diff --git a/go.mod b/go.mod index 722e38786..eefcfd6ed 100644 --- a/go.mod +++ b/go.mod @@ -3,20 +3,20 @@ module github.com/openshift/cluster-csi-snapshot-controller-operator go 1.17 require ( - github.com/google/go-cmp v0.5.5 + github.com/google/go-cmp v0.5.7 github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 - github.com/openshift/api v0.0.0-20211209135129-c58d9f695577 - github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3 + github.com/openshift/api v0.0.0-20220124143425-d74727069f6f + github.com/openshift/build-machinery-go v0.0.0-20220121085309-f94edc2d6874 github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3 - github.com/openshift/library-go v0.0.0-20211220195323-eca2c467c492 + github.com/openshift/library-go v0.0.0-20220124121022-2bc87c4fc9dd github.com/prometheus/client_golang v1.11.0 github.com/spf13/cobra v1.2.1 - k8s.io/api v0.23.0 + k8s.io/api v0.23.2 k8s.io/apiextensions-apiserver v0.23.0 - k8s.io/apimachinery v0.23.0 + k8s.io/apimachinery v0.23.2 k8s.io/client-go v0.23.0 k8s.io/component-base v0.23.0 - k8s.io/klog/v2 v2.30.0 + k8s.io/klog/v2 v2.40.1 ) require ( @@ -34,7 +34,7 @@ require ( github.com/felixge/httpsnoop v1.0.1 // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-logr/logr v1.2.0 // indirect + github.com/go-logr/logr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect @@ -84,7 +84,7 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.1 // indirect golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect - golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect + golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8 // indirect @@ -102,10 +102,10 @@ require ( k8s.io/apiserver v0.23.0 // indirect k8s.io/kube-aggregator v0.23.0 // indirect k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect - k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect + k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.25 // indirect sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index ead712e84..c19944259 100644 --- a/go.sum +++ b/go.sum @@ -212,8 +212,9 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -332,8 +333,9 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -522,15 +524,17 @@ github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c= github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/openshift/api v0.0.0-20211209135129-c58d9f695577 h1:NUe82M8wMYXbd5s+WBAJ2QAZZivs+nhZ3zYgZFwKfqw= github.com/openshift/api v0.0.0-20211209135129-c58d9f695577/go.mod h1:DoslCwtqUpr3d/gsbq4ZlkaMEdYqKxuypsDjorcHhME= +github.com/openshift/api v0.0.0-20220124143425-d74727069f6f h1:iOTv1WudhVm2UsoST+L+ZrA5A9w57h9vmQsdlBuqG6g= +github.com/openshift/api v0.0.0-20220124143425-d74727069f6f/go.mod h1:F/eU6jgr6Q2VhMu1mSpMmygxAELd7+BUxs3NHZ25jV4= github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3 h1:65oBhJYHzYK5VL0gF1eiYY37lLzyLZ47b9y5Kib1nf8= github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/build-machinery-go v0.0.0-20220121085309-f94edc2d6874 h1:zNOsvx6zHh4qZxD/YEubNTxZ61Ko2JbDVvhnlRN6k30= +github.com/openshift/build-machinery-go v0.0.0-20220121085309-f94edc2d6874/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3 h1:SG1aqwleU6bGD0X4mhkTNupjVnByMYYuW4XbnCPavQU= github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3/go.mod h1:cwhyki5lqBmrT0m8Im+9I7PGFaraOzcYPtEz93RcsGY= -github.com/openshift/library-go v0.0.0-20211220195323-eca2c467c492 h1:oj/rSQqVWVj6YJUydZwLz2frrJreiyI4oa9g/YPgMsM= -github.com/openshift/library-go v0.0.0-20211220195323-eca2c467c492/go.mod h1:4UQ9snU1vg53fyTpHQw3vLPiAxI8ub5xrc+y8KPQQFs= +github.com/openshift/library-go v0.0.0-20220124121022-2bc87c4fc9dd h1:ytkKe9YmynqosVwvPHKP8kYcCnp/rz/PI3ps+bixOw4= +github.com/openshift/library-go v0.0.0-20220124121022-2bc87c4fc9dd/go.mod h1:6AmNM4N4nHftckybV/U7bQW+5AvK5TW81ndSI6KEidw= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= @@ -830,8 +834,9 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= +golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1197,8 +1202,9 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= k8s.io/api v0.18.0-beta.2/go.mod h1:2oeNnWEqcSmaM/ibSh3t7xcIqbkGXhzZdn4ezV9T4m0= k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= -k8s.io/api v0.23.0 h1:WrL1gb73VSC8obi8cuYETJGXEoFNEh3LU0Pt+Sokgro= k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg= +k8s.io/api v0.23.2 h1:62cpzreV3dCuj0hqPi8r4dyWh48ogMcyh+ga9jEGij4= +k8s.io/api v0.23.2/go.mod h1:sYuDb3flCtRPI8ghn6qFrcK5ZBu2mhbElxRE95qpwlI= k8s.io/apiextensions-apiserver v0.17.0/go.mod h1:XiIFUakZywkUl54fVXa7QTEHcqQz9HG55nHd1DCoHj8= k8s.io/apiextensions-apiserver v0.18.0-beta.2/go.mod h1:Hnrg5jx8/PbxRbUoqDGxtQkULjwx8FDW4WYJaKNK+fk= k8s.io/apiextensions-apiserver v0.23.0 h1:uii8BYmHYiT2ZTAJxmvc3X8UhNYMxl2A0z0Xq3Pm+WY= @@ -1206,8 +1212,9 @@ k8s.io/apiextensions-apiserver v0.23.0/go.mod h1:xIFAEEDlAZgpVBl/1VSjGDmLoXAWRG4 k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= k8s.io/apimachinery v0.18.0-beta.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= -k8s.io/apimachinery v0.23.0 h1:mIfWRMjBuMdolAWJ3Fd+aPTMv3X9z+waiARMpvvb0HQ= k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc= +k8s.io/apimachinery v0.23.2 h1:dBmjCOeYBdg2ibcQxMuUq+OopZ9fjfLIR5taP/XKeTs= +k8s.io/apimachinery v0.23.2/go.mod h1:zDqeV0AK62LbCI0CI7KbWCAYdLg+E+8UXJ0rIz5gmS8= k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg= k8s.io/apiserver v0.18.0-beta.2/go.mod h1:bnblMkMoCFnIfVnVftd0SXJPzyvrk3RtaqSbblphF/A= k8s.io/apiserver v0.23.0 h1:Ds/QveXWi9aJ8ISB0CJa4zBNc5njxAs5u3rmMIexqCY= @@ -1237,8 +1244,9 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.30.0 h1:bUO6drIvCIsvZ/XFgfxoGFQU/a4Qkh0iAlvUR7vlHJw= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.40.1 h1:P4RRucWk/lFOlDdkAr3mc7iWFkgKrZY9qZMAgek06S4= +k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-aggregator v0.18.0-beta.2/go.mod h1:O3Td9mheraINbLHH4pzoFP2gRzG0Wk1COqzdSL4rBPk= k8s.io/kube-aggregator v0.23.0 h1:IjY8CfGHH9WUvJXIaAsAxTzHDsaLVeaEqjkvo6MLMD0= k8s.io/kube-aggregator v0.23.0/go.mod h1:b1vpoaTWKZjCzvbe1KXFw3vPbISrghJsg7/RI8oZUME= @@ -1251,8 +1259,9 @@ k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl k8s.io/utils v0.0.0-20200229041039-0a110f9eb7ab/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b h1:wxEMGetGMur3J1xuGLQY7GEQYg9bZxKn3tKo5k/eYcs= k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 h1:ZKMMxTvduyf5WUtREOqg5LiXaN1KO/+0oOQPRFrClpo= +k8s.io/utils v0.0.0-20211208161948-7d6a63dca704/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= @@ -1277,8 +1286,9 @@ sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnM sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.2.0 h1:kDvPBbnPk+qYmkHmSo8vKGp438IASWofnbbUKDE/bv0= sigs.k8s.io/structured-merge-diff/v4 v4.2.0/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= +sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/manifests/05_operand_rbac.yaml b/manifests/05_operand_rbac.yaml index 603d4c10a..48655e6fd 100644 --- a/manifests/05_operand_rbac.yaml +++ b/manifests/05_operand_rbac.yaml @@ -24,13 +24,16 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots/status"] - verbs: ["update"] + verbs: ["update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontentss/status"] + verbs: ["update", "patch"] --- kind: ClusterRoleBinding diff --git a/pkg/operator/webhookdeployment/webhook.go b/pkg/operator/webhookdeployment/webhook.go index 0ed6147a9..b56ee3beb 100644 --- a/pkg/operator/webhookdeployment/webhook.go +++ b/pkg/operator/webhookdeployment/webhook.go @@ -34,11 +34,12 @@ import ( ) type csiSnapshotWebhookController struct { - client operatorclient.OperatorClient - kubeClient kubernetes.Interface - nodeLister corelistersv1.NodeLister - infraLister configlisterv1.InfrastructureLister - eventRecorder events.Recorder + client operatorclient.OperatorClient + kubeClient kubernetes.Interface + nodeLister corelistersv1.NodeLister + infraLister configlisterv1.InfrastructureLister + eventRecorder events.Recorder + performanceCache resourceapply.ResourceCache queue workqueue.RateLimitingInterface @@ -84,6 +85,7 @@ func NewCSISnapshotWebhookController( eventRecorder: eventRecorder, queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "csi-snapshot-controller"), csiSnapshotWebhookImage: csiSnapshotWebhookImage, + performanceCache: resourceapply.NewResourceCache(), } return factory.New().WithSync(c.sync).WithSyncDegradedOnError(client).WithInformers( @@ -151,7 +153,7 @@ func (c *csiSnapshotWebhookController) sync(ctx context.Context, syncCtx factory if err != nil { return err } - webhookConfig, _, err = resourceapply.ApplyValidatingWebhookConfiguration(ctx, c.kubeClient.AdmissionregistrationV1(), syncCtx.Recorder(), webhookConfig) + webhookConfig, _, err = resourceapply.ApplyValidatingWebhookConfigurationImproved(ctx, c.kubeClient.AdmissionregistrationV1(), syncCtx.Recorder(), webhookConfig, c.performanceCache) if err != nil { return err } diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go index 44cd398c9..c05482a20 100644 --- a/vendor/github.com/go-logr/logr/logr.go +++ b/vendor/github.com/go-logr/logr/logr.go @@ -43,7 +43,9 @@ limitations under the License. // // Info() and Error() are very similar, but they are separate methods so that // LogSink implementations can choose to do things like attach additional -// information (such as stack traces) on calls to Error(). +// information (such as stack traces) on calls to Error(). Error() messages are +// always logged, regardless of the current verbosity. If there is no error +// instance available, passing nil is valid. // // Verbosity // @@ -53,6 +55,7 @@ limitations under the License. // Log-lines with V-levels that are not enabled (as per the LogSink) will not // be written. Level V(0) is the default, and logger.V(0).Info() has the same // meaning as logger.Info(). Negative V-levels have the same meaning as V(0). +// Error messages do not have a verbosity level and are always logged. // // Where we might have written: // if flVerbose >= 2 { @@ -253,11 +256,13 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) { // Error logs an error, with the given message and key/value pairs as context. // It functions similarly to Info, but may have unique behavior, and should be // preferred for logging errors (see the package documentations for more -// information). +// information). The log message will always be emitted, regardless of +// verbosity level. // // The msg argument should be used to add context to any underlying error, // while the err argument should be used to attach the actual error that -// triggered this log line, if present. +// triggered this log line, if present. The err parameter is optional +// and nil may be passed instead of an error instance. func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() diff --git a/vendor/github.com/google/go-cmp/cmp/compare.go b/vendor/github.com/google/go-cmp/cmp/compare.go index 86d0903b8..2a5446762 100644 --- a/vendor/github.com/google/go-cmp/cmp/compare.go +++ b/vendor/github.com/google/go-cmp/cmp/compare.go @@ -36,7 +36,6 @@ import ( "strings" "github.com/google/go-cmp/cmp/internal/diff" - "github.com/google/go-cmp/cmp/internal/flags" "github.com/google/go-cmp/cmp/internal/function" "github.com/google/go-cmp/cmp/internal/value" ) @@ -319,7 +318,6 @@ func (s *state) tryMethod(t reflect.Type, vx, vy reflect.Value) bool { } func (s *state) callTRFunc(f, v reflect.Value, step Transform) reflect.Value { - v = sanitizeValue(v, f.Type().In(0)) if !s.dynChecker.Next() { return f.Call([]reflect.Value{v})[0] } @@ -343,8 +341,6 @@ func (s *state) callTRFunc(f, v reflect.Value, step Transform) reflect.Value { } func (s *state) callTTBFunc(f, x, y reflect.Value) bool { - x = sanitizeValue(x, f.Type().In(0)) - y = sanitizeValue(y, f.Type().In(1)) if !s.dynChecker.Next() { return f.Call([]reflect.Value{x, y})[0].Bool() } @@ -372,19 +368,6 @@ func detectRaces(c chan<- reflect.Value, f reflect.Value, vs ...reflect.Value) { ret = f.Call(vs)[0] } -// sanitizeValue converts nil interfaces of type T to those of type R, -// assuming that T is assignable to R. -// Otherwise, it returns the input value as is. -func sanitizeValue(v reflect.Value, t reflect.Type) reflect.Value { - // TODO(≥go1.10): Workaround for reflect bug (https://golang.org/issue/22143). - if !flags.AtLeastGo110 { - if v.Kind() == reflect.Interface && v.IsNil() && v.Type() != t { - return reflect.New(t).Elem() - } - } - return v -} - func (s *state) compareStruct(t reflect.Type, vx, vy reflect.Value) { var addr bool var vax, vay reflect.Value // Addressable versions of vx and vy diff --git a/vendor/github.com/google/go-cmp/cmp/export_panic.go b/vendor/github.com/google/go-cmp/cmp/export_panic.go index 5ff0b4218..ae851fe53 100644 --- a/vendor/github.com/google/go-cmp/cmp/export_panic.go +++ b/vendor/github.com/google/go-cmp/cmp/export_panic.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build purego // +build purego package cmp diff --git a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go b/vendor/github.com/google/go-cmp/cmp/export_unsafe.go index 21eb54858..e2c0f74e8 100644 --- a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go +++ b/vendor/github.com/google/go-cmp/cmp/export_unsafe.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !purego // +build !purego package cmp diff --git a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go index 1daaaacc5..36062a604 100644 --- a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go +++ b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !cmp_debug // +build !cmp_debug package diff diff --git a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go index 4b91dbcac..a3b97a1ad 100644 --- a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go +++ b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build cmp_debug // +build cmp_debug package diff diff --git a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go b/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go deleted file mode 100644 index 82d1d7fbf..000000000 --- a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2019, The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !go1.10 - -package flags - -// AtLeastGo110 reports whether the Go toolchain is at least Go 1.10. -const AtLeastGo110 = false diff --git a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go b/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go deleted file mode 100644 index 8646f0529..000000000 --- a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2019, The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build go1.10 - -package flags - -// AtLeastGo110 reports whether the Go toolchain is at least Go 1.10. -const AtLeastGo110 = true diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/name.go b/vendor/github.com/google/go-cmp/cmp/internal/value/name.go index b6c12cefb..7b498bb2c 100644 --- a/vendor/github.com/google/go-cmp/cmp/internal/value/name.go +++ b/vendor/github.com/google/go-cmp/cmp/internal/value/name.go @@ -9,6 +9,8 @@ import ( "strconv" ) +var anyType = reflect.TypeOf((*interface{})(nil)).Elem() + // TypeString is nearly identical to reflect.Type.String, // but has an additional option to specify that full type names be used. func TypeString(t reflect.Type, qualified bool) string { @@ -20,6 +22,11 @@ func appendTypeName(b []byte, t reflect.Type, qualified, elideFunc bool) []byte // of the same name and within the same package, // but declared within the namespace of different functions. + // Use the "any" alias instead of "interface{}" for better readability. + if t == anyType { + return append(b, "any"...) + } + // Named type. if t.Name() != "" { if qualified && t.PkgPath() != "" { diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go index 44f4a5afd..1a71bfcbd 100644 --- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go +++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build purego // +build purego package value diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go index a605953d4..16e6860af 100644 --- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go +++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !purego // +build !purego package value diff --git a/vendor/github.com/google/go-cmp/cmp/path.go b/vendor/github.com/google/go-cmp/cmp/path.go index 3d45c1a47..c71003463 100644 --- a/vendor/github.com/google/go-cmp/cmp/path.go +++ b/vendor/github.com/google/go-cmp/cmp/path.go @@ -178,7 +178,7 @@ type structField struct { unexported bool mayForce bool // Forcibly allow visibility paddr bool // Was parent addressable? - pvx, pvy reflect.Value // Parent values (always addressible) + pvx, pvy reflect.Value // Parent values (always addressable) field reflect.StructField // Field information } @@ -315,7 +315,7 @@ func (tf Transform) Option() Option { return tf.trans } // pops the address from the stack. Thus, when traversing into a pointer from // reflect.Ptr, reflect.Slice element, or reflect.Map, we can detect cycles // by checking whether the pointer has already been visited. The cycle detection -// uses a seperate stack for the x and y values. +// uses a separate stack for the x and y values. // // If a cycle is detected we need to determine whether the two pointers // should be considered equal. The definition of equality chosen by Equal diff --git a/vendor/github.com/google/go-cmp/cmp/report_reflect.go b/vendor/github.com/google/go-cmp/cmp/report_reflect.go index 33f03577f..76c04fdbd 100644 --- a/vendor/github.com/google/go-cmp/cmp/report_reflect.go +++ b/vendor/github.com/google/go-cmp/cmp/report_reflect.go @@ -207,9 +207,10 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind, // Check whether this is a []byte of text data. if t.Elem() == reflect.TypeOf(byte(0)) { b := v.Bytes() - isPrintSpace := func(r rune) bool { return unicode.IsPrint(r) && unicode.IsSpace(r) } + isPrintSpace := func(r rune) bool { return unicode.IsPrint(r) || unicode.IsSpace(r) } if len(b) > 0 && utf8.Valid(b) && len(bytes.TrimFunc(b, isPrintSpace)) == 0 { out = opts.formatString("", string(b)) + skipType = true return opts.WithTypeMode(emitType).FormatType(t, out) } } diff --git a/vendor/github.com/google/go-cmp/cmp/report_slices.go b/vendor/github.com/google/go-cmp/cmp/report_slices.go index 168f92f3c..68b5c1ae1 100644 --- a/vendor/github.com/google/go-cmp/cmp/report_slices.go +++ b/vendor/github.com/google/go-cmp/cmp/report_slices.go @@ -7,6 +7,7 @@ package cmp import ( "bytes" "fmt" + "math" "reflect" "strconv" "strings" @@ -79,7 +80,7 @@ func (opts formatOptions) CanFormatDiffSlice(v *valueNode) bool { } // Use specialized string diffing for longer slices or strings. - const minLength = 64 + const minLength = 32 return vx.Len() >= minLength && vy.Len() >= minLength } @@ -96,15 +97,16 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode { } // Auto-detect the type of the data. - var isLinedText, isText, isBinary bool var sx, sy string + var ssx, ssy []string + var isString, isMostlyText, isPureLinedText, isBinary bool switch { case t.Kind() == reflect.String: sx, sy = vx.String(), vy.String() - isText = true // Initial estimate, verify later + isString = true case t.Kind() == reflect.Slice && t.Elem() == reflect.TypeOf(byte(0)): sx, sy = string(vx.Bytes()), string(vy.Bytes()) - isBinary = true // Initial estimate, verify later + isString = true case t.Kind() == reflect.Array: // Arrays need to be addressable for slice operations to work. vx2, vy2 := reflect.New(t).Elem(), reflect.New(t).Elem() @@ -112,13 +114,12 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode { vy2.Set(vy) vx, vy = vx2, vy2 } - if isText || isBinary { - var numLines, lastLineIdx, maxLineLen int - isBinary = !utf8.ValidString(sx) || !utf8.ValidString(sy) + if isString { + var numTotalRunes, numValidRunes, numLines, lastLineIdx, maxLineLen int for i, r := range sx + sy { - if !(unicode.IsPrint(r) || unicode.IsSpace(r)) || r == utf8.RuneError { - isBinary = true - break + numTotalRunes++ + if (unicode.IsPrint(r) || unicode.IsSpace(r)) && r != utf8.RuneError { + numValidRunes++ } if r == '\n' { if maxLineLen < i-lastLineIdx { @@ -128,8 +129,26 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode { numLines++ } } - isText = !isBinary - isLinedText = isText && numLines >= 4 && maxLineLen <= 1024 + isPureText := numValidRunes == numTotalRunes + isMostlyText = float64(numValidRunes) > math.Floor(0.90*float64(numTotalRunes)) + isPureLinedText = isPureText && numLines >= 4 && maxLineLen <= 1024 + isBinary = !isMostlyText + + // Avoid diffing by lines if it produces a significantly more complex + // edit script than diffing by bytes. + if isPureLinedText { + ssx = strings.Split(sx, "\n") + ssy = strings.Split(sy, "\n") + esLines := diff.Difference(len(ssx), len(ssy), func(ix, iy int) diff.Result { + return diff.BoolResult(ssx[ix] == ssy[iy]) + }) + esBytes := diff.Difference(len(sx), len(sy), func(ix, iy int) diff.Result { + return diff.BoolResult(sx[ix] == sy[iy]) + }) + efficiencyLines := float64(esLines.Dist()) / float64(len(esLines)) + efficiencyBytes := float64(esBytes.Dist()) / float64(len(esBytes)) + isPureLinedText = efficiencyLines < 4*efficiencyBytes + } } // Format the string into printable records. @@ -138,9 +157,7 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode { switch { // If the text appears to be multi-lined text, // then perform differencing across individual lines. - case isLinedText: - ssx := strings.Split(sx, "\n") - ssy := strings.Split(sy, "\n") + case isPureLinedText: list = opts.formatDiffSlice( reflect.ValueOf(ssx), reflect.ValueOf(ssy), 1, "line", func(v reflect.Value, d diffMode) textRecord { @@ -229,7 +246,7 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode { // If the text appears to be single-lined text, // then perform differencing in approximately fixed-sized chunks. // The output is printed as quoted strings. - case isText: + case isMostlyText: list = opts.formatDiffSlice( reflect.ValueOf(sx), reflect.ValueOf(sy), 64, "byte", func(v reflect.Value, d diffMode) textRecord { @@ -237,7 +254,6 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode { return textRecord{Diff: d, Value: textLine(s)} }, ) - delim = "" // If the text appears to be binary data, // then perform differencing in approximately fixed-sized chunks. @@ -299,7 +315,7 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode { // Wrap the output with appropriate type information. var out textNode = &textWrap{Prefix: "{", Value: list, Suffix: "}"} - if !isText { + if !isMostlyText { // The "{...}" byte-sequence literal is not valid Go syntax for strings. // Emit the type for extra clarity (e.g. "string{...}"). if t.Kind() == reflect.String { @@ -338,8 +354,11 @@ func (opts formatOptions) formatDiffSlice( vx, vy reflect.Value, chunkSize int, name string, makeRec func(reflect.Value, diffMode) textRecord, ) (list textList) { - es := diff.Difference(vx.Len(), vy.Len(), func(ix int, iy int) diff.Result { - return diff.BoolResult(vx.Index(ix).Interface() == vy.Index(iy).Interface()) + eq := func(ix, iy int) bool { + return vx.Index(ix).Interface() == vy.Index(iy).Interface() + } + es := diff.Difference(vx.Len(), vy.Len(), func(ix, iy int) diff.Result { + return diff.BoolResult(eq(ix, iy)) }) appendChunks := func(v reflect.Value, d diffMode) int { @@ -364,6 +383,7 @@ func (opts formatOptions) formatDiffSlice( groups := coalesceAdjacentEdits(name, es) groups = coalesceInterveningIdentical(groups, chunkSize/4) + groups = cleanupSurroundingIdentical(groups, eq) maxGroup := diffStats{Name: name} for i, ds := range groups { if maxLen >= 0 && numDiffs >= maxLen { @@ -416,25 +436,36 @@ func (opts formatOptions) formatDiffSlice( // coalesceAdjacentEdits coalesces the list of edits into groups of adjacent // equal or unequal counts. +// +// Example: +// +// Input: "..XXY...Y" +// Output: [ +// {NumIdentical: 2}, +// {NumRemoved: 2, NumInserted 1}, +// {NumIdentical: 3}, +// {NumInserted: 1}, +// ] +// func coalesceAdjacentEdits(name string, es diff.EditScript) (groups []diffStats) { - var prevCase int // Arbitrary index into which case last occurred - lastStats := func(i int) *diffStats { - if prevCase != i { + var prevMode byte + lastStats := func(mode byte) *diffStats { + if prevMode != mode { groups = append(groups, diffStats{Name: name}) - prevCase = i + prevMode = mode } return &groups[len(groups)-1] } for _, e := range es { switch e { case diff.Identity: - lastStats(1).NumIdentical++ + lastStats('=').NumIdentical++ case diff.UniqueX: - lastStats(2).NumRemoved++ + lastStats('!').NumRemoved++ case diff.UniqueY: - lastStats(2).NumInserted++ + lastStats('!').NumInserted++ case diff.Modified: - lastStats(2).NumModified++ + lastStats('!').NumModified++ } } return groups @@ -444,6 +475,35 @@ func coalesceAdjacentEdits(name string, es diff.EditScript) (groups []diffStats) // equal groups into adjacent unequal groups that currently result in a // dual inserted/removed printout. This acts as a high-pass filter to smooth // out high-frequency changes within the windowSize. +// +// Example: +// +// WindowSize: 16, +// Input: [ +// {NumIdentical: 61}, // group 0 +// {NumRemoved: 3, NumInserted: 1}, // group 1 +// {NumIdentical: 6}, // ├── coalesce +// {NumInserted: 2}, // ├── coalesce +// {NumIdentical: 1}, // ├── coalesce +// {NumRemoved: 9}, // └── coalesce +// {NumIdentical: 64}, // group 2 +// {NumRemoved: 3, NumInserted: 1}, // group 3 +// {NumIdentical: 6}, // ├── coalesce +// {NumInserted: 2}, // ├── coalesce +// {NumIdentical: 1}, // ├── coalesce +// {NumRemoved: 7}, // ├── coalesce +// {NumIdentical: 1}, // ├── coalesce +// {NumRemoved: 2}, // └── coalesce +// {NumIdentical: 63}, // group 4 +// ] +// Output: [ +// {NumIdentical: 61}, +// {NumIdentical: 7, NumRemoved: 12, NumInserted: 3}, +// {NumIdentical: 64}, +// {NumIdentical: 8, NumRemoved: 12, NumInserted: 3}, +// {NumIdentical: 63}, +// ] +// func coalesceInterveningIdentical(groups []diffStats, windowSize int) []diffStats { groups, groupsOrig := groups[:0], groups for i, ds := range groupsOrig { @@ -463,3 +523,91 @@ func coalesceInterveningIdentical(groups []diffStats, windowSize int) []diffStat } return groups } + +// cleanupSurroundingIdentical scans through all unequal groups, and +// moves any leading sequence of equal elements to the preceding equal group and +// moves and trailing sequence of equal elements to the succeeding equal group. +// +// This is necessary since coalesceInterveningIdentical may coalesce edit groups +// together such that leading/trailing spans of equal elements becomes possible. +// Note that this can occur even with an optimal diffing algorithm. +// +// Example: +// +// Input: [ +// {NumIdentical: 61}, +// {NumIdentical: 1 , NumRemoved: 11, NumInserted: 2}, // assume 3 leading identical elements +// {NumIdentical: 67}, +// {NumIdentical: 7, NumRemoved: 12, NumInserted: 3}, // assume 10 trailing identical elements +// {NumIdentical: 54}, +// ] +// Output: [ +// {NumIdentical: 64}, // incremented by 3 +// {NumRemoved: 9}, +// {NumIdentical: 67}, +// {NumRemoved: 9}, +// {NumIdentical: 64}, // incremented by 10 +// ] +// +func cleanupSurroundingIdentical(groups []diffStats, eq func(i, j int) bool) []diffStats { + var ix, iy int // indexes into sequence x and y + for i, ds := range groups { + // Handle equal group. + if ds.NumDiff() == 0 { + ix += ds.NumIdentical + iy += ds.NumIdentical + continue + } + + // Handle unequal group. + nx := ds.NumIdentical + ds.NumRemoved + ds.NumModified + ny := ds.NumIdentical + ds.NumInserted + ds.NumModified + var numLeadingIdentical, numTrailingIdentical int + for j := 0; j < nx && j < ny && eq(ix+j, iy+j); j++ { + numLeadingIdentical++ + } + for j := 0; j < nx && j < ny && eq(ix+nx-1-j, iy+ny-1-j); j++ { + numTrailingIdentical++ + } + if numIdentical := numLeadingIdentical + numTrailingIdentical; numIdentical > 0 { + if numLeadingIdentical > 0 { + // Remove leading identical span from this group and + // insert it into the preceding group. + if i-1 >= 0 { + groups[i-1].NumIdentical += numLeadingIdentical + } else { + // No preceding group exists, so prepend a new group, + // but do so after we finish iterating over all groups. + defer func() { + groups = append([]diffStats{{Name: groups[0].Name, NumIdentical: numLeadingIdentical}}, groups...) + }() + } + // Increment indexes since the preceding group would have handled this. + ix += numLeadingIdentical + iy += numLeadingIdentical + } + if numTrailingIdentical > 0 { + // Remove trailing identical span from this group and + // insert it into the succeeding group. + if i+1 < len(groups) { + groups[i+1].NumIdentical += numTrailingIdentical + } else { + // No succeeding group exists, so append a new group, + // but do so after we finish iterating over all groups. + defer func() { + groups = append(groups, diffStats{Name: groups[len(groups)-1].Name, NumIdentical: numTrailingIdentical}) + }() + } + // Do not increment indexes since the succeeding group will handle this. + } + + // Update this group since some identical elements were removed. + nx -= numIdentical + ny -= numIdentical + groups[i] = diffStats{Name: ds.Name, NumRemoved: nx, NumInserted: ny} + } + ix += nx + iy += ny + } + return groups +} diff --git a/vendor/github.com/openshift/api/build/v1/generated.pb.go b/vendor/github.com/openshift/api/build/v1/generated.pb.go index 15a4b6994..39cae29c1 100644 --- a/vendor/github.com/openshift/api/build/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/build/v1/generated.pb.go @@ -1782,280 +1782,281 @@ func init() { } var fileDescriptor_2ba579f6f004cb75 = []byte{ - // 4362 bytes of a gzipped FileDescriptorProto + // 4383 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5b, 0x4d, 0x6c, 0x1c, 0x47, 0x76, 0x56, 0xcf, 0x0f, 0x39, 0xf3, 0x86, 0x22, 0xa9, 0xa2, 0x64, 0x8d, 0xb4, 0x5a, 0x8e, 0xdc, - 0x8e, 0x0d, 0x39, 0xb6, 0x87, 0x4b, 0x59, 0x52, 0x64, 0x1b, 0xd9, 0x80, 0x43, 0x52, 0x32, 0xb5, - 0x23, 0x89, 0xa8, 0xa1, 0x65, 0xef, 0x5a, 0xd8, 0xa4, 0xd9, 0x53, 0x33, 0x6c, 0x73, 0xa6, 0x7b, - 0xdc, 0xd5, 0x43, 0x9b, 0x0b, 0x04, 0x58, 0x04, 0x58, 0x24, 0xeb, 0xbd, 0x64, 0x2f, 0x8b, 0x24, - 0x97, 0x24, 0x58, 0xe4, 0x94, 0x53, 0x0e, 0x01, 0x36, 0xd8, 0x4b, 0x80, 0xec, 0xc1, 0x87, 0x04, - 0xd8, 0x20, 0x01, 0x62, 0x60, 0x17, 0x83, 0x98, 0x39, 0x04, 0xc8, 0x21, 0x40, 0x72, 0xd4, 0x21, - 0x08, 0xea, 0xa7, 0xbb, 0xab, 0x7a, 0x7a, 0xa8, 0x1e, 0x4a, 0x56, 0x9c, 0xe4, 0x36, 0x53, 0xef, - 0xbd, 0xef, 0xd5, 0xcf, 0xab, 0x57, 0xef, 0xbd, 0xaa, 0x86, 0xd5, 0xae, 0x13, 0xec, 0x0d, 0x77, - 0xeb, 0xb6, 0xd7, 0x5f, 0xf1, 0x06, 0xc4, 0xa5, 0x7b, 0x4e, 0x27, 0x58, 0xb1, 0x06, 0xce, 0xca, - 0xee, 0xd0, 0xe9, 0xb5, 0x57, 0x0e, 0x56, 0x57, 0xba, 0xc4, 0x25, 0xbe, 0x15, 0x90, 0x76, 0x7d, - 0xe0, 0x7b, 0x81, 0x87, 0x9e, 0x8f, 0x45, 0xea, 0x91, 0x48, 0xdd, 0x1a, 0x38, 0x75, 0x2e, 0x52, - 0x3f, 0x58, 0xbd, 0xf8, 0x9a, 0x82, 0xda, 0xf5, 0xba, 0xde, 0x0a, 0x97, 0xdc, 0x1d, 0x76, 0xf8, - 0x3f, 0xfe, 0x87, 0xff, 0x12, 0x88, 0x17, 0xcd, 0xfd, 0x9b, 0xb4, 0xee, 0x78, 0x5c, 0xad, 0xed, - 0xf9, 0x24, 0x45, 0xeb, 0xc5, 0x6b, 0x31, 0x4f, 0xdf, 0xb2, 0xf7, 0x1c, 0x97, 0xf8, 0x87, 0x2b, - 0x83, 0xfd, 0x2e, 0x6b, 0xa0, 0x2b, 0x7d, 0x12, 0x58, 0x69, 0x52, 0x37, 0x26, 0x49, 0xf9, 0x43, - 0x37, 0x70, 0xfa, 0x64, 0x85, 0xda, 0x7b, 0xa4, 0x6f, 0x25, 0xe5, 0xcc, 0xbf, 0x2e, 0xc0, 0x85, - 0x86, 0xe3, 0x5a, 0xfe, 0x61, 0x83, 0x8d, 0x09, 0x93, 0x0f, 0x87, 0x84, 0x06, 0xf7, 0x07, 0x81, - 0xe3, 0xb9, 0x14, 0xfd, 0x16, 0x94, 0x98, 0xc2, 0xb6, 0x15, 0x58, 0x55, 0xe3, 0xb2, 0x71, 0xa5, - 0x72, 0xf5, 0x6b, 0x75, 0xa1, 0xa8, 0xae, 0x2a, 0xaa, 0x0f, 0xf6, 0xbb, 0xac, 0x81, 0xd6, 0x19, - 0x77, 0xfd, 0x60, 0xb5, 0x7e, 0x7f, 0xf7, 0x03, 0x62, 0x07, 0x77, 0x49, 0x60, 0x35, 0xd0, 0xa7, - 0xa3, 0xda, 0xa9, 0xa3, 0x51, 0x0d, 0xe2, 0x36, 0x1c, 0xa1, 0xa2, 0x97, 0x60, 0xc6, 0xa2, 0xb7, - 0x9c, 0x1e, 0xa9, 0xe6, 0x2e, 0x1b, 0x57, 0xca, 0x8d, 0x79, 0xc9, 0x3d, 0xb3, 0xc6, 0x5b, 0xb1, - 0xa4, 0xa2, 0x1b, 0x30, 0xef, 0x93, 0x03, 0x87, 0x3a, 0x9e, 0xbb, 0xee, 0xf5, 0xfb, 0x4e, 0x50, - 0xcd, 0xeb, 0xfc, 0xa2, 0x15, 0x27, 0xb8, 0xd0, 0x1b, 0xb0, 0x10, 0xb6, 0xdc, 0x25, 0x94, 0x5a, - 0x5d, 0x52, 0x2d, 0x70, 0xc1, 0x05, 0x29, 0x38, 0x2b, 0x9b, 0x71, 0x92, 0x0f, 0x35, 0x00, 0x85, - 0x4d, 0x6b, 0xc3, 0x60, 0xcf, 0xf3, 0xef, 0x59, 0x7d, 0x52, 0x2d, 0x72, 0xe9, 0x68, 0x50, 0x31, - 0x05, 0xa7, 0x70, 0xa3, 0x4d, 0x58, 0xd2, 0x5b, 0x37, 0xfb, 0x96, 0xd3, 0xab, 0xce, 0x70, 0x90, - 0x25, 0x09, 0x52, 0x51, 0x48, 0x38, 0x8d, 0x1f, 0x7d, 0x03, 0xce, 0xe9, 0xe3, 0x0a, 0x88, 0xe8, - 0xcd, 0x2c, 0x07, 0x3a, 0x27, 0x81, 0x4e, 0x6b, 0x44, 0x9c, 0x2e, 0x83, 0xee, 0xc1, 0x73, 0x63, - 0x04, 0xd1, 0xad, 0x12, 0x47, 0x7b, 0x4e, 0xa2, 0xcd, 0xeb, 0x54, 0x3c, 0x41, 0xca, 0x7c, 0x0b, - 0xce, 0x28, 0x16, 0xd4, 0xf2, 0x86, 0xbe, 0x4d, 0x94, 0x75, 0x35, 0x8e, 0x5b, 0x57, 0xf3, 0x13, - 0x03, 0xce, 0x35, 0x9c, 0x60, 0x77, 0x68, 0xef, 0x93, 0xe0, 0x5d, 0xb2, 0xfb, 0xb6, 0xe7, 0xed, - 0xaf, 0x5b, 0x43, 0x4a, 0xd0, 0x87, 0x00, 0xb6, 0xd7, 0xef, 0x7b, 0x6e, 0x6b, 0x40, 0x6c, 0x69, - 0x7d, 0xd7, 0xeb, 0x8f, 0xdd, 0x92, 0xf5, 0x75, 0x2e, 0xa4, 0x42, 0x35, 0x2e, 0x4a, 0xe5, 0x68, - 0x9c, 0x86, 0x15, 0x25, 0xe6, 0x0f, 0x73, 0x50, 0xe4, 0x83, 0x78, 0x06, 0x86, 0x7f, 0x0f, 0x0a, - 0x94, 0x0d, 0x2c, 0xc7, 0xd1, 0x5f, 0xcd, 0x30, 0x30, 0x31, 0xbd, 0x03, 0x62, 0x37, 0xe6, 0x24, - 0x72, 0x81, 0xfd, 0xc3, 0x1c, 0x07, 0x3d, 0x80, 0x19, 0x1a, 0x58, 0xc1, 0x90, 0xf2, 0x8d, 0x51, - 0xb9, 0x5a, 0xcf, 0x8c, 0xc8, 0xa5, 0xe2, 0x05, 0x12, 0xff, 0xb1, 0x44, 0x33, 0xff, 0x2e, 0x0f, - 0xf3, 0x9c, 0x6f, 0xdd, 0x73, 0xdb, 0x0e, 0x73, 0x0b, 0xe8, 0x06, 0x14, 0x82, 0xc3, 0x41, 0xb8, - 0xb2, 0x66, 0xd8, 0x99, 0x9d, 0xc3, 0x01, 0x79, 0x34, 0xaa, 0x21, 0x9d, 0x9b, 0xb5, 0x62, 0xce, - 0x8f, 0x9a, 0x51, 0x17, 0xc5, 0x5e, 0xbf, 0xa6, 0xab, 0x7c, 0x34, 0xaa, 0xa5, 0xf8, 0xc7, 0x7a, - 0x84, 0xa4, 0x77, 0x0c, 0x7d, 0x00, 0xf3, 0x3d, 0x8b, 0x06, 0xef, 0x0c, 0xda, 0x56, 0x40, 0x76, - 0x9c, 0x3e, 0xe1, 0xbb, 0xaa, 0x72, 0xf5, 0x57, 0xb3, 0x2d, 0x14, 0x93, 0x88, 0x4d, 0xbd, 0xa9, - 0x21, 0xe1, 0x04, 0x32, 0x3a, 0x00, 0xc4, 0x5a, 0x76, 0x7c, 0xcb, 0xa5, 0x62, 0x54, 0x4c, 0x5f, - 0x7e, 0x6a, 0x7d, 0x91, 0x21, 0x36, 0xc7, 0xd0, 0x70, 0x8a, 0x06, 0xb6, 0x8b, 0x7c, 0x62, 0x51, - 0xcf, 0x95, 0x4e, 0x2b, 0x5a, 0x24, 0xcc, 0x5b, 0xb1, 0xa4, 0xa2, 0x97, 0x61, 0xb6, 0x2f, 0xbd, - 0x5b, 0x31, 0xdd, 0xbb, 0x85, 0x74, 0xf3, 0xc7, 0x39, 0xa8, 0x84, 0x2b, 0xd4, 0x71, 0xba, 0xcf, - 0xc0, 0xd2, 0x77, 0x34, 0x4b, 0xbf, 0x9a, 0xd5, 0x2e, 0x45, 0xff, 0x26, 0xda, 0xfb, 0xc3, 0x84, - 0xbd, 0x5f, 0x9b, 0x12, 0xf7, 0x78, 0xab, 0xff, 0x99, 0x01, 0x0b, 0x0a, 0x77, 0xd3, 0xa1, 0x01, - 0x7a, 0x38, 0x36, 0x53, 0xf5, 0x6c, 0x33, 0xc5, 0xa4, 0xf9, 0x3c, 0x2d, 0x4a, 0x6d, 0xa5, 0xb0, - 0x45, 0x99, 0xa5, 0x16, 0x14, 0x9d, 0x80, 0xf4, 0xd9, 0xde, 0xc8, 0x4f, 0xb3, 0x7d, 0x45, 0x07, - 0x1b, 0xa7, 0x25, 0x74, 0x71, 0x8b, 0x81, 0x60, 0x81, 0x65, 0xfe, 0x32, 0xaf, 0x0d, 0x83, 0x4d, - 0x1f, 0xb2, 0xa1, 0x14, 0xf8, 0x4e, 0xb7, 0x4b, 0x7c, 0x5a, 0x35, 0xb8, 0xae, 0xeb, 0x59, 0x75, - 0xed, 0x08, 0xb9, 0x6d, 0xaf, 0xe7, 0xd8, 0x87, 0xf1, 0x68, 0x64, 0x33, 0xc5, 0x11, 0x30, 0x5a, - 0x83, 0xb2, 0x3f, 0x74, 0x05, 0xa3, 0xdc, 0xed, 0x2f, 0x48, 0xf6, 0x32, 0x0e, 0x09, 0x8f, 0x46, - 0x35, 0xe1, 0x5a, 0xa2, 0x16, 0x1c, 0x4b, 0x21, 0x4b, 0xf3, 0xff, 0x62, 0x91, 0x5f, 0xcb, 0xec, - 0xff, 0xb9, 0xdd, 0x44, 0x76, 0x19, 0xb7, 0xa9, 0xfe, 0x1e, 0xb5, 0xe1, 0x12, 0x1d, 0xda, 0x36, - 0xa1, 0xb4, 0x33, 0xec, 0xf1, 0x9e, 0xd0, 0xb7, 0x1d, 0x1a, 0x78, 0xfe, 0x61, 0xd3, 0x61, 0x21, - 0x06, 0xdb, 0x74, 0xc5, 0xc6, 0xe5, 0xa3, 0x51, 0xed, 0x52, 0xeb, 0x18, 0x3e, 0x7c, 0x2c, 0x0a, - 0x7a, 0x0f, 0xaa, 0x1d, 0xcb, 0xe9, 0x91, 0x76, 0x8a, 0x86, 0x22, 0xd7, 0x70, 0xe9, 0x68, 0x54, - 0xab, 0xde, 0x9a, 0xc0, 0x83, 0x27, 0x4a, 0x9b, 0xff, 0x64, 0xc0, 0x99, 0x31, 0x9b, 0x46, 0xd7, - 0xa1, 0xc2, 0x5c, 0xc9, 0x03, 0xe2, 0xb3, 0xc3, 0x9a, 0x9b, 0x6a, 0x3e, 0x8e, 0x35, 0x9a, 0x31, - 0x09, 0xab, 0x7c, 0xe8, 0x13, 0x03, 0x96, 0x9c, 0xbe, 0xd5, 0x25, 0xeb, 0x7b, 0x96, 0xdb, 0x25, - 0xe1, 0xa2, 0x4a, 0x7b, 0x7c, 0x2b, 0xc3, 0xcc, 0x6f, 0x8d, 0x49, 0xcb, 0x5d, 0xf6, 0x15, 0xa9, - 0x7c, 0x69, 0x9c, 0x83, 0xe2, 0x34, 0xa5, 0xe6, 0x4f, 0x0c, 0x28, 0xf3, 0x91, 0x3d, 0x83, 0x9d, - 0x77, 0x57, 0xdf, 0x79, 0x57, 0xb2, 0xee, 0x86, 0x09, 0x7b, 0x0e, 0xa0, 0x24, 0x7a, 0xee, 0x75, - 0xcd, 0xff, 0x28, 0xc8, 0xfd, 0xd7, 0xf4, 0xba, 0x61, 0x4c, 0xbd, 0x02, 0x65, 0xdb, 0x73, 0x03, - 0x8b, 0x75, 0x59, 0x1e, 0xa1, 0x67, 0xc2, 0xad, 0xb1, 0x1e, 0x12, 0x70, 0xcc, 0xc3, 0x0e, 0x81, - 0x8e, 0xd7, 0xeb, 0x79, 0x1f, 0xf1, 0x8d, 0x54, 0x8a, 0x7d, 0xd6, 0x2d, 0xde, 0x8a, 0x25, 0x15, - 0xbd, 0x0a, 0xa5, 0x01, 0x0b, 0xd1, 0x3c, 0xe9, 0x13, 0x4b, 0xf1, 0xa8, 0xb7, 0x65, 0x3b, 0x8e, - 0x38, 0xd0, 0x35, 0x98, 0xa3, 0x8e, 0x6b, 0x93, 0x16, 0xb1, 0x3d, 0xb7, 0x4d, 0xb9, 0xad, 0xe7, - 0x1b, 0x8b, 0x47, 0xa3, 0xda, 0x5c, 0x4b, 0x69, 0xc7, 0x1a, 0x17, 0x7a, 0x17, 0xca, 0xfc, 0x3f, - 0x3f, 0xff, 0x8a, 0x53, 0x9f, 0x7f, 0xa7, 0xd9, 0x20, 0x5b, 0x21, 0x00, 0x8e, 0xb1, 0xd0, 0x55, - 0x00, 0x96, 0xa6, 0xd0, 0xc0, 0xea, 0x0f, 0x28, 0x3f, 0xc9, 0x4b, 0xf1, 0xf6, 0xdd, 0x89, 0x28, - 0x58, 0xe1, 0x42, 0xaf, 0x40, 0x39, 0xb0, 0x9c, 0x5e, 0xd3, 0x71, 0x09, 0xe5, 0x91, 0x70, 0x5e, - 0x28, 0xd8, 0x09, 0x1b, 0x71, 0x4c, 0x47, 0x75, 0x80, 0x1e, 0xdb, 0x34, 0x8d, 0xc3, 0x80, 0x50, - 0x1e, 0xe9, 0xe6, 0x1b, 0xf3, 0x0c, 0xbc, 0x19, 0xb5, 0x62, 0x85, 0x83, 0xcd, 0xba, 0xeb, 0x7d, - 0x64, 0x39, 0x41, 0xb5, 0xac, 0xcf, 0xfa, 0x3d, 0xef, 0x5d, 0xcb, 0x09, 0xb0, 0xa4, 0xa2, 0x17, - 0x61, 0xf6, 0x40, 0xee, 0x34, 0xe0, 0xa0, 0x15, 0x76, 0xec, 0x86, 0x3b, 0x2c, 0xa4, 0xa1, 0x3d, - 0xb8, 0xe4, 0xb8, 0x94, 0xd8, 0x43, 0x9f, 0xb4, 0xf6, 0x9d, 0xc1, 0x4e, 0xb3, 0xf5, 0x80, 0xf8, - 0x4e, 0xe7, 0xb0, 0x61, 0xd9, 0xfb, 0xc4, 0x6d, 0x57, 0x2b, 0x5c, 0xc9, 0xaf, 0x48, 0x25, 0x97, - 0xb6, 0x8e, 0xe1, 0xc5, 0xc7, 0x22, 0x99, 0x9f, 0x84, 0x07, 0xfc, 0xfd, 0x61, 0x30, 0x18, 0x06, - 0xe8, 0x2d, 0xc8, 0x05, 0x9e, 0xdc, 0x36, 0x2f, 0x28, 0x6b, 0x55, 0x67, 0x01, 0x56, 0x7c, 0x90, - 0x63, 0xd2, 0x21, 0x3e, 0x71, 0x6d, 0xd2, 0x98, 0x39, 0x1a, 0xd5, 0x72, 0x3b, 0x1e, 0xce, 0x05, - 0x1e, 0x7a, 0x0f, 0x60, 0x30, 0xa4, 0x7b, 0x2d, 0x62, 0xfb, 0x24, 0x90, 0x27, 0xf8, 0x95, 0x34, - 0x90, 0xa6, 0x67, 0x5b, 0xbd, 0x24, 0x12, 0x9f, 0xdf, 0xed, 0x48, 0x1e, 0x2b, 0x58, 0xa8, 0x0d, - 0x15, 0xbe, 0xf1, 0x9b, 0xd6, 0x2e, 0xe9, 0x31, 0x83, 0xcd, 0x67, 0xf4, 0xef, 0x5b, 0x91, 0x54, - 0xec, 0xd4, 0xe2, 0x36, 0x8a, 0x55, 0x58, 0xf3, 0x77, 0x0c, 0x58, 0xe2, 0x93, 0xb1, 0xed, 0xd1, - 0x40, 0xe4, 0x2d, 0xdc, 0xf3, 0xbf, 0x08, 0xb3, 0xec, 0x1c, 0xb0, 0xdc, 0x36, 0x3f, 0x03, 0xcb, - 0x62, 0xd5, 0xd6, 0x45, 0x13, 0x0e, 0x69, 0xe8, 0x12, 0x14, 0x2c, 0xbf, 0x2b, 0x3c, 0x43, 0xb9, - 0x51, 0x62, 0x21, 0xc8, 0x9a, 0xdf, 0xa5, 0x98, 0xb7, 0x32, 0x13, 0xa1, 0xb6, 0xef, 0x0c, 0xc6, - 0x72, 0xd1, 0x16, 0x6f, 0xc5, 0x92, 0x6a, 0xfe, 0x6c, 0x16, 0xe6, 0xd4, 0xec, 0xfa, 0x19, 0xc4, - 0x5c, 0xef, 0x43, 0x29, 0xcc, 0xd6, 0xe4, 0xaa, 0xad, 0x66, 0x98, 0x5a, 0x91, 0xbb, 0x61, 0x29, - 0xd8, 0x98, 0x63, 0xae, 0x23, 0xfc, 0x87, 0x23, 0x40, 0x44, 0x60, 0x51, 0x1e, 0xf4, 0xa4, 0xdd, - 0x38, 0xe4, 0x73, 0x2f, 0xcf, 0xe7, 0x4c, 0xf6, 0x75, 0xf6, 0x68, 0x54, 0x5b, 0xdc, 0x49, 0x00, - 0xe0, 0x31, 0x48, 0xb4, 0x06, 0x85, 0x8e, 0xef, 0xf5, 0xb9, 0x67, 0xca, 0x08, 0xcd, 0x57, 0xe8, - 0x96, 0xef, 0xf5, 0x31, 0x17, 0x45, 0xef, 0xc1, 0xcc, 0x2e, 0x4f, 0x4d, 0xa5, 0xaf, 0xca, 0x14, - 0x24, 0x26, 0x73, 0xd9, 0x06, 0xb0, 0x35, 0x15, 0xcd, 0x58, 0xe2, 0xa1, 0x55, 0xfd, 0x90, 0x9d, - 0xe1, 0x5b, 0x7f, 0xe1, 0xd8, 0x03, 0xf6, 0x0d, 0xc8, 0x13, 0xf7, 0xa0, 0x3a, 0xcb, 0x2d, 0xfd, - 0x62, 0xda, 0x70, 0x36, 0xdd, 0x83, 0x07, 0x96, 0xdf, 0xa8, 0xc8, 0xa5, 0xcd, 0x6f, 0xba, 0x07, - 0x98, 0xc9, 0xa0, 0x7d, 0xa8, 0x28, 0xd3, 0x53, 0x2d, 0x71, 0x88, 0x6b, 0x53, 0x86, 0x6d, 0x22, - 0x17, 0x8e, 0xf6, 0x8c, 0xb2, 0x02, 0x58, 0x45, 0x47, 0xdf, 0x37, 0xe0, 0x5c, 0xdb, 0xb3, 0xf7, - 0xd9, 0xf1, 0xed, 0x5b, 0x01, 0xe9, 0x1e, 0xca, 0xa3, 0x8b, 0x7b, 0xc2, 0xca, 0xd5, 0x9b, 0x19, - 0xf4, 0x6e, 0xa4, 0xc9, 0x37, 0x2e, 0x1c, 0x8d, 0x6a, 0xe7, 0x52, 0x49, 0x38, 0x5d, 0x23, 0xef, - 0x0b, 0xe5, 0xab, 0x90, 0xec, 0x0b, 0x64, 0xee, 0x4b, 0x2b, 0x4d, 0x5e, 0xf4, 0x25, 0x95, 0x84, - 0xd3, 0x35, 0x9a, 0xff, 0x58, 0x94, 0x8e, 0x55, 0x96, 0x38, 0x5e, 0xd7, 0xd2, 0xe0, 0x5a, 0x22, - 0x0d, 0x5e, 0x50, 0x58, 0x95, 0x1c, 0x38, 0xb6, 0xc8, 0xdc, 0x53, 0xb6, 0xc8, 0x3a, 0x80, 0x98, - 0xc3, 0x8e, 0xd3, 0x23, 0xa1, 0x47, 0x62, 0x0e, 0x62, 0x23, 0x6a, 0xc5, 0x0a, 0x07, 0x6a, 0x42, - 0xbe, 0x2b, 0x63, 0xdc, 0x6c, 0xde, 0xe1, 0xb6, 0x13, 0xa8, 0x7d, 0x98, 0x65, 0x16, 0x7a, 0xdb, - 0x09, 0x30, 0x83, 0x41, 0x0f, 0x60, 0x86, 0xfb, 0x5d, 0x5a, 0x2d, 0x66, 0xce, 0x5f, 0xf8, 0x36, - 0x97, 0x68, 0x91, 0xef, 0xe4, 0x8d, 0x14, 0x4b, 0x34, 0x16, 0x17, 0xb0, 0x48, 0x88, 0x7c, 0x1c, - 0x6c, 0x38, 0xbe, 0xac, 0x9b, 0x29, 0x61, 0x7d, 0x48, 0xc1, 0x0a, 0x17, 0xfa, 0x36, 0xcc, 0xc9, - 0x15, 0x14, 0xc7, 0xd6, 0xec, 0x94, 0xc7, 0x96, 0x08, 0x82, 0x14, 0x04, 0xac, 0xe1, 0xa1, 0xdf, - 0x84, 0x59, 0xca, 0x7f, 0xd1, 0x29, 0x76, 0xa2, 0x90, 0x55, 0x27, 0x30, 0xca, 0xd1, 0x05, 0x89, - 0xe2, 0x10, 0x15, 0xed, 0xf3, 0x41, 0x77, 0x9c, 0xee, 0x5d, 0x6b, 0xc0, 0x76, 0x1d, 0xd3, 0xf1, - 0x6b, 0x99, 0x52, 0x1f, 0x29, 0xa4, 0xaa, 0x51, 0x67, 0x4b, 0x42, 0x62, 0x05, 0xde, 0xfc, 0x45, - 0x18, 0x6a, 0xf3, 0x83, 0xd1, 0x4a, 0xa9, 0xba, 0x3d, 0xe5, 0xac, 0x2b, 0xe1, 0xcc, 0x72, 0x5f, - 0xa4, 0x33, 0x33, 0xff, 0x7d, 0x36, 0xdc, 0xb4, 0x22, 0x39, 0x5a, 0x85, 0xe2, 0x60, 0xcf, 0xa2, - 0xe1, 0xae, 0x0d, 0x33, 0x93, 0xe2, 0x36, 0x6b, 0x7c, 0x34, 0xaa, 0x81, 0x88, 0x16, 0xd8, 0x3f, - 0x2c, 0x38, 0x79, 0xc0, 0x6e, 0xb9, 0x36, 0xe9, 0xf5, 0x48, 0x5b, 0x86, 0xe0, 0x71, 0xc0, 0x1e, - 0x12, 0x70, 0xcc, 0x83, 0x6e, 0x44, 0x55, 0x1b, 0xb1, 0x0b, 0x97, 0xf5, 0xaa, 0xcd, 0x23, 0x66, - 0x5d, 0xa2, 0xdc, 0x30, 0xb1, 0x8a, 0x53, 0x38, 0xbe, 0x8a, 0x83, 0x3a, 0x30, 0x4f, 0x03, 0xcb, - 0x0f, 0xa2, 0xc8, 0xf8, 0x04, 0xc1, 0x38, 0x3a, 0x1a, 0xd5, 0xe6, 0x5b, 0x1a, 0x0a, 0x4e, 0xa0, - 0xa2, 0x21, 0x2c, 0xd9, 0x5e, 0x7f, 0xd0, 0x23, 0x61, 0x49, 0x4a, 0x28, 0x9b, 0xbe, 0xd2, 0x76, - 0x9e, 0xa5, 0x7f, 0xeb, 0xe3, 0x50, 0x38, 0x0d, 0x1f, 0xfd, 0x3a, 0x94, 0xda, 0x43, 0xdf, 0x62, - 0x8d, 0x32, 0xb0, 0x7f, 0x3e, 0x4c, 0x65, 0x36, 0x64, 0xfb, 0xa3, 0x51, 0xed, 0x34, 0xcb, 0x05, - 0xea, 0x61, 0x03, 0x8e, 0x44, 0xd0, 0x2e, 0x5c, 0xf4, 0x78, 0xf0, 0x2b, 0x5c, 0x9f, 0x08, 0x30, - 0xc2, 0xed, 0x2d, 0xab, 0xdc, 0x61, 0xd9, 0xf2, 0xe2, 0xfd, 0x89, 0x9c, 0xf8, 0x18, 0x14, 0x74, - 0x1b, 0x66, 0xc4, 0x26, 0x92, 0xa7, 0x62, 0xa6, 0xf8, 0x04, 0xc4, 0x4d, 0x05, 0x13, 0xc3, 0x52, - 0x1c, 0x3d, 0x84, 0x19, 0xa1, 0x46, 0x1e, 0x69, 0xd7, 0xa6, 0x2b, 0xdc, 0x8a, 0xee, 0xc7, 0xfe, - 0x53, 0xfc, 0xc7, 0x12, 0x13, 0xed, 0xf0, 0x32, 0x19, 0xf3, 0xcb, 0x15, 0xbe, 0xcf, 0xb2, 0x14, - 0x9a, 0x5b, 0x4c, 0x60, 0xcb, 0xed, 0x78, 0x5a, 0x79, 0x8c, 0x7b, 0x65, 0x81, 0xc5, 0xbc, 0x72, - 0xcf, 0xeb, 0xb6, 0x5c, 0x67, 0x30, 0x20, 0x41, 0x75, 0x4e, 0xf7, 0xca, 0xcd, 0x88, 0x82, 0x15, - 0x2e, 0x44, 0xb8, 0x53, 0x13, 0xa5, 0x5c, 0x5a, 0x3d, 0xcd, 0x7b, 0xb3, 0x3a, 0x45, 0x95, 0x4b, - 0x48, 0x6a, 0xee, 0x4c, 0x82, 0x61, 0x05, 0xd8, 0xb4, 0x65, 0x49, 0x44, 0x9d, 0x1d, 0x74, 0x4f, - 0xc9, 0x81, 0x6e, 0x9c, 0x64, 0x7e, 0x77, 0x3c, 0x35, 0x2d, 0x32, 0x9b, 0x32, 0xab, 0xd0, 0x59, - 0xd0, 0x75, 0x99, 0xd3, 0x6c, 0x38, 0x5d, 0x42, 0x03, 0xe9, 0x62, 0xf4, 0x24, 0x45, 0x90, 0xb0, - 0xca, 0x67, 0xfe, 0xb4, 0x00, 0xa7, 0x25, 0x9c, 0x88, 0x38, 0xd0, 0x75, 0x2d, 0xb4, 0x78, 0x3e, - 0x11, 0x5a, 0x9c, 0xd1, 0x98, 0x95, 0xe0, 0xc2, 0x87, 0x79, 0x3d, 0x8c, 0x92, 0x41, 0xc6, 0x8d, - 0xcc, 0x11, 0x9b, 0x86, 0x2c, 0x3c, 0x84, 0x1e, 0xaf, 0xe1, 0x84, 0x06, 0xa6, 0x53, 0x0f, 0x97, - 0x64, 0x2a, 0x70, 0x23, 0x73, 0x64, 0x96, 0xa2, 0x53, 0x8f, 0xcb, 0x70, 0x42, 0x03, 0xd3, 0x69, - 0x0f, 0x69, 0xe0, 0xf5, 0x23, 0x9d, 0x85, 0xcc, 0x3a, 0xd7, 0xb9, 0x60, 0x8a, 0xce, 0x75, 0x0d, - 0x11, 0x27, 0x34, 0xa0, 0x1f, 0x19, 0x70, 0xfe, 0x03, 0xe2, 0xee, 0x3b, 0x2e, 0xdd, 0x76, 0x06, - 0xa4, 0xe7, 0xb8, 0xf1, 0x88, 0x85, 0xef, 0xfd, 0x8d, 0x0c, 0xda, 0xef, 0xe8, 0x08, 0x7a, 0x37, - 0xbe, 0x72, 0x34, 0xaa, 0x9d, 0xbf, 0x93, 0xae, 0x03, 0x4f, 0x52, 0x6e, 0x7e, 0xaf, 0x28, 0x2d, - 0x5e, 0x3d, 0x19, 0xd5, 0xb3, 0xc4, 0x78, 0xcc, 0x59, 0xe2, 0xc3, 0x3c, 0xbf, 0x15, 0x76, 0x6c, - 0x79, 0x31, 0x36, 0x85, 0xd5, 0xdc, 0xd6, 0x04, 0xc5, 0xa1, 0xcc, 0x67, 0x53, 0x27, 0xe0, 0x84, - 0x06, 0xe4, 0xc2, 0x69, 0x01, 0x1e, 0xaa, 0xcc, 0x67, 0xbe, 0xdf, 0xbb, 0xed, 0x04, 0x6f, 0x47, - 0x72, 0x42, 0xe3, 0x99, 0xa3, 0x51, 0xed, 0xb4, 0xd6, 0x8e, 0x75, 0x78, 0x34, 0x84, 0x45, 0xa5, - 0xcc, 0xc8, 0xa7, 0x4b, 0xda, 0xcc, 0xeb, 0xd3, 0x15, 0x36, 0x85, 0x42, 0x9e, 0xc2, 0x6e, 0x25, - 0x00, 0xf1, 0x98, 0x0a, 0x39, 0xcc, 0x9e, 0x15, 0x0d, 0xb3, 0x38, 0xcd, 0x30, 0x9b, 0x56, 0xfa, - 0x30, 0xe3, 0x76, 0xac, 0xc3, 0xa3, 0xef, 0xc0, 0xe2, 0x6e, 0xe2, 0x32, 0x55, 0x9e, 0xd5, 0x37, - 0x33, 0xe5, 0x19, 0x29, 0xf7, 0xb0, 0x62, 0xac, 0x49, 0x12, 0x1e, 0xd3, 0x63, 0xfe, 0xa4, 0x00, - 0x68, 0xfc, 0x96, 0x00, 0x5d, 0xd3, 0x5c, 0xd9, 0xe5, 0x84, 0x2b, 0x5b, 0x54, 0x25, 0x14, 0x4f, - 0xf6, 0x10, 0x66, 0x44, 0x7f, 0xa7, 0xa8, 0x5e, 0xc8, 0x8e, 0x48, 0xb0, 0x34, 0xa3, 0x90, 0x98, - 0x2c, 0x80, 0x97, 0xf6, 0x28, 0xed, 0xee, 0x04, 0xf0, 0x69, 0x56, 0x1e, 0xa2, 0xa2, 0x3d, 0x79, - 0x10, 0x08, 0x5b, 0x90, 0x96, 0x76, 0xfd, 0x44, 0x25, 0x74, 0x51, 0x54, 0x50, 0xda, 0xb1, 0x0a, - 0x2d, 0x27, 0xaa, 0x67, 0xed, 0x4a, 0xd3, 0x7a, 0x82, 0x89, 0x52, 0xcc, 0x4a, 0x62, 0x22, 0x02, - 0xe5, 0x68, 0x9d, 0xa5, 0x21, 0x9d, 0x40, 0x41, 0xba, 0x05, 0xc5, 0xc8, 0xe6, 0xbf, 0x19, 0x32, - 0x48, 0x7f, 0xe0, 0xf5, 0x86, 0x7d, 0x82, 0x2e, 0x43, 0xc1, 0xb5, 0xfa, 0xa1, 0xcd, 0x44, 0xb7, - 0x7f, 0xfc, 0x51, 0x03, 0xa7, 0xf0, 0xdb, 0x3f, 0x7e, 0x26, 0x4c, 0x93, 0x46, 0xc7, 0x1a, 0x92, - 0x49, 0xa7, 0x2c, 0x7c, 0x49, 0x4c, 0xf4, 0x3e, 0xcc, 0xf4, 0xbd, 0xa1, 0x1b, 0x84, 0x65, 0xc9, - 0xd7, 0xa7, 0x43, 0xbf, 0xcb, 0x64, 0x63, 0x70, 0xfe, 0x97, 0x62, 0x09, 0x69, 0xbe, 0x03, 0x8b, - 0x49, 0x5e, 0xb4, 0x06, 0x0b, 0x6d, 0x42, 0x03, 0xc7, 0xe5, 0xf1, 0xeb, 0xb6, 0x15, 0xec, 0xc9, - 0xb1, 0x9f, 0x97, 0x20, 0x0b, 0x1b, 0x3a, 0x19, 0x27, 0xf9, 0xcd, 0xff, 0x0c, 0xef, 0x82, 0xd4, - 0x11, 0xa2, 0x37, 0xb4, 0xdd, 0xf7, 0x62, 0x62, 0xf7, 0x9d, 0x1b, 0x13, 0x50, 0xb6, 0xe0, 0x1d, - 0x98, 0xa1, 0x6a, 0xd9, 0xf7, 0xa5, 0xb4, 0x00, 0x57, 0xa4, 0xae, 0xda, 0xa4, 0xf2, 0x18, 0x57, - 0xe6, 0xcd, 0x12, 0x01, 0x3d, 0xe0, 0x77, 0x1e, 0x22, 0xe3, 0x94, 0x5b, 0xee, 0xe5, 0x34, 0xb8, - 0x28, 0x45, 0xd5, 0x10, 0x4f, 0xcb, 0xab, 0x11, 0x41, 0xc2, 0x31, 0x94, 0xf9, 0x7b, 0xb3, 0xa0, - 0x64, 0x99, 0xe8, 0xeb, 0x30, 0x4f, 0x89, 0x7f, 0xe0, 0xd8, 0x64, 0xcd, 0xb6, 0xd9, 0xc4, 0xca, - 0x71, 0x47, 0xd7, 0xfc, 0x2d, 0x8d, 0x8a, 0x13, 0xdc, 0xfc, 0x0d, 0x85, 0x6a, 0x55, 0xd9, 0xdf, - 0x50, 0x3c, 0xce, 0x9e, 0xe2, 0x6a, 0x6c, 0xfe, 0x69, 0x57, 0x63, 0xbf, 0x0d, 0x25, 0xaa, 0x87, - 0x41, 0x5f, 0xcb, 0x1e, 0xe1, 0xca, 0xc8, 0x23, 0xba, 0x28, 0x8a, 0xc2, 0x8d, 0x08, 0x93, 0x4d, - 0x8a, 0xcc, 0x4f, 0x8a, 0xd3, 0x4d, 0xca, 0x63, 0x32, 0x93, 0x6f, 0x42, 0xd9, 0x27, 0x62, 0x82, - 0xa8, 0xf4, 0x2d, 0xa9, 0x25, 0x1a, 0x2c, 0x99, 0x30, 0xf9, 0x70, 0xe8, 0xf8, 0xa4, 0x4f, 0xdc, - 0x80, 0xc6, 0x09, 0x78, 0x48, 0xa5, 0x38, 0x46, 0x43, 0x1f, 0x00, 0x0c, 0xa2, 0x7a, 0xbf, 0x2c, - 0xff, 0x64, 0x0e, 0xfb, 0xf5, 0x9b, 0x82, 0x38, 0xdf, 0x88, 0xdb, 0xb1, 0x82, 0x8e, 0xde, 0x87, - 0x0b, 0x71, 0x06, 0xbb, 0x41, 0xac, 0x36, 0x0f, 0xce, 0xe4, 0xa5, 0x9a, 0xb8, 0x66, 0xfa, 0xea, - 0xd1, 0xa8, 0x76, 0x61, 0x7d, 0x12, 0x13, 0x9e, 0x2c, 0x8f, 0xfa, 0x30, 0xe7, 0x7a, 0x6d, 0xd2, - 0x22, 0x3d, 0x62, 0x07, 0x9e, 0x2f, 0x53, 0xcd, 0x2c, 0xa5, 0x20, 0x51, 0xb4, 0xb4, 0x7a, 0xf7, - 0x14, 0x71, 0x51, 0xd8, 0x52, 0x5b, 0xb0, 0x06, 0x8f, 0xde, 0x84, 0x79, 0xee, 0xa4, 0x76, 0xfc, - 0x21, 0x0d, 0x48, 0x7b, 0x7d, 0x8d, 0xa7, 0xa4, 0x25, 0x71, 0xd6, 0xdd, 0xd5, 0x28, 0x38, 0xc1, - 0x69, 0xfe, 0xa1, 0x01, 0x29, 0xcf, 0xab, 0x34, 0xd3, 0x37, 0x9e, 0xb6, 0xe9, 0xbf, 0xa4, 0xb9, - 0x28, 0xf5, 0x02, 0x46, 0x73, 0x3f, 0xe6, 0x5f, 0x18, 0x70, 0x36, 0xad, 0x36, 0xc6, 0x6c, 0x30, - 0xf6, 0x4b, 0xc6, 0x94, 0x65, 0x42, 0xf5, 0xd6, 0x76, 0xcc, 0x35, 0x31, 0x5f, 0xa4, 0xb8, 0xe8, - 0x0d, 0xc7, 0x97, 0x7d, 0x8c, 0x7c, 0xd1, 0x86, 0x46, 0xc5, 0x09, 0x6e, 0xf3, 0x07, 0x05, 0x58, - 0x4a, 0xc9, 0x55, 0xd0, 0xa6, 0xbc, 0x15, 0x99, 0xe2, 0x42, 0x2f, 0x3a, 0x40, 0xb5, 0x9b, 0x11, - 0x18, 0x0c, 0x7b, 0xbd, 0x27, 0xbb, 0xd8, 0x0b, 0xe5, 0xb1, 0x82, 0x15, 0x5e, 0x73, 0xe4, 0x4f, - 0x70, 0xcd, 0x71, 0x07, 0x10, 0xf9, 0x78, 0xe0, 0x51, 0x22, 0x73, 0x4e, 0x8f, 0xc7, 0x1d, 0x05, - 0x6e, 0x83, 0xd1, 0xd3, 0xa9, 0xcd, 0x31, 0x0e, 0x9c, 0x22, 0x85, 0x56, 0xa0, 0xdc, 0xf1, 0x7c, - 0x9b, 0xb0, 0x5e, 0x72, 0xcf, 0xa5, 0x54, 0xed, 0x6e, 0x85, 0x04, 0x1c, 0xf3, 0xa0, 0xf7, 0xe2, - 0xaa, 0xee, 0x4c, 0xe6, 0xcb, 0x48, 0x31, 0x66, 0xee, 0x28, 0x26, 0x97, 0x73, 0xd7, 0x60, 0x81, - 0x0b, 0xac, 0x6d, 0x6f, 0x85, 0xf7, 0x45, 0xb3, 0xfa, 0xe9, 0xde, 0xd0, 0xc9, 0x38, 0xc9, 0x6f, - 0xfe, 0xb8, 0x08, 0x4b, 0x29, 0x19, 0x7a, 0x74, 0x47, 0x66, 0x3c, 0xc9, 0x1d, 0xd9, 0x17, 0x65, - 0x09, 0x2f, 0xc3, 0xac, 0xeb, 0xad, 0x5b, 0xf6, 0x1e, 0x91, 0xef, 0x11, 0xa2, 0x29, 0xba, 0x27, - 0x9a, 0x71, 0x48, 0x0f, 0x8d, 0xa6, 0x70, 0x02, 0xa3, 0x99, 0x7a, 0xa1, 0xbf, 0x1e, 0x56, 0x49, - 0x3a, 0x4e, 0x8f, 0xf0, 0x58, 0x6b, 0x26, 0xb1, 0x33, 0x35, 0x2a, 0x4e, 0x70, 0xa3, 0x6f, 0x40, - 0x59, 0x2c, 0x8f, 0xdf, 0xa5, 0x19, 0x6e, 0xf3, 0xa2, 0xce, 0x34, 0x42, 0x21, 0x1c, 0xcb, 0xa3, - 0x01, 0x9c, 0xe7, 0xe1, 0x3c, 0xf3, 0xd7, 0x7d, 0xe7, 0x3b, 0x22, 0x9e, 0x13, 0xcf, 0xa6, 0x44, - 0x9d, 0xf2, 0xc6, 0xd1, 0xa8, 0x76, 0x7e, 0x2b, 0x9d, 0xe5, 0xd1, 0x64, 0x12, 0x9e, 0x04, 0x8b, - 0xbe, 0x09, 0xb3, 0x07, 0x3c, 0xba, 0x0a, 0x6f, 0x16, 0xea, 0xd3, 0x45, 0xb7, 0xf1, 0x2a, 0x8a, - 0xff, 0x14, 0x87, 0x78, 0xe6, 0x0f, 0x0c, 0x48, 0xbf, 0xde, 0xd3, 0xe7, 0xcc, 0x78, 0xc2, 0x39, - 0x7b, 0x31, 0xb6, 0x2b, 0x51, 0x8e, 0xaf, 0xa4, 0xd9, 0x94, 0xf9, 0x47, 0x06, 0x2c, 0xa5, 0xd4, - 0x27, 0xbe, 0x1c, 0x47, 0xd2, 0x67, 0xb9, 0x64, 0xe7, 0x36, 0x0f, 0x88, 0x1b, 0x9c, 0xec, 0x52, - 0x71, 0x53, 0x5c, 0xe5, 0xe5, 0x64, 0x55, 0x3e, 0x53, 0x71, 0x81, 0xd7, 0x77, 0xf5, 0x3b, 0xbc, - 0x27, 0xf0, 0xdc, 0x93, 0xef, 0x8c, 0x0b, 0xcf, 0xfa, 0xce, 0xd8, 0xfc, 0x4b, 0x03, 0xe6, 0xf5, - 0xbb, 0x4a, 0xf4, 0x55, 0xc8, 0x0f, 0x7d, 0x47, 0x4e, 0x6a, 0xd4, 0xfb, 0x77, 0xf0, 0x16, 0x66, - 0xed, 0x8c, 0xec, 0x93, 0x8e, 0x5c, 0xb1, 0x88, 0x8c, 0x49, 0x07, 0xb3, 0x76, 0x44, 0xa0, 0x32, - 0xf0, 0xbd, 0x8f, 0x0f, 0xc5, 0x39, 0x3f, 0xc5, 0xfb, 0xea, 0xed, 0x58, 0x2a, 0x2e, 0x03, 0x2b, - 0x8d, 0x58, 0xc5, 0xe5, 0x11, 0xd4, 0x78, 0x71, 0xeb, 0xcb, 0x61, 0xae, 0x7f, 0x9b, 0x83, 0x59, - 0x69, 0x34, 0xe8, 0x43, 0x98, 0xef, 0x6a, 0xd3, 0x3b, 0x45, 0xb7, 0x12, 0x77, 0xc8, 0x91, 0xcb, - 0xd5, 0xdb, 0x71, 0x42, 0x01, 0xfa, 0x6d, 0x38, 0xd3, 0x75, 0x02, 0x7d, 0x4c, 0x53, 0x64, 0xfe, - 0xb7, 0x93, 0xb2, 0x8d, 0x0b, 0x52, 0xf1, 0x99, 0x31, 0x12, 0x1e, 0xd7, 0x84, 0xee, 0x43, 0xc1, - 0x27, 0x9d, 0x69, 0x1e, 0x29, 0xb1, 0x3d, 0x45, 0x3a, 0x7c, 0x8f, 0x45, 0xd1, 0x17, 0x26, 0x1d, - 0x8a, 0x39, 0x90, 0xf9, 0xbb, 0x62, 0xa9, 0x13, 0x05, 0xbe, 0xff, 0x89, 0x4f, 0x1e, 0xfe, 0xcb, - 0x00, 0x88, 0x3b, 0xfb, 0xff, 0x6f, 0x6d, 0xcd, 0x3f, 0xcf, 0xc1, 0x38, 0x23, 0xdb, 0x17, 0xb6, - 0xc8, 0x1e, 0x8d, 0xd4, 0xcf, 0x8c, 0x24, 0x15, 0x3d, 0x84, 0x19, 0x8b, 0x7f, 0xa7, 0x33, 0x45, - 0x8f, 0x85, 0xaa, 0x75, 0xcf, 0x0d, 0x7c, 0xaf, 0xf7, 0x0e, 0x25, 0xbe, 0xf2, 0x71, 0x0c, 0xc7, - 0xc2, 0x12, 0x13, 0x11, 0x96, 0x9e, 0xc8, 0x6f, 0x6d, 0xa6, 0x78, 0xe6, 0x3e, 0xae, 0x40, 0x49, - 0x55, 0x24, 0x1c, 0x8e, 0x91, 0xa7, 0xb8, 0x77, 0x36, 0xbf, 0x6f, 0xc0, 0x62, 0xb2, 0x1a, 0xce, - 0xe4, 0x79, 0xb0, 0xb1, 0xb5, 0x91, 0xbc, 0x6b, 0xd8, 0x12, 0xcd, 0x38, 0xa4, 0xa3, 0x3b, 0x30, - 0xcb, 0x82, 0x4e, 0x2c, 0xbd, 0x6d, 0xc6, 0x90, 0x95, 0x9f, 0xef, 0xb7, 0x84, 0x1c, 0x0e, 0x01, - 0xcc, 0xbf, 0x37, 0x00, 0x8d, 0xd7, 0x4b, 0xd1, 0x36, 0x9c, 0x15, 0x5f, 0x52, 0xc8, 0x47, 0x00, - 0x5b, 0x5a, 0xd7, 0x2e, 0xc9, 0xae, 0x9d, 0x6d, 0xa6, 0xf0, 0xe0, 0x54, 0xc9, 0x28, 0xc8, 0xce, - 0x9d, 0x3c, 0xc8, 0x7e, 0x09, 0x66, 0x06, 0x6c, 0xae, 0xda, 0x32, 0x12, 0x8e, 0x56, 0x7c, 0x9b, - 0xb7, 0x62, 0x49, 0x35, 0xff, 0x2a, 0x07, 0xd5, 0x49, 0xcf, 0xa8, 0xbf, 0x80, 0x91, 0x3d, 0xd4, - 0x46, 0xf6, 0x66, 0xe6, 0x37, 0x3b, 0x81, 0x4f, 0xac, 0xfe, 0x8e, 0xd5, 0x3d, 0x3e, 0xc7, 0xec, - 0xc3, 0x82, 0xa2, 0xf5, 0x84, 0x9f, 0xcc, 0x44, 0x39, 0x52, 0x53, 0x87, 0xc2, 0x49, 0x6c, 0xb3, - 0x05, 0x10, 0xbf, 0x03, 0xcd, 0x50, 0x43, 0x7e, 0x01, 0x8a, 0x07, 0x56, 0x6f, 0x18, 0x7e, 0x79, - 0x18, 0xbd, 0xe6, 0x7e, 0xc0, 0x1a, 0xb1, 0xa0, 0x99, 0x7f, 0x9c, 0x83, 0x8a, 0xf2, 0x4e, 0xe9, - 0x69, 0xa5, 0xdf, 0xcf, 0x41, 0xce, 0xa2, 0x3c, 0xdd, 0x29, 0x8b, 0x8b, 0xe5, 0x35, 0x8a, 0x73, - 0x16, 0x45, 0xef, 0x42, 0x71, 0x60, 0x05, 0x7b, 0xe1, 0x5b, 0xf4, 0xab, 0xd3, 0xbd, 0xa2, 0x62, - 0xe9, 0x49, 0x3c, 0x0e, 0xf6, 0x8f, 0x62, 0x81, 0x97, 0xc8, 0xf2, 0xf2, 0x4f, 0x2f, 0xcb, 0x33, - 0xbf, 0x67, 0xc0, 0x42, 0xa2, 0x0f, 0xe8, 0x2a, 0x00, 0x8d, 0xfe, 0xc9, 0x25, 0x88, 0x0a, 0x69, - 0x31, 0x1f, 0x56, 0xb8, 0x9e, 0xb8, 0x60, 0xd2, 0x83, 0xf3, 0x13, 0x8c, 0x93, 0xa5, 0x88, 0x6c, - 0xc5, 0xe9, 0xc0, 0xb2, 0x49, 0xf2, 0xc9, 0xfd, 0xbd, 0x90, 0x80, 0x63, 0x9e, 0xc8, 0x78, 0x72, - 0x93, 0x8c, 0xc7, 0xfc, 0x07, 0x03, 0x2e, 0x1d, 0x77, 0x99, 0xcb, 0x92, 0x7e, 0x79, 0x63, 0x1b, - 0xa5, 0x99, 0x89, 0x92, 0xfe, 0x1d, 0x9d, 0x8c, 0x93, 0xfc, 0xe8, 0x3a, 0x54, 0x94, 0x26, 0xd9, - 0x99, 0x28, 0x8e, 0x54, 0xc4, 0xb1, 0xca, 0xf7, 0x04, 0x61, 0xbc, 0xf9, 0x37, 0x06, 0x9c, 0x4d, - 0xab, 0x1c, 0xa2, 0x6e, 0xf8, 0x8d, 0x84, 0xc8, 0xdd, 0x1a, 0x27, 0xac, 0x40, 0xd6, 0xf9, 0x97, - 0x12, 0x9b, 0x6e, 0xe0, 0x1f, 0xa6, 0x7f, 0x3d, 0x71, 0xf1, 0x26, 0x40, 0xcc, 0x83, 0x16, 0x21, - 0xbf, 0x4f, 0x0e, 0xc5, 0xc4, 0x61, 0xf6, 0x13, 0x9d, 0xd5, 0x36, 0xad, 0xdc, 0xa5, 0x6f, 0xe6, - 0x6e, 0x1a, 0x6f, 0x96, 0xfe, 0xe0, 0x4f, 0x6a, 0xa7, 0xbe, 0xfb, 0xcb, 0xcb, 0xa7, 0xcc, 0x1f, - 0x1a, 0xa0, 0x46, 0xd9, 0xe8, 0x15, 0x28, 0xef, 0x05, 0xc1, 0x80, 0x37, 0xc9, 0x27, 0x59, 0xfc, - 0x4a, 0xe1, 0xed, 0x9d, 0x9d, 0x6d, 0xde, 0x88, 0x63, 0x3a, 0xaa, 0x03, 0xb0, 0x3f, 0x54, 0x70, - 0x17, 0xe2, 0x67, 0x94, 0x8c, 0xbb, 0x25, 0xd8, 0x15, 0x0e, 0x91, 0x8c, 0x0a, 0x66, 0xf1, 0xe9, - 0x9d, 0x4c, 0x46, 0x05, 0x67, 0x48, 0x33, 0xff, 0xcc, 0x80, 0x33, 0x63, 0x4f, 0x00, 0xd1, 0x76, - 0x14, 0x7e, 0x4f, 0x5b, 0x7c, 0x9c, 0x10, 0xa8, 0x3f, 0xf1, 0x2e, 0xba, 0x09, 0x67, 0x05, 0x22, - 0xd7, 0x1a, 0x6f, 0xa1, 0xc7, 0xba, 0x53, 0xf3, 0x4f, 0x0d, 0x80, 0xb8, 0x1c, 0x86, 0x76, 0x61, - 0x4e, 0x74, 0x49, 0x8b, 0x23, 0xb3, 0x0f, 0xf0, 0xac, 0x54, 0x31, 0xd7, 0x52, 0x50, 0xb0, 0x86, - 0xc9, 0xf6, 0x35, 0xaf, 0x42, 0xf3, 0xdd, 0x95, 0xd3, 0xf7, 0xf5, 0xdd, 0x90, 0x80, 0x63, 0x1e, - 0xf3, 0x17, 0x79, 0x58, 0x4a, 0x79, 0x74, 0xf2, 0x7f, 0xba, 0xa8, 0xfa, 0x32, 0xcc, 0x8a, 0xef, - 0x10, 0x68, 0x32, 0xba, 0x13, 0x9f, 0x29, 0x50, 0x1c, 0xd2, 0xd1, 0x2a, 0x54, 0x1c, 0xd7, 0x16, - 0x77, 0x2c, 0x56, 0x58, 0x4c, 0x13, 0xf7, 0xcf, 0x71, 0x33, 0x56, 0x79, 0xf4, 0xea, 0xdb, 0x4c, - 0x86, 0xea, 0xdb, 0x17, 0x58, 0x7e, 0xfa, 0x16, 0x9c, 0x19, 0x0b, 0x7d, 0xb3, 0xc5, 0x01, 0x84, - 0x7f, 0xfe, 0x9e, 0x88, 0x03, 0xc4, 0x57, 0xef, 0x82, 0x66, 0xfe, 0xc8, 0x80, 0xf9, 0x44, 0x8e, - 0x70, 0xa2, 0x52, 0xcd, 0x7d, 0xb5, 0x54, 0x73, 0xb2, 0xfc, 0x46, 0x2b, 0xda, 0x98, 0x77, 0x20, - 0xfd, 0x15, 0x7b, 0x72, 0x31, 0x8d, 0xc7, 0x2f, 0xa6, 0xf9, 0xd3, 0x1c, 0x94, 0xa3, 0xc7, 0x7f, - 0xe8, 0x35, 0x6d, 0xe6, 0x2e, 0xa8, 0x33, 0xf7, 0x68, 0x54, 0x13, 0x8c, 0xca, 0x34, 0xbe, 0x0f, - 0xe5, 0xe8, 0xf1, 0x68, 0x54, 0x8a, 0xca, 0x1e, 0xe7, 0x45, 0x56, 0x13, 0xbd, 0x48, 0xc5, 0x31, - 0x1e, 0x0b, 0x7d, 0xc3, 0xd7, 0x9d, 0x77, 0x9d, 0x5e, 0xcf, 0xa1, 0xf2, 0x82, 0x2d, 0xcf, 0x2f, - 0xd8, 0xa2, 0xd0, 0x77, 0x23, 0x85, 0x07, 0xa7, 0x4a, 0xa2, 0x6d, 0x28, 0xd2, 0x80, 0x0c, 0xa8, - 0xac, 0x39, 0xbf, 0x92, 0xe9, 0x5d, 0x24, 0x19, 0xf0, 0x94, 0x3e, 0x32, 0x11, 0xd6, 0x42, 0xb1, - 0x00, 0x32, 0xff, 0xd5, 0x80, 0x52, 0xc8, 0x82, 0x5e, 0xd5, 0x26, 0xaf, 0x9a, 0x98, 0x3c, 0xce, - 0xf7, 0xbf, 0x76, 0xee, 0xcc, 0x91, 0x01, 0xf3, 0xfa, 0x1b, 0x0f, 0xa5, 0x90, 0x64, 0x1c, 0x57, - 0x48, 0x42, 0xaf, 0x42, 0xc9, 0xea, 0xf5, 0xbc, 0x8f, 0x36, 0xdd, 0x03, 0x59, 0xbc, 0x8d, 0xee, - 0x9e, 0xd7, 0x64, 0x3b, 0x8e, 0x38, 0xd0, 0x01, 0x2c, 0x08, 0xb9, 0xf8, 0xf5, 0x6e, 0x3e, 0xf3, - 0x15, 0x68, 0xda, 0x39, 0xd6, 0x58, 0x62, 0x91, 0x57, 0x4b, 0xc7, 0xc4, 0x49, 0x25, 0x8d, 0x2b, - 0x9f, 0x7e, 0xbe, 0x7c, 0xea, 0xe7, 0x9f, 0x2f, 0x9f, 0xfa, 0xec, 0xf3, 0xe5, 0x53, 0xdf, 0x3d, - 0x5a, 0x36, 0x3e, 0x3d, 0x5a, 0x36, 0x7e, 0x7e, 0xb4, 0x6c, 0x7c, 0x76, 0xb4, 0x6c, 0xfc, 0xf3, - 0xd1, 0xb2, 0xf1, 0xfb, 0xff, 0xb2, 0x7c, 0xea, 0x5b, 0xb9, 0x83, 0xd5, 0xff, 0x0e, 0x00, 0x00, - 0xff, 0xff, 0x58, 0xc4, 0x75, 0x0c, 0x57, 0x46, 0x00, 0x00, + 0x8e, 0x0d, 0x39, 0xb6, 0x87, 0x4b, 0x59, 0x52, 0x64, 0x1b, 0x71, 0xc0, 0x21, 0x29, 0x99, 0xda, + 0x91, 0x44, 0xd4, 0xd0, 0xb2, 0x77, 0x2d, 0x6c, 0xd2, 0xec, 0xa9, 0x19, 0xb6, 0x39, 0xd3, 0x3d, + 0xee, 0xea, 0xa1, 0xcd, 0x05, 0x02, 0x2c, 0x02, 0x2c, 0x92, 0xf5, 0x5e, 0xb2, 0x97, 0x45, 0x92, + 0x4b, 0x12, 0x2c, 0x72, 0xca, 0x29, 0x01, 0x02, 0x6c, 0xb0, 0x97, 0x00, 0xd9, 0x83, 0x0f, 0x09, + 0xb0, 0x41, 0x02, 0xc4, 0xc0, 0x2e, 0x06, 0x31, 0x73, 0x08, 0x90, 0x43, 0x80, 0x5c, 0x75, 0x08, + 0x82, 0xfa, 0xe9, 0xee, 0xaa, 0x9e, 0x1e, 0xaa, 0x87, 0x92, 0x95, 0x4d, 0x72, 0x9b, 0xa9, 0xf7, + 0xde, 0xf7, 0xea, 0xe7, 0xd5, 0xab, 0xf7, 0x5e, 0x55, 0xc3, 0x6a, 0xd7, 0x09, 0xf6, 0x86, 0xbb, + 0x75, 0xdb, 0xeb, 0xaf, 0x78, 0x03, 0xe2, 0xd2, 0x3d, 0xa7, 0x13, 0xac, 0x58, 0x03, 0x67, 0x65, + 0x77, 0xe8, 0xf4, 0xda, 0x2b, 0x07, 0xab, 0x2b, 0x5d, 0xe2, 0x12, 0xdf, 0x0a, 0x48, 0xbb, 0x3e, + 0xf0, 0xbd, 0xc0, 0x43, 0xcf, 0xc7, 0x22, 0xf5, 0x48, 0xa4, 0x6e, 0x0d, 0x9c, 0x3a, 0x17, 0xa9, + 0x1f, 0xac, 0x5e, 0x7c, 0x4d, 0x41, 0xed, 0x7a, 0x5d, 0x6f, 0x85, 0x4b, 0xee, 0x0e, 0x3b, 0xfc, + 0x1f, 0xff, 0xc3, 0x7f, 0x09, 0xc4, 0x8b, 0xe6, 0xfe, 0x4d, 0x5a, 0x77, 0x3c, 0xae, 0xd6, 0xf6, + 0x7c, 0x92, 0xa2, 0xf5, 0xe2, 0xb5, 0x98, 0xa7, 0x6f, 0xd9, 0x7b, 0x8e, 0x4b, 0xfc, 0xc3, 0x95, + 0xc1, 0x7e, 0x97, 0x35, 0xd0, 0x95, 0x3e, 0x09, 0xac, 0x34, 0xa9, 0x1b, 0x93, 0xa4, 0xfc, 0xa1, + 0x1b, 0x38, 0x7d, 0xb2, 0x42, 0xed, 0x3d, 0xd2, 0xb7, 0x92, 0x72, 0xe6, 0xdf, 0x14, 0xe0, 0x42, + 0xc3, 0x71, 0x2d, 0xff, 0xb0, 0xc1, 0xc6, 0x84, 0xc9, 0x47, 0x43, 0x42, 0x83, 0xfb, 0x83, 0xc0, + 0xf1, 0x5c, 0x8a, 0x7e, 0x0b, 0x4a, 0x4c, 0x61, 0xdb, 0x0a, 0xac, 0xaa, 0x71, 0xd9, 0xb8, 0x52, + 0xb9, 0xfa, 0xb5, 0xba, 0x50, 0x54, 0x57, 0x15, 0xd5, 0x07, 0xfb, 0x5d, 0xd6, 0x40, 0xeb, 0x8c, + 0xbb, 0x7e, 0xb0, 0x5a, 0xbf, 0xbf, 0xfb, 0x21, 0xb1, 0x83, 0xbb, 0x24, 0xb0, 0x1a, 0xe8, 0xb3, + 0x51, 0xed, 0xd4, 0xd1, 0xa8, 0x06, 0x71, 0x1b, 0x8e, 0x50, 0xd1, 0x4b, 0x30, 0x63, 0xd1, 0x5b, + 0x4e, 0x8f, 0x54, 0x73, 0x97, 0x8d, 0x2b, 0xe5, 0xc6, 0xbc, 0xe4, 0x9e, 0x59, 0xe3, 0xad, 0x58, + 0x52, 0xd1, 0x0d, 0x98, 0xf7, 0xc9, 0x81, 0x43, 0x1d, 0xcf, 0x5d, 0xf7, 0xfa, 0x7d, 0x27, 0xa8, + 0xe6, 0x75, 0x7e, 0xd1, 0x8a, 0x13, 0x5c, 0xe8, 0x0d, 0x58, 0x08, 0x5b, 0xee, 0x12, 0x4a, 0xad, + 0x2e, 0xa9, 0x16, 0xb8, 0xe0, 0x82, 0x14, 0x9c, 0x95, 0xcd, 0x38, 0xc9, 0x87, 0x1a, 0x80, 0xc2, + 0xa6, 0xb5, 0x61, 0xb0, 0xe7, 0xf9, 0xf7, 0xac, 0x3e, 0xa9, 0x16, 0xb9, 0x74, 0x34, 0xa8, 0x98, + 0x82, 0x53, 0xb8, 0xd1, 0x26, 0x2c, 0xe9, 0xad, 0x9b, 0x7d, 0xcb, 0xe9, 0x55, 0x67, 0x38, 0xc8, + 0x92, 0x04, 0xa9, 0x28, 0x24, 0x9c, 0xc6, 0x8f, 0xbe, 0x0e, 0xe7, 0xf4, 0x71, 0x05, 0x44, 0xf4, + 0x66, 0x96, 0x03, 0x9d, 0x93, 0x40, 0xa7, 0x35, 0x22, 0x4e, 0x97, 0x41, 0xf7, 0xe0, 0xb9, 0x31, + 0x82, 0xe8, 0x56, 0x89, 0xa3, 0x3d, 0x27, 0xd1, 0xe6, 0x75, 0x2a, 0x9e, 0x20, 0x65, 0xbe, 0x05, + 0x67, 0x14, 0x0b, 0x6a, 0x79, 0x43, 0xdf, 0x26, 0xca, 0xba, 0x1a, 0xc7, 0xad, 0xab, 0xf9, 0xa9, + 0x01, 0xe7, 0x1a, 0x4e, 0xb0, 0x3b, 0xb4, 0xf7, 0x49, 0xf0, 0x1e, 0xd9, 0x7d, 0xc7, 0xf3, 0xf6, + 0xd7, 0xad, 0x21, 0x25, 0xe8, 0x23, 0x00, 0xdb, 0xeb, 0xf7, 0x3d, 0xb7, 0x35, 0x20, 0xb6, 0xb4, + 0xbe, 0xeb, 0xf5, 0xc7, 0x6e, 0xc9, 0xfa, 0x3a, 0x17, 0x52, 0xa1, 0x1a, 0x17, 0xa5, 0x72, 0x34, + 0x4e, 0xc3, 0x8a, 0x12, 0xf3, 0x07, 0x39, 0x28, 0xf2, 0x41, 0x3c, 0x03, 0xc3, 0xbf, 0x07, 0x05, + 0xca, 0x06, 0x96, 0xe3, 0xe8, 0xaf, 0x66, 0x18, 0x98, 0x98, 0xde, 0x01, 0xb1, 0x1b, 0x73, 0x12, + 0xb9, 0xc0, 0xfe, 0x61, 0x8e, 0x83, 0x1e, 0xc0, 0x0c, 0x0d, 0xac, 0x60, 0x48, 0xf9, 0xc6, 0xa8, + 0x5c, 0xad, 0x67, 0x46, 0xe4, 0x52, 0xf1, 0x02, 0x89, 0xff, 0x58, 0xa2, 0x99, 0x7f, 0x9f, 0x87, + 0x79, 0xce, 0xb7, 0xee, 0xb9, 0x6d, 0x87, 0xb9, 0x05, 0x74, 0x03, 0x0a, 0xc1, 0xe1, 0x20, 0x5c, + 0x59, 0x33, 0xec, 0xcc, 0xce, 0xe1, 0x80, 0x3c, 0x1a, 0xd5, 0x90, 0xce, 0xcd, 0x5a, 0x31, 0xe7, + 0x47, 0xcd, 0xa8, 0x8b, 0x62, 0xaf, 0x5f, 0xd3, 0x55, 0x3e, 0x1a, 0xd5, 0x52, 0xfc, 0x63, 0x3d, + 0x42, 0xd2, 0x3b, 0x86, 0x3e, 0x84, 0xf9, 0x9e, 0x45, 0x83, 0x77, 0x07, 0x6d, 0x2b, 0x20, 0x3b, + 0x4e, 0x9f, 0xf0, 0x5d, 0x55, 0xb9, 0xfa, 0xab, 0xd9, 0x16, 0x8a, 0x49, 0xc4, 0xa6, 0xde, 0xd4, + 0x90, 0x70, 0x02, 0x19, 0x1d, 0x00, 0x62, 0x2d, 0x3b, 0xbe, 0xe5, 0x52, 0x31, 0x2a, 0xa6, 0x2f, + 0x3f, 0xb5, 0xbe, 0xc8, 0x10, 0x9b, 0x63, 0x68, 0x38, 0x45, 0x03, 0xdb, 0x45, 0x3e, 0xb1, 0xa8, + 0xe7, 0x4a, 0xa7, 0x15, 0x2d, 0x12, 0xe6, 0xad, 0x58, 0x52, 0xd1, 0xcb, 0x30, 0xdb, 0x97, 0xde, + 0xad, 0x98, 0xee, 0xdd, 0x42, 0xba, 0xf9, 0xa3, 0x1c, 0x54, 0xc2, 0x15, 0xea, 0x38, 0xdd, 0x67, + 0x60, 0xe9, 0x3b, 0x9a, 0xa5, 0x5f, 0xcd, 0x6a, 0x97, 0xa2, 0x7f, 0x13, 0xed, 0xfd, 0x61, 0xc2, + 0xde, 0xaf, 0x4d, 0x89, 0x7b, 0xbc, 0xd5, 0xff, 0xd4, 0x80, 0x05, 0x85, 0xbb, 0xe9, 0xd0, 0x00, + 0x3d, 0x1c, 0x9b, 0xa9, 0x7a, 0xb6, 0x99, 0x62, 0xd2, 0x7c, 0x9e, 0x16, 0xa5, 0xb6, 0x52, 0xd8, + 0xa2, 0xcc, 0x52, 0x0b, 0x8a, 0x4e, 0x40, 0xfa, 0x6c, 0x6f, 0xe4, 0xa7, 0xd9, 0xbe, 0xa2, 0x83, + 0x8d, 0xd3, 0x12, 0xba, 0xb8, 0xc5, 0x40, 0xb0, 0xc0, 0x32, 0x7f, 0x91, 0xd7, 0x86, 0xc1, 0xa6, + 0x0f, 0xd9, 0x50, 0x0a, 0x7c, 0xa7, 0xdb, 0x25, 0x3e, 0xad, 0x1a, 0x5c, 0xd7, 0xf5, 0xac, 0xba, + 0x76, 0x84, 0xdc, 0xb6, 0xd7, 0x73, 0xec, 0xc3, 0x78, 0x34, 0xb2, 0x99, 0xe2, 0x08, 0x18, 0xad, + 0x41, 0xd9, 0x1f, 0xba, 0x82, 0x51, 0xee, 0xf6, 0x17, 0x24, 0x7b, 0x19, 0x87, 0x84, 0x47, 0xa3, + 0x9a, 0x70, 0x2d, 0x51, 0x0b, 0x8e, 0xa5, 0x90, 0xa5, 0xf9, 0x7f, 0xb1, 0xc8, 0xaf, 0x65, 0xf6, + 0xff, 0xdc, 0x6e, 0x22, 0xbb, 0x8c, 0xdb, 0x54, 0x7f, 0x8f, 0xda, 0x70, 0x89, 0x0e, 0x6d, 0x9b, + 0x50, 0xda, 0x19, 0xf6, 0x78, 0x4f, 0xe8, 0x3b, 0x0e, 0x0d, 0x3c, 0xff, 0xb0, 0xe9, 0xb0, 0x10, + 0x83, 0x6d, 0xba, 0x62, 0xe3, 0xf2, 0xd1, 0xa8, 0x76, 0xa9, 0x75, 0x0c, 0x1f, 0x3e, 0x16, 0x05, + 0xbd, 0x0f, 0xd5, 0x8e, 0xe5, 0xf4, 0x48, 0x3b, 0x45, 0x43, 0x91, 0x6b, 0xb8, 0x74, 0x34, 0xaa, + 0x55, 0x6f, 0x4d, 0xe0, 0xc1, 0x13, 0xa5, 0xcd, 0x7f, 0x36, 0xe0, 0xcc, 0x98, 0x4d, 0xa3, 0xeb, + 0x50, 0x61, 0xae, 0xe4, 0x01, 0xf1, 0xd9, 0x61, 0xcd, 0x4d, 0x35, 0x1f, 0xc7, 0x1a, 0xcd, 0x98, + 0x84, 0x55, 0x3e, 0xf4, 0xa9, 0x01, 0x4b, 0x4e, 0xdf, 0xea, 0x92, 0xf5, 0x3d, 0xcb, 0xed, 0x92, + 0x70, 0x51, 0xa5, 0x3d, 0xbe, 0x95, 0x61, 0xe6, 0xb7, 0xc6, 0xa4, 0xe5, 0x2e, 0xfb, 0x8a, 0x54, + 0xbe, 0x34, 0xce, 0x41, 0x71, 0x9a, 0x52, 0xf3, 0xc7, 0x06, 0x94, 0xf9, 0xc8, 0x9e, 0xc1, 0xce, + 0xbb, 0xab, 0xef, 0xbc, 0x2b, 0x59, 0x77, 0xc3, 0x84, 0x3d, 0x07, 0x50, 0x12, 0x3d, 0xf7, 0xba, + 0xe6, 0x7f, 0x16, 0xe4, 0xfe, 0x6b, 0x7a, 0xdd, 0x30, 0xa6, 0x5e, 0x81, 0xb2, 0xed, 0xb9, 0x81, + 0xc5, 0xba, 0x2c, 0x8f, 0xd0, 0x33, 0xe1, 0xd6, 0x58, 0x0f, 0x09, 0x38, 0xe6, 0x61, 0x87, 0x40, + 0xc7, 0xeb, 0xf5, 0xbc, 0x8f, 0xf9, 0x46, 0x2a, 0xc5, 0x3e, 0xeb, 0x16, 0x6f, 0xc5, 0x92, 0x8a, + 0x5e, 0x85, 0xd2, 0x80, 0x85, 0x68, 0x9e, 0xf4, 0x89, 0xa5, 0x78, 0xd4, 0xdb, 0xb2, 0x1d, 0x47, + 0x1c, 0xe8, 0x1a, 0xcc, 0x51, 0xc7, 0xb5, 0x49, 0x8b, 0xd8, 0x9e, 0xdb, 0xa6, 0xdc, 0xd6, 0xf3, + 0x8d, 0xc5, 0xa3, 0x51, 0x6d, 0xae, 0xa5, 0xb4, 0x63, 0x8d, 0x0b, 0xbd, 0x07, 0x65, 0xfe, 0x9f, + 0x9f, 0x7f, 0xc5, 0xa9, 0xcf, 0xbf, 0xd3, 0x6c, 0x90, 0xad, 0x10, 0x00, 0xc7, 0x58, 0xe8, 0x2a, + 0x00, 0x4b, 0x53, 0x68, 0x60, 0xf5, 0x07, 0x94, 0x9f, 0xe4, 0xa5, 0x78, 0xfb, 0xee, 0x44, 0x14, + 0xac, 0x70, 0xa1, 0x57, 0xa0, 0x1c, 0x58, 0x4e, 0xaf, 0xe9, 0xb8, 0x84, 0xf2, 0x48, 0x38, 0x2f, + 0x14, 0xec, 0x84, 0x8d, 0x38, 0xa6, 0xa3, 0x3a, 0x40, 0x8f, 0x6d, 0x9a, 0xc6, 0x61, 0x40, 0x28, + 0x8f, 0x74, 0xf3, 0x8d, 0x79, 0x06, 0xde, 0x8c, 0x5a, 0xb1, 0xc2, 0xc1, 0x66, 0xdd, 0xf5, 0x3e, + 0xb6, 0x9c, 0xa0, 0x5a, 0xd6, 0x67, 0xfd, 0x9e, 0xf7, 0x9e, 0xe5, 0x04, 0x58, 0x52, 0xd1, 0x8b, + 0x30, 0x7b, 0x20, 0x77, 0x1a, 0x70, 0xd0, 0x0a, 0x3b, 0x76, 0xc3, 0x1d, 0x16, 0xd2, 0xd0, 0x1e, + 0x5c, 0x72, 0x5c, 0x4a, 0xec, 0xa1, 0x4f, 0x5a, 0xfb, 0xce, 0x60, 0xa7, 0xd9, 0x7a, 0x40, 0x7c, + 0xa7, 0x73, 0xd8, 0xb0, 0xec, 0x7d, 0xe2, 0xb6, 0xab, 0x15, 0xae, 0xe4, 0x57, 0xa4, 0x92, 0x4b, + 0x5b, 0xc7, 0xf0, 0xe2, 0x63, 0x91, 0xcc, 0x4f, 0xc3, 0x03, 0xfe, 0xfe, 0x30, 0x18, 0x0c, 0x03, + 0xf4, 0x16, 0xe4, 0x02, 0x4f, 0x6e, 0x9b, 0x17, 0x94, 0xb5, 0xaa, 0xb3, 0x00, 0x2b, 0x3e, 0xc8, + 0x31, 0xe9, 0x10, 0x9f, 0xb8, 0x36, 0x69, 0xcc, 0x1c, 0x8d, 0x6a, 0xb9, 0x1d, 0x0f, 0xe7, 0x02, + 0x0f, 0xbd, 0x0f, 0x30, 0x18, 0xd2, 0xbd, 0x16, 0xb1, 0x7d, 0x12, 0xc8, 0x13, 0xfc, 0x4a, 0x1a, + 0x48, 0xd3, 0xb3, 0xad, 0x5e, 0x12, 0x89, 0xcf, 0xef, 0x76, 0x24, 0x8f, 0x15, 0x2c, 0xd4, 0x86, + 0x0a, 0xdf, 0xf8, 0x4d, 0x6b, 0x97, 0xf4, 0x98, 0xc1, 0xe6, 0x33, 0xfa, 0xf7, 0xad, 0x48, 0x2a, + 0x76, 0x6a, 0x71, 0x1b, 0xc5, 0x2a, 0xac, 0xf9, 0x3b, 0x06, 0x2c, 0xf1, 0xc9, 0xd8, 0xf6, 0x68, + 0x20, 0xf2, 0x16, 0xee, 0xf9, 0x5f, 0x84, 0x59, 0x76, 0x0e, 0x58, 0x6e, 0x9b, 0x9f, 0x81, 0x65, + 0xb1, 0x6a, 0xeb, 0xa2, 0x09, 0x87, 0x34, 0x74, 0x09, 0x0a, 0x96, 0xdf, 0x15, 0x9e, 0xa1, 0xdc, + 0x28, 0xb1, 0x10, 0x64, 0xcd, 0xef, 0x52, 0xcc, 0x5b, 0x99, 0x89, 0x50, 0xdb, 0x77, 0x06, 0x63, + 0xb9, 0x68, 0x8b, 0xb7, 0x62, 0x49, 0x35, 0x7f, 0x3a, 0x0b, 0x73, 0x6a, 0x76, 0xfd, 0x0c, 0x62, + 0xae, 0x0f, 0xa0, 0x14, 0x66, 0x6b, 0x72, 0xd5, 0x56, 0x33, 0x4c, 0xad, 0xc8, 0xdd, 0xb0, 0x14, + 0x6c, 0xcc, 0x31, 0xd7, 0x11, 0xfe, 0xc3, 0x11, 0x20, 0x22, 0xb0, 0x28, 0x0f, 0x7a, 0xd2, 0x6e, + 0x1c, 0xf2, 0xb9, 0x97, 0xe7, 0x73, 0x26, 0xfb, 0x3a, 0x7b, 0x34, 0xaa, 0x2d, 0xee, 0x24, 0x00, + 0xf0, 0x18, 0x24, 0x5a, 0x83, 0x42, 0xc7, 0xf7, 0xfa, 0xdc, 0x33, 0x65, 0x84, 0xe6, 0x2b, 0x74, + 0xcb, 0xf7, 0xfa, 0x98, 0x8b, 0xa2, 0xf7, 0x61, 0x66, 0x97, 0xa7, 0xa6, 0xd2, 0x57, 0x65, 0x0a, + 0x12, 0x93, 0xb9, 0x6c, 0x03, 0xd8, 0x9a, 0x8a, 0x66, 0x2c, 0xf1, 0xd0, 0xaa, 0x7e, 0xc8, 0xce, + 0xf0, 0xad, 0xbf, 0x70, 0xec, 0x01, 0xfb, 0x06, 0xe4, 0x89, 0x7b, 0x50, 0x9d, 0xe5, 0x96, 0x7e, + 0x31, 0x6d, 0x38, 0x9b, 0xee, 0xc1, 0x03, 0xcb, 0x6f, 0x54, 0xe4, 0xd2, 0xe6, 0x37, 0xdd, 0x03, + 0xcc, 0x64, 0xd0, 0x3e, 0x54, 0x94, 0xe9, 0xa9, 0x96, 0x38, 0xc4, 0xb5, 0x29, 0xc3, 0x36, 0x91, + 0x0b, 0x47, 0x7b, 0x46, 0x59, 0x01, 0xac, 0xa2, 0xa3, 0xef, 0x19, 0x70, 0xae, 0xed, 0xd9, 0xfb, + 0xec, 0xf8, 0xf6, 0xad, 0x80, 0x74, 0x0f, 0xe5, 0xd1, 0xc5, 0x3d, 0x61, 0xe5, 0xea, 0xcd, 0x0c, + 0x7a, 0x37, 0xd2, 0xe4, 0x1b, 0x17, 0x8e, 0x46, 0xb5, 0x73, 0xa9, 0x24, 0x9c, 0xae, 0x91, 0xf7, + 0x85, 0xf2, 0x55, 0x48, 0xf6, 0x05, 0x32, 0xf7, 0xa5, 0x95, 0x26, 0x2f, 0xfa, 0x92, 0x4a, 0xc2, + 0xe9, 0x1a, 0xcd, 0x7f, 0x2a, 0x4a, 0xc7, 0x2a, 0x4b, 0x1c, 0xaf, 0x6b, 0x69, 0x70, 0x2d, 0x91, + 0x06, 0x2f, 0x28, 0xac, 0x4a, 0x0e, 0x1c, 0x5b, 0x64, 0xee, 0x29, 0x5b, 0x64, 0x1d, 0x40, 0xcc, + 0x61, 0xc7, 0xe9, 0x91, 0xd0, 0x23, 0x31, 0x07, 0xb1, 0x11, 0xb5, 0x62, 0x85, 0x03, 0x35, 0x21, + 0xdf, 0x95, 0x31, 0x6e, 0x36, 0xef, 0x70, 0xdb, 0x09, 0xd4, 0x3e, 0xcc, 0x32, 0x0b, 0xbd, 0xed, + 0x04, 0x98, 0xc1, 0xa0, 0x07, 0x30, 0xc3, 0xfd, 0x2e, 0xad, 0x16, 0x33, 0xe7, 0x2f, 0x7c, 0x9b, + 0x4b, 0xb4, 0xc8, 0x77, 0xf2, 0x46, 0x8a, 0x25, 0x1a, 0x8b, 0x0b, 0x58, 0x24, 0x44, 0x3e, 0x09, + 0x36, 0x1c, 0x5f, 0xd6, 0xcd, 0x94, 0xb0, 0x3e, 0xa4, 0x60, 0x85, 0x0b, 0x7d, 0x0b, 0xe6, 0xe4, + 0x0a, 0x8a, 0x63, 0x6b, 0x76, 0xca, 0x63, 0x4b, 0x04, 0x41, 0x0a, 0x02, 0xd6, 0xf0, 0xd0, 0x6f, + 0xc2, 0x2c, 0xe5, 0xbf, 0xe8, 0x14, 0x3b, 0x51, 0xc8, 0xaa, 0x13, 0x18, 0xe5, 0xe8, 0x82, 0x44, + 0x71, 0x88, 0x8a, 0xf6, 0xf9, 0xa0, 0x3b, 0x4e, 0xf7, 0xae, 0x35, 0x60, 0xbb, 0x8e, 0xe9, 0xf8, + 0xb5, 0x4c, 0xa9, 0x8f, 0x14, 0x52, 0xd5, 0xa8, 0xb3, 0x25, 0x21, 0xb1, 0x02, 0x6f, 0xfe, 0x3c, + 0x0c, 0xb5, 0xf9, 0xc1, 0x68, 0xa5, 0x54, 0xdd, 0x9e, 0x72, 0xd6, 0x95, 0x70, 0x66, 0xb9, 0x2f, + 0xd3, 0x99, 0x99, 0xff, 0x31, 0x1b, 0x6e, 0x5a, 0x91, 0x1c, 0xad, 0x42, 0x71, 0xb0, 0x67, 0xd1, + 0x70, 0xd7, 0x86, 0x99, 0x49, 0x71, 0x9b, 0x35, 0x3e, 0x1a, 0xd5, 0x40, 0x44, 0x0b, 0xec, 0x1f, + 0x16, 0x9c, 0x3c, 0x60, 0xb7, 0x5c, 0x9b, 0xf4, 0x7a, 0xa4, 0x2d, 0x43, 0xf0, 0x38, 0x60, 0x0f, + 0x09, 0x38, 0xe6, 0x41, 0x37, 0xa2, 0xaa, 0x8d, 0xd8, 0x85, 0xcb, 0x7a, 0xd5, 0xe6, 0x11, 0xb3, + 0x2e, 0x51, 0x6e, 0x98, 0x58, 0xc5, 0x29, 0x1c, 0x5f, 0xc5, 0x41, 0x1d, 0x98, 0xa7, 0x81, 0xe5, + 0x07, 0x51, 0x64, 0x7c, 0x82, 0x60, 0x1c, 0x1d, 0x8d, 0x6a, 0xf3, 0x2d, 0x0d, 0x05, 0x27, 0x50, + 0xd1, 0x10, 0x96, 0x6c, 0xaf, 0x3f, 0xe8, 0x91, 0xb0, 0x24, 0x25, 0x94, 0x4d, 0x5f, 0x69, 0x3b, + 0xcf, 0xd2, 0xbf, 0xf5, 0x71, 0x28, 0x9c, 0x86, 0x8f, 0x7e, 0x1d, 0x4a, 0xed, 0xa1, 0x6f, 0xb1, + 0x46, 0x19, 0xd8, 0x3f, 0x1f, 0xa6, 0x32, 0x1b, 0xb2, 0xfd, 0xd1, 0xa8, 0x76, 0x9a, 0xe5, 0x02, + 0xf5, 0xb0, 0x01, 0x47, 0x22, 0x68, 0x17, 0x2e, 0x7a, 0x3c, 0xf8, 0x15, 0xae, 0x4f, 0x04, 0x18, + 0xe1, 0xf6, 0x96, 0x55, 0xee, 0xb0, 0x6c, 0x79, 0xf1, 0xfe, 0x44, 0x4e, 0x7c, 0x0c, 0x0a, 0xba, + 0x0d, 0x33, 0x62, 0x13, 0xc9, 0x53, 0x31, 0x53, 0x7c, 0x02, 0xe2, 0xa6, 0x82, 0x89, 0x61, 0x29, + 0x8e, 0x1e, 0xc2, 0x8c, 0x50, 0x23, 0x8f, 0xb4, 0x6b, 0xd3, 0x15, 0x6e, 0x45, 0xf7, 0x63, 0xff, + 0x29, 0xfe, 0x63, 0x89, 0x89, 0x76, 0x78, 0x99, 0x8c, 0xf9, 0xe5, 0x0a, 0xdf, 0x67, 0x59, 0x0a, + 0xcd, 0x2d, 0x26, 0xb0, 0xe5, 0x76, 0x3c, 0xad, 0x3c, 0xc6, 0xbd, 0xb2, 0xc0, 0x62, 0x5e, 0xb9, + 0xe7, 0x75, 0x5b, 0xae, 0x33, 0x18, 0x90, 0xa0, 0x3a, 0xa7, 0x7b, 0xe5, 0x66, 0x44, 0xc1, 0x0a, + 0x17, 0x22, 0xdc, 0xa9, 0x89, 0x52, 0x2e, 0xad, 0x9e, 0xe6, 0xbd, 0x59, 0x9d, 0xa2, 0xca, 0x25, + 0x24, 0x35, 0x77, 0x26, 0xc1, 0xb0, 0x02, 0x6c, 0xda, 0xb2, 0x24, 0xa2, 0xce, 0x0e, 0xba, 0xa7, + 0xe4, 0x40, 0x37, 0x4e, 0x32, 0xbf, 0x3b, 0x9e, 0x9a, 0x16, 0x99, 0x4d, 0x99, 0x55, 0xe8, 0x2c, + 0xe8, 0xba, 0xcc, 0x69, 0x36, 0x9c, 0x2e, 0xa1, 0x81, 0x74, 0x31, 0x7a, 0x92, 0x22, 0x48, 0x58, + 0xe5, 0x33, 0x7f, 0x52, 0x80, 0xd3, 0x12, 0x4e, 0x44, 0x1c, 0xe8, 0xba, 0x16, 0x5a, 0x3c, 0x9f, + 0x08, 0x2d, 0xce, 0x68, 0xcc, 0x4a, 0x70, 0xe1, 0xc3, 0xbc, 0x1e, 0x46, 0xc9, 0x20, 0xe3, 0x46, + 0xe6, 0x88, 0x4d, 0x43, 0x16, 0x1e, 0x42, 0x8f, 0xd7, 0x70, 0x42, 0x03, 0xd3, 0xa9, 0x87, 0x4b, + 0x32, 0x15, 0xb8, 0x91, 0x39, 0x32, 0x4b, 0xd1, 0xa9, 0xc7, 0x65, 0x38, 0xa1, 0x81, 0xe9, 0xb4, + 0x87, 0x34, 0xf0, 0xfa, 0x91, 0xce, 0x42, 0x66, 0x9d, 0xeb, 0x5c, 0x30, 0x45, 0xe7, 0xba, 0x86, + 0x88, 0x13, 0x1a, 0xd0, 0x0f, 0x0d, 0x38, 0xff, 0x21, 0x71, 0xf7, 0x1d, 0x97, 0x6e, 0x3b, 0x03, + 0xd2, 0x73, 0xdc, 0x78, 0xc4, 0xc2, 0xf7, 0xfe, 0x46, 0x06, 0xed, 0x77, 0x74, 0x04, 0xbd, 0x1b, + 0x5f, 0x39, 0x1a, 0xd5, 0xce, 0xdf, 0x49, 0xd7, 0x81, 0x27, 0x29, 0x37, 0xbf, 0x5b, 0x94, 0x16, + 0xaf, 0x9e, 0x8c, 0xea, 0x59, 0x62, 0x3c, 0xe6, 0x2c, 0xf1, 0x61, 0x9e, 0xdf, 0x0a, 0x3b, 0xb6, + 0xbc, 0x18, 0x9b, 0xc2, 0x6a, 0x6e, 0x6b, 0x82, 0xe2, 0x50, 0xe6, 0xb3, 0xa9, 0x13, 0x70, 0x42, + 0x03, 0x72, 0xe1, 0xb4, 0x00, 0x0f, 0x55, 0xe6, 0x33, 0xdf, 0xef, 0xdd, 0x76, 0x82, 0x77, 0x22, + 0x39, 0xa1, 0xf1, 0xcc, 0xd1, 0xa8, 0x76, 0x5a, 0x6b, 0xc7, 0x3a, 0x3c, 0x1a, 0xc2, 0xa2, 0x52, + 0x66, 0xe4, 0xd3, 0x25, 0x6d, 0xe6, 0xf5, 0xe9, 0x0a, 0x9b, 0x42, 0x21, 0x4f, 0x61, 0xb7, 0x12, + 0x80, 0x78, 0x4c, 0x85, 0x1c, 0x66, 0xcf, 0x8a, 0x86, 0x59, 0x9c, 0x66, 0x98, 0x4d, 0x2b, 0x7d, + 0x98, 0x71, 0x3b, 0xd6, 0xe1, 0xd1, 0xb7, 0x61, 0x71, 0x37, 0x71, 0x99, 0x2a, 0xcf, 0xea, 0x9b, + 0x99, 0xf2, 0x8c, 0x94, 0x7b, 0x58, 0x31, 0xd6, 0x24, 0x09, 0x8f, 0xe9, 0x31, 0x7f, 0x5c, 0x00, + 0x34, 0x7e, 0x4b, 0x80, 0xae, 0x69, 0xae, 0xec, 0x72, 0xc2, 0x95, 0x2d, 0xaa, 0x12, 0x8a, 0x27, + 0x7b, 0x08, 0x33, 0xa2, 0xbf, 0x53, 0x54, 0x2f, 0x64, 0x47, 0x24, 0x58, 0x9a, 0x51, 0x48, 0x4c, + 0x16, 0xc0, 0x4b, 0x7b, 0x94, 0x76, 0x77, 0x02, 0xf8, 0x34, 0x2b, 0x0f, 0x51, 0xd1, 0x9e, 0x3c, + 0x08, 0x84, 0x2d, 0x48, 0x4b, 0xbb, 0x7e, 0xa2, 0x12, 0xba, 0x28, 0x2a, 0x28, 0xed, 0x58, 0x85, + 0x96, 0x13, 0xd5, 0xb3, 0x76, 0xa5, 0x69, 0x3d, 0xc1, 0x44, 0x29, 0x66, 0x25, 0x31, 0x11, 0x81, + 0x72, 0xb4, 0xce, 0xd2, 0x90, 0x4e, 0xa0, 0x20, 0xdd, 0x82, 0x62, 0x64, 0xf3, 0xdf, 0x0d, 0x19, + 0xa4, 0x3f, 0xf0, 0x7a, 0xc3, 0x3e, 0x41, 0x97, 0xa1, 0xe0, 0x5a, 0xfd, 0xd0, 0x66, 0xa2, 0xdb, + 0x3f, 0xfe, 0xa8, 0x81, 0x53, 0xf8, 0xed, 0x1f, 0x3f, 0x13, 0xa6, 0x49, 0xa3, 0x63, 0x0d, 0xc9, + 0xa4, 0x53, 0x16, 0xbe, 0x24, 0x26, 0xfa, 0x00, 0x66, 0xfa, 0xde, 0xd0, 0x0d, 0xc2, 0xb2, 0xe4, + 0xeb, 0xd3, 0xa1, 0xdf, 0x65, 0xb2, 0x31, 0x38, 0xff, 0x4b, 0xb1, 0x84, 0x34, 0xdf, 0x85, 0xc5, + 0x24, 0x2f, 0x5a, 0x83, 0x85, 0x36, 0xa1, 0x81, 0xe3, 0xf2, 0xf8, 0x75, 0xdb, 0x0a, 0xf6, 0xe4, + 0xd8, 0xcf, 0x4b, 0x90, 0x85, 0x0d, 0x9d, 0x8c, 0x93, 0xfc, 0xe6, 0x5f, 0xe6, 0xe4, 0x31, 0xa0, + 0x8e, 0x10, 0xbd, 0xa1, 0xed, 0xbe, 0x17, 0x13, 0xbb, 0xef, 0xdc, 0x98, 0x80, 0xb2, 0x05, 0xef, + 0xc0, 0x0c, 0x55, 0xcb, 0xbe, 0x2f, 0xa5, 0x05, 0xb8, 0x22, 0x75, 0xd5, 0x26, 0x95, 0xc7, 0xb8, + 0x32, 0x6f, 0x96, 0x08, 0xe8, 0x01, 0xbf, 0xf3, 0x10, 0x19, 0xa7, 0xdc, 0x72, 0x2f, 0xa7, 0xc1, + 0x45, 0x29, 0xaa, 0x86, 0x78, 0x5a, 0x5e, 0x8d, 0x08, 0x12, 0x8e, 0xa1, 0xd0, 0xdb, 0x90, 0xb7, + 0xa9, 0x73, 0x5c, 0x85, 0x70, 0xbd, 0xb5, 0xa5, 0x61, 0xf1, 0xaa, 0xc5, 0x7a, 0x6b, 0x0b, 0x33, + 0x41, 0xf3, 0xf7, 0x66, 0x41, 0xc9, 0x52, 0xd1, 0xdb, 0x30, 0x4f, 0x89, 0x7f, 0xe0, 0xd8, 0x64, + 0xcd, 0xb6, 0xd9, 0xc2, 0xc8, 0x79, 0x8b, 0x9e, 0x09, 0xb4, 0x34, 0x2a, 0x4e, 0x70, 0xf3, 0x37, + 0x18, 0xaa, 0x55, 0x66, 0x7f, 0x83, 0xf1, 0x38, 0x7b, 0x8c, 0xab, 0xb9, 0xf9, 0xa7, 0x5d, 0xcd, + 0xfd, 0x16, 0x94, 0xa8, 0x1e, 0x46, 0x7d, 0x2d, 0x7b, 0x84, 0x2c, 0x23, 0x97, 0xe8, 0xa2, 0x29, + 0x0a, 0x57, 0x22, 0x4c, 0x36, 0x29, 0x32, 0xbf, 0x29, 0x4e, 0x37, 0x29, 0x8f, 0xc9, 0x6c, 0xbe, + 0x01, 0x65, 0x9f, 0x88, 0x09, 0xa2, 0xd2, 0x37, 0xa5, 0x96, 0x78, 0xb0, 0x64, 0xc2, 0xe4, 0xa3, + 0xa1, 0xe3, 0x93, 0x3e, 0x71, 0x03, 0x1a, 0x27, 0xf0, 0x21, 0x95, 0xe2, 0x18, 0x0d, 0x7d, 0x08, + 0x30, 0x88, 0xee, 0x0b, 0x64, 0xf9, 0x28, 0x73, 0xda, 0xa0, 0xdf, 0x34, 0xc4, 0xf9, 0x4a, 0xdc, + 0x8e, 0x15, 0x74, 0xf4, 0x01, 0x5c, 0x88, 0x33, 0xe0, 0x0d, 0x62, 0xb5, 0x79, 0x70, 0x27, 0x2f, + 0xe5, 0xc4, 0x35, 0xd5, 0x57, 0x8f, 0x46, 0xb5, 0x0b, 0xeb, 0x93, 0x98, 0xf0, 0x64, 0x79, 0xd4, + 0x87, 0x39, 0xd7, 0x6b, 0x93, 0x16, 0xe9, 0x11, 0x3b, 0xf0, 0x7c, 0x99, 0xaa, 0x66, 0x29, 0x25, + 0x89, 0xa2, 0xa7, 0xd5, 0xbb, 0xa7, 0x88, 0x8b, 0xc2, 0x98, 0xda, 0x82, 0x35, 0x78, 0xf4, 0x26, + 0xcc, 0x73, 0x27, 0xb7, 0xe3, 0x0f, 0x69, 0x40, 0xda, 0xeb, 0x6b, 0x3c, 0xa5, 0x2d, 0x89, 0xb3, + 0xf2, 0xae, 0x46, 0xc1, 0x09, 0x4e, 0xf3, 0x0f, 0x0d, 0x48, 0x79, 0x9e, 0xa5, 0x99, 0xbe, 0xf1, + 0xb4, 0x4d, 0xff, 0x25, 0xcd, 0xc5, 0xa9, 0x17, 0x38, 0x9a, 0xfb, 0x32, 0xff, 0xc2, 0x80, 0xb3, + 0x69, 0xb5, 0x35, 0x66, 0x83, 0xb1, 0x5f, 0x33, 0xa6, 0x2c, 0x33, 0xaa, 0xb7, 0xbe, 0x69, 0xae, + 0x6d, 0x5e, 0x71, 0xf1, 0x1b, 0x8e, 0x2f, 0xfb, 0x18, 0xf9, 0xa2, 0x0d, 0x8d, 0x8a, 0x13, 0xdc, + 0xe6, 0xf7, 0x0b, 0xb0, 0x94, 0x92, 0xeb, 0xa0, 0x4d, 0x79, 0xab, 0x32, 0xc5, 0x85, 0x60, 0x74, + 0x00, 0x6b, 0x37, 0x2b, 0x30, 0x18, 0xf6, 0x7a, 0x4f, 0x76, 0x31, 0x18, 0xca, 0x63, 0x05, 0x2b, + 0xbc, 0x26, 0xc9, 0x9f, 0xe0, 0x9a, 0xe4, 0x0e, 0x20, 0xf2, 0xc9, 0xc0, 0xa3, 0x44, 0xe6, 0xac, + 0x1e, 0x8f, 0x5b, 0x0a, 0xdc, 0x06, 0xa3, 0xa7, 0x57, 0x9b, 0x63, 0x1c, 0x38, 0x45, 0x0a, 0xad, + 0x40, 0xb9, 0xe3, 0xf9, 0x36, 0x61, 0xbd, 0xe4, 0x9e, 0x4b, 0xa9, 0xfa, 0xdd, 0x0a, 0x09, 0x38, + 0xe6, 0x41, 0xef, 0xc7, 0x55, 0xe1, 0x99, 0xcc, 0x97, 0x99, 0x62, 0xcc, 0xdc, 0x51, 0x4c, 0x2e, + 0x07, 0xaf, 0xc1, 0x02, 0x17, 0x58, 0xdb, 0xde, 0x0a, 0xef, 0x9b, 0x66, 0xf5, 0xe8, 0xa0, 0xa1, + 0x93, 0x71, 0x92, 0xdf, 0xfc, 0x51, 0x11, 0x96, 0x52, 0x32, 0xfc, 0xe8, 0x8e, 0xcd, 0x78, 0x92, + 0x3b, 0xb6, 0x2f, 0xcb, 0x12, 0x5e, 0x86, 0x59, 0xd7, 0x5b, 0xb7, 0xec, 0x3d, 0x22, 0xdf, 0x33, + 0x44, 0x53, 0x74, 0x4f, 0x34, 0xe3, 0x90, 0x1e, 0x1a, 0x4d, 0xe1, 0x04, 0x46, 0x33, 0xf5, 0x42, + 0xbf, 0x1d, 0x56, 0x59, 0x3a, 0x4e, 0x8f, 0xf0, 0x58, 0x6d, 0x26, 0xb1, 0x33, 0x35, 0x2a, 0x4e, + 0x70, 0xa3, 0xaf, 0x43, 0x59, 0x2c, 0x8f, 0xdf, 0xa5, 0x19, 0x6e, 0x03, 0xa3, 0xce, 0x34, 0x42, + 0x21, 0x1c, 0xcb, 0xa3, 0x01, 0x9c, 0xe7, 0xe9, 0x00, 0xf3, 0xd7, 0x7d, 0xe7, 0xdb, 0x22, 0x1e, + 0x14, 0xcf, 0xae, 0x44, 0x9d, 0xf3, 0xc6, 0xd1, 0xa8, 0x76, 0x7e, 0x2b, 0x9d, 0xe5, 0xd1, 0x64, + 0x12, 0x9e, 0x04, 0x8b, 0xbe, 0x01, 0xb3, 0x07, 0x3c, 0xa2, 0x0a, 0x6f, 0x26, 0xea, 0xd3, 0x45, + 0xc7, 0xf1, 0x2a, 0x8a, 0xff, 0x14, 0x87, 0x78, 0xe6, 0xf7, 0x0d, 0x48, 0xbf, 0x1e, 0xd4, 0xe7, + 0xcc, 0x78, 0xc2, 0x39, 0x7b, 0x31, 0xb6, 0x2b, 0x51, 0xce, 0xaf, 0xa4, 0xd9, 0x94, 0xf9, 0x47, + 0x06, 0x2c, 0xa5, 0xd4, 0x37, 0x7e, 0x39, 0x8e, 0xa4, 0xcf, 0x73, 0xc9, 0xce, 0x6d, 0x1e, 0x10, + 0x37, 0x38, 0xd9, 0xa5, 0xe4, 0xa6, 0xb8, 0x0a, 0xcc, 0xc9, 0xaa, 0x7e, 0xa6, 0xe2, 0x04, 0xaf, + 0x0f, 0xeb, 0x77, 0x80, 0x4f, 0xe0, 0xb9, 0x27, 0xdf, 0x39, 0x17, 0x9e, 0xf5, 0x9d, 0xb3, 0xf9, + 0x57, 0x06, 0xcc, 0xeb, 0x77, 0x9d, 0xe8, 0xab, 0x90, 0x1f, 0xfa, 0x8e, 0x9c, 0xd4, 0xa8, 0xf7, + 0xef, 0xe2, 0x2d, 0xcc, 0xda, 0x19, 0xd9, 0x27, 0x1d, 0xb9, 0x62, 0x11, 0x19, 0x93, 0x0e, 0x66, + 0xed, 0x88, 0x40, 0x65, 0xe0, 0x7b, 0x9f, 0x1c, 0x8a, 0x73, 0x7e, 0x8a, 0xf7, 0xd9, 0xdb, 0xb1, + 0x54, 0x5c, 0x46, 0x56, 0x1a, 0xb1, 0x8a, 0xcb, 0x23, 0xa8, 0xf1, 0xe2, 0xd8, 0x2f, 0x87, 0xb9, + 0xfe, 0x5d, 0x0e, 0x66, 0xa5, 0xd1, 0xa0, 0x8f, 0x60, 0xbe, 0xab, 0x4d, 0xef, 0x14, 0xdd, 0x4a, + 0xdc, 0x41, 0x47, 0x2e, 0x57, 0x6f, 0xc7, 0x09, 0x05, 0xe8, 0xb7, 0xe1, 0x4c, 0xd7, 0x09, 0xf4, + 0x31, 0x4d, 0x51, 0x39, 0xb8, 0x9d, 0x94, 0x6d, 0x5c, 0x90, 0x8a, 0xcf, 0x8c, 0x91, 0xf0, 0xb8, + 0x26, 0x74, 0x1f, 0x0a, 0x3e, 0xe9, 0x4c, 0xf3, 0xc8, 0x89, 0xed, 0x29, 0xd2, 0xe1, 0x7b, 0x2c, + 0x8a, 0xbe, 0x30, 0xe9, 0x50, 0xcc, 0x81, 0xcc, 0xdf, 0x15, 0x4b, 0x9d, 0x28, 0x10, 0xfe, 0x4f, + 0x7c, 0x32, 0xf1, 0x5f, 0x06, 0x40, 0xdc, 0xd9, 0xff, 0x7f, 0x6b, 0x6b, 0xfe, 0x79, 0x0e, 0xc6, + 0x19, 0xd9, 0xbe, 0xb0, 0x45, 0xf6, 0x68, 0xa4, 0x7e, 0xa6, 0x24, 0xa9, 0xe8, 0x21, 0xcc, 0x58, + 0xfc, 0x3b, 0x9f, 0x29, 0x7a, 0x2c, 0x54, 0xad, 0x7b, 0x6e, 0xe0, 0x7b, 0xbd, 0x77, 0x29, 0xf1, + 0x95, 0x8f, 0x6b, 0x38, 0x16, 0x96, 0x98, 0x88, 0xb0, 0xf4, 0x44, 0x7e, 0xab, 0x33, 0xc5, 0x33, + 0xf9, 0x71, 0x05, 0x4a, 0xaa, 0x22, 0xe1, 0x70, 0x8c, 0x3c, 0xc5, 0xbd, 0xb5, 0xf9, 0x3d, 0x03, + 0x16, 0x93, 0xd5, 0x74, 0x26, 0xcf, 0x83, 0x8d, 0xad, 0x8d, 0xe4, 0x5d, 0xc5, 0x96, 0x68, 0xc6, + 0x21, 0x1d, 0xdd, 0x81, 0x59, 0x16, 0x74, 0x62, 0xe9, 0x6d, 0x33, 0x86, 0xac, 0xfc, 0x7c, 0xbf, + 0x25, 0xe4, 0x70, 0x08, 0x60, 0xfe, 0x83, 0x01, 0x68, 0xbc, 0xde, 0x8a, 0xb6, 0xe1, 0xac, 0xf8, + 0x12, 0x43, 0x3e, 0x22, 0xd8, 0xd2, 0xba, 0x76, 0x49, 0x76, 0xed, 0x6c, 0x33, 0x85, 0x07, 0xa7, + 0x4a, 0x46, 0x41, 0x76, 0xee, 0xe4, 0x41, 0xf6, 0x4b, 0x30, 0x33, 0x60, 0x73, 0xd5, 0x96, 0x91, + 0x70, 0xb4, 0xe2, 0xdb, 0xbc, 0x15, 0x4b, 0xaa, 0xf9, 0xd7, 0x39, 0xa8, 0x4e, 0x7a, 0x86, 0xfd, + 0x25, 0x8c, 0xec, 0xa1, 0x36, 0xb2, 0x37, 0x33, 0xbf, 0xf9, 0x09, 0x7c, 0x62, 0xf5, 0x77, 0xac, + 0xee, 0xf1, 0x39, 0x66, 0x1f, 0x16, 0x14, 0xad, 0x27, 0xfc, 0xe4, 0x26, 0xca, 0x91, 0x9a, 0x3a, + 0x14, 0x4e, 0x62, 0x9b, 0x2d, 0x80, 0xf8, 0x1d, 0x69, 0x86, 0x1a, 0xf4, 0x0b, 0x50, 0x3c, 0xb0, + 0x7a, 0xc3, 0xf0, 0xcb, 0xc5, 0xe8, 0x35, 0xf8, 0x03, 0xd6, 0x88, 0x05, 0xcd, 0xfc, 0xe3, 0x1c, + 0x54, 0x94, 0x77, 0x4e, 0x4f, 0x2b, 0xfd, 0x7e, 0x0e, 0x72, 0x16, 0xe5, 0xe9, 0x4e, 0x59, 0x5c, + 0x4c, 0xaf, 0x51, 0x9c, 0xb3, 0x28, 0x7a, 0x0f, 0x8a, 0x03, 0x2b, 0xd8, 0x0b, 0xdf, 0xb2, 0x5f, + 0x9d, 0xee, 0x15, 0x16, 0x4b, 0x4f, 0xe2, 0x71, 0xb0, 0x7f, 0x14, 0x0b, 0xbc, 0x44, 0x96, 0x97, + 0x7f, 0x7a, 0x59, 0x9e, 0xf9, 0x5d, 0x03, 0x16, 0x12, 0x7d, 0x40, 0x57, 0x01, 0x68, 0xf4, 0x4f, + 0x2e, 0x41, 0x54, 0x48, 0x8b, 0xf9, 0xb0, 0xc2, 0xf5, 0xc4, 0x05, 0x93, 0x1e, 0x9c, 0x9f, 0x60, + 0x9c, 0x2c, 0x45, 0x64, 0x2b, 0x4e, 0x07, 0x96, 0x4d, 0x92, 0x4f, 0xf6, 0xef, 0x85, 0x04, 0x1c, + 0xf3, 0x44, 0xc6, 0x93, 0x9b, 0x64, 0x3c, 0xe6, 0x3f, 0x1a, 0x70, 0xe9, 0xb8, 0xcb, 0x60, 0x96, + 0xf4, 0xcb, 0x1b, 0xdf, 0x28, 0xcd, 0x4c, 0x5c, 0x09, 0xdc, 0xd1, 0xc9, 0x38, 0xc9, 0x8f, 0xae, + 0x43, 0x45, 0x69, 0x92, 0x9d, 0x89, 0xe2, 0x48, 0x45, 0x1c, 0xab, 0x7c, 0x4f, 0x10, 0xc6, 0x9b, + 0x7f, 0x6b, 0xc0, 0xd9, 0xb4, 0xca, 0x21, 0xea, 0x86, 0xdf, 0x58, 0x88, 0xdc, 0xad, 0x71, 0xc2, + 0x0a, 0x64, 0x9d, 0x7f, 0x69, 0xb1, 0xe9, 0x06, 0xfe, 0x61, 0xfa, 0xd7, 0x17, 0x17, 0x6f, 0x02, + 0xc4, 0x3c, 0x68, 0x11, 0xf2, 0xfb, 0xe4, 0x50, 0x4c, 0x1c, 0x66, 0x3f, 0xd1, 0x59, 0x6d, 0xd3, + 0xca, 0x5d, 0xfa, 0x66, 0xee, 0xa6, 0xf1, 0x66, 0xe9, 0x0f, 0xfe, 0xa4, 0x76, 0xea, 0x3b, 0xbf, + 0xb8, 0x7c, 0xca, 0xfc, 0x81, 0x01, 0x6a, 0x94, 0x8d, 0x5e, 0x81, 0xf2, 0x5e, 0x10, 0x0c, 0x78, + 0x93, 0x7c, 0xd2, 0xc5, 0xaf, 0x24, 0xde, 0xd9, 0xd9, 0xd9, 0xe6, 0x8d, 0x38, 0xa6, 0xa3, 0x3a, + 0x00, 0xfb, 0x43, 0x05, 0x77, 0x21, 0x7e, 0x86, 0xc9, 0xb8, 0x5b, 0x82, 0x5d, 0xe1, 0x10, 0xc9, + 0xa8, 0x60, 0x16, 0x9f, 0xee, 0xc9, 0x64, 0x54, 0x70, 0x86, 0x34, 0xf3, 0xcf, 0x0c, 0x38, 0x33, + 0xf6, 0x84, 0x10, 0x6d, 0x47, 0xe1, 0xf7, 0xb4, 0xc5, 0xc7, 0x09, 0x81, 0xfa, 0x13, 0xef, 0xa2, + 0x9b, 0x70, 0x56, 0x20, 0x72, 0xad, 0xf1, 0x16, 0x7a, 0xac, 0x3b, 0x35, 0xff, 0xd4, 0x00, 0x88, + 0xcb, 0x61, 0x68, 0x17, 0xe6, 0x44, 0x97, 0xb4, 0x38, 0x32, 0xfb, 0x00, 0xcf, 0x4a, 0x15, 0x73, + 0x2d, 0x05, 0x05, 0x6b, 0x98, 0x6c, 0x5f, 0xf3, 0x2a, 0x34, 0xdf, 0x5d, 0x39, 0x7d, 0x5f, 0xdf, + 0x0d, 0x09, 0x38, 0xe6, 0x31, 0x7f, 0x9e, 0x87, 0xa5, 0x94, 0x47, 0x2b, 0xff, 0xa7, 0x8b, 0xaa, + 0x2f, 0xc3, 0xac, 0xf8, 0x8e, 0x81, 0x26, 0xa3, 0x3b, 0xf1, 0x99, 0x03, 0xc5, 0x21, 0x1d, 0xad, + 0x42, 0xc5, 0x71, 0x6d, 0x71, 0xc7, 0x62, 0x85, 0xc5, 0x34, 0x71, 0x7f, 0x1d, 0x37, 0x63, 0x95, + 0x47, 0xaf, 0xbe, 0xcd, 0x64, 0xa8, 0xbe, 0x7d, 0x89, 0xe5, 0xa7, 0x6f, 0xc2, 0x99, 0xb1, 0xd0, + 0x37, 0x5b, 0x1c, 0x40, 0xf8, 0xe7, 0xf3, 0x89, 0x38, 0x40, 0x7c, 0x35, 0x2f, 0x68, 0xe6, 0x0f, + 0x0d, 0x98, 0x4f, 0xe4, 0x08, 0x27, 0x2a, 0xd5, 0xdc, 0x57, 0x4b, 0x35, 0x27, 0xcb, 0x6f, 0xb4, + 0xa2, 0x8d, 0x79, 0x07, 0xd2, 0x5f, 0xc1, 0x27, 0x17, 0xd3, 0x78, 0xfc, 0x62, 0x9a, 0x3f, 0xc9, + 0x41, 0x39, 0x7a, 0x3c, 0x88, 0x5e, 0xd3, 0x66, 0xee, 0x82, 0x3a, 0x73, 0x8f, 0x46, 0x35, 0xc1, + 0xa8, 0x4c, 0xe3, 0x07, 0x50, 0x8e, 0x1e, 0x9f, 0x46, 0xa5, 0xa8, 0xec, 0x71, 0x5e, 0x64, 0x35, + 0xd1, 0x8b, 0x56, 0x1c, 0xe3, 0xb1, 0xd0, 0x37, 0x7c, 0x1d, 0x7a, 0xd7, 0xe9, 0xf5, 0x1c, 0x2a, + 0x2f, 0xd8, 0xf2, 0xfc, 0x82, 0x2d, 0x0a, 0x7d, 0x37, 0x52, 0x78, 0x70, 0xaa, 0x24, 0xda, 0x86, + 0x22, 0x0d, 0xc8, 0x80, 0xca, 0x9a, 0xf3, 0x2b, 0x99, 0xde, 0x55, 0x92, 0x01, 0x4f, 0xe9, 0x23, + 0x13, 0x61, 0x2d, 0x14, 0x0b, 0x20, 0xf3, 0xdf, 0x0c, 0x28, 0x85, 0x2c, 0xe8, 0x55, 0x6d, 0xf2, + 0xaa, 0x89, 0xc9, 0xe3, 0x7c, 0xff, 0x6b, 0xe7, 0xce, 0x1c, 0x19, 0x30, 0xaf, 0xbf, 0x11, 0x51, + 0x0a, 0x49, 0xc6, 0x71, 0x85, 0x24, 0xf4, 0x2a, 0x94, 0xac, 0x5e, 0xcf, 0xfb, 0x78, 0xd3, 0x3d, + 0x90, 0xc5, 0xdb, 0xe8, 0xee, 0x79, 0x4d, 0xb6, 0xe3, 0x88, 0x03, 0x1d, 0xc0, 0x82, 0x90, 0x8b, + 0x5f, 0xff, 0xe6, 0x33, 0x5f, 0x81, 0xa6, 0x9d, 0x63, 0x8d, 0x25, 0x16, 0x79, 0xb5, 0x74, 0x4c, + 0x9c, 0x54, 0xd2, 0xb8, 0xf2, 0xd9, 0x17, 0xcb, 0xa7, 0x7e, 0xf6, 0xc5, 0xf2, 0xa9, 0xcf, 0xbf, + 0x58, 0x3e, 0xf5, 0x9d, 0xa3, 0x65, 0xe3, 0xb3, 0xa3, 0x65, 0xe3, 0x67, 0x47, 0xcb, 0xc6, 0xe7, + 0x47, 0xcb, 0xc6, 0xbf, 0x1c, 0x2d, 0x1b, 0xbf, 0xff, 0xaf, 0xcb, 0xa7, 0xbe, 0x99, 0x3b, 0x58, + 0xfd, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0xd4, 0x45, 0xd5, 0xb9, 0x97, 0x46, 0x00, 0x00, } func (m *BinaryBuildRequestOptions) Marshal() (dAtA []byte, err error) { @@ -3633,6 +3634,18 @@ func (m *BuildVolumeSource) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.CSI != nil { + { + size, err := m.CSI.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } if m.ConfigMap != nil { { size, err := m.ConfigMap.MarshalToSizedBuffer(dAtA[:i]) @@ -5975,6 +5988,10 @@ func (m *BuildVolumeSource) Size() (n int) { l = m.ConfigMap.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.CSI != nil { + l = m.CSI.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -7008,6 +7025,7 @@ func (this *BuildVolumeSource) String() string { `Type:` + fmt.Sprintf("%v", this.Type) + `,`, `Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "SecretVolumeSource", "v11.SecretVolumeSource", 1) + `,`, `ConfigMap:` + strings.Replace(fmt.Sprintf("%v", this.ConfigMap), "ConfigMapVolumeSource", "v11.ConfigMapVolumeSource", 1) + `,`, + `CSI:` + strings.Replace(fmt.Sprintf("%v", this.CSI), "CSIVolumeSource", "v11.CSIVolumeSource", 1) + `,`, `}`, }, "") return s @@ -12277,6 +12295,42 @@ func (m *BuildVolumeSource) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CSI", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.CSI == nil { + m.CSI = &v11.CSIVolumeSource{} + } + if err := m.CSI.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/build/v1/generated.proto b/vendor/github.com/openshift/api/build/v1/generated.proto index e57b73a65..5a0f84bb1 100644 --- a/vendor/github.com/openshift/api/build/v1/generated.proto +++ b/vendor/github.com/openshift/api/build/v1/generated.proto @@ -670,6 +670,10 @@ message BuildVolumeSource { // configMap represents a ConfigMap that should populate this volume // +optional optional k8s.io.api.core.v1.ConfigMapVolumeSource configMap = 3; + + // csi represents ephemeral storage provided by external CSI drivers which support this capability + // +optional + optional k8s.io.api.core.v1.CSIVolumeSource csi = 4; } // CommonSpec encapsulates all the inputs necessary to represent a build. diff --git a/vendor/github.com/openshift/api/build/v1/types.go b/vendor/github.com/openshift/api/build/v1/types.go index 55ccddfa6..8988907a3 100644 --- a/vendor/github.com/openshift/api/build/v1/types.go +++ b/vendor/github.com/openshift/api/build/v1/types.go @@ -1411,6 +1411,9 @@ const ( // BuildVolumeSourceTypeConfigmap is the ConfigMap build source volume type BuildVolumeSourceTypeConfigMap BuildVolumeSourceType = "ConfigMap" + + // BuildVolumeSourceTypeCSI is the CSI build source volume type + BuildVolumeSourceTypeCSI BuildVolumeSourceType = "CSI" ) // BuildVolumeSource represents the source of a volume to mount @@ -1430,6 +1433,10 @@ type BuildVolumeSource struct { // configMap represents a ConfigMap that should populate this volume // +optional ConfigMap *corev1.ConfigMapVolumeSource `json:"configMap,omitempty" protobuf:"bytes,3,opt,name=configMap"` + + // csi represents ephemeral storage provided by external CSI drivers which support this capability + // +optional + CSI *corev1.CSIVolumeSource `json:"csi,omitempty" protobuf:"bytes,4,opt,name=csi"` } // BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment. diff --git a/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go index 9e25a4e41..d36b28c82 100644 --- a/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go @@ -799,6 +799,11 @@ func (in *BuildVolumeSource) DeepCopyInto(out *BuildVolumeSource) { *out = new(corev1.ConfigMapVolumeSource) (*in).DeepCopyInto(*out) } + if in.CSI != nil { + in, out := &in.CSI, &out.CSI + *out = new(corev1.CSIVolumeSource) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go index c9f55607d..e8f9077e7 100644 --- a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go @@ -314,6 +314,7 @@ var map_BuildVolumeSource = map[string]string{ "type": "type is the BuildVolumeSourceType for the volume source. Type must match the populated volume source. Valid types are: Secret, ConfigMap", "secret": "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "configMap": "configMap represents a ConfigMap that should populate this volume", + "csi": "csi represents ephemeral storage provided by external CSI drivers which support this capability", } func (BuildVolumeSource) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index 78fc97266..6be6c6812 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -202,7 +202,6 @@ spec: type: object required: - region - - resourceGroupID properties: region: description: region specifies the region for Alibaba Cloud resources created for the cluster. @@ -211,7 +210,7 @@ spec: resourceGroupID: description: resourceGroupID is the ID of the resource group for the cluster. type: string - pattern: ^rg-[0-9A-Za-z]+$ + pattern: ^(rg-[0-9A-Za-z]+)?$ resourceTags: description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. type: array diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 149cf8e6f..032673069 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -121,7 +121,6 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ with("CSIMigrationAzureFile"). // sig-storage, fbertina, Kubernetes feature gate with("CSIMigrationvSphere"). // sig-storage, fbertina, Kubernetes feature gate with("ExternalCloudProvider"). // sig-cloud-provider, jspeed, OCP specific - with("InsightsOperatorPullingSCA"). // insights-operator/ccx, tremes, OCP specific with("CSIDriverSharedResource"). // sig-build, adkaplan, OCP specific with("BuildCSIVolumes"). // sig-build, adkaplan, OCP specific with("NodeSwap"). // sig-node, ehashman, Kubernetes feature gate @@ -143,14 +142,16 @@ var defaultFeatures = &FeatureGateEnabledDisabled{ Enabled: []string{ "APIPriorityAndFairness", // sig-apimachinery, deads2k "RotateKubeletServerCertificate", // sig-pod, sjenning - "SupportPodPidsLimit", // sig-pod, sjenning - "NodeDisruptionExclusion", // sig-scheduling, ccoleman - "ServiceNodeExclusion", // sig-scheduling, ccoleman "DownwardAPIHugePages", // sig-node, rphillips "PodSecurity", // sig-auth, s-urbaniak }, Disabled: []string{ - "LegacyNodeRoleBehavior", // sig-scheduling, ccoleman + "CSIMigrationAWS", // sig-storage, jsafrane + "CSIMigrationOpenStack", // sig-storage, jsafrane + "CSIMigrationGCE", // sig-storage, jsafrane + "CSIMigrationAzureDisk", // sig-storage, jsafrane + "CSIMigrationAzureFile", // sig-storage, jsafrane + "CSIMigrationvSphere", // sig-storage, jsafrane }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 92f730504..fe42bec83 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -665,10 +665,9 @@ type AlibabaCloudPlatformStatus struct { // +required Region string `json:"region"` // resourceGroupID is the ID of the resource group for the cluster. - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^rg-[0-9A-Za-z]+$` - // +required - ResourceGroupID string `json:"resourceGroupID"` + // +kubebuilder:validation:Pattern=`^(rg-[0-9A-Za-z]+)?$` + // +optional + ResourceGroupID string `json:"resourceGroupID,omitempty"` // resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. // +kubebuilder:validation:MaxItems=20 // +listType=map diff --git a/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml index 328063783..aa3ff6644 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml +++ b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml @@ -69,7 +69,7 @@ spec: maxLength: 2048 minLength: 1 disabled: - description: If set to true, disable the repo usage in the cluster + description: If set to true, disable the repo usage in the cluster/namespace type: boolean name: description: Optional associated human readable repository name, it can be used by UI for displaying purposes diff --git a/vendor/github.com/openshift/api/helm/v1beta1/0000_10-project-helm-chart-repository.crd.yaml b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-project-helm-chart-repository.crd.yaml new file mode 100644 index 000000000..d039edaa6 --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-project-helm-chart-repository.crd.yaml @@ -0,0 +1,130 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1084 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: projecthelmchartrepositories.helm.openshift.io +spec: + group: helm.openshift.io + names: + kind: ProjectHelmChartRepository + listKind: ProjectHelmChartRepositoryList + plural: projecthelmchartrepositories + singular: projecthelmchartrepository + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + connectionConfig: + description: Required configuration for connecting to the chart repo + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca-bundle.crt" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + tlsClientConfig: + description: tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key "tls.crt" is used to locate the client certificate. The key "tls.key" is used to locate the private key. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: Chart repository URL + type: string + maxLength: 2048 + pattern: ^https?:\/\/ + description: + description: Optional human readable repository description, it can be used by UI for displaying purposes + type: string + maxLength: 2048 + minLength: 1 + disabled: + description: If set to true, disable the repo usage in the cluster/namespace + type: boolean + name: + description: Optional associated human readable repository name, it can be used by UI for displaying purposes + type: string + maxLength: 100 + minLength: 1 + status: + description: Observed status of the repository within the namespace.. + type: object + properties: + conditions: + description: conditions is a list of conditions and their statuses + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ diff --git a/vendor/github.com/openshift/api/helm/v1beta1/register.go b/vendor/github.com/openshift/api/helm/v1beta1/register.go index 890474569..1301eb008 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/register.go +++ b/vendor/github.com/openshift/api/helm/v1beta1/register.go @@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(GroupVersion, &HelmChartRepository{}, &HelmChartRepositoryList{}, + &ProjectHelmChartRepository{}, + &ProjectHelmChartRepositoryList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go b/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go similarity index 97% rename from vendor/github.com/openshift/api/helm/v1beta1/types_helm.go rename to vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go index 1b4e69dee..4c963b624 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go +++ b/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go @@ -41,7 +41,7 @@ type HelmChartRepositoryList struct { // Helm chart repository exposed within the cluster type HelmChartRepositorySpec struct { - // If set to true, disable the repo usage in the cluster + // If set to true, disable the repo usage in the cluster/namespace // +optional Disabled bool `json:"disabled,omitempty"` diff --git a/vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go b/vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go new file mode 100644 index 000000000..7d199a709 --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go @@ -0,0 +1,37 @@ +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:plural=projecthelmchartrepositories + +// ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 +type ProjectHelmChartRepository struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec HelmChartRepositorySpec `json:"spec"` + + // Observed status of the repository within the namespace.. + // +optional + Status HelmChartRepositoryStatus `json:"status"` +} + +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=2 +type ProjectHelmChartRepositoryList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ProjectHelmChartRepository `json:"items"` +} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go index f656c6952..483dc4efc 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go @@ -128,3 +128,64 @@ func (in *HelmChartRepositoryStatus) DeepCopy() *HelmChartRepositoryStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectHelmChartRepository) DeepCopyInto(out *ProjectHelmChartRepository) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectHelmChartRepository. +func (in *ProjectHelmChartRepository) DeepCopy() *ProjectHelmChartRepository { + if in == nil { + return nil + } + out := new(ProjectHelmChartRepository) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ProjectHelmChartRepository) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectHelmChartRepositoryList) DeepCopyInto(out *ProjectHelmChartRepositoryList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ProjectHelmChartRepository, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectHelmChartRepositoryList. +func (in *ProjectHelmChartRepositoryList) DeepCopy() *ProjectHelmChartRepositoryList { + if in == nil { + return nil + } + out := new(ProjectHelmChartRepositoryList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ProjectHelmChartRepositoryList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml deleted file mode 100644 index 901cc09a3..000000000 --- a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml +++ /dev/null @@ -1,1051 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/519 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: configs.imageregistry.operator.openshift.io -spec: - group: imageregistry.operator.openshift.io - names: - kind: Config - listKind: ConfigList - plural: configs - singular: config - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Config is the configuration object for a registry instance managed by the registry operator \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRegistrySpec defines the specs for the running registry. - type: object - required: - - managementState - - replicas - properties: - affinity: - description: affinity is a group of node affinity scheduling rules for the image registry pod(s). - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - type: array - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - defaultRoute: - description: defaultRoute indicates whether an external facing route for the registry should be created using the default generated hostname. - type: boolean - disableRedirect: - description: disableRedirect controls whether to route all data through the Registry, rather than redirecting to the backend. - type: boolean - httpSecret: - description: httpSecret is the value needed by the registry to secure uploads, generated by default. - type: string - logLevel: - description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - logging: - description: logging is deprecated, use logLevel instead. - type: integer - format: int64 - managementState: - description: managementState indicates whether and how the operator should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - nodeSelector: - description: nodeSelector defines the node selection constraints for the registry pod. - type: object - additionalProperties: - type: string - observedConfig: - description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - proxy: - description: proxy defines the proxy to be used when calling master api, upstream registries, etc. - type: object - properties: - http: - description: http defines the proxy to be used by the image registry when accessing HTTP endpoints. - type: string - https: - description: https defines the proxy to be used by the image registry when accessing HTTPS endpoints. - type: string - noProxy: - description: noProxy defines a comma-separated list of host names that shouldn't go through any proxy. - type: string - readOnly: - description: readOnly indicates whether the registry instance should reject attempts to push new images or delete existing ones. - type: boolean - replicas: - description: replicas determines the number of registry instances to run. - type: integer - format: int32 - requests: - description: requests controls how many parallel requests a given registry instance will handle before queuing additional requests. - type: object - properties: - read: - description: read defines limits for image registry's reads. - type: object - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected. - type: string - format: duration - write: - description: write defines limits for image registry's writes. - type: object - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected. - type: string - format: duration - resources: - description: resources defines the resource requests+limits for the registry pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - rolloutStrategy: - description: rolloutStrategy defines rollout strategy for the image registry deployment. - type: string - pattern: ^(RollingUpdate|Recreate)$ - routes: - description: routes defines additional external facing routes which should be created for the registry. - type: array - items: - description: ImageRegistryConfigRoute holds information on external route access to image registry. - type: object - required: - - name - properties: - hostname: - description: hostname for the route. - type: string - name: - description: name of the route to be created. - type: string - secretName: - description: secretName points to secret containing the certificates to be used by the route. - type: string - storage: - description: storage details for configuring registry storage, e.g. S3 bucket coordinates. - type: object - properties: - azure: - description: azure represents configuration that uses Azure Blob Storage. - type: object - properties: - accountName: - description: accountName defines the account to be used by the registry. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object. - type: string - container: - description: container defines Azure's container to be used by registry. - type: string - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud Storage. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. - type: string - keyID: - description: keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key. - type: string - projectID: - description: projectID is the Project ID of the GCP project that this bucket should be associated with. - type: string - region: - description: region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region. - type: string - ibmcos: - description: ibmcos represents configuration that uses IBM Cloud Object Storage. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. - type: string - location: - description: location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location. - type: string - resourceGroupName: - description: resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group. - type: string - resourceKeyCRN: - description: resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided. - type: string - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ - serviceInstanceCRN: - description: serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided. - type: string - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ - managementState: - description: managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed. - type: string - pattern: ^(Managed|Unmanaged)$ - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. - type: object - properties: - claim: - description: claim defines the Persisent Volume Claim's name to be used. - type: string - s3: - description: s3 represents configuration that uses Amazon Simple Storage Service. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. - type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the storage middleware in a registry. - type: object - required: - - baseURL - - keypairID - - privateKey - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront session. - type: string - format: duration - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the private key, provided by AWS. - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - encrypt: - description: encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored. - type: string - region: - description: region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region. - type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible storage services. Optional, defaults based on the Region that is provided. - type: string - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false. - type: boolean - swift: - description: swift represents configuration that uses OpenStack Object Storage. - type: object - properties: - authURL: - description: authURL defines the URL for obtaining an authentication token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container where to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for Identity v3 API. - type: string - domainID: - description: domainID specifies Openstack's domain id for Identity v3 API. - type: string - regionName: - description: regionName defines Openstack's region in which container exists. - type: string - tenant: - description: tenant defines Openstack tenant name to be used by registry. - type: string - tenantID: - description: tenant defines Openstack tenant id to be used by registry. - type: string - tolerations: - description: tolerations defines the tolerations for the registry pod. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: ImageRegistryStatus reports image registry operational status. - type: object - required: - - storage - - storageManaged - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. - type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and at the desired state - type: integer - format: int32 - storage: - description: storage indicates the current applied storage configuration of the registry. - type: object - properties: - azure: - description: azure represents configuration that uses Azure Blob Storage. - type: object - properties: - accountName: - description: accountName defines the account to be used by the registry. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object. - type: string - container: - description: container defines Azure's container to be used by registry. - type: string - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud Storage. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. - type: string - keyID: - description: keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key. - type: string - projectID: - description: projectID is the Project ID of the GCP project that this bucket should be associated with. - type: string - region: - description: region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region. - type: string - ibmcos: - description: ibmcos represents configuration that uses IBM Cloud Object Storage. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. - type: string - location: - description: location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location. - type: string - resourceGroupName: - description: resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group. - type: string - resourceKeyCRN: - description: resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided. - type: string - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ - serviceInstanceCRN: - description: serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided. - type: string - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ - managementState: - description: managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed. - type: string - pattern: ^(Managed|Unmanaged)$ - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. - type: object - properties: - claim: - description: claim defines the Persisent Volume Claim's name to be used. - type: string - s3: - description: s3 represents configuration that uses Amazon Simple Storage Service. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. - type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the storage middleware in a registry. - type: object - required: - - baseURL - - keypairID - - privateKey - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront session. - type: string - format: duration - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the private key, provided by AWS. - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - encrypt: - description: encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored. - type: string - region: - description: region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region. - type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible storage services. Optional, defaults based on the Region that is provided. - type: string - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false. - type: boolean - swift: - description: swift represents configuration that uses OpenStack Object Storage. - type: object - properties: - authURL: - description: authURL defines the URL for obtaining an authentication token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container where to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for Identity v3 API. - type: string - domainID: - description: domainID specifies Openstack's domain id for Identity v3 API. - type: string - regionName: - description: regionName defines Openstack's region in which container exists. - type: string - tenant: - description: tenant defines Openstack tenant name to be used by registry. - type: string - tenantID: - description: tenant defines Openstack tenant id to be used by registry. - type: string - storageManaged: - description: storageManaged is deprecated, please refer to Storage.managementState - type: boolean - version: - description: version is the level this availability applies to - type: string - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml new file mode 100644 index 000000000..c1091da57 --- /dev/null +++ b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml @@ -0,0 +1,1755 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/519 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: configs.imageregistry.operator.openshift.io +spec: + group: imageregistry.operator.openshift.io + names: + kind: Config + listKind: ConfigList + plural: configs + singular: config + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Config is the configuration object for a registry instance managed + by the registry operator \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageRegistrySpec defines the specs for the running registry. + properties: + affinity: + description: affinity is a group of node affinity scheduling rules + for the image registry pod(s). + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + defaultRoute: + description: defaultRoute indicates whether an external facing route + for the registry should be created using the default generated hostname. + type: boolean + disableRedirect: + description: disableRedirect controls whether to route all data through + the Registry, rather than redirecting to the backend. + type: boolean + httpSecret: + description: httpSecret is the value needed by the registry to secure + uploads, generated by default. + type: string + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + logging: + description: logging is deprecated, use logLevel instead. + format: int64 + type: integer + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + nodeSelector: + additionalProperties: + type: string + description: nodeSelector defines the node selection constraints for + the registry pod. + type: object + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + proxy: + description: proxy defines the proxy to be used when calling master + api, upstream registries, etc. + properties: + http: + description: http defines the proxy to be used by the image registry + when accessing HTTP endpoints. + type: string + https: + description: https defines the proxy to be used by the image registry + when accessing HTTPS endpoints. + type: string + noProxy: + description: noProxy defines a comma-separated list of host names + that shouldn't go through any proxy. + type: string + type: object + readOnly: + description: readOnly indicates whether the registry instance should + reject attempts to push new images or delete existing ones. + type: boolean + replicas: + description: replicas determines the number of registry instances + to run. + format: int32 + type: integer + requests: + description: requests controls how many parallel requests a given + registry instance will handle before queuing additional requests. + properties: + read: + description: read defines limits for image registry's reads. + properties: + maxInQueue: + description: maxInQueue sets the maximum queued api requests + to the registry. + type: integer + maxRunning: + description: maxRunning sets the maximum in flight api requests + to the registry. + type: integer + maxWaitInQueue: + description: maxWaitInQueue sets the maximum time a request + can wait in the queue before being rejected. + format: duration + type: string + type: object + write: + description: write defines limits for image registry's writes. + properties: + maxInQueue: + description: maxInQueue sets the maximum queued api requests + to the registry. + type: integer + maxRunning: + description: maxRunning sets the maximum in flight api requests + to the registry. + type: integer + maxWaitInQueue: + description: maxWaitInQueue sets the maximum time a request + can wait in the queue before being rejected. + format: duration + type: string + type: object + type: object + resources: + description: resources defines the resource requests+limits for the + registry pod. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + rolloutStrategy: + description: rolloutStrategy defines rollout strategy for the image + registry deployment. + pattern: ^(RollingUpdate|Recreate)$ + type: string + routes: + description: routes defines additional external facing routes which + should be created for the registry. + items: + description: ImageRegistryConfigRoute holds information on external + route access to image registry. + properties: + hostname: + description: hostname for the route. + type: string + name: + description: name of the route to be created. + type: string + secretName: + description: secretName points to secret containing the certificates + to be used by the route. + type: string + required: + - name + type: object + type: array + storage: + description: storage details for configuring registry storage, e.g. + S3 bucket coordinates. + properties: + azure: + description: azure represents configuration that uses Azure Blob + Storage. + properties: + accountName: + description: accountName defines the account to be used by + the registry. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + to be used by the registry. If empty, the operator will + set it based on the infrastructure object. + type: string + container: + description: container defines Azure's container to be used + by registry. + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + type: string + type: object + emptyDir: + description: 'emptyDir represents ephemeral storage on the pod''s + host node. WARNING: this storage cannot be used with more than + 1 replica and is not suitable for production use. When the pod + is removed from a node for any reason, the data in the emptyDir + is deleted forever.' + type: object + gcs: + description: gcs represents configuration that uses Google Cloud + Storage. + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, buckets are encrypted by default on GCP. This + allows for the use of a custom encryption key. + type: string + projectID: + description: projectID is the Project ID of the GCP project + that this bucket should be associated with. + type: string + region: + description: region is the GCS location in which your bucket + exists. Optional, will be set based on the installed GCS + Region. + type: string + type: object + ibmcos: + description: ibmcos represents configuration that uses IBM Cloud + Object Storage. + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + location: + description: location is the IBM Cloud location in which your + bucket exists. Optional, will be set based on the installed + IBM Cloud location. + type: string + resourceGroupName: + description: resourceGroupName is the name of the IBM Cloud + resource group that this bucket and its service instance + is associated with. Optional, will be set based on the installed + IBM Cloud resource group. + type: string + resourceKeyCRN: + description: resourceKeyCRN is the CRN of the IBM Cloud resource + key that is created for the service instance. Commonly referred + as a service credential and must contain HMAC type credentials. + Optional, will be computed if not provided. + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ + type: string + serviceInstanceCRN: + description: serviceInstanceCRN is the CRN of the IBM Cloud + Object Storage service instance that this bucket is associated + with. Optional, will be computed if not provided. + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ + type: string + type: object + managementState: + description: managementState indicates if the operator manages + the underlying storage unit. If Managed the operator will remove + the storage when this operator gets Removed. + pattern: ^(Managed|Unmanaged)$ + type: string + oss: + description: Oss represents configuration that uses Alibaba Cloud + Object Storage Service. + properties: + bucket: + description: Bucket is the bucket name in which you want to + store the registry's data. About Bucket naming, more details + you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) + Empty value means no opinion and the platform chooses the + a default, which is subject to change over time. Currently + the default will be autogenerated in the form of -image-registry-- + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + type: string + encryption: + anyOf: + - not: + required: + - kms + properties: + method: + not: + enum: + - KMS + - properties: + method: + enum: + - KMS + required: + - kms + description: Encryption specifies whether you would like your + data encrypted on the server side. More details, you can + look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) + properties: + kms: + description: KMS (key management service) is an encryption + type that holds the struct for KMS KeyID + properties: + keyID: + description: KeyID holds the KMS encryption key ID + minLength: 1 + type: string + required: + - keyID + type: object + method: + default: AES256 + description: Method defines the different encrytion modes + available Empty value means no opinion and the platform + chooses the a default, which is subject to change over + time. Currently the default is `AES256`. + enum: + - KMS + - AES256 + type: string + type: object + endpointAccessibility: + default: Internal + description: EndpointAccessibility specifies whether the registry + use the OSS VPC internal endpoint Empty value means no opinion + and the platform chooses the a default, which is subject + to change over time. Currently the default is `Internal`. + enum: + - Internal + - Public + - "" + type: string + region: + description: Region is the Alibaba Cloud Region in which your + bucket exists. For a list of regions, you can look at the + [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). + Empty value means no opinion and the platform chooses the + a default, which is subject to change over time. Currently + the default will be based on the installed Alibaba Cloud + Region. + type: string + type: object + pvc: + description: pvc represents configuration that uses a PersistentVolumeClaim. + properties: + claim: + description: claim defines the Persisent Volume Claim's name + to be used. + type: string + type: object + s3: + description: s3 represents configuration that uses Amazon Simple + Storage Service. + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + cloudFront: + description: cloudFront configures Amazon Cloudfront as the + storage middleware in a registry. + properties: + baseURL: + description: baseURL contains the SCHEME://HOST[/PATH] + at which Cloudfront is served. + type: string + duration: + description: duration is the duration of the Cloudfront + session. + format: duration + type: string + keypairID: + description: keypairID is key pair ID provided by AWS. + type: string + privateKey: + description: privateKey points to secret containing the + private key, provided by AWS. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + required: + - baseURL + - keypairID + - privateKey + type: object + encrypt: + description: encrypt specifies whether the registry stores + the image in encrypted format or not. Optional, defaults + to false. + type: boolean + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, Encrypt must be true, or this parameter is ignored. + type: string + region: + description: region is the AWS region in which your bucket + exists. Optional, will be set based on the installed AWS + Region. + type: string + regionEndpoint: + description: regionEndpoint is the endpoint for S3 compatible + storage services. Optional, defaults based on the Region + that is provided. + type: string + virtualHostedStyle: + description: virtualHostedStyle enables using S3 virtual hosted + style bucket paths with a custom RegionEndpoint Optional, + defaults to false. + type: boolean + type: object + swift: + description: swift represents configuration that uses OpenStack + Object Storage. + properties: + authURL: + description: authURL defines the URL for obtaining an authentication + token. + type: string + authVersion: + description: authVersion specifies the OpenStack Auth's version. + type: string + container: + description: container defines the name of Swift container + where to store the registry's data. + type: string + domain: + description: domain specifies Openstack's domain name for + Identity v3 API. + type: string + domainID: + description: domainID specifies Openstack's domain id for + Identity v3 API. + type: string + regionName: + description: regionName defines Openstack's region in which + container exists. + type: string + tenant: + description: tenant defines Openstack tenant name to be used + by registry. + type: string + tenantID: + description: tenant defines Openstack tenant id to be used + by registry. + type: string + type: object + type: object + tolerations: + description: tolerations defines the tolerations for the registry + pod. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - managementState + - replicas + type: object + status: + description: ImageRegistryStatus reports image registry operational status. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + storage: + description: storage indicates the current applied storage configuration + of the registry. + properties: + azure: + description: azure represents configuration that uses Azure Blob + Storage. + properties: + accountName: + description: accountName defines the account to be used by + the registry. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + to be used by the registry. If empty, the operator will + set it based on the infrastructure object. + type: string + container: + description: container defines Azure's container to be used + by registry. + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + type: string + type: object + emptyDir: + description: 'emptyDir represents ephemeral storage on the pod''s + host node. WARNING: this storage cannot be used with more than + 1 replica and is not suitable for production use. When the pod + is removed from a node for any reason, the data in the emptyDir + is deleted forever.' + type: object + gcs: + description: gcs represents configuration that uses Google Cloud + Storage. + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, buckets are encrypted by default on GCP. This + allows for the use of a custom encryption key. + type: string + projectID: + description: projectID is the Project ID of the GCP project + that this bucket should be associated with. + type: string + region: + description: region is the GCS location in which your bucket + exists. Optional, will be set based on the installed GCS + Region. + type: string + type: object + ibmcos: + description: ibmcos represents configuration that uses IBM Cloud + Object Storage. + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + location: + description: location is the IBM Cloud location in which your + bucket exists. Optional, will be set based on the installed + IBM Cloud location. + type: string + resourceGroupName: + description: resourceGroupName is the name of the IBM Cloud + resource group that this bucket and its service instance + is associated with. Optional, will be set based on the installed + IBM Cloud resource group. + type: string + resourceKeyCRN: + description: resourceKeyCRN is the CRN of the IBM Cloud resource + key that is created for the service instance. Commonly referred + as a service credential and must contain HMAC type credentials. + Optional, will be computed if not provided. + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ + type: string + serviceInstanceCRN: + description: serviceInstanceCRN is the CRN of the IBM Cloud + Object Storage service instance that this bucket is associated + with. Optional, will be computed if not provided. + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ + type: string + type: object + managementState: + description: managementState indicates if the operator manages + the underlying storage unit. If Managed the operator will remove + the storage when this operator gets Removed. + pattern: ^(Managed|Unmanaged)$ + type: string + oss: + description: Oss represents configuration that uses Alibaba Cloud + Object Storage Service. + properties: + bucket: + description: Bucket is the bucket name in which you want to + store the registry's data. About Bucket naming, more details + you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) + Empty value means no opinion and the platform chooses the + a default, which is subject to change over time. Currently + the default will be autogenerated in the form of -image-registry-- + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + type: string + encryption: + description: Encryption specifies whether you would like your + data encrypted on the server side. More details, you can + look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) + properties: + kms: + description: KMS (key management service) is an encryption + type that holds the struct for KMS KeyID + properties: + keyID: + description: KeyID holds the KMS encryption key ID + minLength: 1 + type: string + required: + - keyID + type: object + method: + default: AES256 + description: Method defines the different encrytion modes + available Empty value means no opinion and the platform + chooses the a default, which is subject to change over + time. Currently the default is `AES256`. + enum: + - KMS + - AES256 + type: string + type: object + endpointAccessibility: + default: Internal + description: EndpointAccessibility specifies whether the registry + use the OSS VPC internal endpoint Empty value means no opinion + and the platform chooses the a default, which is subject + to change over time. Currently the default is `Internal`. + enum: + - Internal + - Public + - "" + type: string + region: + description: Region is the Alibaba Cloud Region in which your + bucket exists. For a list of regions, you can look at the + [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). + Empty value means no opinion and the platform chooses the + a default, which is subject to change over time. Currently + the default will be based on the installed Alibaba Cloud + Region. + type: string + type: object + pvc: + description: pvc represents configuration that uses a PersistentVolumeClaim. + properties: + claim: + description: claim defines the Persisent Volume Claim's name + to be used. + type: string + type: object + s3: + description: s3 represents configuration that uses Amazon Simple + Storage Service. + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + cloudFront: + description: cloudFront configures Amazon Cloudfront as the + storage middleware in a registry. + properties: + baseURL: + description: baseURL contains the SCHEME://HOST[/PATH] + at which Cloudfront is served. + type: string + duration: + description: duration is the duration of the Cloudfront + session. + format: duration + type: string + keypairID: + description: keypairID is key pair ID provided by AWS. + type: string + privateKey: + description: privateKey points to secret containing the + private key, provided by AWS. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + required: + - baseURL + - keypairID + - privateKey + type: object + encrypt: + description: encrypt specifies whether the registry stores + the image in encrypted format or not. Optional, defaults + to false. + type: boolean + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, Encrypt must be true, or this parameter is ignored. + type: string + region: + description: region is the AWS region in which your bucket + exists. Optional, will be set based on the installed AWS + Region. + type: string + regionEndpoint: + description: regionEndpoint is the endpoint for S3 compatible + storage services. Optional, defaults based on the Region + that is provided. + type: string + virtualHostedStyle: + description: virtualHostedStyle enables using S3 virtual hosted + style bucket paths with a custom RegionEndpoint Optional, + defaults to false. + type: boolean + type: object + swift: + description: swift represents configuration that uses OpenStack + Object Storage. + properties: + authURL: + description: authURL defines the URL for obtaining an authentication + token. + type: string + authVersion: + description: authVersion specifies the OpenStack Auth's version. + type: string + container: + description: container defines the name of Swift container + where to store the registry's data. + type: string + domain: + description: domain specifies Openstack's domain name for + Identity v3 API. + type: string + domainID: + description: domainID specifies Openstack's domain id for + Identity v3 API. + type: string + regionName: + description: regionName defines Openstack's region in which + container exists. + type: string + tenant: + description: tenant defines Openstack tenant name to be used + by registry. + type: string + tenantID: + description: tenant defines Openstack tenant id to be used + by registry. + type: string + type: object + type: object + storageManaged: + description: storageManaged is deprecated, please refer to Storage.managementState + type: boolean + version: + description: version is the level this availability applies to + type: string + required: + - storage + - storageManaged + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch new file mode 100644 index 000000000..1bd29f566 --- /dev/null +++ b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch @@ -0,0 +1,13 @@ +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/storage/properties/oss/properties/encryption/anyOf + value: + - properties: + method: + not: + enum: ["KMS"] + not: + required: ["kms"] + - properties: + method: + enum: ["KMS"] + required: ["kms"] diff --git a/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/01_imagepruner.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml rename to vendor/github.com/openshift/api/imageregistry/v1/01_imagepruner.crd.yaml diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types.go b/vendor/github.com/openshift/api/imageregistry/v1/types.go index 7723074c6..777832af0 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types.go @@ -306,6 +306,79 @@ type ImageRegistryConfigStorageIBMCOS struct { ServiceInstanceCRN string `json:"serviceInstanceCRN,omitempty"` } +// EndpointAccessibility defines the Alibaba VPC endpoint for storage +type EndpointAccessibility string + +// AlibabaEncryptionMethod defines an enumerable type for the encryption mode +type AlibabaEncryptionMethod string + +const ( + // InternalEndpoint sets the VPC endpoint to internal + InternalEndpoint EndpointAccessibility = "Internal" + // PublicEndpoint sets the VPC endpoint to public + PublicEndpoint EndpointAccessibility = "Public" + + // AES256 is an AlibabaEncryptionMethod. This means AES256 encryption + AES256 AlibabaEncryptionMethod = "AES256" + // KMS is an AlibabaEncryptionMethod. This means KMS encryption + KMS AlibabaEncryptionMethod = "KMS" +) + +// EncryptionAlibaba this a union type in kube parlance. Depending on the value for the AlibabaEncryptionMethod, +// different pointers may be used +type EncryptionAlibaba struct { + // Method defines the different encrytion modes available + // Empty value means no opinion and the platform chooses the a default, which is subject to change over time. + // Currently the default is `AES256`. + // +kubebuilder:validation:Enum="KMS";"AES256" + // +kubebuilder:default="AES256" + // +optional + Method AlibabaEncryptionMethod `json:"method"` + + // KMS (key management service) is an encryption type that holds the struct for KMS KeyID + // +optional + KMS *KMSEncryptionAlibaba `json:"kms,omitempty"` +} + +type KMSEncryptionAlibaba struct { + // KeyID holds the KMS encryption key ID + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + KeyID string `json:"keyID"` +} + +// ImageRegistryConfigStorageAlibabaOSS holds Alibaba Cloud OSS configuration. +// Configures the registry to use Alibaba Cloud Object Storage Service for backend storage. +// More about oss, you can look at the [official documentation](https://www.alibabacloud.com/help/product/31815.htm) +type ImageRegistryConfigStorageAlibabaOSS struct { + // Bucket is the bucket name in which you want to store the registry's data. + // About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) + // Empty value means no opinion and the platform chooses the a default, which is subject to change over time. + // Currently the default will be autogenerated in the form of -image-registry-- + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:MinLength=3 + // +kubebuilder:validation:Pattern=`^[0-9a-z]+(-[0-9a-z]+)*$` + // +optional + Bucket string `json:"bucket,omitempty"` + // Region is the Alibaba Cloud Region in which your bucket exists. + // For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). + // Empty value means no opinion and the platform chooses the a default, which is subject to change over time. + // Currently the default will be based on the installed Alibaba Cloud Region. + // +optional + Region string `json:"region,omitempty"` + // EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint + // Empty value means no opinion and the platform chooses the a default, which is subject to change over time. + // Currently the default is `Internal`. + // +kubebuilder:validation:Enum="Internal";"Public";"" + // +kubebuilder:default="Internal" + // +optional + EndpointAccessibility EndpointAccessibility `json:"endpointAccessibility,omitempty"` + // Encryption specifies whether you would like your data encrypted on the server side. + // More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) + // +optional + Encryption *EncryptionAlibaba `json:"encryption,omitempty"` +} + // ImageRegistryConfigStorage describes how the storage should be configured // for the image registry. type ImageRegistryConfigStorage struct { @@ -333,6 +406,9 @@ type ImageRegistryConfigStorage struct { // ibmcos represents configuration that uses IBM Cloud Object Storage. // +optional IBMCOS *ImageRegistryConfigStorageIBMCOS `json:"ibmcos,omitempty"` + // Oss represents configuration that uses Alibaba Cloud Object Storage Service. + // +optional + OSS *ImageRegistryConfigStorageAlibabaOSS `json:"oss,omitempty"` // managementState indicates if the operator manages the underlying // storage unit. If Managed the operator will remove the storage when // this operator gets Removed. diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go index a8ae67f3f..2f2baafd2 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go @@ -75,6 +75,27 @@ func (in *ConfigList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EncryptionAlibaba) DeepCopyInto(out *EncryptionAlibaba) { + *out = *in + if in.KMS != nil { + in, out := &in.KMS, &out.KMS + *out = new(KMSEncryptionAlibaba) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionAlibaba. +func (in *EncryptionAlibaba) DeepCopy() *EncryptionAlibaba { + if in == nil { + return nil + } + out := new(EncryptionAlibaba) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePruner) DeepCopyInto(out *ImagePruner) { *out = *in @@ -334,6 +355,11 @@ func (in *ImageRegistryConfigStorage) DeepCopyInto(out *ImageRegistryConfigStora *out = new(ImageRegistryConfigStorageIBMCOS) **out = **in } + if in.OSS != nil { + in, out := &in.OSS, &out.OSS + *out = new(ImageRegistryConfigStorageAlibabaOSS) + (*in).DeepCopyInto(*out) + } return } @@ -347,6 +373,27 @@ func (in *ImageRegistryConfigStorage) DeepCopy() *ImageRegistryConfigStorage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageRegistryConfigStorageAlibabaOSS) DeepCopyInto(out *ImageRegistryConfigStorageAlibabaOSS) { + *out = *in + if in.Encryption != nil { + in, out := &in.Encryption, &out.Encryption + *out = new(EncryptionAlibaba) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageRegistryConfigStorageAlibabaOSS. +func (in *ImageRegistryConfigStorageAlibabaOSS) DeepCopy() *ImageRegistryConfigStorageAlibabaOSS { + if in == nil { + return nil + } + out := new(ImageRegistryConfigStorageAlibabaOSS) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageRegistryConfigStorageAzure) DeepCopyInto(out *ImageRegistryConfigStorageAzure) { *out = *in @@ -548,3 +595,19 @@ func (in *ImageRegistryStatus) DeepCopy() *ImageRegistryStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSEncryptionAlibaba) DeepCopyInto(out *KMSEncryptionAlibaba) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSEncryptionAlibaba. +func (in *KMSEncryptionAlibaba) DeepCopy() *KMSEncryptionAlibaba { + if in == nil { + return nil + } + out := new(KMSEncryptionAlibaba) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go index 42a7ff811..95f5ddad0 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go @@ -27,6 +27,16 @@ func (ConfigList) SwaggerDoc() map[string]string { return map_ConfigList } +var map_EncryptionAlibaba = map[string]string{ + "": "EncryptionAlibaba this a union type in kube parlance. Depending on the value for the AlibabaEncryptionMethod, different pointers may be used", + "method": "Method defines the different encrytion modes available Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `AES256`.", + "kms": "KMS (key management service) is an encryption type that holds the struct for KMS KeyID", +} + +func (EncryptionAlibaba) SwaggerDoc() map[string]string { + return map_EncryptionAlibaba +} + var map_ImageRegistryConfigProxy = map[string]string{ "": "ImageRegistryConfigProxy defines proxy configuration to be used by registry.", "http": "http defines the proxy to be used by the image registry when accessing HTTP endpoints.", @@ -79,6 +89,7 @@ var map_ImageRegistryConfigStorage = map[string]string{ "pvc": "pvc represents configuration that uses a PersistentVolumeClaim.", "azure": "azure represents configuration that uses Azure Blob Storage.", "ibmcos": "ibmcos represents configuration that uses IBM Cloud Object Storage.", + "oss": "Oss represents configuration that uses Alibaba Cloud Object Storage Service.", "managementState": "managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed.", } @@ -86,6 +97,18 @@ func (ImageRegistryConfigStorage) SwaggerDoc() map[string]string { return map_ImageRegistryConfigStorage } +var map_ImageRegistryConfigStorageAlibabaOSS = map[string]string{ + "": "ImageRegistryConfigStorageAlibabaOSS holds Alibaba Cloud OSS configuration. Configures the registry to use Alibaba Cloud Object Storage Service for backend storage. More about oss, you can look at the [official documentation](https://www.alibabacloud.com/help/product/31815.htm)", + "bucket": "Bucket is the bucket name in which you want to store the registry's data. About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be autogenerated in the form of -image-registry--", + "region": "Region is the Alibaba Cloud Region in which your bucket exists. For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be based on the installed Alibaba Cloud Region.", + "endpointAccessibility": "EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `Internal`.", + "encryption": "Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)", +} + +func (ImageRegistryConfigStorageAlibabaOSS) SwaggerDoc() map[string]string { + return map_ImageRegistryConfigStorageAlibabaOSS +} + var map_ImageRegistryConfigStorageAzure = map[string]string{ "": "ImageRegistryConfigStorageAzure holds the information to configure the registry to use Azure Blob Storage for backend storage.", "accountName": "accountName defines the account to be used by the registry.", @@ -216,6 +239,14 @@ func (ImageRegistryStatus) SwaggerDoc() map[string]string { return map_ImageRegistryStatus } +var map_KMSEncryptionAlibaba = map[string]string{ + "keyID": "KeyID holds the KMS encryption key ID", +} + +func (KMSEncryptionAlibaba) SwaggerDoc() map[string]string { + return map_KMSEncryptionAlibaba +} + var map_ImagePruner = map[string]string{ "": "ImagePruner is the configuration object for an image registry pruner managed by the registry operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml index d1ff62cd6..0b5cab53a 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml +++ b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml @@ -80,6 +80,9 @@ spec: items: description: LifecycleHook represents a single instance of a lifecycle hook type: object + required: + - name + - owner properties: name: description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. @@ -92,12 +95,18 @@ spec: type: string maxLength: 512 minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map preTerminate: description: PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained. type: array items: description: LifecycleHook represents a single instance of a lifecycle hook type: object + required: + - name + - owner properties: name: description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. @@ -110,6 +119,9 @@ spec: type: string maxLength: 512 minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map metadata: description: ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node. type: object diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml index 038802366..de27d2323 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml +++ b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml @@ -173,6 +173,9 @@ spec: items: description: LifecycleHook represents a single instance of a lifecycle hook type: object + required: + - name + - owner properties: name: description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. @@ -185,12 +188,18 @@ spec: type: string maxLength: 512 minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map preTerminate: description: PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained. type: array items: description: LifecycleHook represents a single instance of a lifecycle hook type: object + required: + - name + - owner properties: name: description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. @@ -203,6 +212,9 @@ spec: type: string maxLength: 512 minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map metadata: description: ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node. type: object diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go index 8d3040765..6cbc07f89 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go @@ -204,11 +204,15 @@ type MachineSpec struct { type LifecycleHooks struct { // PreDrain hooks prevent the machine from being drained. // This also blocks further lifecycle events, such as termination. + // +listType=map + // +listMapKey=name // +optional PreDrain []LifecycleHook `json:"preDrain,omitempty"` // PreTerminate hooks prevent the machine from being terminated. // PreTerminate hooks be actioned after the Machine has been drained. + // +listType=map + // +listMapKey=name // +optional PreTerminate []LifecycleHook `json:"preTerminate,omitempty"` } @@ -222,7 +226,7 @@ type LifecycleHook struct { // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` // +kubebuilder:validation:MinLength:=3 // +kubebuilder:validation:MaxLength:=256 - // +required + // +kubebuilder:validation:Required Name string `json:"name"` // Owner defines the owner of the lifecycle hook. @@ -232,7 +236,7 @@ type LifecycleHook struct { // or an administrator managing the hook. // +kubebuilder:validation:MinLength:=3 // +kubebuilder:validation:MaxLength:=512 - // +required + // +kubebuilder:validation:Required Owner string `json:"owner"` } diff --git a/vendor/github.com/openshift/build-machinery-go/.ci-operator.yaml b/vendor/github.com/openshift/build-machinery-go/.ci-operator.yaml new file mode 100644 index 000000000..00d7adfcf --- /dev/null +++ b/vendor/github.com/openshift/build-machinery-go/.ci-operator.yaml @@ -0,0 +1,4 @@ +build_root_image: + name: release + namespace: openshift + tag: rhel-8-release-golang-1.17-openshift-4.10 diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk index d80c62c39..5aca19c40 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk @@ -8,7 +8,7 @@ include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ # reporting `(devel)`. To build for a given platform: # GOOS=xxx GOARCH=yyy go install sigs.k8s.io/controller-tools/cmd/controller-gen@$version # e.g. -# GOOS=darwin GOARCH=amd64 go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.0 +# GOOS=darwin GOARCH=amd64 go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 # # If GOOS and GOARCH match your current go env, this will install the binary at # $(go env GOPATH)/bin/controller-gen @@ -16,7 +16,7 @@ include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ # $(go env GOPATH)/bin/${GOOS}_${GOARCH}/conroller-gen # e.g. # /home/efried/.gvm/pkgsets/go1.16/global/bin/darwin_amd64/controller-gen -CONTROLLER_GEN_VERSION ?=v0.6.0 +CONTROLLER_GEN_VERSION ?=v0.7.0 CONTROLLER_GEN ?=$(PERMANENT_TMP_GOPATH)/bin/controller-gen-$(CONTROLLER_GEN_VERSION) ifneq "" "$(wildcard $(CONTROLLER_GEN))" _controller_gen_installed_version = $(shell $(CONTROLLER_GEN) --version | awk '{print $$2}') diff --git a/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go b/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go index 5cec68257..edbd10fb1 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go +++ b/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go @@ -22,8 +22,15 @@ import ( configv1 "github.com/openshift/api/config/v1" ) -// ToConfigMapLeaderElection returns a leader election config that you just need to fill in the Callback for. Don't forget the callbacks! -func ToConfigMapLeaderElection(clientConfig *rest.Config, config configv1.LeaderElection, component, identity string) (leaderelection.LeaderElectionConfig, error) { +// ToLeaderElectionWithConfigmapLease returns a "configmapsleases" based leader +// election config that you just need to fill in the Callback for. +// It is compatible with a "configmaps" based leader election and +// paves the way toward using "leases" based leader election. +// See https://github.com/kubernetes/kubernetes/issues/107454 for +// details on how to migrate to "leases" leader election. +// Don't forget the callbacks! +// TODO: In the next version we should switch to using "leases" +func ToLeaderElectionWithConfigmapLease(clientConfig *rest.Config, config configv1.LeaderElection, component, identity string) (leaderelection.LeaderElectionConfig, error) { kubeClient, err := kubernetes.NewForConfig(clientConfig) if err != nil { return leaderelection.LeaderElectionConfig{}, err @@ -50,7 +57,7 @@ func ToConfigMapLeaderElection(clientConfig *rest.Config, config configv1.Leader eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.CoreV1().RESTClient()).Events("")}) eventRecorder := eventBroadcaster.NewRecorder(clientgoscheme.Scheme, corev1.EventSource{Component: component}) rl, err := resourcelock.New( - resourcelock.ConfigMapsResourceLock, + resourcelock.ConfigMapsLeasesResourceLock, config.Namespace, config.Name, kubeClient.CoreV1(), diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go index f98b86f3d..820892a17 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go @@ -329,7 +329,7 @@ func (b *ControllerBuilder) Run(ctx context.Context, config *unstructured.Unstru leaderConfig := rest.CopyConfig(protoConfig) leaderConfig.Timeout = b.leaderElection.RenewDeadline.Duration - leaderElection, err := leaderelectionconverter.ToConfigMapLeaderElection(leaderConfig, *b.leaderElection, b.componentName, b.instanceIdentity) + leaderElection, err := leaderelectionconverter.ToLeaderElectionWithConfigmapLease(leaderConfig, *b.leaderElection, b.componentName, b.instanceIdentity) if err != nil { return err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go index 67b6a615d..fafa39c40 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go @@ -7,50 +7,60 @@ import ( "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - admissionregistrationclientv1 "k8s.io/client-go/kubernetes/typed/admissionregistration/v1" - "k8s.io/klog/v2" - + "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + admissionregistrationclientv1 "k8s.io/client-go/kubernetes/typed/admissionregistration/v1" + "k8s.io/klog/v2" ) -// ApplyMutatingWebhookConfiguration ensures the form of the specified +// ApplyMutatingWebhookConfigurationImproved ensures the form of the specified // mutatingwebhookconfiguration is present in the API. If it does not exist, // it will be created. If it does exist, the metadata of the required // mutatingwebhookconfiguration will be merged with the existing mutatingwebhookconfiguration // and an update performed if the mutatingwebhookconfiguration spec and metadata differ from // the previously required spec and metadata based on generation change. -func ApplyMutatingWebhookConfiguration(ctx context.Context, client admissionregistrationclientv1.MutatingWebhookConfigurationsGetter, recorder events.Recorder, - requiredOriginal *admissionregistrationv1.MutatingWebhookConfiguration) (*admissionregistrationv1.MutatingWebhookConfiguration, bool, error) { +func ApplyMutatingWebhookConfigurationImproved(ctx context.Context, client admissionregistrationclientv1.MutatingWebhookConfigurationsGetter, recorder events.Recorder, + requiredOriginal *admissionregistrationv1.MutatingWebhookConfiguration, cache ResourceCache) (*admissionregistrationv1.MutatingWebhookConfiguration, bool, error) { if requiredOriginal == nil { return nil, false, fmt.Errorf("Unexpected nil instead of an object") } - required := requiredOriginal.DeepCopy() - existing, err := client.MutatingWebhookConfigurations().Get(ctx, required.GetName(), metav1.GetOptions{}) + existing, err := client.MutatingWebhookConfigurations().Get(ctx, requiredOriginal.GetName(), metav1.GetOptions{}) if apierrors.IsNotFound(err) { + required := requiredOriginal.DeepCopy() actual, err := client.MutatingWebhookConfigurations().Create( ctx, resourcemerge.WithCleanLabelsAndAnnotations(required).(*admissionregistrationv1.MutatingWebhookConfiguration), metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) if err != nil { return nil, false, err } + // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy + cache.UpdateCachedResourceMetadata(requiredOriginal, actual) return actual, true, nil } else if err != nil { return nil, false, err } + if cache.SafeToSkipApply(requiredOriginal, existing) { + return existing, false, nil + } + + required := requiredOriginal.DeepCopy() modified := resourcemerge.BoolPtr(false) existingCopy := existing.DeepCopy() resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - if !*modified { + copyMutatingWebhookCABundle(existing, required) + webhooksEquivalent := equality.Semantic.DeepEqual(existingCopy.Webhooks, required.Webhooks) + if webhooksEquivalent && !*modified { + // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy + cache.UpdateCachedResourceMetadata(requiredOriginal, existingCopy) return existingCopy, false, nil } // at this point we know that we're going to perform a write. We're just trying to get the object correct toWrite := existingCopy // shallow copy so the code reads easier - copyMutatingWebhookCABundle(existing, required) toWrite.Webhooks = required.Webhooks klog.V(4).Infof("MutatingWebhookConfiguration %q changes: %v", required.GetNamespace()+"/"+required.GetName(), JSONPatchNoError(existing, toWrite)) @@ -60,7 +70,9 @@ func ApplyMutatingWebhookConfiguration(ctx context.Context, client admissionregi if err != nil { return nil, false, err } - return actual, *modified || actual.GetGeneration() > existingCopy.GetGeneration(), nil + // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy + cache.UpdateCachedResourceMetadata(requiredOriginal, actual) + return actual, true, nil } // copyMutatingWebhookCABundle populates webhooks[].clientConfig.caBundle fields from existing resource if it was set before @@ -78,42 +90,52 @@ func copyMutatingWebhookCABundle(from, to *admissionregistrationv1.MutatingWebho } } -// ApplyValidatingWebhookConfiguration ensures the form of the specified +// ApplyValidatingWebhookConfigurationImproved ensures the form of the specified // validatingwebhookconfiguration is present in the API. If it does not exist, // it will be created. If it does exist, the metadata of the required // validatingwebhookconfiguration will be merged with the existing validatingwebhookconfiguration // and an update performed if the validatingwebhookconfiguration spec and metadata differ from // the previously required spec and metadata based on generation change. -func ApplyValidatingWebhookConfiguration(ctx context.Context, client admissionregistrationclientv1.ValidatingWebhookConfigurationsGetter, recorder events.Recorder, - requiredOriginal *admissionregistrationv1.ValidatingWebhookConfiguration) (*admissionregistrationv1.ValidatingWebhookConfiguration, bool, error) { +func ApplyValidatingWebhookConfigurationImproved(ctx context.Context, client admissionregistrationclientv1.ValidatingWebhookConfigurationsGetter, recorder events.Recorder, + requiredOriginal *admissionregistrationv1.ValidatingWebhookConfiguration, cache ResourceCache) (*admissionregistrationv1.ValidatingWebhookConfiguration, bool, error) { if requiredOriginal == nil { return nil, false, fmt.Errorf("Unexpected nil instead of an object") } - required := requiredOriginal.DeepCopy() - existing, err := client.ValidatingWebhookConfigurations().Get(ctx, required.GetName(), metav1.GetOptions{}) + existing, err := client.ValidatingWebhookConfigurations().Get(ctx, requiredOriginal.GetName(), metav1.GetOptions{}) if apierrors.IsNotFound(err) { + required := requiredOriginal.DeepCopy() actual, err := client.ValidatingWebhookConfigurations().Create( ctx, resourcemerge.WithCleanLabelsAndAnnotations(required).(*admissionregistrationv1.ValidatingWebhookConfiguration), metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) if err != nil { return nil, false, err } + // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy + cache.UpdateCachedResourceMetadata(requiredOriginal, actual) return actual, true, nil } else if err != nil { return nil, false, err } + if cache.SafeToSkipApply(requiredOriginal, existing) { + return existing, false, nil + } + + required := requiredOriginal.DeepCopy() modified := resourcemerge.BoolPtr(false) existingCopy := existing.DeepCopy() resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - if !*modified { + copyValidatingWebhookCABundle(existing, required) + webhooksEquivalent := equality.Semantic.DeepEqual(existingCopy.Webhooks, required.Webhooks) + if webhooksEquivalent && !*modified { + // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy + cache.UpdateCachedResourceMetadata(requiredOriginal, existingCopy) return existingCopy, false, nil } // at this point we know that we're going to perform a write. We're just trying to get the object correct toWrite := existingCopy // shallow copy so the code reads easier - copyValidatingWebhookCABundle(existing, required) toWrite.Webhooks = required.Webhooks klog.V(4).Infof("ValidatingWebhookConfiguration %q changes: %v", required.GetNamespace()+"/"+required.GetName(), JSONPatchNoError(existing, toWrite)) @@ -123,7 +145,9 @@ func ApplyValidatingWebhookConfiguration(ctx context.Context, client admissionre if err != nil { return nil, false, err } - return actual, *modified || actual.GetGeneration() > existingCopy.GetGeneration(), nil + // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy + cache.UpdateCachedResourceMetadata(requiredOriginal, actual) + return actual, true, nil } // copyValidatingWebhookCABundle populates webhooks[].clientConfig.caBundle fields from existing resource if it was set before diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go index c0a9fc8f4..6f654250e 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go @@ -206,13 +206,13 @@ func ApplyDirectly(ctx context.Context, clients *ClientHolder, recorder events.R if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyValidatingWebhookConfiguration(ctx, clients.kubeClient.AdmissionregistrationV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyValidatingWebhookConfigurationImproved(ctx, clients.kubeClient.AdmissionregistrationV1(), recorder, t, cache) } case *admissionregistrationv1.MutatingWebhookConfiguration: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyMutatingWebhookConfiguration(ctx, clients.kubeClient.AdmissionregistrationV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyMutatingWebhookConfigurationImproved(ctx, clients.kubeClient.AdmissionregistrationV1(), recorder, t, cache) } case *storagev1.CSIDriver: if clients.kubeClient == nil { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/staticresourcecontroller/static_resource_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/staticresourcecontroller/static_resource_controller.go index 7c3f3e691..cc0a0fbce 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/staticresourcecontroller/static_resource_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/staticresourcecontroller/static_resource_controller.go @@ -51,10 +51,17 @@ func init() { utilruntime.Must(admissionregistrationv1.AddToScheme(genericScheme)) } +// StaticResourcesPreconditionsFuncType checks if the precondition is met (is true) and then proceeds with the sync. +// When the requirement is not met, the controller reports degraded status. +// +// In case, the returned ready flag is false, a proper error with a valid description is recommended. +type StaticResourcesPreconditionsFuncType func(ctx context.Context) (bool, error) + type StaticResourceController struct { name string manifests []conditionalManifests ignoreNotFoundOnCreate bool + preconditions []StaticResourcesPreconditionsFuncType operatorClient v1helpers.OperatorClient clients *resourceapply.ClientHolder @@ -99,6 +106,8 @@ func NewStaticResourceController( operatorClient: operatorClient, clients: clients, + preconditions: []StaticResourcesPreconditionsFuncType{defaultStaticResourcesPreconditionsFunc}, + eventRecorder: eventRecorder.WithComponentSuffix(strings.ToLower(name)), factory: factory.New().WithInformers(operatorClient.Informer()).ResyncEvery(1 * time.Minute), @@ -119,6 +128,18 @@ func (c *StaticResourceController) WithIgnoreNotFoundOnCreate() *StaticResourceC return c } +// WithPrecondition adds a precondition, which blocks the sync method from being executed. Preconditions might be chained using: +// WithPrecondition(a).WithPrecondition(b).WithPrecondition(c). +// If any of the preconditions is false, the sync will result in an error. +// +// The requirement parameter should follow the convention described in the StaticResourcesPreconditionsFuncType. +// +// When the requirement is not met, the controller reports degraded status. +func (c *StaticResourceController) WithPrecondition(precondition StaticResourcesPreconditionsFuncType) *StaticResourceController { + c.preconditions = append(c.preconditions, precondition) + return c +} + // WithConditionalResources adds a set of manifests to be created when the shouldCreateFnArg is true and should be // deleted when the shouldDeleteFnArg is true. // If shouldCreateFnArg is nil, then it is always create. @@ -262,6 +283,28 @@ func (c *StaticResourceController) Sync(ctx context.Context, syncContext factory return nil } + for _, precondition := range c.preconditions { + ready, err := precondition(ctx) + // We don't care about the other preconditions, we just stop on the first one. + if !ready { + var message string + if err != nil { + message = err.Error() + } else { + message = "the operator didn't specify what preconditions are missing" + } + if _, _, updateErr := v1helpers.UpdateStatus(ctx, c.operatorClient, v1helpers.UpdateConditionFn(operatorv1.OperatorCondition{ + Type: fmt.Sprintf("%sDegraded", c.name), + Status: operatorv1.ConditionTrue, + Reason: "PreconditionNotReady", + Message: message, + })); updateErr != nil { + return updateErr + } + return err + } + } + errors := []error{} var notFoundErrorsCount int for _, conditionalManifest := range c.manifests { @@ -393,3 +436,7 @@ func (c *StaticResourceController) RelatedObjects() ([]configv1.ObjectReference, func (c *StaticResourceController) Run(ctx context.Context, workers int) { c.factory.WithSync(c.Sync).ToController(c.Name(), c.eventRecorder).Run(ctx, workers) } + +func defaultStaticResourcesPreconditionsFunc(_ context.Context) (bool, error) { + return true, nil +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go index 46d5c13b0..de48550f6 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go @@ -383,3 +383,42 @@ func InjectObservedProxyIntoContainers(podSpec *corev1.PodSpec, containerNames [ return nil } + +func InjectTrustedCAIntoContainers(podSpec *corev1.PodSpec, configMapName string, containerNames []string) error { + podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{ + Name: "non-standard-root-system-trust-ca-bundle", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: configMapName, + }, + Items: []corev1.KeyToPath{ + {Key: "ca-bundle.crt", Path: "tls-ca-bundle.pem"}, + }, + }, + }, + }) + + for _, containerName := range containerNames { + for i := range podSpec.InitContainers { + if podSpec.InitContainers[i].Name == containerName { + podSpec.InitContainers[i].VolumeMounts = append(podSpec.InitContainers[i].VolumeMounts, corev1.VolumeMount{ + Name: "non-standard-root-system-trust-ca-bundle", + MountPath: "/etc/pki/ca-trust/extracted/pem", + ReadOnly: true, + }) + } + } + for i := range podSpec.Containers { + if podSpec.Containers[i].Name == containerName { + podSpec.Containers[i].VolumeMounts = append(podSpec.Containers[i].VolumeMounts, corev1.VolumeMount{ + Name: "non-standard-root-system-trust-ca-bundle", + MountPath: "/etc/pki/ca-trust/extracted/pem", + ReadOnly: true, + }) + } + } + } + + return nil +} diff --git a/vendor/golang.org/x/net/http2/client_conn_pool.go b/vendor/golang.org/x/net/http2/client_conn_pool.go index 652bc11a0..c936843ea 100644 --- a/vendor/golang.org/x/net/http2/client_conn_pool.go +++ b/vendor/golang.org/x/net/http2/client_conn_pool.go @@ -16,6 +16,12 @@ import ( // ClientConnPool manages a pool of HTTP/2 client connections. type ClientConnPool interface { + // GetClientConn returns a specific HTTP/2 connection (usually + // a TLS-TCP connection) to an HTTP/2 server. On success, the + // returned ClientConn accounts for the upcoming RoundTrip + // call, so the caller should not omit it. If the caller needs + // to, ClientConn.RoundTrip can be called with a bogus + // new(http.Request) to release the stream reservation. GetClientConn(req *http.Request, addr string) (*ClientConn, error) MarkDead(*ClientConn) } @@ -42,7 +48,7 @@ type clientConnPool struct { conns map[string][]*ClientConn // key is host:port dialing map[string]*dialCall // currently in-flight dials keys map[*ClientConn][]string - addConnCalls map[string]*addConnCall // in-flight addConnIfNeede calls + addConnCalls map[string]*addConnCall // in-flight addConnIfNeeded calls } func (p *clientConnPool) GetClientConn(req *http.Request, addr string) (*ClientConn, error) { @@ -54,28 +60,8 @@ const ( noDialOnMiss = false ) -// shouldTraceGetConn reports whether getClientConn should call any -// ClientTrace.GetConn hook associated with the http.Request. -// -// This complexity is needed to avoid double calls of the GetConn hook -// during the back-and-forth between net/http and x/net/http2 (when the -// net/http.Transport is upgraded to also speak http2), as well as support -// the case where x/net/http2 is being used directly. -func (p *clientConnPool) shouldTraceGetConn(st clientConnIdleState) bool { - // If our Transport wasn't made via ConfigureTransport, always - // trace the GetConn hook if provided, because that means the - // http2 package is being used directly and it's the one - // dialing, as opposed to net/http. - if _, ok := p.t.ConnPool.(noDialClientConnPool); !ok { - return true - } - // Otherwise, only use the GetConn hook if this connection has - // been used previously for other requests. For fresh - // connections, the net/http package does the dialing. - return !st.freshConn -} - func (p *clientConnPool) getClientConn(req *http.Request, addr string, dialOnMiss bool) (*ClientConn, error) { + // TODO(dneil): Dial a new connection when t.DisableKeepAlives is set? if isConnectionCloseRequest(req) && dialOnMiss { // It gets its own connection. traceGetConn(req, addr) @@ -89,10 +75,14 @@ func (p *clientConnPool) getClientConn(req *http.Request, addr string, dialOnMis for { p.mu.Lock() for _, cc := range p.conns[addr] { - if st := cc.idleState(); st.canTakeNewRequest { - if p.shouldTraceGetConn(st) { + if cc.ReserveNewRequest() { + // When a connection is presented to us by the net/http package, + // the GetConn hook has already been called. + // Don't call it a second time here. + if !cc.getConnCalled { traceGetConn(req, addr) } + cc.getConnCalled = false p.mu.Unlock() return cc, nil } @@ -108,7 +98,13 @@ func (p *clientConnPool) getClientConn(req *http.Request, addr string, dialOnMis if shouldRetryDial(call, req) { continue } - return call.res, call.err + cc, err := call.res, call.err + if err != nil { + return nil, err + } + if cc.ReserveNewRequest() { + return cc, nil + } } } @@ -205,6 +201,7 @@ func (c *addConnCall) run(t *Transport, key string, tc *tls.Conn) { if err != nil { c.err = err } else { + cc.getConnCalled = true // already called by the net/http package p.addConnLocked(key, cc) } delete(p.addConnCalls, key) diff --git a/vendor/golang.org/x/net/http2/errors.go b/vendor/golang.org/x/net/http2/errors.go index 71f2c4631..2663e5d28 100644 --- a/vendor/golang.org/x/net/http2/errors.go +++ b/vendor/golang.org/x/net/http2/errors.go @@ -53,6 +53,13 @@ func (e ErrCode) String() string { return fmt.Sprintf("unknown error code 0x%x", uint32(e)) } +func (e ErrCode) stringToken() string { + if s, ok := errCodeName[e]; ok { + return s + } + return fmt.Sprintf("ERR_UNKNOWN_%d", uint32(e)) +} + // ConnectionError is an error that results in the termination of the // entire connection. type ConnectionError ErrCode @@ -67,6 +74,11 @@ type StreamError struct { Cause error // optional additional detail } +// errFromPeer is a sentinel error value for StreamError.Cause to +// indicate that the StreamError was sent from the peer over the wire +// and wasn't locally generated in the Transport. +var errFromPeer = errors.New("received from peer") + func streamError(id uint32, code ErrCode) StreamError { return StreamError{StreamID: id, Code: code} } diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go index 514c126c5..96a747905 100644 --- a/vendor/golang.org/x/net/http2/frame.go +++ b/vendor/golang.org/x/net/http2/frame.go @@ -122,7 +122,7 @@ var flagName = map[FrameType]map[Flags]string{ // a frameParser parses a frame given its FrameHeader and payload // bytes. The length of payload will always equal fh.Length (which // might be 0). -type frameParser func(fc *frameCache, fh FrameHeader, payload []byte) (Frame, error) +type frameParser func(fc *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) var frameParsers = map[FrameType]frameParser{ FrameData: parseDataFrame, @@ -267,6 +267,11 @@ type Framer struct { lastFrame Frame errDetail error + // countError is a non-nil func that's called on a frame parse + // error with some unique error path token. It's initialized + // from Transport.CountError or Server.CountError. + countError func(errToken string) + // lastHeaderStream is non-zero if the last frame was an // unfinished HEADERS/CONTINUATION. lastHeaderStream uint32 @@ -426,6 +431,7 @@ func NewFramer(w io.Writer, r io.Reader) *Framer { fr := &Framer{ w: w, r: r, + countError: func(string) {}, logReads: logFrameReads, logWrites: logFrameWrites, debugReadLoggerf: log.Printf, @@ -500,7 +506,7 @@ func (fr *Framer) ReadFrame() (Frame, error) { if _, err := io.ReadFull(fr.r, payload); err != nil { return nil, err } - f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, payload) + f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, fr.countError, payload) if err != nil { if ce, ok := err.(connError); ok { return nil, fr.connError(ce.Code, ce.Reason) @@ -588,13 +594,14 @@ func (f *DataFrame) Data() []byte { return f.data } -func parseDataFrame(fc *frameCache, fh FrameHeader, payload []byte) (Frame, error) { +func parseDataFrame(fc *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) { if fh.StreamID == 0 { // DATA frames MUST be associated with a stream. If a // DATA frame is received whose stream identifier // field is 0x0, the recipient MUST respond with a // connection error (Section 5.4.1) of type // PROTOCOL_ERROR. + countError("frame_data_stream_0") return nil, connError{ErrCodeProtocol, "DATA frame with stream ID 0"} } f := fc.getDataFrame() @@ -605,6 +612,7 @@ func parseDataFrame(fc *frameCache, fh FrameHeader, payload []byte) (Frame, erro var err error payload, padSize, err = readByte(payload) if err != nil { + countError("frame_data_pad_byte_short") return nil, err } } @@ -613,6 +621,7 @@ func parseDataFrame(fc *frameCache, fh FrameHeader, payload []byte) (Frame, erro // length of the frame payload, the recipient MUST // treat this as a connection error. // Filed: https://github.com/http2/http2-spec/issues/610 + countError("frame_data_pad_too_big") return nil, connError{ErrCodeProtocol, "pad size larger than data payload"} } f.data = payload[:len(payload)-int(padSize)] @@ -695,7 +704,7 @@ type SettingsFrame struct { p []byte } -func parseSettingsFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { +func parseSettingsFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) { if fh.Flags.Has(FlagSettingsAck) && fh.Length > 0 { // When this (ACK 0x1) bit is set, the payload of the // SETTINGS frame MUST be empty. Receipt of a @@ -703,6 +712,7 @@ func parseSettingsFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) // field value other than 0 MUST be treated as a // connection error (Section 5.4.1) of type // FRAME_SIZE_ERROR. + countError("frame_settings_ack_with_length") return nil, ConnectionError(ErrCodeFrameSize) } if fh.StreamID != 0 { @@ -713,14 +723,17 @@ func parseSettingsFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) // field is anything other than 0x0, the endpoint MUST // respond with a connection error (Section 5.4.1) of // type PROTOCOL_ERROR. + countError("frame_settings_has_stream") return nil, ConnectionError(ErrCodeProtocol) } if len(p)%6 != 0 { + countError("frame_settings_mod_6") // Expecting even number of 6 byte settings. return nil, ConnectionError(ErrCodeFrameSize) } f := &SettingsFrame{FrameHeader: fh, p: p} if v, ok := f.Value(SettingInitialWindowSize); ok && v > (1<<31)-1 { + countError("frame_settings_window_size_too_big") // Values above the maximum flow control window size of 2^31 - 1 MUST // be treated as a connection error (Section 5.4.1) of type // FLOW_CONTROL_ERROR. @@ -832,11 +845,13 @@ type PingFrame struct { func (f *PingFrame) IsAck() bool { return f.Flags.Has(FlagPingAck) } -func parsePingFrame(_ *frameCache, fh FrameHeader, payload []byte) (Frame, error) { +func parsePingFrame(_ *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) { if len(payload) != 8 { + countError("frame_ping_length") return nil, ConnectionError(ErrCodeFrameSize) } if fh.StreamID != 0 { + countError("frame_ping_has_stream") return nil, ConnectionError(ErrCodeProtocol) } f := &PingFrame{FrameHeader: fh} @@ -872,11 +887,13 @@ func (f *GoAwayFrame) DebugData() []byte { return f.debugData } -func parseGoAwayFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { +func parseGoAwayFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) { if fh.StreamID != 0 { + countError("frame_goaway_has_stream") return nil, ConnectionError(ErrCodeProtocol) } if len(p) < 8 { + countError("frame_goaway_short") return nil, ConnectionError(ErrCodeFrameSize) } return &GoAwayFrame{ @@ -912,7 +929,7 @@ func (f *UnknownFrame) Payload() []byte { return f.p } -func parseUnknownFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { +func parseUnknownFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) { return &UnknownFrame{fh, p}, nil } @@ -923,8 +940,9 @@ type WindowUpdateFrame struct { Increment uint32 // never read with high bit set } -func parseWindowUpdateFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { +func parseWindowUpdateFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) { if len(p) != 4 { + countError("frame_windowupdate_bad_len") return nil, ConnectionError(ErrCodeFrameSize) } inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit @@ -936,8 +954,10 @@ func parseWindowUpdateFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, err // control window MUST be treated as a connection // error (Section 5.4.1). if fh.StreamID == 0 { + countError("frame_windowupdate_zero_inc_conn") return nil, ConnectionError(ErrCodeProtocol) } + countError("frame_windowupdate_zero_inc_stream") return nil, streamError(fh.StreamID, ErrCodeProtocol) } return &WindowUpdateFrame{ @@ -988,7 +1008,7 @@ func (f *HeadersFrame) HasPriority() bool { return f.FrameHeader.Flags.Has(FlagHeadersPriority) } -func parseHeadersFrame(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err error) { +func parseHeadersFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (_ Frame, err error) { hf := &HeadersFrame{ FrameHeader: fh, } @@ -997,11 +1017,13 @@ func parseHeadersFrame(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err er // is received whose stream identifier field is 0x0, the recipient MUST // respond with a connection error (Section 5.4.1) of type // PROTOCOL_ERROR. + countError("frame_headers_zero_stream") return nil, connError{ErrCodeProtocol, "HEADERS frame with stream ID 0"} } var padLength uint8 if fh.Flags.Has(FlagHeadersPadded) { if p, padLength, err = readByte(p); err != nil { + countError("frame_headers_pad_short") return } } @@ -1009,16 +1031,19 @@ func parseHeadersFrame(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err er var v uint32 p, v, err = readUint32(p) if err != nil { + countError("frame_headers_prio_short") return nil, err } hf.Priority.StreamDep = v & 0x7fffffff hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set p, hf.Priority.Weight, err = readByte(p) if err != nil { + countError("frame_headers_prio_weight_short") return nil, err } } - if len(p)-int(padLength) <= 0 { + if len(p)-int(padLength) < 0 { + countError("frame_headers_pad_too_big") return nil, streamError(fh.StreamID, ErrCodeProtocol) } hf.headerFragBuf = p[:len(p)-int(padLength)] @@ -1125,11 +1150,13 @@ func (p PriorityParam) IsZero() bool { return p == PriorityParam{} } -func parsePriorityFrame(_ *frameCache, fh FrameHeader, payload []byte) (Frame, error) { +func parsePriorityFrame(_ *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) { if fh.StreamID == 0 { + countError("frame_priority_zero_stream") return nil, connError{ErrCodeProtocol, "PRIORITY frame with stream ID 0"} } if len(payload) != 5 { + countError("frame_priority_bad_length") return nil, connError{ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))} } v := binary.BigEndian.Uint32(payload[:4]) @@ -1172,11 +1199,13 @@ type RSTStreamFrame struct { ErrCode ErrCode } -func parseRSTStreamFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { +func parseRSTStreamFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) { if len(p) != 4 { + countError("frame_rststream_bad_len") return nil, ConnectionError(ErrCodeFrameSize) } if fh.StreamID == 0 { + countError("frame_rststream_zero_stream") return nil, ConnectionError(ErrCodeProtocol) } return &RSTStreamFrame{fh, ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil @@ -1202,8 +1231,9 @@ type ContinuationFrame struct { headerFragBuf []byte } -func parseContinuationFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { +func parseContinuationFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) { if fh.StreamID == 0 { + countError("frame_continuation_zero_stream") return nil, connError{ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} } return &ContinuationFrame{fh, p}, nil @@ -1252,7 +1282,7 @@ func (f *PushPromiseFrame) HeadersEnded() bool { return f.FrameHeader.Flags.Has(FlagPushPromiseEndHeaders) } -func parsePushPromise(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err error) { +func parsePushPromise(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (_ Frame, err error) { pp := &PushPromiseFrame{ FrameHeader: fh, } @@ -1263,6 +1293,7 @@ func parsePushPromise(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err err // with. If the stream identifier field specifies the value // 0x0, a recipient MUST respond with a connection error // (Section 5.4.1) of type PROTOCOL_ERROR. + countError("frame_pushpromise_zero_stream") return nil, ConnectionError(ErrCodeProtocol) } // The PUSH_PROMISE frame includes optional padding. @@ -1270,18 +1301,21 @@ func parsePushPromise(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err err var padLength uint8 if fh.Flags.Has(FlagPushPromisePadded) { if p, padLength, err = readByte(p); err != nil { + countError("frame_pushpromise_pad_short") return } } p, pp.PromiseID, err = readUint32(p) if err != nil { + countError("frame_pushpromise_promiseid_short") return } pp.PromiseID = pp.PromiseID & (1<<31 - 1) if int(padLength) > len(p) { // like the DATA frame, error out if padding is longer than the body. + countError("frame_pushpromise_pad_too_big") return nil, ConnectionError(ErrCodeProtocol) } pp.headerFragBuf = p[:len(p)-int(padLength)] diff --git a/vendor/golang.org/x/net/http2/hpack/huffman.go b/vendor/golang.org/x/net/http2/hpack/huffman.go index a1ab2f056..fe0b84ccd 100644 --- a/vendor/golang.org/x/net/http2/hpack/huffman.go +++ b/vendor/golang.org/x/net/http2/hpack/huffman.go @@ -140,25 +140,29 @@ func buildRootHuffmanNode() { panic("unexpected size") } lazyRootHuffmanNode = newInternalNode() - for i, code := range huffmanCodes { - addDecoderNode(byte(i), code, huffmanCodeLen[i]) - } -} + // allocate a leaf node for each of the 256 symbols + leaves := new([256]node) + + for sym, code := range huffmanCodes { + codeLen := huffmanCodeLen[sym] + + cur := lazyRootHuffmanNode + for codeLen > 8 { + codeLen -= 8 + i := uint8(code >> codeLen) + if cur.children[i] == nil { + cur.children[i] = newInternalNode() + } + cur = cur.children[i] + } + shift := 8 - codeLen + start, end := int(uint8(code< 8 { - codeLen -= 8 - i := uint8(code >> codeLen) - if cur.children[i] == nil { - cur.children[i] = newInternalNode() + leaves[sym].sym = byte(sym) + leaves[sym].codeLen = codeLen + for i := start; i < start+end; i++ { + cur.children[i] = &leaves[sym] } - cur = cur.children[i] - } - shift := 8 - codeLen - start, end := int(uint8(code< 0 { // Check whether the client has flow control quota. if st.inflow.available() < int32(f.Length) { - return streamError(id, ErrCodeFlowControl) + return sc.countError("flow_on_data_length", streamError(id, ErrCodeFlowControl)) } st.inflow.take(int32(f.Length)) @@ -1710,7 +1727,7 @@ func (sc *serverConn) processData(f *DataFrame) error { wrote, err := st.body.Write(data) if err != nil { sc.sendWindowUpdate(nil, int(f.Length)-wrote) - return streamError(id, ErrCodeStreamClosed) + return sc.countError("body_write_err", streamError(id, ErrCodeStreamClosed)) } if wrote != len(data) { panic("internal error: bad Writer") @@ -1796,7 +1813,7 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { // stream identifier MUST respond with a connection error // (Section 5.4.1) of type PROTOCOL_ERROR. if id%2 != 1 { - return ConnectionError(ErrCodeProtocol) + return sc.countError("headers_even", ConnectionError(ErrCodeProtocol)) } // A HEADERS frame can be used to create a new stream or // send a trailer for an open one. If we already have a stream @@ -1813,7 +1830,7 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { // this state, it MUST respond with a stream error (Section 5.4.2) of // type STREAM_CLOSED. if st.state == stateHalfClosedRemote { - return streamError(id, ErrCodeStreamClosed) + return sc.countError("headers_half_closed", streamError(id, ErrCodeStreamClosed)) } return st.processTrailerHeaders(f) } @@ -1824,7 +1841,7 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { // receives an unexpected stream identifier MUST respond with // a connection error (Section 5.4.1) of type PROTOCOL_ERROR. if id <= sc.maxClientStreamID { - return ConnectionError(ErrCodeProtocol) + return sc.countError("stream_went_down", ConnectionError(ErrCodeProtocol)) } sc.maxClientStreamID = id @@ -1841,14 +1858,14 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { if sc.curClientStreams+1 > sc.advMaxStreams { if sc.unackedSettings == 0 { // They should know better. - return streamError(id, ErrCodeProtocol) + return sc.countError("over_max_streams", streamError(id, ErrCodeProtocol)) } // Assume it's a network race, where they just haven't // received our last SETTINGS update. But actually // this can't happen yet, because we don't yet provide // a way for users to adjust server parameters at // runtime. - return streamError(id, ErrCodeRefusedStream) + return sc.countError("over_max_streams_race", streamError(id, ErrCodeRefusedStream)) } initialState := stateOpen @@ -1858,7 +1875,7 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { st := sc.newStream(id, 0, initialState) if f.HasPriority() { - if err := checkPriority(f.StreamID, f.Priority); err != nil { + if err := sc.checkPriority(f.StreamID, f.Priority); err != nil { return err } sc.writeSched.AdjustStream(st.id, f.Priority) @@ -1902,15 +1919,15 @@ func (st *stream) processTrailerHeaders(f *MetaHeadersFrame) error { sc := st.sc sc.serveG.check() if st.gotTrailerHeader { - return ConnectionError(ErrCodeProtocol) + return sc.countError("dup_trailers", ConnectionError(ErrCodeProtocol)) } st.gotTrailerHeader = true if !f.StreamEnded() { - return streamError(st.id, ErrCodeProtocol) + return sc.countError("trailers_not_ended", streamError(st.id, ErrCodeProtocol)) } if len(f.PseudoFields()) > 0 { - return streamError(st.id, ErrCodeProtocol) + return sc.countError("trailers_pseudo", streamError(st.id, ErrCodeProtocol)) } if st.trailer != nil { for _, hf := range f.RegularFields() { @@ -1919,7 +1936,7 @@ func (st *stream) processTrailerHeaders(f *MetaHeadersFrame) error { // TODO: send more details to the peer somehow. But http2 has // no way to send debug data at a stream level. Discuss with // HTTP folk. - return streamError(st.id, ErrCodeProtocol) + return sc.countError("trailers_bogus", streamError(st.id, ErrCodeProtocol)) } st.trailer[key] = append(st.trailer[key], hf.Value) } @@ -1928,13 +1945,13 @@ func (st *stream) processTrailerHeaders(f *MetaHeadersFrame) error { return nil } -func checkPriority(streamID uint32, p PriorityParam) error { +func (sc *serverConn) checkPriority(streamID uint32, p PriorityParam) error { if streamID == p.StreamDep { // Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR." // Section 5.3.3 says that a stream can depend on one of its dependencies, // so it's only self-dependencies that are forbidden. - return streamError(streamID, ErrCodeProtocol) + return sc.countError("priority", streamError(streamID, ErrCodeProtocol)) } return nil } @@ -1943,7 +1960,7 @@ func (sc *serverConn) processPriority(f *PriorityFrame) error { if sc.inGoAway { return nil } - if err := checkPriority(f.StreamID, f.PriorityParam); err != nil { + if err := sc.checkPriority(f.StreamID, f.PriorityParam); err != nil { return err } sc.writeSched.AdjustStream(f.StreamID, f.PriorityParam) @@ -2000,7 +2017,7 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res isConnect := rp.method == "CONNECT" if isConnect { if rp.path != "" || rp.scheme != "" || rp.authority == "" { - return nil, nil, streamError(f.StreamID, ErrCodeProtocol) + return nil, nil, sc.countError("bad_connect", streamError(f.StreamID, ErrCodeProtocol)) } } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { // See 8.1.2.6 Malformed Requests and Responses: @@ -2013,13 +2030,13 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res // "All HTTP/2 requests MUST include exactly one valid // value for the :method, :scheme, and :path // pseudo-header fields" - return nil, nil, streamError(f.StreamID, ErrCodeProtocol) + return nil, nil, sc.countError("bad_path_method", streamError(f.StreamID, ErrCodeProtocol)) } bodyOpen := !f.StreamEnded() if rp.method == "HEAD" && bodyOpen { // HEAD requests can't have bodies - return nil, nil, streamError(f.StreamID, ErrCodeProtocol) + return nil, nil, sc.countError("head_body", streamError(f.StreamID, ErrCodeProtocol)) } rp.header = make(http.Header) @@ -2102,7 +2119,7 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r var err error url_, err = url.ParseRequestURI(rp.path) if err != nil { - return nil, nil, streamError(st.id, ErrCodeProtocol) + return nil, nil, sc.countError("bad_path", streamError(st.id, ErrCodeProtocol)) } requestURI = rp.path } @@ -2985,3 +3002,31 @@ func h1ServerKeepAlivesDisabled(hs *http.Server) bool { } return false } + +func (sc *serverConn) countError(name string, err error) error { + if sc == nil || sc.srv == nil { + return err + } + f := sc.srv.CountError + if f == nil { + return err + } + var typ string + var code ErrCode + switch e := err.(type) { + case ConnectionError: + typ = "conn" + code = ErrCode(e) + case StreamError: + typ = "stream" + code = ErrCode(e.Code) + default: + return err + } + codeStr := errCodeName[code] + if codeStr == "" { + codeStr = strconv.Itoa(int(code)) + } + f(fmt.Sprintf("%s_%s_%s", typ, codeStr, name)) + return err +} diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index b261beb1d..f135b0f75 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -24,6 +24,7 @@ import ( "net/http" "net/http/httptrace" "net/textproto" + "os" "sort" "strconv" "strings" @@ -51,6 +52,15 @@ const ( transportDefaultStreamMinRefresh = 4 << 10 defaultUserAgent = "Go-http-client/2.0" + + // initialMaxConcurrentStreams is a connections maxConcurrentStreams until + // it's received servers initial SETTINGS frame, which corresponds with the + // spec's minimum recommended value. + initialMaxConcurrentStreams = 100 + + // defaultMaxConcurrentStreams is a connections default maxConcurrentStreams + // if the server doesn't include one in its initial SETTINGS frame. + defaultMaxConcurrentStreams = 1000 ) // Transport is an HTTP/2 Transport. @@ -121,6 +131,17 @@ type Transport struct { // Defaults to 15s. PingTimeout time.Duration + // WriteByteTimeout is the timeout after which the connection will be + // closed no data can be written to it. The timeout begins when data is + // available to write, and is extended whenever any bytes are written. + WriteByteTimeout time.Duration + + // CountError, if non-nil, is called on HTTP/2 transport errors. + // It's intended to increment a metric for monitoring, such + // as an expvar or Prometheus metric. + // The errType consists of only ASCII word characters. + CountError func(errType string) + // t1, if non-nil, is the standard library Transport using // this transport. Its settings are used (but not its // RoundTrip method, etc). @@ -227,11 +248,12 @@ func (t *Transport) initConnPool() { // ClientConn is the state of a single HTTP/2 client connection to an // HTTP/2 server. type ClientConn struct { - t *Transport - tconn net.Conn // usually *tls.Conn, except specialized impls - tlsState *tls.ConnectionState // nil only for specialized impls - reused uint32 // whether conn is being reused; atomic - singleUse bool // whether being used for a single http.Request + t *Transport + tconn net.Conn // usually *tls.Conn, except specialized impls + tlsState *tls.ConnectionState // nil only for specialized impls + reused uint32 // whether conn is being reused; atomic + singleUse bool // whether being used for a single http.Request + getConnCalled bool // used by clientConnPool // readLoop goroutine fields: readerDone chan struct{} // closed on error @@ -244,86 +266,94 @@ type ClientConn struct { cond *sync.Cond // hold mu; broadcast on flow/closed changes flow flow // our conn-level flow control quota (cs.flow is per stream) inflow flow // peer's conn-level flow control + doNotReuse bool // whether conn is marked to not be reused for any future requests closing bool closed bool + seenSettings bool // true if we've seen a settings frame, false otherwise wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back goAway *GoAwayFrame // if non-nil, the GoAwayFrame we received goAwayDebug string // goAway frame's debug data, retained as a string streams map[uint32]*clientStream // client-initiated + streamsReserved int // incr by ReserveNewRequest; decr on RoundTrip nextStreamID uint32 pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams pings map[[8]byte]chan struct{} // in flight ping data to notification channel - bw *bufio.Writer br *bufio.Reader - fr *Framer lastActive time.Time lastIdle time.Time // time last idle - // Settings from peer: (also guarded by mu) + // Settings from peer: (also guarded by wmu) maxFrameSize uint32 maxConcurrentStreams uint32 peerMaxHeaderListSize uint64 initialWindowSize uint32 + // reqHeaderMu is a 1-element semaphore channel controlling access to sending new requests. + // Write to reqHeaderMu to lock it, read from it to unlock. + // Lock reqmu BEFORE mu or wmu. + reqHeaderMu chan struct{} + + // wmu is held while writing. + // Acquire BEFORE mu when holding both, to avoid blocking mu on network writes. + // Only acquire both at the same time when changing peer settings. + wmu sync.Mutex + bw *bufio.Writer + fr *Framer + werr error // first write error that has occurred hbuf bytes.Buffer // HPACK encoder writes into this henc *hpack.Encoder - - wmu sync.Mutex // held while writing; acquire AFTER mu if holding both - werr error // first write error that has occurred } // clientStream is the state for a single HTTP/2 stream. One of these // is created for each Transport.RoundTrip call. type clientStream struct { - cc *ClientConn - req *http.Request + cc *ClientConn + + // Fields of Request that we may access even after the response body is closed. + ctx context.Context + reqCancel <-chan struct{} + trace *httptrace.ClientTrace // or nil ID uint32 - resc chan resAndError bufPipe pipe // buffered pipe with the flow-controlled response payload - startedWrite bool // started request body write; guarded by cc.mu requestedGzip bool - on100 func() // optional code to run if get a 100 continue response + isHead bool + + abortOnce sync.Once + abort chan struct{} // closed to signal stream should end immediately + abortErr error // set if abort is closed + + peerClosed chan struct{} // closed when the peer sends an END_STREAM flag + donec chan struct{} // closed after the stream is in the closed state + on100 chan struct{} // buffered; written to if a 100 is received + + respHeaderRecv chan struct{} // closed when headers are received + res *http.Response // set if respHeaderRecv is closed flow flow // guarded by cc.mu inflow flow // guarded by cc.mu bytesRemain int64 // -1 means unknown; owned by transportResponseBody.Read readErr error // sticky read error; owned by transportResponseBody.Read - stopReqBody error // if non-nil, stop writing req body; guarded by cc.mu - didReset bool // whether we sent a RST_STREAM to the server; guarded by cc.mu - peerReset chan struct{} // closed on peer reset - resetErr error // populated before peerReset is closed + reqBody io.ReadCloser + reqBodyContentLength int64 // -1 means unknown + reqBodyClosed bool // body has been closed; guarded by cc.mu - done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu + // owned by writeRequest: + sentEndStream bool // sent an END_STREAM flag to the peer + sentHeaders bool // owned by clientConnReadLoop: firstByte bool // got the first response byte pastHeaders bool // got first MetaHeadersFrame (actual headers) pastTrailers bool // got optional second MetaHeadersFrame (trailers) num1xx uint8 // number of 1xx responses seen + readClosed bool // peer sent an END_STREAM flag + readAborted bool // read loop reset the stream trailer http.Header // accumulated trailers resTrailer *http.Header // client's Response.Trailer } -// awaitRequestCancel waits for the user to cancel a request or for the done -// channel to be signaled. A non-nil error is returned only if the request was -// canceled. -func awaitRequestCancel(req *http.Request, done <-chan struct{}) error { - ctx := req.Context() - if req.Cancel == nil && ctx.Done() == nil { - return nil - } - select { - case <-req.Cancel: - return errRequestCanceled - case <-ctx.Done(): - return ctx.Err() - case <-done: - return nil - } -} - var got1xxFuncForTests func(int, textproto.MIMEHeader) error // get1xxTraceFunc returns the value of request's httptrace.ClientTrace.Got1xxResponse func, @@ -335,78 +365,65 @@ func (cs *clientStream) get1xxTraceFunc() func(int, textproto.MIMEHeader) error return traceGot1xxResponseFunc(cs.trace) } -// awaitRequestCancel waits for the user to cancel a request, its context to -// expire, or for the request to be done (any way it might be removed from the -// cc.streams map: peer reset, successful completion, TCP connection breakage, -// etc). If the request is canceled, then cs will be canceled and closed. -func (cs *clientStream) awaitRequestCancel(req *http.Request) { - if err := awaitRequestCancel(req, cs.done); err != nil { - cs.cancelStream() - cs.bufPipe.CloseWithError(err) - } +func (cs *clientStream) abortStream(err error) { + cs.cc.mu.Lock() + defer cs.cc.mu.Unlock() + cs.abortStreamLocked(err) } -func (cs *clientStream) cancelStream() { - cc := cs.cc - cc.mu.Lock() - didReset := cs.didReset - cs.didReset = true - cc.mu.Unlock() - - if !didReset { - cc.writeStreamReset(cs.ID, ErrCodeCancel, nil) - cc.forgetStreamID(cs.ID) +func (cs *clientStream) abortStreamLocked(err error) { + cs.abortOnce.Do(func() { + cs.abortErr = err + close(cs.abort) + }) + if cs.reqBody != nil && !cs.reqBodyClosed { + cs.reqBody.Close() + cs.reqBodyClosed = true } -} - -// checkResetOrDone reports any error sent in a RST_STREAM frame by the -// server, or errStreamClosed if the stream is complete. -func (cs *clientStream) checkResetOrDone() error { - select { - case <-cs.peerReset: - return cs.resetErr - case <-cs.done: - return errStreamClosed - default: - return nil + // TODO(dneil): Clean up tests where cs.cc.cond is nil. + if cs.cc.cond != nil { + // Wake up writeRequestBody if it is waiting on flow control. + cs.cc.cond.Broadcast() } } -func (cs *clientStream) getStartedWrite() bool { +func (cs *clientStream) abortRequestBodyWrite() { cc := cs.cc cc.mu.Lock() defer cc.mu.Unlock() - return cs.startedWrite -} - -func (cs *clientStream) abortRequestBodyWrite(err error) { - if err == nil { - panic("nil error") - } - cc := cs.cc - cc.mu.Lock() - if cs.stopReqBody == nil { - cs.stopReqBody = err - if cs.req.Body != nil { - cs.req.Body.Close() - } + if cs.reqBody != nil && !cs.reqBodyClosed { + cs.reqBody.Close() + cs.reqBodyClosed = true cc.cond.Broadcast() } - cc.mu.Unlock() } type stickyErrWriter struct { - w io.Writer - err *error + conn net.Conn + timeout time.Duration + err *error } func (sew stickyErrWriter) Write(p []byte) (n int, err error) { if *sew.err != nil { return 0, *sew.err } - n, err = sew.w.Write(p) - *sew.err = err - return + for { + if sew.timeout != 0 { + sew.conn.SetWriteDeadline(time.Now().Add(sew.timeout)) + } + nn, err := sew.conn.Write(p[n:]) + n += nn + if n < len(p) && nn > 0 && errors.Is(err, os.ErrDeadlineExceeded) { + // Keep extending the deadline so long as we're making progress. + continue + } + if sew.timeout != 0 { + sew.conn.SetWriteDeadline(time.Time{}) + } + *sew.err = err + return n, err + } } // noCachedConnError is the concrete type of ErrNoCachedConn, which @@ -479,9 +496,9 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res } reused := !atomic.CompareAndSwapUint32(&cc.reused, 0, 1) traceGotConn(req, cc, reused) - res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req) + res, err := cc.RoundTrip(req) if err != nil && retry <= 6 { - if req, err = shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil { + if req, err = shouldRetryRequest(req, err); err == nil { // After the first retry, do exponential backoff with 10% jitter. if retry == 0 { continue @@ -492,7 +509,7 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res case <-time.After(time.Second * time.Duration(backoff)): continue case <-req.Context().Done(): - return nil, req.Context().Err() + err = req.Context().Err() } } } @@ -523,7 +540,7 @@ var ( // response headers. It is always called with a non-nil error. // It returns either a request to retry (either the same request, or a // modified clone), or an error if the request can't be replayed. -func shouldRetryRequest(req *http.Request, err error, afterBodyWrite bool) (*http.Request, error) { +func shouldRetryRequest(req *http.Request, err error) (*http.Request, error) { if !canRetryError(err) { return nil, err } @@ -536,7 +553,6 @@ func shouldRetryRequest(req *http.Request, err error, afterBodyWrite bool) (*htt // If the request body can be reset back to its original // state via the optional req.GetBody, do that. if req.GetBody != nil { - // TODO: consider a req.Body.Close here? or audit that all caller paths do? body, err := req.GetBody() if err != nil { return nil, err @@ -548,10 +564,8 @@ func shouldRetryRequest(req *http.Request, err error, afterBodyWrite bool) (*htt // The Request.Body can't reset back to the beginning, but we // don't seem to have started to read from it yet, so reuse - // the request directly. The "afterBodyWrite" means the - // bodyWrite process has started, which becomes true before - // the first Read. - if !afterBodyWrite { + // the request directly. + if err == errClientConnUnusable { return req, nil } @@ -563,6 +577,10 @@ func canRetryError(err error) bool { return true } if se, ok := err.(StreamError); ok { + if se.Code == ErrCodeProtocol && se.Cause == errFromPeer { + // See golang/go#47635, golang/go#42777 + return true + } return se.Code == ErrCodeRefusedStream } return false @@ -637,14 +655,15 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro tconn: c, readerDone: make(chan struct{}), nextStreamID: 1, - maxFrameSize: 16 << 10, // spec default - initialWindowSize: 65535, // spec default - maxConcurrentStreams: 1000, // "infinite", per spec. 1000 seems good enough. - peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. + maxFrameSize: 16 << 10, // spec default + initialWindowSize: 65535, // spec default + maxConcurrentStreams: initialMaxConcurrentStreams, // "infinite", per spec. Use a smaller value until we have received server settings. + peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. streams: make(map[uint32]*clientStream), singleUse: singleUse, wantSettingsAck: true, pings: make(map[[8]byte]chan struct{}), + reqHeaderMu: make(chan struct{}, 1), } if d := t.idleConnTimeout(); d != 0 { cc.idleTimeout = d @@ -659,9 +678,16 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro // TODO: adjust this writer size to account for frame size + // MTU + crypto/tls record padding. - cc.bw = bufio.NewWriter(stickyErrWriter{c, &cc.werr}) + cc.bw = bufio.NewWriter(stickyErrWriter{ + conn: c, + timeout: t.WriteByteTimeout, + err: &cc.werr, + }) cc.br = bufio.NewReader(c) cc.fr = NewFramer(cc.bw, cc.br) + if t.CountError != nil { + cc.fr.countError = t.CountError + } cc.fr.ReadMetaHeaders = hpack.NewDecoder(initialHeaderTableSize, nil) cc.fr.MaxHeaderListSize = t.maxHeaderListSize() @@ -714,6 +740,13 @@ func (cc *ClientConn) healthCheck() { } } +// SetDoNotReuse marks cc as not reusable for future HTTP requests. +func (cc *ClientConn) SetDoNotReuse() { + cc.mu.Lock() + defer cc.mu.Unlock() + cc.doNotReuse = true +} + func (cc *ClientConn) setGoAway(f *GoAwayFrame) { cc.mu.Lock() defer cc.mu.Unlock() @@ -731,27 +764,94 @@ func (cc *ClientConn) setGoAway(f *GoAwayFrame) { last := f.LastStreamID for streamID, cs := range cc.streams { if streamID > last { - select { - case cs.resc <- resAndError{err: errClientConnGotGoAway}: - default: - } + cs.abortStreamLocked(errClientConnGotGoAway) } } } // CanTakeNewRequest reports whether the connection can take a new request, // meaning it has not been closed or received or sent a GOAWAY. +// +// If the caller is going to immediately make a new request on this +// connection, use ReserveNewRequest instead. func (cc *ClientConn) CanTakeNewRequest() bool { cc.mu.Lock() defer cc.mu.Unlock() return cc.canTakeNewRequestLocked() } +// ReserveNewRequest is like CanTakeNewRequest but also reserves a +// concurrent stream in cc. The reservation is decremented on the +// next call to RoundTrip. +func (cc *ClientConn) ReserveNewRequest() bool { + cc.mu.Lock() + defer cc.mu.Unlock() + if st := cc.idleStateLocked(); !st.canTakeNewRequest { + return false + } + cc.streamsReserved++ + return true +} + +// ClientConnState describes the state of a ClientConn. +type ClientConnState struct { + // Closed is whether the connection is closed. + Closed bool + + // Closing is whether the connection is in the process of + // closing. It may be closing due to shutdown, being a + // single-use connection, being marked as DoNotReuse, or + // having received a GOAWAY frame. + Closing bool + + // StreamsActive is how many streams are active. + StreamsActive int + + // StreamsReserved is how many streams have been reserved via + // ClientConn.ReserveNewRequest. + StreamsReserved int + + // StreamsPending is how many requests have been sent in excess + // of the peer's advertised MaxConcurrentStreams setting and + // are waiting for other streams to complete. + StreamsPending int + + // MaxConcurrentStreams is how many concurrent streams the + // peer advertised as acceptable. Zero means no SETTINGS + // frame has been received yet. + MaxConcurrentStreams uint32 + + // LastIdle, if non-zero, is when the connection last + // transitioned to idle state. + LastIdle time.Time +} + +// State returns a snapshot of cc's state. +func (cc *ClientConn) State() ClientConnState { + cc.wmu.Lock() + maxConcurrent := cc.maxConcurrentStreams + if !cc.seenSettings { + maxConcurrent = 0 + } + cc.wmu.Unlock() + + cc.mu.Lock() + defer cc.mu.Unlock() + return ClientConnState{ + Closed: cc.closed, + Closing: cc.closing || cc.singleUse || cc.doNotReuse || cc.goAway != nil, + StreamsActive: len(cc.streams), + StreamsReserved: cc.streamsReserved, + StreamsPending: cc.pendingRequests, + LastIdle: cc.lastIdle, + MaxConcurrentStreams: maxConcurrent, + } +} + // clientConnIdleState describes the suitability of a client // connection to initiate a new RoundTrip request. type clientConnIdleState struct { canTakeNewRequest bool - freshConn bool // whether it's unused by any previous request } func (cc *ClientConn) idleState() clientConnIdleState { @@ -772,13 +872,13 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) { // writing it. maxConcurrentOkay = true } else { - maxConcurrentOkay = int64(len(cc.streams)+1) < int64(cc.maxConcurrentStreams) + maxConcurrentOkay = int64(len(cc.streams)+cc.streamsReserved+1) <= int64(cc.maxConcurrentStreams) } st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && + !cc.doNotReuse && int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 && !cc.tooIdleLocked() - st.freshConn = cc.nextStreamID == 1 && st.canTakeNewRequest return } @@ -809,7 +909,7 @@ func (cc *ClientConn) onIdleTimeout() { func (cc *ClientConn) closeIfIdle() { cc.mu.Lock() - if len(cc.streams) > 0 { + if len(cc.streams) > 0 || cc.streamsReserved > 0 { cc.mu.Unlock() return } @@ -824,9 +924,15 @@ func (cc *ClientConn) closeIfIdle() { cc.tconn.Close() } +func (cc *ClientConn) isDoNotReuseAndIdle() bool { + cc.mu.Lock() + defer cc.mu.Unlock() + return cc.doNotReuse && len(cc.streams) == 0 +} + var shutdownEnterWaitStateHook = func() {} -// Shutdown gracefully close the client connection, waiting for running streams to complete. +// Shutdown gracefully closes the client connection, waiting for running streams to complete. func (cc *ClientConn) Shutdown(ctx context.Context) error { if err := cc.sendGoAway(); err != nil { return err @@ -865,15 +971,18 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { func (cc *ClientConn) sendGoAway() error { cc.mu.Lock() - defer cc.mu.Unlock() - cc.wmu.Lock() - defer cc.wmu.Unlock() - if cc.closing { + closing := cc.closing + cc.closing = true + maxStreamID := cc.nextStreamID + cc.mu.Unlock() + if closing { // GOAWAY sent already return nil } + + cc.wmu.Lock() + defer cc.wmu.Unlock() // Send a graceful shutdown frame to server - maxStreamID := cc.nextStreamID if err := cc.fr.WriteGoAway(maxStreamID, ErrCodeNo, nil); err != nil { return err } @@ -881,7 +990,6 @@ func (cc *ClientConn) sendGoAway() error { return err } // Prevent new requests - cc.closing = true return nil } @@ -889,17 +997,12 @@ func (cc *ClientConn) sendGoAway() error { // err is sent to streams. func (cc *ClientConn) closeForError(err error) error { cc.mu.Lock() + cc.closed = true + for _, cs := range cc.streams { + cs.abortStreamLocked(err) + } defer cc.cond.Broadcast() defer cc.mu.Unlock() - for id, cs := range cc.streams { - select { - case cs.resc <- resAndError{err: err}: - default: - } - cs.bufPipe.CloseWithError(err) - delete(cc.streams, id) - } - cc.closed = true return cc.tconn.Close() } @@ -914,6 +1017,9 @@ func (cc *ClientConn) Close() error { // closes the client connection immediately. In-flight requests are interrupted. func (cc *ClientConn) closeForLostPing() error { err := errors.New("http2: client connection lost") + if f := cc.t.CountError; f != nil { + f("conn_close_lost_ping") + } return cc.closeForError(err) } @@ -978,41 +1084,158 @@ func actualContentLength(req *http.Request) int64 { return -1 } +func (cc *ClientConn) decrStreamReservations() { + cc.mu.Lock() + defer cc.mu.Unlock() + cc.decrStreamReservationsLocked() +} + +func (cc *ClientConn) decrStreamReservationsLocked() { + if cc.streamsReserved > 0 { + cc.streamsReserved-- + } +} + func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { - resp, _, err := cc.roundTrip(req) - return resp, err + ctx := req.Context() + cs := &clientStream{ + cc: cc, + ctx: ctx, + reqCancel: req.Cancel, + isHead: req.Method == "HEAD", + reqBody: req.Body, + reqBodyContentLength: actualContentLength(req), + trace: httptrace.ContextClientTrace(ctx), + peerClosed: make(chan struct{}), + abort: make(chan struct{}), + respHeaderRecv: make(chan struct{}), + donec: make(chan struct{}), + } + go cs.doRequest(req) + + waitDone := func() error { + select { + case <-cs.donec: + return nil + case <-ctx.Done(): + return ctx.Err() + case <-cs.reqCancel: + return errRequestCanceled + } + } + + handleResponseHeaders := func() (*http.Response, error) { + res := cs.res + if res.StatusCode > 299 { + // On error or status code 3xx, 4xx, 5xx, etc abort any + // ongoing write, assuming that the server doesn't care + // about our request body. If the server replied with 1xx or + // 2xx, however, then assume the server DOES potentially + // want our body (e.g. full-duplex streaming: + // golang.org/issue/13444). If it turns out the server + // doesn't, they'll RST_STREAM us soon enough. This is a + // heuristic to avoid adding knobs to Transport. Hopefully + // we can keep it. + cs.abortRequestBodyWrite() + } + res.Request = req + res.TLS = cc.tlsState + if res.Body == noBody && actualContentLength(req) == 0 { + // If there isn't a request or response body still being + // written, then wait for the stream to be closed before + // RoundTrip returns. + if err := waitDone(); err != nil { + return nil, err + } + } + return res, nil + } + + for { + select { + case <-cs.respHeaderRecv: + return handleResponseHeaders() + case <-cs.abort: + select { + case <-cs.respHeaderRecv: + // If both cs.respHeaderRecv and cs.abort are signaling, + // pick respHeaderRecv. The server probably wrote the + // response and immediately reset the stream. + // golang.org/issue/49645 + return handleResponseHeaders() + default: + waitDone() + return nil, cs.abortErr + } + case <-ctx.Done(): + err := ctx.Err() + cs.abortStream(err) + return nil, err + case <-cs.reqCancel: + cs.abortStream(errRequestCanceled) + return nil, errRequestCanceled + } + } } -func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAfterReqBodyWrite bool, err error) { +// doRequest runs for the duration of the request lifetime. +// +// It sends the request and performs post-request cleanup (closing Request.Body, etc.). +func (cs *clientStream) doRequest(req *http.Request) { + err := cs.writeRequest(req) + cs.cleanupWriteRequest(err) +} + +// writeRequest sends a request. +// +// It returns nil after the request is written, the response read, +// and the request stream is half-closed by the peer. +// +// It returns non-nil if the request ends otherwise. +// If the returned error is StreamError, the error Code may be used in resetting the stream. +func (cs *clientStream) writeRequest(req *http.Request) (err error) { + cc := cs.cc + ctx := cs.ctx + if err := checkConnHeaders(req); err != nil { - return nil, false, err - } - if cc.idleTimer != nil { - cc.idleTimer.Stop() + return err } - trailers, err := commaSeparatedTrailers(req) - if err != nil { - return nil, false, err + // Acquire the new-request lock by writing to reqHeaderMu. + // This lock guards the critical section covering allocating a new stream ID + // (requires mu) and creating the stream (requires wmu). + if cc.reqHeaderMu == nil { + panic("RoundTrip on uninitialized ClientConn") // for tests + } + select { + case cc.reqHeaderMu <- struct{}{}: + case <-cs.reqCancel: + return errRequestCanceled + case <-ctx.Done(): + return ctx.Err() } - hasTrailers := trailers != "" cc.mu.Lock() - if err := cc.awaitOpenSlotForRequest(req); err != nil { + if cc.idleTimer != nil { + cc.idleTimer.Stop() + } + cc.decrStreamReservationsLocked() + if err := cc.awaitOpenSlotForStreamLocked(cs); err != nil { cc.mu.Unlock() - return nil, false, err + <-cc.reqHeaderMu + return err } - - body := req.Body - contentLen := actualContentLength(req) - hasBody := contentLen != 0 + cc.addStreamLocked(cs) // assigns stream ID + if isConnectionCloseRequest(req) { + cc.doNotReuse = true + } + cc.mu.Unlock() // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? - var requestedGzip bool if !cc.t.disableCompression() && req.Header.Get("Accept-Encoding") == "" && req.Header.Get("Range") == "" && - req.Method != "HEAD" { + !cs.isHead { // Request gzip only, not deflate. Deflate is ambiguous and // not as universally supported anyway. // See: https://zlib.net/zlib_faq.html#faq39 @@ -1025,183 +1248,224 @@ func (cc *ClientConn) roundTrip(req *http.Request) (res *http.Response, gotErrAf // We don't request gzip if the request is for a range, since // auto-decoding a portion of a gzipped document will just fail // anyway. See https://golang.org/issue/8923 - requestedGzip = true + cs.requestedGzip = true } - // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is - // sent by writeRequestBody below, along with any Trailers, - // again in form HEADERS{1}, CONTINUATION{0,}) - hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen) + continueTimeout := cc.t.expectContinueTimeout() + if continueTimeout != 0 { + if !httpguts.HeaderValuesContainsToken(req.Header["Expect"], "100-continue") { + continueTimeout = 0 + } else { + cs.on100 = make(chan struct{}, 1) + } + } + + // Past this point (where we send request headers), it is possible for + // RoundTrip to return successfully. Since the RoundTrip contract permits + // the caller to "mutate or reuse" the Request after closing the Response's Body, + // we must take care when referencing the Request from here on. + err = cs.encodeAndWriteHeaders(req) + <-cc.reqHeaderMu if err != nil { - cc.mu.Unlock() - return nil, false, err + return err } - cs := cc.newStream() - cs.req = req - cs.trace = httptrace.ContextClientTrace(req.Context()) - cs.requestedGzip = requestedGzip - bodyWriter := cc.t.getBodyWriterState(cs, body) - cs.on100 = bodyWriter.on100 + hasBody := cs.reqBodyContentLength != 0 + if !hasBody { + cs.sentEndStream = true + } else { + if continueTimeout != 0 { + traceWait100Continue(cs.trace) + timer := time.NewTimer(continueTimeout) + select { + case <-timer.C: + err = nil + case <-cs.on100: + err = nil + case <-cs.abort: + err = cs.abortErr + case <-ctx.Done(): + err = ctx.Err() + case <-cs.reqCancel: + err = errRequestCanceled + } + timer.Stop() + if err != nil { + traceWroteRequest(cs.trace, err) + return err + } + } - defer func() { - cc.wmu.Lock() - werr := cc.werr - cc.wmu.Unlock() - if werr != nil { - cc.Close() + if err = cs.writeRequestBody(req); err != nil { + if err != errStopReqBodyWrite { + traceWroteRequest(cs.trace, err) + return err + } + } else { + cs.sentEndStream = true } - }() + } + + traceWroteRequest(cs.trace, err) + + var respHeaderTimer <-chan time.Time + var respHeaderRecv chan struct{} + if d := cc.responseHeaderTimeout(); d != 0 { + timer := time.NewTimer(d) + defer timer.Stop() + respHeaderTimer = timer.C + respHeaderRecv = cs.respHeaderRecv + } + // Wait until the peer half-closes its end of the stream, + // or until the request is aborted (via context, error, or otherwise), + // whichever comes first. + for { + select { + case <-cs.peerClosed: + return nil + case <-respHeaderTimer: + return errTimeout + case <-respHeaderRecv: + respHeaderRecv = nil + respHeaderTimer = nil // keep waiting for END_STREAM + case <-cs.abort: + return cs.abortErr + case <-ctx.Done(): + return ctx.Err() + case <-cs.reqCancel: + return errRequestCanceled + } + } +} + +func (cs *clientStream) encodeAndWriteHeaders(req *http.Request) error { + cc := cs.cc + ctx := cs.ctx cc.wmu.Lock() + defer cc.wmu.Unlock() + + // If the request was canceled while waiting for cc.mu, just quit. + select { + case <-cs.abort: + return cs.abortErr + case <-ctx.Done(): + return ctx.Err() + case <-cs.reqCancel: + return errRequestCanceled + default: + } + + // Encode headers. + // + // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is + // sent by writeRequestBody below, along with any Trailers, + // again in form HEADERS{1}, CONTINUATION{0,}) + trailers, err := commaSeparatedTrailers(req) + if err != nil { + return err + } + hasTrailers := trailers != "" + contentLen := actualContentLength(req) + hasBody := contentLen != 0 + hdrs, err := cc.encodeHeaders(req, cs.requestedGzip, trailers, contentLen) + if err != nil { + return err + } + + // Write the request. endStream := !hasBody && !hasTrailers - werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) - cc.wmu.Unlock() + cs.sentHeaders = true + err = cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) traceWroteHeaders(cs.trace) - cc.mu.Unlock() + return err +} - if werr != nil { - if hasBody { - req.Body.Close() // per RoundTripper contract - bodyWriter.cancel() - } - cc.forgetStreamID(cs.ID) - // Don't bother sending a RST_STREAM (our write already failed; - // no need to keep writing) - traceWroteRequest(cs.trace, werr) - return nil, false, werr - } +// cleanupWriteRequest performs post-request tasks. +// +// If err (the result of writeRequest) is non-nil and the stream is not closed, +// cleanupWriteRequest will send a reset to the peer. +func (cs *clientStream) cleanupWriteRequest(err error) { + cc := cs.cc - var respHeaderTimer <-chan time.Time - if hasBody { - bodyWriter.scheduleBodyWrite() - } else { - traceWroteRequest(cs.trace, nil) - if d := cc.responseHeaderTimeout(); d != 0 { - timer := time.NewTimer(d) - defer timer.Stop() - respHeaderTimer = timer.C - } + if cs.ID == 0 { + // We were canceled before creating the stream, so return our reservation. + cc.decrStreamReservations() } - readLoopResCh := cs.resc - bodyWritten := false - ctx := req.Context() + // TODO: write h12Compare test showing whether + // Request.Body is closed by the Transport, + // and in multiple cases: server replies <=299 and >299 + // while still writing request body + cc.mu.Lock() + bodyClosed := cs.reqBodyClosed + cs.reqBodyClosed = true + cc.mu.Unlock() + if !bodyClosed && cs.reqBody != nil { + cs.reqBody.Close() + } - handleReadLoopResponse := func(re resAndError) (*http.Response, bool, error) { - res := re.res - if re.err != nil || res.StatusCode > 299 { - // On error or status code 3xx, 4xx, 5xx, etc abort any - // ongoing write, assuming that the server doesn't care - // about our request body. If the server replied with 1xx or - // 2xx, however, then assume the server DOES potentially - // want our body (e.g. full-duplex streaming: - // golang.org/issue/13444). If it turns out the server - // doesn't, they'll RST_STREAM us soon enough. This is a - // heuristic to avoid adding knobs to Transport. Hopefully - // we can keep it. - bodyWriter.cancel() - cs.abortRequestBodyWrite(errStopReqBodyWrite) - if hasBody && !bodyWritten { - <-bodyWriter.resc + if err != nil && cs.sentEndStream { + // If the connection is closed immediately after the response is read, + // we may be aborted before finishing up here. If the stream was closed + // cleanly on both sides, there is no error. + select { + case <-cs.peerClosed: + err = nil + default: + } + } + if err != nil { + cs.abortStream(err) // possibly redundant, but harmless + if cs.sentHeaders { + if se, ok := err.(StreamError); ok { + if se.Cause != errFromPeer { + cc.writeStreamReset(cs.ID, se.Code, err) + } + } else { + cc.writeStreamReset(cs.ID, ErrCodeCancel, err) } } - if re.err != nil { - cc.forgetStreamID(cs.ID) - return nil, cs.getStartedWrite(), re.err + cs.bufPipe.CloseWithError(err) // no-op if already closed + } else { + if cs.sentHeaders && !cs.sentEndStream { + cc.writeStreamReset(cs.ID, ErrCodeNo, nil) } - res.Request = req - res.TLS = cc.tlsState - return res, false, nil + cs.bufPipe.CloseWithError(errRequestCanceled) } - - handleError := func(err error) (*http.Response, bool, error) { - if !hasBody || bodyWritten { - cc.writeStreamReset(cs.ID, ErrCodeCancel, nil) - } else { - bodyWriter.cancel() - cs.abortRequestBodyWrite(errStopReqBodyWriteAndCancel) - <-bodyWriter.resc - } + if cs.ID != 0 { cc.forgetStreamID(cs.ID) - return nil, cs.getStartedWrite(), err } - for { - select { - case re := <-readLoopResCh: - return handleReadLoopResponse(re) - case <-respHeaderTimer: - return handleError(errTimeout) - case <-ctx.Done(): - return handleError(ctx.Err()) - case <-req.Cancel: - return handleError(errRequestCanceled) - case <-cs.peerReset: - // processResetStream already removed the - // stream from the streams map; no need for - // forgetStreamID. - return nil, cs.getStartedWrite(), cs.resetErr - case err := <-bodyWriter.resc: - bodyWritten = true - // Prefer the read loop's response, if available. Issue 16102. - select { - case re := <-readLoopResCh: - return handleReadLoopResponse(re) - default: - } - if err != nil { - cc.forgetStreamID(cs.ID) - return nil, cs.getStartedWrite(), err - } - if d := cc.responseHeaderTimeout(); d != 0 { - timer := time.NewTimer(d) - defer timer.Stop() - respHeaderTimer = timer.C - } - } + cc.wmu.Lock() + werr := cc.werr + cc.wmu.Unlock() + if werr != nil { + cc.Close() } + + close(cs.donec) } -// awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams. +// awaitOpenSlotForStream waits until len(streams) < maxConcurrentStreams. // Must hold cc.mu. -func (cc *ClientConn) awaitOpenSlotForRequest(req *http.Request) error { - var waitingForConn chan struct{} - var waitingForConnErr error // guarded by cc.mu +func (cc *ClientConn) awaitOpenSlotForStreamLocked(cs *clientStream) error { for { cc.lastActive = time.Now() if cc.closed || !cc.canTakeNewRequestLocked() { - if waitingForConn != nil { - close(waitingForConn) - } return errClientConnUnusable } cc.lastIdle = time.Time{} - if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) { - if waitingForConn != nil { - close(waitingForConn) - } + if int64(len(cc.streams)) < int64(cc.maxConcurrentStreams) { return nil } - // Unfortunately, we cannot wait on a condition variable and channel at - // the same time, so instead, we spin up a goroutine to check if the - // request is canceled while we wait for a slot to open in the connection. - if waitingForConn == nil { - waitingForConn = make(chan struct{}) - go func() { - if err := awaitRequestCancel(req, waitingForConn); err != nil { - cc.mu.Lock() - waitingForConnErr = err - cc.cond.Broadcast() - cc.mu.Unlock() - } - }() - } cc.pendingRequests++ cc.cond.Wait() cc.pendingRequests-- - if waitingForConnErr != nil { - return waitingForConnErr + select { + case <-cs.abort: + return cs.abortErr + default: } } } @@ -1228,10 +1492,6 @@ func (cc *ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize cc.fr.WriteContinuation(streamID, endHeaders, chunk) } } - // TODO(bradfitz): this Flush could potentially block (as - // could the WriteHeaders call(s) above), which means they - // wouldn't respond to Request.Cancel being readable. That's - // rare, but this should probably be in a goroutine. cc.bw.Flush() return cc.werr } @@ -1258,7 +1518,7 @@ func (cs *clientStream) frameScratchBufferLen(maxFrameSize int) int { if n > max { n = max } - if cl := actualContentLength(cs.req); cl != -1 && cl+1 < n { + if cl := cs.reqBodyContentLength; cl != -1 && cl+1 < n { // Add an extra byte past the declared content-length to // give the caller's Request.Body io.Reader a chance to // give us more bytes than they declared, so we can catch it @@ -1273,31 +1533,13 @@ func (cs *clientStream) frameScratchBufferLen(maxFrameSize int) int { var bufPool sync.Pool // of *[]byte -func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { +func (cs *clientStream) writeRequestBody(req *http.Request) (err error) { cc := cs.cc + body := cs.reqBody sentEnd := false // whether we sent the final DATA frame w/ END_STREAM - defer func() { - traceWroteRequest(cs.trace, err) - // TODO: write h12Compare test showing whether - // Request.Body is closed by the Transport, - // and in multiple cases: server replies <=299 and >299 - // while still writing request body - var cerr error - cc.mu.Lock() - if cs.stopReqBody == nil { - cs.stopReqBody = errStopReqBodyWrite - cerr = bodyCloser.Close() - } - cc.mu.Unlock() - if err == nil { - err = cerr - } - }() - - req := cs.req hasTrailers := req.Trailer != nil - remainLen := actualContentLength(req) + remainLen := cs.reqBodyContentLength hasContentLen := remainLen != -1 cc.mu.Lock() @@ -1335,29 +1577,29 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( } if remainLen < 0 { err = errReqBodyTooLong - cc.writeStreamReset(cs.ID, ErrCodeCancel, err) return err } } - if err == io.EOF { - sawEOF = true - err = nil - } else if err != nil { - cc.writeStreamReset(cs.ID, ErrCodeCancel, err) - return err + if err != nil { + cc.mu.Lock() + bodyClosed := cs.reqBodyClosed + cc.mu.Unlock() + switch { + case bodyClosed: + return errStopReqBodyWrite + case err == io.EOF: + sawEOF = true + err = nil + default: + return err + } } remain := buf[:n] for len(remain) > 0 && err == nil { var allowed int32 allowed, err = cs.awaitFlowControl(len(remain)) - switch { - case err == errStopReqBodyWrite: - return err - case err == errStopReqBodyWriteAndCancel: - cc.writeStreamReset(cs.ID, ErrCodeCancel, nil) - return err - case err != nil: + if err != nil { return err } cc.wmu.Lock() @@ -1388,21 +1630,27 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( return nil } + // Since the RoundTrip contract permits the caller to "mutate or reuse" + // a request after the Response's Body is closed, verify that this hasn't + // happened before accessing the trailers. + cc.mu.Lock() + trailer := req.Trailer + err = cs.abortErr + cc.mu.Unlock() + if err != nil { + return err + } + + cc.wmu.Lock() + defer cc.wmu.Unlock() var trls []byte - if hasTrailers { - cc.mu.Lock() - trls, err = cc.encodeTrailers(req) - cc.mu.Unlock() + if len(trailer) > 0 { + trls, err = cc.encodeTrailers(trailer) if err != nil { - cc.writeStreamReset(cs.ID, ErrCodeInternal, err) - cc.forgetStreamID(cs.ID) return err } } - cc.wmu.Lock() - defer cc.wmu.Unlock() - // Two ways to send END_STREAM: either with trailers, or // with an empty DATA frame. if len(trls) > 0 { @@ -1422,17 +1670,24 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( // if the stream is dead. func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) { cc := cs.cc + ctx := cs.ctx cc.mu.Lock() defer cc.mu.Unlock() for { if cc.closed { return 0, errClientConnClosed } - if cs.stopReqBody != nil { - return 0, cs.stopReqBody + if cs.reqBodyClosed { + return 0, errStopReqBodyWrite } - if err := cs.checkResetOrDone(); err != nil { - return 0, err + select { + case <-cs.abort: + return 0, cs.abortErr + case <-ctx.Done(): + return 0, ctx.Err() + case <-cs.reqCancel: + return 0, errRequestCanceled + default: } if a := cs.flow.available(); a > 0 { take := a @@ -1450,9 +1705,14 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) } } -// requires cc.mu be held. +var errNilRequestURL = errors.New("http2: Request.URI is nil") + +// requires cc.wmu be held. func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { cc.hbuf.Reset() + if req.URL == nil { + return nil, errNilRequestURL + } host := req.Host if host == "" { @@ -1638,12 +1898,12 @@ func shouldSendReqContentLength(method string, contentLength int64) bool { } } -// requires cc.mu be held. -func (cc *ClientConn) encodeTrailers(req *http.Request) ([]byte, error) { +// requires cc.wmu be held. +func (cc *ClientConn) encodeTrailers(trailer http.Header) ([]byte, error) { cc.hbuf.Reset() hlSize := uint64(0) - for k, vv := range req.Trailer { + for k, vv := range trailer { for _, v := range vv { hf := hpack.HeaderField{Name: k, Value: v} hlSize += uint64(hf.Size()) @@ -1653,7 +1913,7 @@ func (cc *ClientConn) encodeTrailers(req *http.Request) ([]byte, error) { return nil, errRequestHeaderListSize } - for k, vv := range req.Trailer { + for k, vv := range trailer { lowKey, ascii := asciiToLower(k) if !ascii { // Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header @@ -1683,51 +1943,51 @@ type resAndError struct { } // requires cc.mu be held. -func (cc *ClientConn) newStream() *clientStream { - cs := &clientStream{ - cc: cc, - ID: cc.nextStreamID, - resc: make(chan resAndError, 1), - peerReset: make(chan struct{}), - done: make(chan struct{}), - } +func (cc *ClientConn) addStreamLocked(cs *clientStream) { cs.flow.add(int32(cc.initialWindowSize)) cs.flow.setConnFlow(&cc.flow) cs.inflow.add(transportDefaultStreamFlow) cs.inflow.setConnFlow(&cc.inflow) + cs.ID = cc.nextStreamID cc.nextStreamID += 2 cc.streams[cs.ID] = cs - return cs + if cs.ID == 0 { + panic("assigned stream ID 0") + } } func (cc *ClientConn) forgetStreamID(id uint32) { - cc.streamByID(id, true) -} - -func (cc *ClientConn) streamByID(id uint32, andRemove bool) *clientStream { cc.mu.Lock() - defer cc.mu.Unlock() - cs := cc.streams[id] - if andRemove && cs != nil && !cc.closed { - cc.lastActive = time.Now() - delete(cc.streams, id) - if len(cc.streams) == 0 && cc.idleTimer != nil { - cc.idleTimer.Reset(cc.idleTimeout) - cc.lastIdle = time.Now() - } - close(cs.done) - // Wake up checkResetOrDone via clientStream.awaitFlowControl and - // wake up RoundTrip if there is a pending request. - cc.cond.Broadcast() + slen := len(cc.streams) + delete(cc.streams, id) + if len(cc.streams) != slen-1 { + panic("forgetting unknown stream id") + } + cc.lastActive = time.Now() + if len(cc.streams) == 0 && cc.idleTimer != nil { + cc.idleTimer.Reset(cc.idleTimeout) + cc.lastIdle = time.Now() + } + // Wake up writeRequestBody via clientStream.awaitFlowControl and + // wake up RoundTrip if there is a pending request. + cc.cond.Broadcast() + + closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() + if closeOnIdle && cc.streamsReserved == 0 && len(cc.streams) == 0 { + if VerboseLogs { + cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, cc.nextStreamID-2) + } + cc.closed = true + defer cc.tconn.Close() } - return cs + + cc.mu.Unlock() } // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop. type clientConnReadLoop struct { - _ incomparable - cc *ClientConn - closeWhenIdle bool + _ incomparable + cc *ClientConn } // readLoop runs in its own goroutine and reads and dispatches frames. @@ -1787,23 +2047,49 @@ func (rl *clientConnReadLoop) cleanup() { } else if err == io.EOF { err = io.ErrUnexpectedEOF } + cc.closed = true for _, cs := range cc.streams { - cs.bufPipe.CloseWithError(err) // no-op if already closed select { - case cs.resc <- resAndError{err: err}: + case <-cs.peerClosed: + // The server closed the stream before closing the conn, + // so no need to interrupt it. default: + cs.abortStreamLocked(err) } - close(cs.done) } - cc.closed = true cc.cond.Broadcast() cc.mu.Unlock() } +// countReadFrameError calls Transport.CountError with a string +// representing err. +func (cc *ClientConn) countReadFrameError(err error) { + f := cc.t.CountError + if f == nil || err == nil { + return + } + if ce, ok := err.(ConnectionError); ok { + errCode := ErrCode(ce) + f(fmt.Sprintf("read_frame_conn_error_%s", errCode.stringToken())) + return + } + if errors.Is(err, io.EOF) { + f("read_frame_eof") + return + } + if errors.Is(err, io.ErrUnexpectedEOF) { + f("read_frame_unexpected_eof") + return + } + if errors.Is(err, ErrFrameTooLarge) { + f("read_frame_too_large") + return + } + f("read_frame_other") +} + func (rl *clientConnReadLoop) run() error { cc := rl.cc - rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse - gotReply := false // ever saw a HEADERS reply gotSettings := false readIdleTimeout := cc.t.ReadIdleTimeout var t *time.Timer @@ -1820,9 +2106,7 @@ func (rl *clientConnReadLoop) run() error { cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) } if se, ok := err.(StreamError); ok { - if cs := cc.streamByID(se.StreamID, false); cs != nil { - cs.cc.writeStreamReset(cs.ID, se.Code, err) - cs.cc.forgetStreamID(cs.ID) + if cs := rl.streamByID(se.StreamID); cs != nil { if se.Cause == nil { se.Cause = cc.fr.errDetail } @@ -1830,6 +2114,7 @@ func (rl *clientConnReadLoop) run() error { } continue } else if err != nil { + cc.countReadFrameError(err) return err } if VerboseLogs { @@ -1842,22 +2127,16 @@ func (rl *clientConnReadLoop) run() error { } gotSettings = true } - maybeIdle := false // whether frame might transition us to idle switch f := f.(type) { case *MetaHeadersFrame: err = rl.processHeaders(f) - maybeIdle = true - gotReply = true case *DataFrame: err = rl.processData(f) - maybeIdle = true case *GoAwayFrame: err = rl.processGoAway(f) - maybeIdle = true case *RSTStreamFrame: err = rl.processResetStream(f) - maybeIdle = true case *SettingsFrame: err = rl.processSettings(f) case *PushPromiseFrame: @@ -1875,38 +2154,24 @@ func (rl *clientConnReadLoop) run() error { } return err } - if rl.closeWhenIdle && gotReply && maybeIdle { - cc.closeIfIdle() - } } } func (rl *clientConnReadLoop) processHeaders(f *MetaHeadersFrame) error { - cc := rl.cc - cs := cc.streamByID(f.StreamID, false) + cs := rl.streamByID(f.StreamID) if cs == nil { // We'd get here if we canceled a request while the // server had its response still in flight. So if this // was just something we canceled, ignore it. return nil } - if f.StreamEnded() { - // Issue 20521: If the stream has ended, streamByID() causes - // clientStream.done to be closed, which causes the request's bodyWriter - // to be closed with an errStreamClosed, which may be received by - // clientConn.RoundTrip before the result of processing these headers. - // Deferring stream closure allows the header processing to occur first. - // clientConn.RoundTrip may still receive the bodyWriter error first, but - // the fix for issue 16102 prioritises any response. - // - // Issue 22413: If there is no request body, we should close the - // stream before writing to cs.resc so that the stream is closed - // immediately once RoundTrip returns. - if cs.req.Body != nil { - defer cc.forgetStreamID(f.StreamID) - } else { - cc.forgetStreamID(f.StreamID) - } + if cs.readClosed { + rl.endStreamError(cs, StreamError{ + StreamID: f.StreamID, + Code: ErrCodeProtocol, + Cause: errors.New("protocol error: headers after END_STREAM"), + }) + return nil } if !cs.firstByte { if cs.trace != nil { @@ -1930,9 +2195,11 @@ func (rl *clientConnReadLoop) processHeaders(f *MetaHeadersFrame) error { return err } // Any other error type is a stream error. - cs.cc.writeStreamReset(f.StreamID, ErrCodeProtocol, err) - cc.forgetStreamID(cs.ID) - cs.resc <- resAndError{err: err} + rl.endStreamError(cs, StreamError{ + StreamID: f.StreamID, + Code: ErrCodeProtocol, + Cause: err, + }) return nil // return nil from process* funcs to keep conn alive } if res == nil { @@ -1940,7 +2207,11 @@ func (rl *clientConnReadLoop) processHeaders(f *MetaHeadersFrame) error { return nil } cs.resTrailer = &res.Trailer - cs.resc <- resAndError{res: res} + cs.res = res + close(cs.respHeaderRecv) + if f.StreamEnded() { + rl.endStream(cs) + } return nil } @@ -2002,6 +2273,9 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra } if statusCode >= 100 && statusCode <= 199 { + if f.StreamEnded() { + return nil, errors.New("1xx informational response with END_STREAM flag") + } cs.num1xx++ const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http if cs.num1xx > max1xxResponses { @@ -2014,42 +2288,49 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra } if statusCode == 100 { traceGot100Continue(cs.trace) - if cs.on100 != nil { - cs.on100() // forces any write delay timer to fire + select { + case cs.on100 <- struct{}{}: + default: } } cs.pastHeaders = false // do it all again return nil, nil } - streamEnded := f.StreamEnded() - isHead := cs.req.Method == "HEAD" - if !streamEnded || isHead { - res.ContentLength = -1 - if clens := res.Header["Content-Length"]; len(clens) == 1 { - if cl, err := strconv.ParseUint(clens[0], 10, 63); err == nil { - res.ContentLength = int64(cl) - } else { - // TODO: care? unlike http/1, it won't mess up our framing, so it's - // more safe smuggling-wise to ignore. - } - } else if len(clens) > 1 { + res.ContentLength = -1 + if clens := res.Header["Content-Length"]; len(clens) == 1 { + if cl, err := strconv.ParseUint(clens[0], 10, 63); err == nil { + res.ContentLength = int64(cl) + } else { // TODO: care? unlike http/1, it won't mess up our framing, so it's // more safe smuggling-wise to ignore. } + } else if len(clens) > 1 { + // TODO: care? unlike http/1, it won't mess up our framing, so it's + // more safe smuggling-wise to ignore. + } else if f.StreamEnded() && !cs.isHead { + res.ContentLength = 0 } - if streamEnded || isHead { + if cs.isHead { res.Body = noBody return res, nil } - cs.bufPipe = pipe{b: &dataBuffer{expected: res.ContentLength}} + if f.StreamEnded() { + if res.ContentLength > 0 { + res.Body = missingBody{} + } else { + res.Body = noBody + } + return res, nil + } + + cs.bufPipe.setBuffer(&dataBuffer{expected: res.ContentLength}) cs.bytesRemain = res.ContentLength res.Body = transportResponseBody{cs} - go cs.awaitRequestCancel(cs.req) - if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" { + if cs.requestedGzip && asciiEqualFold(res.Header.Get("Content-Encoding"), "gzip") { res.Header.Del("Content-Encoding") res.Header.Del("Content-Length") res.ContentLength = -1 @@ -2088,8 +2369,7 @@ func (rl *clientConnReadLoop) processTrailers(cs *clientStream, f *MetaHeadersFr } // transportResponseBody is the concrete type of Transport.RoundTrip's -// Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body. -// On Close it sends RST_STREAM if EOF wasn't already seen. +// Response.Body. It is an io.ReadCloser. type transportResponseBody struct { cs *clientStream } @@ -2107,7 +2387,7 @@ func (b transportResponseBody) Read(p []byte) (n int, err error) { n = int(cs.bytesRemain) if err == nil { err = errors.New("net/http: server replied with more than declared Content-Length; truncated") - cc.writeStreamReset(cs.ID, ErrCodeProtocol, err) + cs.abortStream(err) } cs.readErr = err return int(cs.bytesRemain), err @@ -2125,8 +2405,6 @@ func (b transportResponseBody) Read(p []byte) (n int, err error) { } cc.mu.Lock() - defer cc.mu.Unlock() - var connAdd, streamAdd int32 // Check the conn-level first, before the stream-level. if v := cc.inflow.available(); v < transportDefaultConnFlow/2 { @@ -2143,6 +2421,8 @@ func (b transportResponseBody) Read(p []byte) (n int, err error) { cs.inflow.add(streamAdd) } } + cc.mu.Unlock() + if connAdd != 0 || streamAdd != 0 { cc.wmu.Lock() defer cc.wmu.Unlock() @@ -2163,34 +2443,45 @@ func (b transportResponseBody) Close() error { cs := b.cs cc := cs.cc - serverSentStreamEnd := cs.bufPipe.Err() == io.EOF unread := cs.bufPipe.Len() - - if unread > 0 || !serverSentStreamEnd { + if unread > 0 { cc.mu.Lock() - cc.wmu.Lock() - if !serverSentStreamEnd { - cc.fr.WriteRSTStream(cs.ID, ErrCodeCancel) - cs.didReset = true - } // Return connection-level flow control. if unread > 0 { cc.inflow.add(int32(unread)) + } + cc.mu.Unlock() + + // TODO(dneil): Acquiring this mutex can block indefinitely. + // Move flow control return to a goroutine? + cc.wmu.Lock() + // Return connection-level flow control. + if unread > 0 { cc.fr.WriteWindowUpdate(0, uint32(unread)) } cc.bw.Flush() cc.wmu.Unlock() - cc.mu.Unlock() } cs.bufPipe.BreakWithError(errClosedResponseBody) - cc.forgetStreamID(cs.ID) + cs.abortStream(errClosedResponseBody) + + select { + case <-cs.donec: + case <-cs.ctx.Done(): + // See golang/go#49366: The net/http package can cancel the + // request context after the response body is fully read. + // Don't treat this as an error. + return nil + case <-cs.reqCancel: + return errRequestCanceled + } return nil } func (rl *clientConnReadLoop) processData(f *DataFrame) error { cc := rl.cc - cs := cc.streamByID(f.StreamID, f.StreamEnded()) + cs := rl.streamByID(f.StreamID) data := f.Data() if cs == nil { cc.mu.Lock() @@ -2219,6 +2510,14 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error { } return nil } + if cs.readClosed { + cc.logf("protocol error: received DATA after END_STREAM") + rl.endStreamError(cs, StreamError{ + StreamID: f.StreamID, + Code: ErrCodeProtocol, + }) + return nil + } if !cs.firstByte { cc.logf("protocol error: received DATA before a HEADERS frame") rl.endStreamError(cs, StreamError{ @@ -2228,7 +2527,7 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error { return nil } if f.Length > 0 { - if cs.req.Method == "HEAD" && len(data) > 0 { + if cs.isHead && len(data) > 0 { cc.logf("protocol error: received DATA on a HEAD request") rl.endStreamError(cs, StreamError{ StreamID: f.StreamID, @@ -2250,30 +2549,39 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error { if pad := int(f.Length) - len(data); pad > 0 { refund += pad } - // Return len(data) now if the stream is already closed, - // since data will never be read. - didReset := cs.didReset - if didReset { - refund += len(data) + + didReset := false + var err error + if len(data) > 0 { + if _, err = cs.bufPipe.Write(data); err != nil { + // Return len(data) now if the stream is already closed, + // since data will never be read. + didReset = true + refund += len(data) + } } + if refund > 0 { cc.inflow.add(int32(refund)) + if !didReset { + cs.inflow.add(int32(refund)) + } + } + cc.mu.Unlock() + + if refund > 0 { cc.wmu.Lock() cc.fr.WriteWindowUpdate(0, uint32(refund)) if !didReset { - cs.inflow.add(int32(refund)) cc.fr.WriteWindowUpdate(cs.ID, uint32(refund)) } cc.bw.Flush() cc.wmu.Unlock() } - cc.mu.Unlock() - if len(data) > 0 && !didReset { - if _, err := cs.bufPipe.Write(data); err != nil { - rl.endStreamError(cs, err) - return err - } + if err != nil { + rl.endStreamError(cs, err) + return nil } } @@ -2286,24 +2594,32 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error { func (rl *clientConnReadLoop) endStream(cs *clientStream) { // TODO: check that any declared content-length matches, like // server.go's (*stream).endStream method. - rl.endStreamError(cs, nil) + if !cs.readClosed { + cs.readClosed = true + // Close cs.bufPipe and cs.peerClosed with cc.mu held to avoid a + // race condition: The caller can read io.EOF from Response.Body + // and close the body before we close cs.peerClosed, causing + // cleanupWriteRequest to send a RST_STREAM. + rl.cc.mu.Lock() + defer rl.cc.mu.Unlock() + cs.bufPipe.closeWithErrorAndCode(io.EOF, cs.copyTrailers) + close(cs.peerClosed) + } } func (rl *clientConnReadLoop) endStreamError(cs *clientStream, err error) { - var code func() - if err == nil { - err = io.EOF - code = cs.copyTrailers - } - if isConnectionCloseRequest(cs.req) { - rl.closeWhenIdle = true - } - cs.bufPipe.closeWithErrorAndCode(err, code) + cs.readAborted = true + cs.abortStream(err) +} - select { - case cs.resc <- resAndError{err: err}: - default: +func (rl *clientConnReadLoop) streamByID(id uint32) *clientStream { + rl.cc.mu.Lock() + defer rl.cc.mu.Unlock() + cs := rl.cc.streams[id] + if cs != nil && !cs.readAborted { + return cs } + return nil } func (cs *clientStream) copyTrailers() { @@ -2322,12 +2638,33 @@ func (rl *clientConnReadLoop) processGoAway(f *GoAwayFrame) error { if f.ErrCode != 0 { // TODO: deal with GOAWAY more. particularly the error code cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode) + if fn := cc.t.CountError; fn != nil { + fn("recv_goaway_" + f.ErrCode.stringToken()) + } + } cc.setGoAway(f) return nil } func (rl *clientConnReadLoop) processSettings(f *SettingsFrame) error { + cc := rl.cc + // Locking both mu and wmu here allows frame encoding to read settings with only wmu held. + // Acquiring wmu when f.IsAck() is unnecessary, but convenient and mostly harmless. + cc.wmu.Lock() + defer cc.wmu.Unlock() + + if err := rl.processSettingsNoWrite(f); err != nil { + return err + } + if !f.IsAck() { + cc.fr.WriteSettingsAck() + cc.bw.Flush() + } + return nil +} + +func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { cc := rl.cc cc.mu.Lock() defer cc.mu.Unlock() @@ -2340,12 +2677,14 @@ func (rl *clientConnReadLoop) processSettings(f *SettingsFrame) error { return ConnectionError(ErrCodeProtocol) } + var seenMaxConcurrentStreams bool err := f.ForeachSetting(func(s Setting) error { switch s.ID { case SettingMaxFrameSize: cc.maxFrameSize = s.Val case SettingMaxConcurrentStreams: cc.maxConcurrentStreams = s.Val + seenMaxConcurrentStreams = true case SettingMaxHeaderListSize: cc.peerMaxHeaderListSize = uint64(s.Val) case SettingInitialWindowSize: @@ -2377,17 +2716,23 @@ func (rl *clientConnReadLoop) processSettings(f *SettingsFrame) error { return err } - cc.wmu.Lock() - defer cc.wmu.Unlock() + if !cc.seenSettings { + if !seenMaxConcurrentStreams { + // This was the servers initial SETTINGS frame and it + // didn't contain a MAX_CONCURRENT_STREAMS field so + // increase the number of concurrent streams this + // connection can establish to our default. + cc.maxConcurrentStreams = defaultMaxConcurrentStreams + } + cc.seenSettings = true + } - cc.fr.WriteSettingsAck() - cc.bw.Flush() - return cc.werr + return nil } func (rl *clientConnReadLoop) processWindowUpdate(f *WindowUpdateFrame) error { cc := rl.cc - cs := cc.streamByID(f.StreamID, false) + cs := rl.streamByID(f.StreamID) if f.StreamID != 0 && cs == nil { return nil } @@ -2407,24 +2752,22 @@ func (rl *clientConnReadLoop) processWindowUpdate(f *WindowUpdateFrame) error { } func (rl *clientConnReadLoop) processResetStream(f *RSTStreamFrame) error { - cs := rl.cc.streamByID(f.StreamID, true) + cs := rl.streamByID(f.StreamID) if cs == nil { - // TODO: return error if server tries to RST_STEAM an idle stream + // TODO: return error if server tries to RST_STREAM an idle stream return nil } - select { - case <-cs.peerReset: - // Already reset. - // This is the only goroutine - // which closes this, so there - // isn't a race. - default: - err := streamError(cs.ID, f.ErrCode) - cs.resetErr = err - close(cs.peerReset) - cs.bufPipe.CloseWithError(err) - cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl + serr := streamError(cs.ID, f.ErrCode) + serr.Cause = errFromPeer + if f.ErrCode == ErrCodeProtocol { + rl.cc.SetDoNotReuse() } + if fn := cs.cc.t.CountError; fn != nil { + fn("recv_rststream_" + f.ErrCode.stringToken()) + } + cs.abortStream(serr) + + cs.bufPipe.CloseWithError(serr) return nil } @@ -2446,19 +2789,24 @@ func (cc *ClientConn) Ping(ctx context.Context) error { } cc.mu.Unlock() } - cc.wmu.Lock() - if err := cc.fr.WritePing(false, p); err != nil { - cc.wmu.Unlock() - return err - } - if err := cc.bw.Flush(); err != nil { - cc.wmu.Unlock() - return err - } - cc.wmu.Unlock() + errc := make(chan error, 1) + go func() { + cc.wmu.Lock() + defer cc.wmu.Unlock() + if err := cc.fr.WritePing(false, p); err != nil { + errc <- err + return + } + if err := cc.bw.Flush(); err != nil { + errc <- err + return + } + }() select { case <-c: return nil + case err := <-errc: + return err case <-ctx.Done(): return ctx.Err() case <-cc.readerDone: @@ -2535,6 +2883,11 @@ func (t *Transport) logf(format string, args ...interface{}) { var noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil)) +type missingBody struct{} + +func (missingBody) Close() error { return nil } +func (missingBody) Read([]byte) (int, error) { return 0, io.ErrUnexpectedEOF } + func strSliceContains(ss []string, s string) bool { for _, v := range ss { if v == s { @@ -2580,87 +2933,6 @@ type errorReader struct{ err error } func (r errorReader) Read(p []byte) (int, error) { return 0, r.err } -// bodyWriterState encapsulates various state around the Transport's writing -// of the request body, particularly regarding doing delayed writes of the body -// when the request contains "Expect: 100-continue". -type bodyWriterState struct { - cs *clientStream - timer *time.Timer // if non-nil, we're doing a delayed write - fnonce *sync.Once // to call fn with - fn func() // the code to run in the goroutine, writing the body - resc chan error // result of fn's execution - delay time.Duration // how long we should delay a delayed write for -} - -func (t *Transport) getBodyWriterState(cs *clientStream, body io.Reader) (s bodyWriterState) { - s.cs = cs - if body == nil { - return - } - resc := make(chan error, 1) - s.resc = resc - s.fn = func() { - cs.cc.mu.Lock() - cs.startedWrite = true - cs.cc.mu.Unlock() - resc <- cs.writeRequestBody(body, cs.req.Body) - } - s.delay = t.expectContinueTimeout() - if s.delay == 0 || - !httpguts.HeaderValuesContainsToken( - cs.req.Header["Expect"], - "100-continue") { - return - } - s.fnonce = new(sync.Once) - - // Arm the timer with a very large duration, which we'll - // intentionally lower later. It has to be large now because - // we need a handle to it before writing the headers, but the - // s.delay value is defined to not start until after the - // request headers were written. - const hugeDuration = 365 * 24 * time.Hour - s.timer = time.AfterFunc(hugeDuration, func() { - s.fnonce.Do(s.fn) - }) - return -} - -func (s bodyWriterState) cancel() { - if s.timer != nil { - if s.timer.Stop() { - s.resc <- nil - } - } -} - -func (s bodyWriterState) on100() { - if s.timer == nil { - // If we didn't do a delayed write, ignore the server's - // bogus 100 continue response. - return - } - s.timer.Stop() - go func() { s.fnonce.Do(s.fn) }() -} - -// scheduleBodyWrite starts writing the body, either immediately (in -// the common case) or after the delay timeout. It should not be -// called until after the headers have been written. -func (s bodyWriterState) scheduleBodyWrite() { - if s.timer == nil { - // We're not doing a delayed write (see - // getBodyWriterState), so just start the writing - // goroutine immediately. - go s.fn() - return - } - traceWait100Continue(s.cs.trace) - if s.timer.Stop() { - s.timer.Reset(s.delay) - } -} - // isConnectionCloseRequest reports whether req should use its own // connection for a single request and then close the connection. func isConnectionCloseRequest(req *http.Request) bool { diff --git a/vendor/golang.org/x/net/http2/writesched.go b/vendor/golang.org/x/net/http2/writesched.go index f24d2b1e7..c7cd00173 100644 --- a/vendor/golang.org/x/net/http2/writesched.go +++ b/vendor/golang.org/x/net/http2/writesched.go @@ -32,7 +32,8 @@ type WriteScheduler interface { // Pop dequeues the next frame to write. Returns false if no frames can // be written. Frames with a given wr.StreamID() are Pop'd in the same - // order they are Push'd. No frames should be discarded except by CloseStream. + // order they are Push'd, except RST_STREAM frames. No frames should be + // discarded except by CloseStream. Pop() (wr FrameWriteRequest, ok bool) } @@ -52,6 +53,7 @@ type FrameWriteRequest struct { // stream is the stream on which this frame will be written. // nil for non-stream frames like PING and SETTINGS. + // nil for RST_STREAM streams, which use the StreamError.StreamID field instead. stream *stream // done, if non-nil, must be a buffered channel with space for diff --git a/vendor/golang.org/x/net/http2/writesched_random.go b/vendor/golang.org/x/net/http2/writesched_random.go index 9a7b9e581..f2e55e05c 100644 --- a/vendor/golang.org/x/net/http2/writesched_random.go +++ b/vendor/golang.org/x/net/http2/writesched_random.go @@ -45,11 +45,11 @@ func (ws *randomWriteScheduler) AdjustStream(streamID uint32, priority PriorityP } func (ws *randomWriteScheduler) Push(wr FrameWriteRequest) { - id := wr.StreamID() - if id == 0 { + if wr.isControl() { ws.zero.push(wr) return } + id := wr.StreamID() q, ok := ws.sq[id] if !ok { q = ws.queuePool.get() @@ -59,7 +59,7 @@ func (ws *randomWriteScheduler) Push(wr FrameWriteRequest) { } func (ws *randomWriteScheduler) Pop() (FrameWriteRequest, bool) { - // Control frames first. + // Control and RST_STREAM frames first. if !ws.zero.empty() { return ws.zero.shift(), true } diff --git a/vendor/golang.org/x/net/idna/go118.go b/vendor/golang.org/x/net/idna/go118.go new file mode 100644 index 000000000..c5c4338db --- /dev/null +++ b/vendor/golang.org/x/net/idna/go118.go @@ -0,0 +1,14 @@ +// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. + +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.18 +// +build go1.18 + +package idna + +// Transitional processing is disabled by default in Go 1.18. +// https://golang.org/issue/47510 +const transitionalLookup = false diff --git a/vendor/golang.org/x/net/idna/idna10.0.0.go b/vendor/golang.org/x/net/idna/idna10.0.0.go index 5208ba6cb..64ccf85fe 100644 --- a/vendor/golang.org/x/net/idna/idna10.0.0.go +++ b/vendor/golang.org/x/net/idna/idna10.0.0.go @@ -59,10 +59,10 @@ type Option func(*options) // Transitional sets a Profile to use the Transitional mapping as defined in UTS // #46. This will cause, for example, "ß" to be mapped to "ss". Using the // transitional mapping provides a compromise between IDNA2003 and IDNA2008 -// compatibility. It is used by most browsers when resolving domain names. This +// compatibility. It is used by some browsers when resolving domain names. This // option is only meaningful if combined with MapForLookup. func Transitional(transitional bool) Option { - return func(o *options) { o.transitional = true } + return func(o *options) { o.transitional = transitional } } // VerifyDNSLength sets whether a Profile should fail if any of the IDN parts @@ -284,7 +284,7 @@ var ( punycode = &Profile{} lookup = &Profile{options{ - transitional: true, + transitional: transitionalLookup, useSTD3Rules: true, checkHyphens: true, checkJoiners: true, diff --git a/vendor/golang.org/x/net/idna/idna9.0.0.go b/vendor/golang.org/x/net/idna/idna9.0.0.go index 55f718f12..aae6aac87 100644 --- a/vendor/golang.org/x/net/idna/idna9.0.0.go +++ b/vendor/golang.org/x/net/idna/idna9.0.0.go @@ -58,10 +58,10 @@ type Option func(*options) // Transitional sets a Profile to use the Transitional mapping as defined in UTS // #46. This will cause, for example, "ß" to be mapped to "ss". Using the // transitional mapping provides a compromise between IDNA2003 and IDNA2008 -// compatibility. It is used by most browsers when resolving domain names. This +// compatibility. It is used by some browsers when resolving domain names. This // option is only meaningful if combined with MapForLookup. func Transitional(transitional bool) Option { - return func(o *options) { o.transitional = true } + return func(o *options) { o.transitional = transitional } } // VerifyDNSLength sets whether a Profile should fail if any of the IDN parts diff --git a/vendor/golang.org/x/net/idna/pre_go118.go b/vendor/golang.org/x/net/idna/pre_go118.go new file mode 100644 index 000000000..3aaccab1c --- /dev/null +++ b/vendor/golang.org/x/net/idna/pre_go118.go @@ -0,0 +1,12 @@ +// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. + +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.18 +// +build !go1.18 + +package idna + +const transitionalLookup = true diff --git a/vendor/golang.org/x/net/idna/punycode.go b/vendor/golang.org/x/net/idna/punycode.go index 02c7d59af..e8e3ac11a 100644 --- a/vendor/golang.org/x/net/idna/punycode.go +++ b/vendor/golang.org/x/net/idna/punycode.go @@ -49,6 +49,7 @@ func decode(encoded string) (string, error) { } } i, n, bias := int32(0), initialN, initialBias + overflow := false for pos < len(encoded) { oldI, w := i, int32(1) for k := base; ; k += base { @@ -60,29 +61,32 @@ func decode(encoded string) (string, error) { return "", punyError(encoded) } pos++ - i += digit * w - if i < 0 { + i, overflow = madd(i, digit, w) + if overflow { return "", punyError(encoded) } t := k - bias - if t < tmin { + if k <= bias { t = tmin - } else if t > tmax { + } else if k >= bias+tmax { t = tmax } if digit < t { break } - w *= base - t - if w >= math.MaxInt32/base { + w, overflow = madd(0, w, base-t) + if overflow { return "", punyError(encoded) } } + if len(output) >= 1024 { + return "", punyError(encoded) + } x := int32(len(output) + 1) bias = adapt(i-oldI, x, oldI == 0) n += i / x i %= x - if n > utf8.MaxRune || len(output) >= 1024 { + if n < 0 || n > utf8.MaxRune { return "", punyError(encoded) } output = append(output, 0) @@ -115,6 +119,7 @@ func encode(prefix, s string) (string, error) { if b > 0 { output = append(output, '-') } + overflow := false for remaining != 0 { m := int32(0x7fffffff) for _, r := range s { @@ -122,8 +127,8 @@ func encode(prefix, s string) (string, error) { m = r } } - delta += (m - n) * (h + 1) - if delta < 0 { + delta, overflow = madd(delta, m-n, h+1) + if overflow { return "", punyError(s) } n = m @@ -141,9 +146,9 @@ func encode(prefix, s string) (string, error) { q := delta for k := base; ; k += base { t := k - bias - if t < tmin { + if k <= bias { t = tmin - } else if t > tmax { + } else if k >= bias+tmax { t = tmax } if q < t { @@ -164,6 +169,15 @@ func encode(prefix, s string) (string, error) { return string(output), nil } +// madd computes a + (b * c), detecting overflow. +func madd(a, b, c int32) (next int32, overflow bool) { + p := int64(b) * int64(c) + if p > math.MaxInt32-int64(a) { + return 0, true + } + return a + int32(p), false +} + func decodeDigit(x byte) (digit int32, ok bool) { switch { case '0' <= x && x <= '9': diff --git a/vendor/k8s.io/api/autoscaling/v2beta1/types.go b/vendor/k8s.io/api/autoscaling/v2beta1/types.go index c49c5e0c5..22bb7699e 100644 --- a/vendor/k8s.io/api/autoscaling/v2beta1/types.go +++ b/vendor/k8s.io/api/autoscaling/v2beta1/types.go @@ -449,7 +449,7 @@ type ExternalMetricStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.8 // +k8s:prerelease-lifecycle-gen:deprecated=1.22 -// +k8s:prerelease-lifecycle-gen:replacement=autoscaling,v2beta2,HorizontalPodAutoscaler +// +k8s:prerelease-lifecycle-gen:replacement=autoscaling,v2,HorizontalPodAutoscaler // HorizontalPodAutoscaler is the configuration for a horizontal pod // autoscaler, which automatically manages the replica count of any resource diff --git a/vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.prerelease-lifecycle.go index 67d38d051..3437454ee 100644 --- a/vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.prerelease-lifecycle.go +++ b/vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.prerelease-lifecycle.go @@ -40,7 +40,7 @@ func (in *HorizontalPodAutoscaler) APILifecycleDeprecated() (major, minor int) { // APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. // It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. func (in *HorizontalPodAutoscaler) APILifecycleReplacement() schema.GroupVersionKind { - return schema.GroupVersionKind{Group: "autoscaling", Version: "v2beta2", Kind: "HorizontalPodAutoscaler"} + return schema.GroupVersionKind{Group: "autoscaling", Version: "v2", Kind: "HorizontalPodAutoscaler"} } // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. diff --git a/vendor/k8s.io/api/autoscaling/v2beta2/types.go b/vendor/k8s.io/api/autoscaling/v2beta2/types.go index 7619f1e00..10bdec5b9 100644 --- a/vendor/k8s.io/api/autoscaling/v2beta2/types.go +++ b/vendor/k8s.io/api/autoscaling/v2beta2/types.go @@ -28,6 +28,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.12 // +k8s:prerelease-lifecycle-gen:deprecated=1.23 +// +k8s:prerelease-lifecycle-gen:replacement=autoscaling,v2,HorizontalPodAutoscaler // HorizontalPodAutoscaler is the configuration for a horizontal pod // autoscaler, which automatically manages the replica count of any resource diff --git a/vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.prerelease-lifecycle.go index b8e49bc51..6d1c2504a 100644 --- a/vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.prerelease-lifecycle.go +++ b/vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.prerelease-lifecycle.go @@ -21,6 +21,10 @@ limitations under the License. package v2beta2 +import ( + schema "k8s.io/apimachinery/pkg/runtime/schema" +) + // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. func (in *HorizontalPodAutoscaler) APILifecycleIntroduced() (major, minor int) { @@ -33,6 +37,12 @@ func (in *HorizontalPodAutoscaler) APILifecycleDeprecated() (major, minor int) { return 1, 23 } +// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. +// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. +func (in *HorizontalPodAutoscaler) APILifecycleReplacement() schema.GroupVersionKind { + return schema.GroupVersionKind{Group: "autoscaling", Version: "v2", Kind: "HorizontalPodAutoscaler"} +} + // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *HorizontalPodAutoscaler) APILifecycleRemoved() (major, minor int) { diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go index 99b609494..5af677e2f 100644 --- a/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go +++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go @@ -63,7 +63,7 @@ const ( // +k8s:prerelease-lifecycle-gen:introduced=1.18 // +k8s:prerelease-lifecycle-gen:deprecated=1.20 // +k8s:prerelease-lifecycle-gen:removed=1.21 -// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,FlowSchema +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchema // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". @@ -87,7 +87,7 @@ type FlowSchema struct { // +k8s:prerelease-lifecycle-gen:introduced=1.18 // +k8s:prerelease-lifecycle-gen:deprecated=1.20 // +k8s:prerelease-lifecycle-gen:removed=1.21 -// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,FlowSchemaList +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchemaList // FlowSchemaList is a list of FlowSchema objects. type FlowSchemaList struct { @@ -344,7 +344,7 @@ type FlowSchemaConditionType string // +k8s:prerelease-lifecycle-gen:introduced=1.18 // +k8s:prerelease-lifecycle-gen:deprecated=1.20 // +k8s:prerelease-lifecycle-gen:removed=1.21 -// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,PriorityLevelConfiguration +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfiguration // PriorityLevelConfiguration represents the configuration of a priority level. type PriorityLevelConfiguration struct { @@ -367,7 +367,7 @@ type PriorityLevelConfiguration struct { // +k8s:prerelease-lifecycle-gen:introduced=1.18 // +k8s:prerelease-lifecycle-gen:deprecated=1.20 // +k8s:prerelease-lifecycle-gen:removed=1.21 -// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,PriorityLevelConfigurationList +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfigurationList // PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects. type PriorityLevelConfigurationList struct { diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.prerelease-lifecycle.go index a248aec45..226014160 100644 --- a/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.prerelease-lifecycle.go +++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.prerelease-lifecycle.go @@ -40,7 +40,7 @@ func (in *FlowSchema) APILifecycleDeprecated() (major, minor int) { // APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. // It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. func (in *FlowSchema) APILifecycleReplacement() schema.GroupVersionKind { - return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "FlowSchema"} + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchema"} } // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. @@ -64,7 +64,7 @@ func (in *FlowSchemaList) APILifecycleDeprecated() (major, minor int) { // APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. // It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. func (in *FlowSchemaList) APILifecycleReplacement() schema.GroupVersionKind { - return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "FlowSchemaList"} + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchemaList"} } // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. @@ -88,7 +88,7 @@ func (in *PriorityLevelConfiguration) APILifecycleDeprecated() (major, minor int // APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. // It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. func (in *PriorityLevelConfiguration) APILifecycleReplacement() schema.GroupVersionKind { - return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "PriorityLevelConfiguration"} + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfiguration"} } // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. @@ -112,7 +112,7 @@ func (in *PriorityLevelConfigurationList) APILifecycleDeprecated() (major, minor // APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. // It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. func (in *PriorityLevelConfigurationList) APILifecycleReplacement() schema.GroupVersionKind { - return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "PriorityLevelConfigurationList"} + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfigurationList"} } // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/types.go b/vendor/k8s.io/api/flowcontrol/v1beta1/types.go index 767a32e7f..b45732642 100644 --- a/vendor/k8s.io/api/flowcontrol/v1beta1/types.go +++ b/vendor/k8s.io/api/flowcontrol/v1beta1/types.go @@ -105,6 +105,7 @@ const ( // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.20 +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchema // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". @@ -126,6 +127,7 @@ type FlowSchema struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.20 +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchemaList // FlowSchemaList is a list of FlowSchema objects. type FlowSchemaList struct { @@ -380,6 +382,7 @@ type FlowSchemaConditionType string // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.20 +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfiguration // PriorityLevelConfiguration represents the configuration of a priority level. type PriorityLevelConfiguration struct { @@ -400,6 +403,7 @@ type PriorityLevelConfiguration struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.20 +// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfigurationList // PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects. type PriorityLevelConfigurationList struct { diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.prerelease-lifecycle.go index f02fcdccd..ed1e16c26 100644 --- a/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.prerelease-lifecycle.go +++ b/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.prerelease-lifecycle.go @@ -21,6 +21,10 @@ limitations under the License. package v1beta1 +import ( + schema "k8s.io/apimachinery/pkg/runtime/schema" +) + // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. func (in *FlowSchema) APILifecycleIntroduced() (major, minor int) { @@ -33,6 +37,12 @@ func (in *FlowSchema) APILifecycleDeprecated() (major, minor int) { return 1, 23 } +// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. +// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. +func (in *FlowSchema) APILifecycleReplacement() schema.GroupVersionKind { + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchema"} +} + // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *FlowSchema) APILifecycleRemoved() (major, minor int) { @@ -51,6 +61,12 @@ func (in *FlowSchemaList) APILifecycleDeprecated() (major, minor int) { return 1, 23 } +// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. +// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. +func (in *FlowSchemaList) APILifecycleReplacement() schema.GroupVersionKind { + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchemaList"} +} + // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *FlowSchemaList) APILifecycleRemoved() (major, minor int) { @@ -69,6 +85,12 @@ func (in *PriorityLevelConfiguration) APILifecycleDeprecated() (major, minor int return 1, 23 } +// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. +// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. +func (in *PriorityLevelConfiguration) APILifecycleReplacement() schema.GroupVersionKind { + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfiguration"} +} + // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *PriorityLevelConfiguration) APILifecycleRemoved() (major, minor int) { @@ -87,6 +109,12 @@ func (in *PriorityLevelConfigurationList) APILifecycleDeprecated() (major, minor return 1, 23 } +// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. +// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. +func (in *PriorityLevelConfigurationList) APILifecycleReplacement() schema.GroupVersionKind { + return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfigurationList"} +} + // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *PriorityLevelConfigurationList) APILifecycleRemoved() (major, minor int) { diff --git a/vendor/k8s.io/klog/v2/klog.go b/vendor/k8s.io/klog/v2/klog.go index 45efbb075..dacdf9112 100644 --- a/vendor/k8s.io/klog/v2/klog.go +++ b/vendor/k8s.io/klog/v2/klog.go @@ -801,14 +801,19 @@ func (l *loggingT) infoS(logger *logr.Logger, filter LogFilter, depth int, msg s // printS is called from infoS and errorS if loggr is not specified. // set log severity by s func (l *loggingT) printS(err error, s severity, depth int, msg string, keysAndValues ...interface{}) { - b := &bytes.Buffer{} - b.WriteString(fmt.Sprintf("%q", msg)) + // Only create a new buffer if we don't have one cached. + b := l.getBuffer() + // The message is always quoted, even if it contains line breaks. + // If developers want multi-line output, they should use a small, fixed + // message and put the multi-line output into a value. + b.WriteString(strconv.Quote(msg)) if err != nil { - b.WriteByte(' ') - b.WriteString(fmt.Sprintf("err=%q", err.Error())) + kvListFormat(&b.Buffer, "err", err) } - kvListFormat(b, keysAndValues...) - l.printDepth(s, logging.logr, nil, depth+1, b) + kvListFormat(&b.Buffer, keysAndValues...) + l.printDepth(s, logging.logr, nil, depth+1, &b.Buffer) + // Make the buffer available for reuse. + l.putBuffer(b) } const missingValue = "(MISSING)" @@ -823,22 +828,109 @@ func kvListFormat(b *bytes.Buffer, keysAndValues ...interface{}) { v = missingValue } b.WriteByte(' ') + // Keys are assumed to be well-formed according to + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/migration-to-structured-logging.md#name-arguments + // for the sake of performance. Keys with spaces, + // special characters, etc. will break parsing. + if k, ok := k.(string); ok { + // Avoid one allocation when the key is a string, which + // normally it should be. + b.WriteString(k) + } else { + b.WriteString(fmt.Sprintf("%s", k)) + } - switch v.(type) { - case string, error: - b.WriteString(fmt.Sprintf("%s=%q", k, v)) + // The type checks are sorted so that more frequently used ones + // come first because that is then faster in the common + // cases. In Kubernetes, ObjectRef (a Stringer) is more common + // than plain strings + // (https://github.com/kubernetes/kubernetes/pull/106594#issuecomment-975526235). + switch v := v.(type) { + case fmt.Stringer: + writeStringValue(b, true, stringerToString(v)) + case string: + writeStringValue(b, true, v) + case error: + writeStringValue(b, true, v.Error()) case []byte: - b.WriteString(fmt.Sprintf("%s=%+q", k, v)) + // In https://github.com/kubernetes/klog/pull/237 it was decided + // to format byte slices with "%+q". The advantages of that are: + // - readable output if the bytes happen to be printable + // - non-printable bytes get represented as unicode escape + // sequences (\uxxxx) + // + // The downsides are that we cannot use the faster + // strconv.Quote here and that multi-line output is not + // supported. If developers know that a byte array is + // printable and they want multi-line output, they can + // convert the value to string before logging it. + b.WriteByte('=') + b.WriteString(fmt.Sprintf("%+q", v)) default: - if _, ok := v.(fmt.Stringer); ok { - b.WriteString(fmt.Sprintf("%s=%q", k, v)) - } else { - b.WriteString(fmt.Sprintf("%s=%+v", k, v)) - } + writeStringValue(b, false, fmt.Sprintf("%+v", v)) } } } +func stringerToString(s fmt.Stringer) (ret string) { + defer func() { + if err := recover(); err != nil { + ret = "nil" + } + }() + ret = s.String() + return +} + +func writeStringValue(b *bytes.Buffer, quote bool, v string) { + data := []byte(v) + index := bytes.IndexByte(data, '\n') + if index == -1 { + b.WriteByte('=') + if quote { + // Simple string, quote quotation marks and non-printable characters. + b.WriteString(strconv.Quote(v)) + return + } + // Non-string with no line breaks. + b.WriteString(v) + return + } + + // Complex multi-line string, show as-is with indention like this: + // I... "hello world" key=< + // line 1 + // line 2 + // > + // + // Tabs indent the lines of the value while the end of string delimiter + // is indented with a space. That has two purposes: + // - visual difference between the two for a human reader because indention + // will be different + // - no ambiguity when some value line starts with the end delimiter + // + // One downside is that the output cannot distinguish between strings that + // end with a line break and those that don't because the end delimiter + // will always be on the next line. + b.WriteString("=<\n") + for index != -1 { + b.WriteByte('\t') + b.Write(data[0 : index+1]) + data = data[index+1:] + index = bytes.IndexByte(data, '\n') + } + if len(data) == 0 { + // String ended with line break, don't add another. + b.WriteString(" >") + } else { + // No line break at end of last line, write rest of string and + // add one. + b.WriteByte('\t') + b.Write(data) + b.WriteString("\n >") + } +} + // redirectBuffer is used to set an alternate destination for the logs type redirectBuffer struct { w io.Writer @@ -917,7 +1009,15 @@ func LogToStderr(stderr bool) { // output writes the data to the log files and releases the buffer. func (l *loggingT) output(s severity, log *logr.Logger, buf *buffer, depth int, file string, line int, alsoToStderr bool) { + var isLocked = true l.mu.Lock() + defer func() { + if isLocked { + // Unlock before returning in case that it wasn't done already. + l.mu.Unlock() + } + }() + if l.traceLocation.isSet() { if l.traceLocation.match(file, line) { buf.Write(stacks(false)) @@ -980,6 +1080,7 @@ func (l *loggingT) output(s severity, log *logr.Logger, buf *buffer, depth int, // If we got here via Exit rather than Fatal, print no stacks. if atomic.LoadUint32(&fatalNoStacks) > 0 { l.mu.Unlock() + isLocked = false timeoutFlush(10 * time.Second) os.Exit(1) } @@ -997,11 +1098,12 @@ func (l *loggingT) output(s severity, log *logr.Logger, buf *buffer, depth int, } } l.mu.Unlock() + isLocked = false timeoutFlush(10 * time.Second) - os.Exit(255) // C++ uses -1, which is silly because it's anded with 255 anyway. + os.Exit(255) // C++ uses -1, which is silly because it's anded(&) with 255 anyway. } l.putBuffer(buf) - l.mu.Unlock() + if stats := severityStats[s]; stats != nil { atomic.AddInt64(&stats.lines, 1) atomic.AddInt64(&stats.bytes, int64(len(data))) @@ -1387,6 +1489,14 @@ func InfoSDepth(depth int, msg string, keysAndValues ...interface{}) { logging.infoS(logging.logr, logging.filter, depth, msg, keysAndValues...) } +// InfoSDepth is equivalent to the global InfoSDepth function, guarded by the value of v. +// See the documentation of V for usage. +func (v Verbose) InfoSDepth(depth int, msg string, keysAndValues ...interface{}) { + if v.enabled { + logging.infoS(v.logr, v.filter, depth, msg, keysAndValues...) + } +} + // Deprecated: Use ErrorS instead. func (v Verbose) Error(err error, msg string, args ...interface{}) { if v.enabled { diff --git a/vendor/k8s.io/klog/v2/klog_file.go b/vendor/k8s.io/klog/v2/klog_file.go index de830d922..1025d644f 100644 --- a/vendor/k8s.io/klog/v2/klog_file.go +++ b/vendor/k8s.io/klog/v2/klog_file.go @@ -22,9 +22,7 @@ import ( "errors" "fmt" "os" - "os/user" "path/filepath" - "runtime" "strings" "sync" "time" @@ -57,38 +55,6 @@ func init() { } } -func getUserName() string { - userNameOnce.Do(func() { - // On Windows, the Go 'user' package requires netapi32.dll. - // This affects Windows Nano Server: - // https://github.com/golang/go/issues/21867 - // Fallback to using environment variables. - if runtime.GOOS == "windows" { - u := os.Getenv("USERNAME") - if len(u) == 0 { - return - } - // Sanitize the USERNAME since it may contain filepath separators. - u = strings.Replace(u, `\`, "_", -1) - - // user.Current().Username normally produces something like 'USERDOMAIN\USERNAME' - d := os.Getenv("USERDOMAIN") - if len(d) != 0 { - userName = d + "_" + u - } else { - userName = u - } - } else { - current, err := user.Current() - if err == nil { - userName = current.Username - } - } - }) - - return userName -} - // shortHostname returns its argument, truncating at the first period. // For instance, given "www.google.com" it returns "www". func shortHostname(hostname string) string { diff --git a/vendor/k8s.io/klog/v2/klog_file_others.go b/vendor/k8s.io/klog/v2/klog_file_others.go new file mode 100644 index 000000000..aa4672685 --- /dev/null +++ b/vendor/k8s.io/klog/v2/klog_file_others.go @@ -0,0 +1,19 @@ +//go:build !windows +// +build !windows + +package klog + +import ( + "os/user" +) + +func getUserName() string { + userNameOnce.Do(func() { + current, err := user.Current() + if err == nil { + userName = current.Username + } + }) + + return userName +} diff --git a/vendor/k8s.io/klog/v2/klog_file_windows.go b/vendor/k8s.io/klog/v2/klog_file_windows.go new file mode 100644 index 000000000..2517f9c53 --- /dev/null +++ b/vendor/k8s.io/klog/v2/klog_file_windows.go @@ -0,0 +1,34 @@ +//go:build windows +// +build windows + +package klog + +import ( + "os" + "strings" +) + +func getUserName() string { + userNameOnce.Do(func() { + // On Windows, the Go 'user' package requires netapi32.dll. + // This affects Windows Nano Server: + // https://github.com/golang/go/issues/21867 + // Fallback to using environment variables. + u := os.Getenv("USERNAME") + if len(u) == 0 { + return + } + // Sanitize the USERNAME since it may contain filepath separators. + u = strings.Replace(u, `\`, "_", -1) + + // user.Current().Username normally produces something like 'USERDOMAIN\USERNAME' + d := os.Getenv("USERDOMAIN") + if len(d) != 0 { + userName = d + "_" + u + } else { + userName = u + } + }) + + return userName +} diff --git a/vendor/k8s.io/utils/clock/clock.go b/vendor/k8s.io/utils/clock/clock.go index dd181ce8d..b8b6af5c8 100644 --- a/vendor/k8s.io/utils/clock/clock.go +++ b/vendor/k8s.io/utils/clock/clock.go @@ -63,6 +63,16 @@ type WithDelayedExecution interface { AfterFunc(d time.Duration, f func()) Timer } +// WithTickerAndDelayedExecution allows for injecting fake or real clocks +// into code that needs Ticker and AfterFunc functionality +type WithTickerAndDelayedExecution interface { + WithTicker + // AfterFunc executes f in its own goroutine after waiting + // for d duration and returns a Timer whose channel can be + // closed by calling Stop() on the Timer. + AfterFunc(d time.Duration, f func()) Timer +} + // Ticker defines the Ticker interface. type Ticker interface { C() <-chan time.Time diff --git a/vendor/k8s.io/utils/clock/testing/fake_clock.go b/vendor/k8s.io/utils/clock/testing/fake_clock.go index fb493c4ba..a2b42bbcf 100644 --- a/vendor/k8s.io/utils/clock/testing/fake_clock.go +++ b/vendor/k8s.io/utils/clock/testing/fake_clock.go @@ -282,9 +282,9 @@ func (*IntervalClock) Tick(d time.Duration) <-chan time.Time { // NewTicker has no implementation yet and is omitted. // TODO: make interval clock use FakeClock so this can be implemented. -//func (*IntervalClock) NewTicker(d time.Duration) clock.Ticker { -// panic("IntervalClock doesn't implement NewTicker") -//} +func (*IntervalClock) NewTicker(d time.Duration) clock.Ticker { + panic("IntervalClock doesn't implement NewTicker") +} // Sleep is unimplemented, will panic. func (*IntervalClock) Sleep(d time.Duration) { diff --git a/vendor/modules.txt b/vendor/modules.txt index aaeb2cdca..907fae39c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -42,7 +42,7 @@ github.com/fsnotify/fsnotify # github.com/ghodss/yaml v1.0.0 ## explicit github.com/ghodss/yaml -# github.com/go-logr/logr v1.2.0 +# github.com/go-logr/logr v1.2.2 ## explicit; go 1.16 github.com/go-logr/logr # github.com/go-openapi/jsonpointer v0.19.5 @@ -74,8 +74,8 @@ github.com/golang/protobuf/ptypes/any github.com/golang/protobuf/ptypes/duration github.com/golang/protobuf/ptypes/timestamp github.com/golang/protobuf/ptypes/wrappers -# github.com/google/go-cmp v0.5.5 -## explicit; go 1.8 +# github.com/google/go-cmp v0.5.7 +## explicit; go 1.11 github.com/google/go-cmp/cmp github.com/google/go-cmp/cmp/internal/diff github.com/google/go-cmp/cmp/internal/flags @@ -142,7 +142,7 @@ github.com/munnerz/goautoneg ## explicit; go 1.16 # github.com/onsi/gomega v1.16.0 ## explicit; go 1.16 -# github.com/openshift/api v0.0.0-20211209135129-c58d9f695577 +# github.com/openshift/api v0.0.0-20220124143425-d74727069f6f ## explicit; go 1.16 github.com/openshift/api github.com/openshift/api/apiserver @@ -204,7 +204,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3 +# github.com/openshift/build-machinery-go v0.0.0-20220121085309-f94edc2d6874 ## explicit; go 1.13 github.com/openshift/build-machinery-go github.com/openshift/build-machinery-go/make @@ -240,7 +240,7 @@ github.com/openshift/client-go/operator/informers/externalversions/operator/v1 github.com/openshift/client-go/operator/informers/externalversions/operator/v1alpha1 github.com/openshift/client-go/operator/listers/operator/v1 github.com/openshift/client-go/operator/listers/operator/v1alpha1 -# github.com/openshift/library-go v0.0.0-20211220195323-eca2c467c492 +# github.com/openshift/library-go v0.0.0-20220124121022-2bc87c4fc9dd ## explicit; go 1.17 github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer github.com/openshift/library-go/pkg/config/client @@ -421,7 +421,7 @@ golang.org/x/crypto/internal/subtle golang.org/x/crypto/nacl/secretbox golang.org/x/crypto/poly1305 golang.org/x/crypto/salsa20/salsa -# golang.org/x/net v0.0.0-20210825183410-e898025ed96a +# golang.org/x/net v0.0.0-20211209124913-491a49abca63 ## explicit; go 1.17 golang.org/x/net/context golang.org/x/net/context/ctxhttp @@ -570,7 +570,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.23.0 +# k8s.io/api v0.23.2 ## explicit; go 1.16 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -639,7 +639,7 @@ k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions/apiextensio k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions/internalinterfaces k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1 -# k8s.io/apimachinery v0.23.0 +# k8s.io/apimachinery v0.23.2 ## explicit; go 1.16 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1120,7 +1120,7 @@ k8s.io/component-base/metrics/prometheus/workqueue k8s.io/component-base/metrics/testutil k8s.io/component-base/traces k8s.io/component-base/version -# k8s.io/klog/v2 v2.30.0 +# k8s.io/klog/v2 v2.40.1 ## explicit; go 1.13 k8s.io/klog/v2 # k8s.io/kube-aggregator v0.23.0 @@ -1143,7 +1143,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b +# k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 ## explicit; go 1.12 k8s.io/utils/buffer k8s.io/utils/clock @@ -1170,7 +1170,7 @@ sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1 sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1 -# sigs.k8s.io/structured-merge-diff/v4 v4.2.0 +# sigs.k8s.io/structured-merge-diff/v4 v4.2.1 ## explicit; go 1.13 sigs.k8s.io/structured-merge-diff/v4/fieldpath sigs.k8s.io/structured-merge-diff/v4/merge diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go index afec9f3cf..75244ef64 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go @@ -17,8 +17,6 @@ limitations under the License. package typed import ( - "math" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" "sigs.k8s.io/structured-merge-diff/v4/schema" "sigs.k8s.io/structured-merge-diff/v4/value" @@ -170,74 +168,94 @@ func (w *mergingWalker) visitListItems(t *schema.List, lhs, rhs value.List) (err if lhs != nil { lLen = lhs.Length() } - out := make([]interface{}, 0, int(math.Max(float64(rLen), float64(lLen)))) + outLen := lLen + if outLen < rLen { + outLen = rLen + } + out := make([]interface{}, 0, outLen) + + rhsOrder, observedRHS, rhsErrs := w.indexListPathElements(t, rhs) + errs = append(errs, rhsErrs...) + lhsOrder, observedLHS, lhsErrs := w.indexListPathElements(t, lhs) + errs = append(errs, lhsErrs...) + + sharedOrder := make([]*fieldpath.PathElement, 0, rLen) + for i := range rhsOrder { + pe := &rhsOrder[i] + if _, ok := observedLHS.Get(*pe); ok { + sharedOrder = append(sharedOrder, pe) + } + } - lhsOrder := make([]fieldpath.PathElement, 0, lLen) + var nextShared *fieldpath.PathElement + if len(sharedOrder) > 0 { + nextShared = sharedOrder[0] + sharedOrder = sharedOrder[1:] + } - // First, collect all LHS children. - observedLHS := fieldpath.MakePathElementValueMap(lLen) - if lhs != nil { - for i := 0; i < lhs.Length(); i++ { - child := lhs.At(i) - pe, err := listItemToPathElement(w.allocator, w.schema, t, i, child) - if err != nil { - errs = append(errs, errorf("lhs: element %v: %v", i, err.Error())...) - // If we can't construct the path element, we can't - // even report errors deeper in the schema, so bail on - // this element. + lLen, rLen = len(lhsOrder), len(rhsOrder) + for lI, rI := 0, 0; lI < lLen || rI < rLen; { + if lI < lLen && rI < rLen { + pe := lhsOrder[lI] + if pe.Equals(rhsOrder[rI]) { + // merge LHS & RHS items + lChild, _ := observedLHS.Get(pe) + rChild, _ := observedRHS.Get(pe) + mergeOut, errs := w.mergeListItem(t, pe, lChild, rChild) + errs = append(errs, errs...) + if mergeOut != nil { + out = append(out, *mergeOut) + } + lI++ + rI++ + + nextShared = nil + if len(sharedOrder) > 0 { + nextShared = sharedOrder[0] + sharedOrder = sharedOrder[1:] + } continue } - if _, ok := observedLHS.Get(pe); ok { - errs = append(errs, errorf("lhs: duplicate entries for key %v", pe.String())...) - } - observedLHS.Insert(pe, child) - lhsOrder = append(lhsOrder, pe) - } - } - - // Then merge with RHS children. - observedRHS := fieldpath.MakePathElementSet(rLen) - if rhs != nil { - for i := 0; i < rhs.Length(); i++ { - child := rhs.At(i) - pe, err := listItemToPathElement(w.allocator, w.schema, t, i, child) - if err != nil { - errs = append(errs, errorf("rhs: element %v: %v", i, err.Error())...) - // If we can't construct the path element, we can't - // even report errors deeper in the schema, so bail on - // this element. + if _, ok := observedRHS.Get(pe); ok && nextShared != nil && !nextShared.Equals(lhsOrder[lI]) { + // shared item, but not the one we want in this round + lI++ continue } - if observedRHS.Has(pe) { - errs = append(errs, errorf("rhs: duplicate entries for key %v", pe.String())...) + } + if lI < lLen { + pe := lhsOrder[lI] + if _, ok := observedRHS.Get(pe); !ok { + // take LHS item + lChild, _ := observedLHS.Get(pe) + mergeOut, errs := w.mergeListItem(t, pe, lChild, nil) + errs = append(errs, errs...) + if mergeOut != nil { + out = append(out, *mergeOut) + } + lI++ continue } - observedRHS.Insert(pe) - w2 := w.prepareDescent(pe, t.ElementType) - w2.rhs = child - if lchild, ok := observedLHS.Get(pe); ok { - w2.lhs = lchild + } + if rI < rLen { + // Take the RHS item, merge with matching LHS item if possible + pe := rhsOrder[rI] + lChild, _ := observedLHS.Get(pe) // may be nil + rChild, _ := observedRHS.Get(pe) + mergeOut, errs := w.mergeListItem(t, pe, lChild, rChild) + errs = append(errs, errs...) + if mergeOut != nil { + out = append(out, *mergeOut) } - errs = append(errs, w2.merge(pe.String)...) - if w2.out != nil { - out = append(out, *w2.out) + rI++ + // Advance nextShared, if we are merging nextShared. + if nextShared != nil && nextShared.Equals(pe) { + nextShared = nil + if len(sharedOrder) > 0 { + nextShared = sharedOrder[0] + sharedOrder = sharedOrder[1:] + } } - w.finishDescent(w2) - } - } - - for _, pe := range lhsOrder { - if observedRHS.Has(pe) { - continue - } - value, _ := observedLHS.Get(pe) - w2 := w.prepareDescent(pe, t.ElementType) - w2.lhs = value - errs = append(errs, w2.merge(pe.String)...) - if w2.out != nil { - out = append(out, *w2.out) } - w.finishDescent(w2) } if len(out) > 0 { @@ -248,6 +266,46 @@ func (w *mergingWalker) visitListItems(t *schema.List, lhs, rhs value.List) (err return errs } +func (w *mergingWalker) indexListPathElements(t *schema.List, list value.List) ([]fieldpath.PathElement, fieldpath.PathElementValueMap, ValidationErrors) { + var errs ValidationErrors + length := 0 + if list != nil { + length = list.Length() + } + observed := fieldpath.MakePathElementValueMap(length) + pes := make([]fieldpath.PathElement, 0, length) + for i := 0; i < length; i++ { + child := list.At(i) + pe, err := listItemToPathElement(w.allocator, w.schema, t, i, child) + if err != nil { + errs = append(errs, errorf("element %v: %v", i, err.Error())...) + // If we can't construct the path element, we can't + // even report errors deeper in the schema, so bail on + // this element. + continue + } + if _, found := observed.Get(pe); found { + errs = append(errs, errorf("duplicate entries for key %v", pe.String())...) + continue + } + observed.Insert(pe, child) + pes = append(pes, pe) + } + return pes, observed, errs +} + +func (w *mergingWalker) mergeListItem(t *schema.List, pe fieldpath.PathElement, lChild, rChild value.Value) (out *interface{}, errs ValidationErrors) { + w2 := w.prepareDescent(pe, t.ElementType) + w2.lhs = lChild + w2.rhs = rChild + errs = append(errs, w2.merge(pe.String)...) + if w2.out != nil { + out = w2.out + } + w.finishDescent(w2) + return +} + func (w *mergingWalker) derefList(prefix string, v value.Value) (value.List, ValidationErrors) { if v == nil { return nil, nil