vault/vault.go b/component/remote/vault/vault.go new file mode 100644 index 000000000000..a308fee7db37 --- /dev/null +++ b/component/remote/vault/vault.go @@ -0,0 +1,315 @@ +package vault + +import ( + "context" + "fmt" + "sync" + "time" + + "github.com/go-kit/log" + "github.com/go-kit/log/level" + "github.com/grafana/agent/component" + "github.com/grafana/agent/pkg/flow/rivertypes" + "github.com/oklog/run" + + vault "github.com/hashicorp/vault/api" +) + +func init() { + component.Register(component.Registration{ + Name: "remote.vault", + Args: Arguments{}, + Exports: Exports{}, + + Build: func(opts component.Options, args component.Arguments) (component.Component, error) { + return New(opts, args.(Arguments)) + }, + }) +} + +// Arguments configures remote.vault. +type Arguments struct { + Server string `river:"server,attr"` + Namespace string `river:"namespace,attr,optional"` + + Path string `river:"path,attr"` + + RereadFrequency time.Duration `river:"reread_frequency,attr,optional"` + + ClientOptions ClientOptions `river:"client_options,block,optional"` + + // The user *must* provide exactly one Auth blocks. This must be a slice + // because the enum flag requires a slice and being tagged as optional. + // + // TODO(rfratto): allow the enum flag to be used with a non-slice type. + + Auth []AuthArguments `river:"auth,enum,optional"` +} + +// DefaultArguments holds default settings for Arguments. +var DefaultArguments = Arguments{ + ClientOptions: ClientOptions{ + MinRetryWait: 1000 * time.Millisecond, + MaxRetryWait: 1500 * time.Millisecond, + MaxRetries: 2, + Timeout: 60 * time.Second, + }, +} + +// client creates a Vault client from the arguments. +func (a *Arguments) client() (*vault.Client, error) { + cfg := vault.DefaultConfig() + cfg.Address = a.Server + cfg.MinRetryWait = a.ClientOptions.MinRetryWait + cfg.MaxRetryWait = a.ClientOptions.MaxRetryWait + cfg.MaxRetries = a.ClientOptions.MaxRetries + cfg.Timeout = a.ClientOptions.Timeout + + return vault.NewClient(cfg) +} + +// UnmarshalRiver implements river.Unmarshaler. +func (a *Arguments) UnmarshalRiver(f func(interface{}) error) error { + *a = DefaultArguments + + type arguments Arguments + if err := f((*arguments)(a)); err != nil { + return err + } + + if len(a.Auth) == 0 { + return fmt.Errorf("exactly one auth.* block must be specified; found none") + } else if len(a.Auth) > 1 { + return fmt.Errorf("exactly one auth.* block must be specified; found %d", len(a.Auth)) + } + + if a.ClientOptions.Timeout == 0 { + return fmt.Errorf("client_options.timeout must be greater than 0") + } + + return nil +} + +func (a *Arguments) authMethod() authMethod { + if len(a.Auth) != 1 { + panic(fmt.Sprintf("remote.vault: found %d auth types, expected 1", len(a.Auth))) + } + return a.Auth[0].authMethod() +} + +func (a *Arguments) secretStore(cli *vault.Client) secretStore { + // TODO(rfratto): support different stores (like a logical store). + return &kvStore{c: cli} +} + +// ClientOptions sets extra options on the Client. +type ClientOptions struct { + MinRetryWait time.Duration `river:"min_retry_wait,attr,optional"` + MaxRetryWait time.Duration `river:"max_retry_wait,attr,optional"` + MaxRetries int `river:"max_retries,attr,optional"` + Timeout time.Duration `river:"timeout,attr,optional"` +} + +// Exports is the values exported by remote.vault. +type Exports struct { + // Data holds key-value pairs returned from Vault after retrieving the key. + // Any keys-value pairs returned from Vault which are not []byte or strings + // cannot be represented as secrets and are therefore ignored. + // + // However, it seems that most secrets engines don't actually return + // arbitrary data, so this limitation shouldn't cause any issues in practice. + Data map[string]rivertypes.Secret `river:"data,attr"` +} + +// Component implements the remote.vault component. +type Component struct { + opts component.Options + log log.Logger + metrics *metrics + + mut sync.RWMutex + args Arguments // Arguments to the component. + + secretManager *tokenManager + authManager *tokenManager +} + +var ( + _ component.Component = (*Component)(nil) + _ component.HealthComponent = (*Component)(nil) + _ component.DebugComponent = (*Component)(nil) +) + +// New creates a new remote.vault component. It will try to immediately read +// the secret from Vault and return an error if the secret can't be read or if +// authentication against the Vault server fails. +func New(opts component.Options, args Arguments) (*Component, error) { + c := &Component{ + opts: opts, + log: opts.Logger, + metrics: newMetrics(opts.Registerer), + } + + if err := c.Update(args); err != nil { + return nil, err + } + return c, nil +} + +// Run runs the remote.vault component, managing the lifetime of the retrieved +// secret and renewing/rereading it as necessary. +func (c *Component) Run(ctx context.Context) error { + ctx, cancel := context.WithCancel(ctx) + defer cancel() + + var rg run.Group + + rg.Add(func() error { + c.secretManager.Run(ctx) + return nil + }, func(_ error) { + cancel() + }) + + rg.Add(func() error { + c.authManager.Run(ctx) + return nil + }, func(_ error) { + cancel() + }) + + return rg.Run() +} + +// Update updates the remote.vault component. It will try to immediately read +// the secret from Vault and return an error if the secret can't be read. +func (c *Component) Update(args component.Arguments) error { + newArgs := args.(Arguments) + + newClient, err := newArgs.client() + if err != nil { + return err + } + + c.mut.Lock() + c.args = newArgs + c.mut.Unlock() + + // Configure the token manager for authentication tokens and secrets. + // authManager *must* be configured first to ensure that the client is + // authenticated to Vault when retrieving the secret. + + if c.authManager == nil { + // NOTE(rfratto): we pass 0 for the refresh interval because we don't + // support refreshing the auth token on an interval. + mgr, err := newTokenManager(tokenManagerOptions{ + Log: log.With(c.log, "token_type", "auth"), + Client: newClient, + Getter: c.getAuthToken, + + ReadCounter: c.metrics.authTotal, + RefreshCounter: c.metrics.authLeaseRenewalTotal, + }) + if err != nil { + return err + } + c.authManager = mgr + } else { + c.authManager.SetClient(newClient) + } + + if c.secretManager == nil { + mgr, err := newTokenManager(tokenManagerOptions{ + Log: log.With(c.log, "token_type", "secret"), + Client: newClient, + Getter: c.getSecret, + RefreshInterval: newArgs.RereadFrequency, + + ReadCounter: c.metrics.secretReadTotal, + RefreshCounter: c.metrics.secretLeaseRenewalTotal, + }) + if err != nil { + return err + } + c.secretManager = mgr + } else { + c.secretManager.SetClient(newClient) + c.secretManager.SetRefreshInterval(newArgs.RereadFrequency) + } + + return nil +} + +func (c *Component) getAuthToken(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + c.mut.RLock() + defer c.mut.RUnlock() + + authMethod := c.args.authMethod() + return authMethod.vaultAuthenticate(ctx, cli) +} + +func (c *Component) getSecret(ctx context.Context, cli *vault.Client) (*vault.Secret, error) { + c.mut.RLock() + defer c.mut.RUnlock() + + store := c.args.secretStore(cli) + secret, err := store.Read(ctx, &c.args) + if err != nil { + return nil, err + } + + // Export the secret so other components can use it. + c.exportSecret(secret) + + return secret, nil +} + +// exportSecret converts the secret into exports and exports it to the +// controller. +func (c *Component) exportSecret(secret *vault.Secret) { + newExports := Exports{ + Data: make(map[string]rivertypes.Secret), + } + + for key, value := range secret.Data { + switch value := value.(type) { + case string: + newExports.Data[key] = rivertypes.Secret(value) + case []byte: + newExports.Data[key] = rivertypes.Secret(value) + + default: + // Non-string secrets are ignored. + level.Warn(c.log).Log( + "msg", "found field in secret which cannot be converted into a string", + "key", key, + "type", fmt.Sprintf("%T", value), + ) + } + } + + c.opts.OnStateChange(newExports) +} + +// CurrentHealth returns the current health of the remote.vault component. It +// will be healthy as long as the latest read or renewal was successful. +func (c *Component) CurrentHealth() component.Health { + return component.LeastHealthy( + c.authManager.CurrentHealth(), + c.secretManager.CurrentHealth(), + ) +} + +// DebugInfo returns debug information about the remote.vault component. It +// includes non-sensitive metadata about the current secret. +func (c *Component) DebugInfo() interface{} { + return debugInfo{ + AuthToken: c.authManager.DebugInfo(), + Secret: c.secretManager.DebugInfo(), + } +} + +type debugInfo struct { + AuthToken secretInfo `river:"auth_token,block"` + Secret secretInfo `river:"secret,block"` +} diff --git a/component/remote/vault/vault_test.go b/component/remote/vault/vault_test.go new file mode 100644 index 000000000000..13c65ea8983e --- /dev/null +++ b/component/remote/vault/vault_test.go @@ -0,0 +1,176 @@ +//go:build !nodocker + +package vault + +import ( + "fmt" + stdlog "log" + "testing" + "time" + + vaultapi "github.com/hashicorp/vault/api" + + "github.com/docker/go-connections/nat" + "github.com/go-kit/log" + "github.com/grafana/agent/pkg/flow/componenttest" + "github.com/grafana/agent/pkg/flow/rivertypes" + "github.com/grafana/agent/pkg/river" + "github.com/grafana/agent/pkg/util" + "github.com/stretchr/testify/require" + "github.com/testcontainers/testcontainers-go" + "github.com/testcontainers/testcontainers-go/wait" +) + +func Test_GetSecerts(t *testing.T) { + var ( + ctx = componenttest.TestContext(t) + l = util.TestLogger(t) + ) + + cli := getTestVaultServer(t) + + // Store a secret in value to use from the component. + _, err := cli.KVv2("secret").Put(ctx, "test", map[string]any{ + "key": "value", + }) + require.NoError(t, err) + + cfg := fmt.Sprintf(` + server = "%s" + path = "secret/test" + + reread_frequency = "0s" + + auth.token { + token = "%s" + } + `, cli.Address(), cli.Token()) + + var args Arguments + require.NoError(t, river.Unmarshal([]byte(cfg), &args)) + + ctrl, err := componenttest.NewControllerFromID(l, "remote.vault") + require.NoError(t, err) + + go func() { + require.NoError(t, ctrl.Run(ctx, args)) + }() + + require.NoError(t, ctrl.WaitRunning(time.Minute)) + require.NoError(t, ctrl.WaitExports(time.Minute)) + + var ( + expectExports = Exports{ + Data: map[string]rivertypes.Secret{ + "key": rivertypes.Secret("value"), + }, + } + actualExports = ctrl.Exports().(Exports) + ) + require.Equal(t, expectExports, actualExports) +} + +func Test_PollSecrets(t *testing.T) { + var ( + ctx = componenttest.TestContext(t) + l = util.TestLogger(t) + ) + + cli := getTestVaultServer(t) + + // Store a secret in value to use from the component. + _, err := cli.KVv2("secret").Put(ctx, "test", map[string]any{ + "key": "value", + }) + require.NoError(t, err) + + cfg := fmt.Sprintf(` + server = "%s" + path = "secret/test" + + reread_frequency = "100ms" + + auth.token { + token = "%s" + } + `, cli.Address(), cli.Token()) + + var args Arguments + require.NoError(t, river.Unmarshal([]byte(cfg), &args)) + + ctrl, err := componenttest.NewControllerFromID(l, "remote.vault") + require.NoError(t, err) + + go func() { + require.NoError(t, ctrl.Run(ctx, args)) + }() + require.NoError(t, ctrl.WaitRunning(time.Minute)) + + // Get the initial secret. + { + require.NoError(t, ctrl.WaitExports(time.Minute)) + + var ( + expectExports = Exports{ + Data: map[string]rivertypes.Secret{ + "key": rivertypes.Secret("value"), + }, + } + actualExports = ctrl.Exports().(Exports) + ) + require.Equal(t, expectExports, actualExports) + } + + // Get an updated secret. + { + _, err := cli.KVv2("secret").Put(ctx, "test", map[string]any{ + "key": "newvalue", + }) + require.NoError(t, err) + + require.NoError(t, ctrl.WaitExports(time.Minute)) + + var ( + expectExports = Exports{ + Data: map[string]rivertypes.Secret{ + "key": rivertypes.Secret("newvalue"), + }, + } + actualExports = ctrl.Exports().(Exports) + ) + require.Equal(t, expectExports, actualExports) + } +} + +func getTestVaultServer(t *testing.T) *vaultapi.Client { + ctx := componenttest.TestContext(t) + l := util.TestLogger(t) + + container, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{ + ContainerRequest: testcontainers.ContainerRequest{ + Image: "hashicorp/vault:1.13.2", + ExposedPorts: []string{"80/tcp"}, + Env: map[string]string{ + "VAULT_DEV_ROOT_TOKEN_ID": "secretkey", + "VAULT_DEV_LISTEN_ADDRESS": "0.0.0.0:80", + }, + WaitingFor: wait.ForHTTP("/v1/sys/health"), + }, + Started: true, + Logger: stdlog.New(log.NewStdlibAdapter(l), "", 0), + }) + require.NoError(t, err) + + t.Cleanup(func() { + require.NoError(t, container.Terminate(ctx)) + }) + + ep, err := container.PortEndpoint(ctx, nat.Port("80/tcp"), "http") + require.NoError(t, err) + + cli, err := vaultapi.NewClient(&vaultapi.Config{Address: ep}) + require.NoError(t, err) + + cli.SetToken("secretkey") + return cli +} diff --git a/docs/sources/flow/reference/components/remote.vault.md b/docs/sources/flow/reference/components/remote.vault.md new file mode 100644 index 000000000000..31a2ee5bc8d8 --- /dev/null +++ b/docs/sources/flow/reference/components/remote.vault.md @@ -0,0 +1,325 @@ +--- +aliases: +- /docs/agent/latest/flow/reference/components/remote.vault +title: remote.vault +--- + +# `remote.vault` + +`remote.vault` connect to Vault to retrieve secrets. It can retrieve a secret +using the [KV v2][] secrets engine. + +Multiple `remote.vault` components can be specified by giving them different +labels. + +[KV v2]: https://www.vaultproject.io/docs/secrets/kv/kv-v2 + +## Usage + +```river +remote.vault "LABEL" { + server = "VAULT_SERVER" + path = "VAULT_PATH" + + // Alternatively, use one of the other auth.* mechanisms. + auth.token { + token = "AUTH_TOKEN" + } +} +``` + +## Arguments + +The following arguments are supported: + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`server` | `string` | The Vault server to connect to. | | yes +`namespace` | `string` | The Vault namespace to connect to (Vault Enterprise only). | | no +`path` | `string` | The path to retrieve a secret from. | | yes +`reread_frequency` | `duration` | Rate to re-read keys. | `"0s"` | no + +Tokens with a lease will be automatically renewed roughly two-thirds through +their lease duration. If the leased token isn't renewable, or renewing the +lease fails, the token will be re-read. + +All tokens, regardless of whether they have a lease, are automatically reread +at a frequency specified by the `reread_frequency` argument. Setting +`reread_frequency` to `"0s"` (the default) disables this behavior. + +## Blocks + +The following blocks are supported inside the definition of `remote.vault`: + +Hierarchy | Block | Description | Required +--------- | ----- | ----------- | -------- +client_options | [client_options][] | Options for the Vault client. | no +auth.token | [auth.token][] | Authenticate to Vault with a token. | no +auth.approle | [auth.approle][] | Authenticate to Vault using AppRole. | no +auth.aws | [auth.aws][] | Authenticate to Vault using AWS. | no +auth.azure | [auth.azure][] | Authenticate to Vault using Azure. | no +auth.gcp | [auth.gcp][] | Authenticate to Vault using GCP. | no +auth.kubernetes | [auth.kubernetes][] | Authenticate to Vault using Kubernetes. | no +auth.ldap | [auth.ldap][] | Authenticate to Vault using LDAP. | no +auth.userpass | [auth.userpass][] | Authenticate to Vault using a username and password. | no +auth.custom | [auth.custom][] | Authenticate to Vault with custom authentication. | no + +Exactly one `auth.*` block **must** be provided, otherwise the component will +fail to load. + +[client_options]: #client_options-block +[auth.token]: #authtoken-block +[auth.approle]: #authapprole-block +[auth.aws]: #authaws-block +[auth.azure]: #authazure-block +[auth.gcp]: #authgcp-block +[auth.kubernetes]: #authkubernetes-block +[auth.ldap]: #authldap-block +[auth.userpass]: #authuserpass-block +[auth.custom]: #authcustom-block + +### client_options block + +The `client_options` block customizes the connection to vault. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`min_retry_wait` | `duration` | Minimum time to wait before retrying failed requests. | `"1000ms"` | no +`max_retry_wait` | `duration` | Maximum time to wait before retrying failed requests. | `"1500ms"` | no +`max_retries` | `int` | Maximum number of times to retry after a 5xx error. | `2` | no +`timeout` | `duration` | Maximum time to wait before a request times out. | `"60s"` | no + +Requests which fail due to server errors (HTTP 5xx error codes) can be retried. +The `max_retries` argument specifies how many times to retry failed requests. +The `min_retry_wait` and `max_retry_wait` arguments specify how long to wait +before retrying. The wait period starts at `min_retry_wait` and exponentially +increases up to `max_retry_wait`. + +Other types of failed requests, including HTTP 4xx error codes, are not +retried. + +If the `max_retries` argument is set to `0`, failed requests are not retried. + +### auth.token block + +The `auth.token` block authenticates each request to Vault using a +token. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`token` | `secret` | Authentication token to use. | | yes + +### auth.approle block + +The `auth.token` block auhenticates to Vault using the [AppRole auth +method][AppRole]. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`role_id` | `string` | Role ID to authenticate as. | | yes +`secret` | `secret` | Secret to authenticate with. | | yes +`wrapping_token` | `bool` | Whether to [unwrap][] the token. | `false` | no +`mount_path` | `string` | Mount path for the login. | `"approle"` | no + +[AppRole]: https://www.vaultproject.io/docs/auth/approle +[unwrap]: https://www.vaultproject.io/docs/concepts/response-wrapping + +### auth.aws block + +The `auth.aws` block authenticates to Vault using the [AWS auth method][AWS]. + +Credentials used to connect to AWS are specified by the environment variables +`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION`. The +environment variable `AWS_SHARED_CREDENTIALS_FILE` may be specified to use a +credentials file instead. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`type` | `string` | Mechanism to authenticate against AWS with. | | yes +`region` | `string` | AWS region to connect to. | `"us-east-1"` | no +`role` | `string` | Overrides the inferred role name inferred. | `""` | no +`iam_server_id_header` | `string` | Configures a `X-Vault-AWS-IAM-Server-ID` header. | `""` | no +`ec2_signature_type` | `string` | Signature to use when authenticating against EC2. | `"pkcs7"` | no +`mount_path` | `string` | Mount path for the login. | `"aws"` | no + +The `type` argument must be set to one of `"ec2"` or `"iam"`. + +The `iam_server_id_header` argument is required used when `type` is set to +`"iam"`. + +If the `region` argument is explicitly set to an empty string `""`, the region +to connect to will be inferred using an API call to the EC2 metadata service. + +The `ec2_signature_type` argument configures the signature to use when +authenticating against EC2. It only applies when `type` is set to `"ec2"`. +`ec2_signature_type` must be set to either `"identity"` or `"pkcs7"`. + +[AWS]: https://www.vaultproject.io/docs/auth/aws + +### auth.azure block + +The `auth.azure` block authenticates to Vault using the [Azure auth +method][Azure]. + +Credentials are retrieved for the running Azure VM using Managed Identities for +Azure Resources. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`role` | `string` | Role name to authenticate as. | | yes +`resource_url` | `string` | Resource URL to include with authentication request. | | no +`mount_path` | `string` | Mount path for the login. | `"azure"` | no + +[Azure]: https://www.vaultproject.io/docs/auth/azure + +### auth.gcp block + +The `auth.gcp` block authenticates to Vault using the [GCP auth method][GCP]. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`role` | `string` | Role name to authenticate as. | | yes +`type` | `string` | Mechanism to authenticate against GCP with | | yes +`iam_service_account` | `string` | IAM service account name to use. | | no +`mount_path` | `string` | Mount path for the login. | `"gcp"` | no + +The `type` argument must be set to `"gce"` or `"iam"`. When `type` is `"gce"`, +credentials are retrieved using the metadata service on GCE VMs. When `type` is +`"iam"`, credentials are retrieved from the file that the +`GOOGLE_APPLICATION_CREDENTIALS` environment variable points to. + +When `type` is `"iam"`, the `iam_service_account` argument determines what +service account name to use. + +[GCP]: https://www.vaultproject.io/docs/auth/gcp + +### auth.kubernetes block + +The `auth.kubernetes` block authenticates to Vault using the [Kubernetes auth +method][Kubernetes]. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`role` | `string` | Role name to authenticate as. | | yes +`service_account_file` | `string` | Override service account token file to use. | | no +`mount_path` | `string` | Mount path for the login. | `"kubernetes"` | no + +When `service_account_file` is not specified, the JWT token to authenticate +with is retrieved from `/var/run/secrets/kubernetes.io/serviceaccount/token`. + +[Kubernetes]: https://www.vaultproject.io/docs/auth/kubernetes + +### auth.ldap block + +The `auth.ldap` block authenticates to Vault using the [LDAP auth +method][LDAP]. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`username` | `string` | LDAP username to authenticate as. | | yes +`password` | `secret` | LDAP passsword for the user. | | yes +`mount_path` | `string` | Mount path for the login. | `"ldap"` | no + +[LDAP]: https://www.vaultproject.io/docs/auth/ldap + +### auth.userpass block + +The `auth.userpass` block authenticates to Vault using the [UserPass auth +method][UserPass]. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`username` | `string` | Username to authenticate as. | | yes +`password` | `secret` | Passsword for the user. | | yes +`mount_path` | `string` | Mount path for the login. | `"userpass"` | no + +[UserPass]: https://www.vaultproject.io/docs/auth/userpass + +### auth.custom block + +The `auth.custom` blocks allows authenticating against Vault using an arbitrary +authentication path like `auth/customservice/login`. + +Using `auth.custom` is equivalent to calling `vault write PATH DATA` on the +command line. + +Name | Type | Description | Default | Required +---- | ---- | ----------- | ------- | -------- +`path` | `string` | Path to write to for creating an authentication token. | yes +`data` | `map(secret)` | Authentication data. | yes + +All values in the `data` attribute are considered secret, even if they contain +nonsensitive information like usernames. + +## Exported fields + +The following fields are exported and can be referenced by other components: + +Name | Type | Description +---- | ---- | ----------- +`data` | `map(secret)` | Data from the secret obtained from Vault. + +The `data` field contains a mapping from data field names to values. There will +be one mapping for each string-like field stored in the Vault secret. + +Note that Vault permits secret engines to store arbitrary data within the +key-value pairs for a secret. The `remote.vault` component is only able to use +values which are strings or can be converted to strings. Keys with non-string +values will be ignored and omitted from the `data` field. + +## Component health + +`remote.vault` will be reported as unhealthy if the latest reread or renewal of +secrets was unsuccessful. + +## Debug information + +`remote.vault` exposes debug information for the authentication token and +secret around: + +* The latest request ID used for retrieving or renewing the token. +* The most recent time when the token was retrieved or renewed. +* The expiration time for the token (if applicable). +* Whether the token is renewable. +* Warnings from Vault from when the token was retrieved. + +### Debug metrics + +`remote.vault` exposes the following metrics: + +* `remote_vault_auth_total` (counter): Total number of times the component + authenticated to Vault. +* `remote_vault_secret_reads_total` (counter): Total number of times the secret + was read from Vault. +* `remote_vault_auth_lease_renewal_total` (counter): Total number of times the + component renewed its authentication token lease. +* `remote_vault_secret_lease_renewal_total` (counter): Total number of times + the component renewed its secret token lease. + +## Example + +```river +local.file "vault_token" { + filename = "/var/data/vault_token" + is_secret = true +} + +remote.vault "remote_write" { + server = "https://prod-vault.corporate.internal" + path = "secret/prometheus/remote_write" + + auth.token { + token = local.file.vault_token.content + } +} + +metrics.remote_write "prod" { + remote_write { + url = "https://onprem-mimir:9009/api/v1/push" + basic_auth { + username = remote.vault.remote_write.data.username + password = remote.vault.remote_write.data.password + } + } +} +``` diff --git a/example/k3d/README.md b/example/k3d/README.md index 9cb5cd3009cc..10512b2bd92f 100644 --- a/example/k3d/README.md +++ b/example/k3d/README.md @@ -11,7 +11,7 @@ that implements a full Grafana Agent environment for testing. - Kubectl - Docker - [Tanka >= v0.9.2](https://github.com/grafana/tanka) -- [k3d >= v4.0.0,<= v5.2.2](https://github.com/rancher/k3d) +- [k3d >= v4.0.0,<= v5.2.2](https://github.com/k3d-io/k3d) - [jsonnet-bundler >= v0.4.0](https://github.com/jsonnet-bundler/jsonnet-bundler) ### Getting Started diff --git a/go.mod b/go.mod index 138678dfa0fc..59abd8049050 100644 --- a/go.mod +++ b/go.mod @@ -24,6 +24,7 @@ require ( github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/coreos/go-systemd/v22 v22.5.0 github.com/cortexproject/cortex v1.11.0 + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davidmparrott/kafka_exporter/v2 v2.0.1 github.com/docker/docker v23.0.3+incompatible github.com/docker/go-connections v0.4.0 @@ -62,6 +63,14 @@ require ( github.com/hashicorp/go-discover v0.0.0-20220105235006-b95dfa40aaed github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru v0.6.0 + github.com/hashicorp/vault/api v1.7.2 + github.com/hashicorp/vault/api/auth/approle v0.2.0 + github.com/hashicorp/vault/api/auth/aws v0.2.0 + github.com/hashicorp/vault/api/auth/azure v0.2.0 + github.com/hashicorp/vault/api/auth/gcp v0.2.0 + github.com/hashicorp/vault/api/auth/kubernetes v0.2.0 + github.com/hashicorp/vault/api/auth/ldap v0.2.0 + github.com/hashicorp/vault/api/auth/userpass v0.2.0 github.com/heroku/x v0.0.55 github.com/iamseth/oracledb_exporter v0.0.0-20230504204552-f801dc432dcf github.com/infinityworks/github-exporter v0.0.0-20210802160115-284088c21e7d @@ -127,7 +136,6 @@ require ( github.com/prometheus/prometheus v1.99.0 github.com/prometheus/snmp_exporter v0.20.1-0.20220111173215-83399c23888f github.com/prometheus/statsd_exporter v0.22.8 - github.com/rancher/k3d/v5 v5.2.2 github.com/rfratto/ckit v0.0.0-20230413073832-e0725e49faea github.com/rs/cors v1.8.3 github.com/shirou/gopsutil/v3 v3.22.9 @@ -204,7 +212,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armsubscriptions v1.0.0 // indirect github.com/Azure/azure-storage-blob-go v0.15.0 // indirect - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.28 github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect @@ -222,8 +230,8 @@ require ( github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.2.0 // indirect - github.com/Microsoft/go-winio v0.5.2 // indirect - github.com/Microsoft/hcsshim v0.9.6 // indirect + github.com/Microsoft/go-winio v0.6.0 // indirect + github.com/Microsoft/hcsshim v0.9.7 // indirect github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect github.com/ProtonMail/go-crypto v0.0.0-20210920160938-87db9fbc61c7 // indirect github.com/StackExchange/wmi v1.2.1 // indirect @@ -264,15 +272,14 @@ require ( github.com/cilium/ebpf v0.9.3 // indirect github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58 // indirect github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc // indirect - github.com/containerd/cgroups v1.0.4 // indirect + github.com/containerd/cgroups v1.1.0 // indirect github.com/containerd/console v1.0.3 // indirect - github.com/containerd/containerd v1.6.18 // indirect + github.com/containerd/containerd v1.6.19 // indirect github.com/containerd/continuity v0.3.0 // indirect github.com/containerd/ttrpc v1.1.0 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/danieljoos/wincred v1.1.2 // indirect - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dennwc/btrfs v0.0.0-20221026161108-3097362dc072 // indirect github.com/dennwc/ioctl v1.0.0 // indirect github.com/dennwc/varint v1.0.0 // indirect @@ -280,9 +287,9 @@ require ( github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/digitalocean/godo v1.95.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/docker/cli v20.10.11+incompatible // indirect + github.com/docker/cli v23.0.3+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect - github.com/docker/docker-credential-helpers v0.6.4 // indirect + github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect @@ -364,6 +371,10 @@ require ( github.com/hashicorp/go-msgpack v0.5.5 // indirect github.com/hashicorp/go-retryablehttp v0.7.2 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect + github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.2 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/hcl v1.0.0 // indirect @@ -371,6 +382,7 @@ require ( github.com/hashicorp/memberlist v0.5.0 // indirect github.com/hashicorp/nomad/api v0.0.0-20230124213148-69fd1a0e4bf7 // indirect github.com/hashicorp/serf v0.10.1 // indirect + github.com/hashicorp/vault/sdk v0.5.1 // indirect github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443 // indirect github.com/hetznercloud/hcloud-go v1.39.0 // indirect github.com/hodgesds/perf-utils v0.5.1 // indirect @@ -416,7 +428,7 @@ require ( github.com/linode/linodego v1.12.0 // indirect github.com/lufia/iostat v1.2.1 // indirect github.com/lufia/plan9stats v0.0.0-20220913051719-115f729f3c8c // indirect - github.com/magiconair/properties v1.8.6 // indirect + github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-ieproxy v0.0.9 // indirect @@ -436,8 +448,8 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mna/redisc v1.3.2 // indirect - github.com/moby/sys/mountinfo v0.5.0 // indirect - github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect + github.com/moby/sys/mountinfo v0.6.2 // indirect + github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/montanaflynn/stats v0.6.6 // indirect @@ -458,7 +470,7 @@ require ( github.com/open-telemetry/opentelemetry-collector-contrib/pkg/translator/opencensus v0.63.0 // indirect github.com/open-telemetry/opentelemetry-collector-contrib/pkg/translator/zipkin v0.63.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect + github.com/opencontainers/image-spec v1.1.0-rc2 // indirect github.com/opencontainers/runc v1.1.5 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/opencontainers/selinux v1.10.2 // indirect @@ -468,8 +480,7 @@ require ( github.com/ovh/go-ovh v1.3.0 // indirect github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c // indirect github.com/patrickmn/go-cache v2.1.0+incompatible // indirect - github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.0.5 // indirect + github.com/pelletier/go-toml/v2 v2.0.6 // indirect github.com/percona/exporter_shared v0.7.4-0.20211108113423-8555cdbac68b // indirect github.com/percona/percona-toolkit v0.0.0-20211210121818-b2860eee3152 // indirect github.com/pierrec/lz4/v4 v4.1.17 // indirect @@ -505,9 +516,9 @@ require ( github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.13.0 // indirect + github.com/spf13/viper v1.15.0 // indirect github.com/stretchr/objx v0.5.0 // indirect - github.com/subosito/gotenv v1.4.1 // indirect + github.com/subosito/gotenv v1.4.2 // indirect github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect github.com/tencentcloud/tencentcloud-sdk-go v1.0.162 // indirect github.com/tg123/go-htpasswd v1.2.0 // indirect @@ -534,15 +545,15 @@ require ( github.com/xo/dburl v0.13.0 // indirect github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect - go.etcd.io/etcd/api/v3 v3.5.5 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.5 // indirect - go.etcd.io/etcd/client/v3 v3.5.5 // indirect + go.etcd.io/etcd/api/v3 v3.5.6 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.6 // indirect + go.etcd.io/etcd/client/v3 v3.5.6 // indirect go.mongodb.org/mongo-driver v1.11.2 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.36.4 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.37.0 // indirect - go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect + go4.org/intern v0.0.0-20220617035311-6925f38cc365 // indirect go4.org/netipx v0.0.0-20230125063823-8449b0a6169f // indirect - go4.org/unsafe/assume-no-moving-gc v0.0.0-20230204201903-c31fa085b70e // indirect + go4.org/unsafe/assume-no-moving-gc v0.0.0-20230209150437-ee73d164e760 // indirect golang.org/x/mod v0.8.0 // indirect golang.org/x/sync v0.2.0 // indirect golang.org/x/term v0.7.0 // indirect @@ -559,20 +570,37 @@ require ( gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect - inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 // indirect + inet.af/netaddr v0.0.0-20220811202034-502d2d690317 // indirect k8s.io/kube-openapi v0.0.0-20230303024457-afdc3dddf62d // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) require ( + github.com/k3d-io/k3d/v5 v5.4.8 + github.com/testcontainers/testcontainers-go v0.19.0 +) + +require ( + github.com/armon/go-radix v1.0.0 // indirect + github.com/cenkalti/backoff/v3 v3.0.0 // indirect + github.com/cpuguy83/dockercfg v0.3.1 // indirect github.com/efficientgo/tools/core v0.0.0-20220817170617-6c25e3b627dd // indirect github.com/gomodule/redigo v1.8.9 // indirect + github.com/goodhosts/hostsfile v0.1.1 // indirect github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect - github.com/moby/sys/mount v0.3.0 // indirect + github.com/hashicorp/go-plugin v1.4.5 // indirect + github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/yamux v0.0.0-20190923154419-df201c70410d // indirect + github.com/mitchellh/go-testing-interface v1.14.1 // indirect + github.com/moby/patternmatcher v0.5.0 // indirect + github.com/moby/sys/sequential v0.5.0 // indirect + github.com/pierrec/lz4 v2.6.1+incompatible // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect github.com/willf/bitset v1.1.11 // indirect github.com/willf/bloom v2.0.3+incompatible // indirect + gopkg.in/square/go-jose.v2 v2.5.1 // indirect ) // NOTE: replace directives below must always be *temporary*. @@ -613,7 +641,6 @@ replace ( github.com/Azure/azure-storage-blob-go => github.com/MasslessParticle/azure-storage-blob-go v0.14.1-0.20220216145902-b5e698eff68e github.com/bradfitz/gomemcache => github.com/themihai/gomemcache v0.0.0-20180902122335-24332e2d58ab github.com/cloudflare/cloudflare-go => github.com/cyriltovena/cloudflare-go v0.27.1-0.20211118103540-ff77400bcb93 - github.com/docker/docker v23.0.3+incompatible => github.com/docker/docker v20.10.24+incompatible github.com/go-kit/log => github.com/dannykopping/go-kit-log v0.2.2-0.20221002180827-5591c1641b6b github.com/gocql/gocql => github.com/grafana/gocql v0.0.0-20200605141915-ba5dc39ece85 github.com/hashicorp/consul => github.com/hashicorp/consul v1.5.1 diff --git a/go.sum b/go.sum index 25bcecd47966..7699154ec574 100644 --- a/go.sum +++ b/go.sum @@ -441,8 +441,9 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armsubscriptions github.com/Azure/azure-storage-queue-go v0.0.0-20181215014128-6ed74e755687/go.mod h1:K6am8mT+5iFXgingS9LUc7TmbsW6XBw3nxaRyaMyWc8= github.com/Azure/go-amqp v0.12.6/go.mod h1:qApuH6OFTSKZFmCOxccvAv5rLizBQf4v8pRmG138DPo= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.7.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v10.15.3+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -553,8 +554,8 @@ github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JP github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= -github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= +github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= @@ -563,8 +564,8 @@ github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= -github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= -github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.7 h1:mKNHW/Xvv1aFH87Jb6ERDzXTJTLPlmzfZ28VBFD/bfg= +github.com/Microsoft/hcsshim v0.9.7/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/Mottl/ctimefmt v0.0.0-20190803144728-fd2ac23a585a/go.mod h1:eyj2WSIdoPMPs2eNTLpSmM6Nzqo4V80/d6jHpnJ1SAI= @@ -662,6 +663,7 @@ github.com/armon/go-metrics v0.4.0 h1:yCQqn7dwca4ITXb+CbubHmedzaQYHhNhrEXLYUeEe8 github.com/armon/go-metrics v0.4.0/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-proxyproto v0.0.0-20190211145416-68259f75880e/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= @@ -682,6 +684,7 @@ github.com/aws/aws-sdk-go v1.15.24/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo github.com/aws/aws-sdk-go v1.17.7/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.34.34/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= @@ -829,6 +832,8 @@ github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRt github.com/cenkalti/backoff v2.0.0+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c= +github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4= @@ -909,8 +914,8 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= -github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA= -github.com/containerd/cgroups v1.0.4/go.mod h1:nLNQtsF7Sl2HxNebu77i1R0oDlhiTG+kO4JTrUzo6IA= +github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= +github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= @@ -934,8 +939,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= -github.com/containerd/containerd v1.6.18 h1:qZbsLvmyu+Vlty0/Ex5xc0z2YtKpIsb5n45mAMI+2Ns= -github.com/containerd/containerd v1.6.18/go.mod h1:1RdCUu95+gc2v9t3IL+zIlpClSmew7/0YS8O5eQZrOw= +github.com/containerd/containerd v1.6.19 h1:F0qgQPrG0P2JPgwpxWxYavrVeXAG0ezUIB9Z/4FTUAU= +github.com/containerd/containerd v1.6.19/go.mod h1:HZCDMn4v/Xl2579/MvtOC2M206i+JJ6VxFWU/NetrGY= github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -1019,19 +1024,22 @@ github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/corpix/uarand v0.1.1 h1:RMr1TWc9F4n5jiPDzFHtmaUXLKLNUFK0SgCLo4BhX/U= github.com/cortexproject/cortex v1.10.1-0.20211124141505-4e9fc3a2b5ab/go.mod h1:njSBkQ1wUNx9X4knV/j65Pi4ItlJXX4QwXRKoMflJd8= github.com/cortexproject/cortex v1.11.0 h1:kx2iBVLZdu7Qjv7dbN4Ek2ax2nICsyoBL+DdEcAetOQ= github.com/cortexproject/cortex v1.11.0/go.mod h1:oAOdKib5B/IhvxrNecMJH9Wb+a0q31KaAUiv/fcDvFo= github.com/couchbase/go-couchbase v0.0.0-20180501122049-16db1f1fe037/go.mod h1:TWI8EKQMs5u5jLKW/tsb9VwauIrMIxQG1r5fMsswK5U= github.com/couchbase/gomemcached v0.0.0-20180502221210-0da75df14530/go.mod h1:srVSlQLB8iXBVXHgnqemxUXqN6FCvClgCMPCsjBDR7c= github.com/couchbase/goutils v0.0.0-20180530154633-e865a1461c8a/go.mod h1:BQwMFlJzDjFDG3DJUdU0KORxn88UlsOULuxLExMh3Hs= +github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= +github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= @@ -1052,7 +1060,6 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= -github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0= github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0= github.com/dannykopping/go-kit-log v0.2.2-0.20221002180827-5591c1641b6b h1:G8g9mAKEj9O3RsU6Hd/ow6lIcHarlcUl5omV6sFKEOU= @@ -1102,8 +1109,9 @@ github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/ github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v20.10.11+incompatible h1:tXU1ezXcruZQRrMP8RN2z9N91h+6egZTS1gsPsKantc= github.com/docker/cli v20.10.11+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v23.0.3+incompatible h1:Zcse1DuDqBdgI7OQDV8Go7b83xLgfhW1eza4HfEdxpY= +github.com/docker/cli v23.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -1119,11 +1127,11 @@ github.com/docker/docker v17.12.0-ce-rc1.0.20200916142827-bd33bbf0497b+incompati github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE= -github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho= +github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= -github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= -github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= +github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= +github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q= github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= @@ -1214,6 +1222,7 @@ github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb h1:IT4JYU7k4ikYg1SCxNI1/Tieq/NFvh6dzLdgi7eu0tM= @@ -1250,8 +1259,10 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goblin v0.0.0-20210519012713-85d372ac71e2/go.mod h1:VzmDKDJVZI3aJmnRI9VjAn9nJ8qPPsN1fqzr9dqInIo= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= +github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= github.com/frankban/quicktest v1.10.2/go.mod h1:K+q6oSqb0W0Ininfk863uOk1lMy69l/P6txr3mVT54s= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU= github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= @@ -1282,6 +1293,7 @@ github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aev github.com/glinton/ping v0.1.4-0.20200311211934-5ac87da8cd96/go.mod h1:uY+1eqFUyotrQxF1wYFNtMeHp/swbYRsoGzfcPZ8x3o= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= +github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= @@ -1309,6 +1321,7 @@ github.com/go-kit/kit v0.12.0 h1:e4o3o3IsBfAKQh5Qbbiqyfu97Ku7jrO/JbohvztANh4= github.com/go-kit/kit v0.12.0/go.mod h1:lHd+EkCZPIwYItmGDDRdhinkzX2A1sj+M9biaEaizzs= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc= +github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= @@ -1475,6 +1488,7 @@ github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= @@ -1605,6 +1619,8 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/gomodule/redigo v1.8.5/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws= github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE= +github.com/goodhosts/hostsfile v0.1.1 h1:SqRUTFOshOCon0ZSXDrW1bkKZvs4+5pRgYFWySdaLno= +github.com/goodhosts/hostsfile v0.1.1/go.mod h1:lXcUP8xO4WR5vvuQ3F/N0bMQoclOtYKEEUnyY2jTusY= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= @@ -1861,6 +1877,7 @@ github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9 github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo= @@ -1868,6 +1885,7 @@ github.com/hashicorp/go-hclog v1.3.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-memdb v0.0.0-20180223233045-1289e7fffe71/go.mod h1:kbfItVoBJwCfKXDXN4YoAXjxcFVZ7MRrJzyTX6H4giE= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.4/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= @@ -1880,9 +1898,13 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v0.0.0-20180331002553-e8d22c780116/go.mod h1:JSqWYsict+jzcj0+xElxyrBQRPNoiWQuddnxArJ7XHQ= github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= +github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= +github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo= +github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= github.com/hashicorp/go-retryablehttp v0.0.0-20180531211321-3b087ef2d313/go.mod h1:fXcdFsQoipQa7mwORhKad5jmDCeSy/RCGzWA08PO0lM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= @@ -1891,6 +1913,19 @@ github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA= +github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= +github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= +github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc= +github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= @@ -1905,6 +1940,7 @@ github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= +github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1944,11 +1980,31 @@ github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfE github.com/hashicorp/vault v0.10.3/go.mod h1:KfSyffbKxoVyspOdlaGVjIuwLobi07qD1bAbosPMpP0= github.com/hashicorp/vault-plugin-secrets-kv v0.0.0-20190318174639-195e0e9d07f1/go.mod h1:VJHHT2SC1tAPrfENQeBhLlb5FbZoKZM+oC/ROmEftz0= github.com/hashicorp/vault/api v1.0.4/go.mod h1:gDcqh3WGcR1cpF5AJz/B1UFheUEneMoIospckxBxk6Q= +github.com/hashicorp/vault/api v1.7.2 h1:kawHE7s/4xwrdKbkmwQi0wYaIeUhk5ueek7ljuezCVQ= +github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M= +github.com/hashicorp/vault/api/auth/approle v0.2.0 h1:mdNYwDRp+tqvJmyfbkaHLLePGYDY27mOFtBZBb7va/I= +github.com/hashicorp/vault/api/auth/approle v0.2.0/go.mod h1:w4PwYaLJmGq0cMss0ZAV9b49vcrpB6SKxMMLUp4voR8= +github.com/hashicorp/vault/api/auth/aws v0.2.0 h1:s7445TloGqcL8rJ7TZtuy0mwblyVslOzt0ZAsjEKdeM= +github.com/hashicorp/vault/api/auth/aws v0.2.0/go.mod h1:HxED8t0CNmbDFPUqOvr/cqEbJsOEsZdSruAtKYty3uU= +github.com/hashicorp/vault/api/auth/azure v0.2.0 h1:C8dr30RoSC2zSqm1Tzow1xwlSUmAOkrP0R7ubu9nvvU= +github.com/hashicorp/vault/api/auth/azure v0.2.0/go.mod h1:VMmVy3C2r1l/Fbj6OPf+KHe4jmo/UraQa8TDEzBrcTo= +github.com/hashicorp/vault/api/auth/gcp v0.2.0 h1:4ggAVtJPAXa9ctUvCj3iNuX1Zc7X8Z5O8RcNby1TnXs= +github.com/hashicorp/vault/api/auth/gcp v0.2.0/go.mod h1:5nAXjDcU8XJRbuoYBsvwJOj1wRzX/DaQSDoPaWHB5Kw= +github.com/hashicorp/vault/api/auth/kubernetes v0.2.0 h1:ScdzRAF8JZIdJYP4oprZKsIS4GSTCaTP4iG2JJlJDvA= +github.com/hashicorp/vault/api/auth/kubernetes v0.2.0/go.mod h1:2BKADs9mwqAycDK/6tiHRh2sX0SPnC0DN4wHjJoAirw= +github.com/hashicorp/vault/api/auth/ldap v0.2.0 h1:pBzFM1Fu0IgS7mfKxVEiCsuPbHEgE5EbXzp6RgN9uXQ= +github.com/hashicorp/vault/api/auth/ldap v0.2.0/go.mod h1:ezky0BvVjLnFBPN4XrFR272iJRoJVdxxor7sVKr0u3k= +github.com/hashicorp/vault/api/auth/userpass v0.2.0 h1:xgP3Pz8P2hDbXzn0dbIBz8HhRj/wNdZVDZfBbZ0Vams= +github.com/hashicorp/vault/api/auth/userpass v0.2.0/go.mod h1:DkYCgkWaw+UvJz3CQRKCOVSyYt6YzWgSwBTswLbL7d4= github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= +github.com/hashicorp/vault/sdk v0.5.1 h1:zly/TmNgOXCGgWIRA8GojyXzG817POtVh3uzIwzZx+8= +github.com/hashicorp/vault/sdk v0.5.1/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU= github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443 h1:O/pT5C1Q3mVXMyuqg7yuAWUg/jMZR1/0QTzTRdNR6Uw= github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443/go.mod h1:bEpDU35nTu0ey1EXjwNwPjI9xErAsoOCmcMb9GKvyxo= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hashicorp/yamux v0.0.0-20190923154419-df201c70410d h1:W+SIwDdl3+jXWeidYySAgzytE3piq6GumXeBjFBG67c= +github.com/hashicorp/yamux v0.0.0-20190923154419-df201c70410d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/heroku/rollrus v0.2.0/go.mod h1:B3MwEcr9nmf4xj0Sr5l9eSht7wLKMa1C+9ajgAU79ek= github.com/heroku/x v0.0.55 h1:LSXseirdcQaVobauVkRLbN1VnxVmRQgRABrDA1Cz2Q8= github.com/heroku/x v0.0.55/go.mod h1:YZxbWdDeSewnf/CDZM2UXCZZPU9JZfObfms5FT3P8NA= @@ -1972,6 +2028,7 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= +github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428 h1:Mo9W14pwbO9VfRe+ygqZ8dFbPpoIK1HFrG/zjTuQ+nc= github.com/illumos/go-kstat v0.0.0-20210513183136-173c9b0a9973 h1:hk4LPqXIY/c9XzRbe7dA6qQxaT6Axcbny0L/G5a4owQ= github.com/illumos/go-kstat v0.0.0-20210513183136-173c9b0a9973/go.mod h1:PoK3ejP3LJkGTzKqRlpvCIFas3ncU02v8zzWDW+g0FY= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -2074,6 +2131,8 @@ github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJk github.com/jefferai/jsonx v0.0.0-20160721235117-9cc31c3135ee/go.mod h1:N0t2vlmpe8nyZB5ouIbJQPDSR+mH6oe7xHB9VZHSUzM= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= +github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8 h1:CZkYfurY6KGhVtlalI4QwQ6T0Cu6iuY3e0x5RLu96WE= github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo= github.com/jinzhu/inflection v0.0.0-20170102125226-1c35d901db3d h1:jRQLvyVGL+iVtDElaEIDdKwpPqUIZJfzkNLV34htpEc= @@ -2082,6 +2141,7 @@ github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/ github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -2130,6 +2190,8 @@ github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4d github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +github.com/k3d-io/k3d/v5 v5.4.8 h1:OfXpeyBq+2be3DTOtt0EWSx0oZOSaHRIwGyu2I5+gEI= +github.com/k3d-io/k3d/v5 v5.4.8/go.mod h1:vnRTHJ5hlilN9WlO0kzvkUdNG9XE1Xmm9DpM95R1BJo= github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= github.com/kardianos/service v1.0.0/go.mod h1:8CzDhVuCuugtsHyZoTvsOBuvonN/UDBvl0kH+BUxvbo= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= @@ -2234,8 +2296,9 @@ github.com/mackerelio/go-osstat v0.2.3/go.mod h1:DQbPOnsss9JHIXgBStc/dnhhir3gbd3 github.com/magiconair/properties v1.5.3/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= +github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180717111219-efc7eb8984d6/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -2378,19 +2441,22 @@ github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx github.com/mna/redisc v1.3.2 h1:sc9C+nj6qmrTFnsXb70xkjAHpXKtjjBuE6v2UcQV0ZE= github.com/mna/redisc v1.3.2/go.mod h1:CplIoaSTDi5h9icnj4FLbRgHoNKCHDNJDVRztWDGeSQ= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= +github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= +github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/sys/mount v0.3.0 h1:bXZYMmq7DBQPwHRxH/MG+u9+XF90ZOwoXpHTOznMGp0= -github.com/moby/sys/mount v0.3.0/go.mod h1:U2Z3ur2rXPFrFmy4q6WMwWrBOAQGYtYTRVM8BIvzbwk= github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= -github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= +github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= +github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= -github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI= -github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= +github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= +github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -2580,8 +2646,8 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3I github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec= -github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= +github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= @@ -2651,8 +2717,9 @@ github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAv github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg= github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= +github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU= +github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= github.com/percona/exporter_shared v0.7.4-0.20211108113423-8555cdbac68b h1:tPnodYuNto6iPkeBCKJKw2HLeEYCiRmN2cpcMzTs8W4= github.com/percona/exporter_shared v0.7.4-0.20211108113423-8555cdbac68b/go.mod h1:bweWrCdYX+iAONTNUNIIkXGDjGg8dbFL0VBxuUv0wus= github.com/percona/mongodb_exporter v0.31.2 h1:FrXbWxNsDF1lsq2HjUHYDYRkTsO7MIDi5u+KS1b0mW4= @@ -2670,6 +2737,7 @@ github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= +github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4/v4 v4.1.8/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc= @@ -2778,8 +2846,6 @@ github.com/prometheus/statsd_exporter v0.22.8 h1:Qo2D9ZzaQG+id9i5NYNGmbf1aa/KxKb github.com/prometheus/statsd_exporter v0.22.8/go.mod h1:/DzwbTEaFTE0Ojz5PqcSk6+PFHOPWGxdXVr6yC8eFOM= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rafaeljusto/redigomock v0.0.0-20190202135759-257e089e14a1/go.mod h1:JaY6n2sDr+z2WTsXkOmNRUfDy6FN0L6Nk7x06ndm4tY= -github.com/rancher/k3d/v5 v5.2.2 h1:9F+wqmRZz5Gl7o70g0OSPLYVyCOrz/rJPVQhxmaI2Bo= -github.com/rancher/k3d/v5 v5.2.2/go.mod h1:wf9CUngX+Klerdc1rKlQV5OKzTQesCwoYGDMcB56DLQ= github.com/rcrowley/go-metrics v0.0.0-20160613154715-cfa5a85e9f0a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= @@ -2823,6 +2889,7 @@ github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfF github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/safchain/ethtool v0.0.0-20200218184317-f459e2d13664/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= @@ -2952,8 +3019,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v0.0.0-20150530192845-be5ff3e4840c/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU= github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw= +github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU= +github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/steinfletcher/apitest v1.3.8/go.mod h1:LOVbGzWvWCiiVE4PZByfhRnA5L00l5uZQEx403xQ4K8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= @@ -2989,8 +3057,9 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807 h1:LUsDduamlucuNnWcaTbXQ6aLILFcLXADpOzeEH3U+OI= github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= +github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= +github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= @@ -3003,6 +3072,8 @@ github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.194/go.mod h1:yrBKWhChnDqNz1xuXdSbWXG56XawEq0G5j1lg4VwBD4= github.com/tencentyun/cos-go-sdk-v5 v0.7.31/go.mod h1:4E4+bQ2gBVJcgEC9Cufwylio4mXOct2iu05WjgEBx1o= github.com/tent/http-link-go v0.0.0-20130702225549-ac974c61c2f9/go.mod h1:RHkNRtSLfOK7qBTHaeSX1D6BNpI3qw7NTxsmNr4RvN8= +github.com/testcontainers/testcontainers-go v0.19.0 h1:3bmFPuQRgVIQwxZJERyzB8AogmJW3Qzh8iDyfJbPhi8= +github.com/testcontainers/testcontainers-go v0.19.0/go.mod h1:3YsSoxK0rGEUzbGD4gUVt1Nm3GJpCIq94GX+2LSf3d4= github.com/tg123/go-htpasswd v1.2.0 h1:UKp34m9H467/xklxUxU15wKRru7fwXoTojtxg25ITF0= github.com/tg123/go-htpasswd v1.2.0/go.mod h1:h7IzlfpvIWnVJhNZ0nQ9HaFxHb7pn5uFJYLlEUJa2sM= github.com/thanos-io/thanos v0.19.1-0.20211126105533-c5505f5eaa7d/go.mod h1:sfnKJG7cDA41ixNL4gsTJEa3w9Qt8lwAjw+dqRMSDG0= @@ -3158,18 +3229,18 @@ go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3C go.etcd.io/etcd v3.3.25+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= -go.etcd.io/etcd/api/v3 v3.5.5 h1:BX4JIbQ7hl7+jL+g+2j5UAr0o1bctCm6/Ct+ArBGkf0= -go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8= +go.etcd.io/etcd/api/v3 v3.5.6 h1:Cy2qx3npLcYqTKqGJzMypnMv2tiRyifZJ17BlWIWA7A= +go.etcd.io/etcd/api/v3 v3.5.6/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/pkg/v3 v3.5.5 h1:9S0JUVvmrVl7wCF39iTQthdaaNIiAaQbmK75ogO6GU8= -go.etcd.io/etcd/client/pkg/v3 v3.5.5/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ= +go.etcd.io/etcd/client/pkg/v3 v3.5.6 h1:TXQWYceBKqLp4sa87rcPs11SXxUA/mHwH975v+BDvLU= +go.etcd.io/etcd/client/pkg/v3 v3.5.6/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+DHwTGEbU= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY= -go.etcd.io/etcd/client/v3 v3.5.5 h1:q++2WTJbUgpQu4B6hCuT7VkdwaTP7Qz6Daak3WzbrlI= -go.etcd.io/etcd/client/v3 v3.5.5/go.mod h1:aApjR4WGlSumpnJ2kloS75h6aHUmAyaPLjHMxpc7E7c= +go.etcd.io/etcd/client/v3 v3.5.6 h1:coLs69PWCXE9G4FKquzNaSHrRyMCAXwF+IX1tAPVO8E= +go.etcd.io/etcd/client/v3 v3.5.6/go.mod h1:f6GRinRMCsFVv9Ht42EyY7nfsVGwrNO0WEoS2pRKzQk= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= @@ -3299,13 +3370,15 @@ go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -go4.org/intern v0.0.0-20211027215823-ae77deb06f29 h1:UXLjNohABv4S58tHmeuIZDO6e3mHpW2Dx33gaNt03LE= go4.org/intern v0.0.0-20211027215823-ae77deb06f29/go.mod h1:cS2ma+47FKrLPdXFpr7CuxiTW3eyJbWew4qx0qtQWDA= +go4.org/intern v0.0.0-20220617035311-6925f38cc365 h1:t9hFvR102YlOqU0fQn1wgwhNvSbHGBbbJxX9JKfU3l0= +go4.org/intern v0.0.0-20220617035311-6925f38cc365/go.mod h1:WXRv3p7T6gzt0CcJm43AAKdKVZmcQbwwC7EwquU5BZU= go4.org/netipx v0.0.0-20230125063823-8449b0a6169f h1:ketMxHg+vWm3yccyYiq+uK8D3fRmna2Fcj+awpQp84s= go4.org/netipx v0.0.0-20230125063823-8449b0a6169f/go.mod h1:tgPU4N2u9RByaTN3NC2p9xOzyFpte4jYwsIIRF7XlSc= go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= -go4.org/unsafe/assume-no-moving-gc v0.0.0-20230204201903-c31fa085b70e h1:AY/D6WBvaYJLmXK9VTIAX0tokDhrkkqdvIUwOU2nxio= -go4.org/unsafe/assume-no-moving-gc v0.0.0-20230204201903-c31fa085b70e/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= +go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= +go4.org/unsafe/assume-no-moving-gc v0.0.0-20230209150437-ee73d164e760 h1:gH0IO5GDYAcawu+ThKrvAofVTgJjYaoOZ5rrC4pS2Xw= +go4.org/unsafe/assume-no-moving-gc v0.0.0-20230209150437-ee73d164e760/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -3421,6 +3494,7 @@ golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -3661,6 +3735,7 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -3995,6 +4070,7 @@ google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= +google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180518175338-11a468237815/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181221175505-bd9b4fb69e2f/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= @@ -4209,6 +4285,7 @@ gopkg.in/rethinkdb/rethinkdb-go.v6 v6.2.1 h1:d4KQkxAaAiRY2h5Zqis161Pv91A37uZyJOx gopkg.in/rethinkdb/rethinkdb-go.v6 v6.2.1/go.mod h1:WbjuEoo1oadwzQ4apSDU+JTvmllEHtsNHS6y7vFc7iw= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/telebot.v3 v3.1.2/go.mod h1:GJKwwWqp9nSkIVN51eRKU78aB5f5OnQuWdwiIZfPbko= gopkg.in/tomb.v1 v1.0.0-20140529071818-c131134a1947/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= @@ -4226,8 +4303,8 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= honnef.co/go/netdb v0.0.0-20150201073656-a416d700ae39/go.mod h1:rbNo0ST5hSazCG4rGfpHrwnwvzP1QX62WbhzD+ghGzs= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -4238,8 +4315,8 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 h1:acCzuUSQ79tGsM/O50VRFySfMm19IoMKL+sZztZkCxw= -inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6/go.mod h1:y3MGhcFMlh0KZPMuXXow8mpjxxAk3yoDNsp4cQz54i8= +inet.af/netaddr v0.0.0-20220811202034-502d2d690317 h1:U2fwK6P2EqmopP/hFLTOAjWTki0qgd4GMJn5X8wOleU= +inet.af/netaddr v0.0.0-20220811202034-502d2d690317/go.mod h1:OIezDfdzOgFhuw4HuWapWq2e9l0H9tK4F1j+ETRtF3k= k8s.io/api v0.0.0-20180806132203-61b11ee65332/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA= k8s.io/api v0.0.0-20190325185214-7544f9db76f6/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA= k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= diff --git a/pkg/util/k8s/k8s.go b/pkg/util/k8s/k8s.go index 73859f628bcf..17702c146010 100644 --- a/pkg/util/k8s/k8s.go +++ b/pkg/util/k8s/k8s.go @@ -11,16 +11,16 @@ import ( docker_types "github.com/docker/docker/api/types" docker_nat "github.com/docker/go-connections/nat" gragent "github.com/grafana/agent/pkg/operator/apis/monitoring/v1alpha1" + k3d_client "github.com/k3d-io/k3d/v5/pkg/client" + config "github.com/k3d-io/k3d/v5/pkg/config" + k3d_cfgtypes "github.com/k3d-io/k3d/v5/pkg/config/types" + k3d_config "github.com/k3d-io/k3d/v5/pkg/config/v1alpha4" + k3d_log "github.com/k3d-io/k3d/v5/pkg/logger" + k3d_runtime "github.com/k3d-io/k3d/v5/pkg/runtimes" + k3d_docker "github.com/k3d-io/k3d/v5/pkg/runtimes/docker" + k3d_types "github.com/k3d-io/k3d/v5/pkg/types" + k3d_version "github.com/k3d-io/k3d/v5/version" promop_v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - k3d_client "github.com/rancher/k3d/v5/pkg/client" - config "github.com/rancher/k3d/v5/pkg/config" - k3d_cfgtypes "github.com/rancher/k3d/v5/pkg/config/types" - k3d_config "github.com/rancher/k3d/v5/pkg/config/v1alpha3" - k3d_log "github.com/rancher/k3d/v5/pkg/logger" - k3d_runtime "github.com/rancher/k3d/v5/pkg/runtimes" - k3d_docker "github.com/rancher/k3d/v5/pkg/runtimes/docker" - k3d_types "github.com/rancher/k3d/v5/pkg/types" - k3d_version "github.com/rancher/k3d/v5/version" apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/rand" @@ -110,7 +110,9 @@ func NewCluster(ctx context.Context, o Options) (cluster *Cluster, err error) { Kind: "Simple", APIVersion: config.DefaultConfigApiVersion, }, - Name: randomClusterName(), + ObjectMeta: k3d_cfgtypes.ObjectMeta{ + Name: randomClusterName(), + }, Servers: 1, Ports: []k3d_config.PortWithNodeFilters{{ // Bind NGINX (container port 80) to 127.0.0.1:0