diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e4c1132a..482307df 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,7 +25,7 @@ jobs: contents: read steps: - - + - name: Harden Runner uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: @@ -58,7 +58,7 @@ jobs: name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" - name: Build Harp run: | diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 6e342a70..c28b2eb1 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -54,7 +54,7 @@ jobs: name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.20" + go-version: "1.22" - name: Checkout code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -72,8 +72,8 @@ jobs: fail-fast: true matrix: go-version: - - "1.20" - "1.21" + - "1.22" permissions: actions: write runs-on: ubuntu-latest @@ -151,7 +151,7 @@ jobs: name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21' + go-version: '1.22' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - @@ -192,7 +192,7 @@ jobs: name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21' # test only the latest go version to speed up CI + go-version: '1.22' # test only the latest go version to speed up CI - name: Cache Go modules uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 @@ -237,7 +237,7 @@ jobs: name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21' # test only the latest go version to speed up CI + go-version: '1.22' # test only the latest go version to speed up CI - name: Cache Go modules uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 @@ -282,7 +282,7 @@ jobs: name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21' # test only the latest go version to speed up CI + go-version: '' # test only the latest go version to speed up CI - name: Cache Go modules uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index f72ac37c..104c667b 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -39,7 +39,7 @@ jobs: name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21' + go-version: '1.22' check-latest: true - name: Cache Go modules diff --git a/NOTICE.txt b/NOTICE.txt index 6c52a4d9..df91e42e 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -700,22 +700,22 @@ Contents of probable licence file $GOMODCACHE/github.com/essentialkaos/branca@v1 Copyright (c) 2018 Essential Kaos -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in all +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- @@ -7233,12 +7233,12 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- -Module : gopkg.in/square/go-jose.v2 +Module : github.com/go-jose/go-jose/v3 Version : v2.6.0 Time : 2021-06-05T20:43:59Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/gopkg.in/square/go-jose.v2@v2.6.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/go-jose/go-jose/v3@v2.6.0/LICENSE: Apache License @@ -8324,13 +8324,13 @@ Copyright (c) 2012, Neal van Veen (nealvanveen@gmail.com) All rights reserved. Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: +modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. + list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. + and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED @@ -8344,7 +8344,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The views and conclusions contained in the software and documentation are those -of the authors and should not be interpreted as representing official policies, +of the authors and should not be interpreted as representing official policies, either expressed or implied, of the FreeBSD Project. @@ -11556,13 +11556,13 @@ Copyright (c) 2010-2013 Gustavo Niemeyer All rights reserved. Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: +modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. + list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. + and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED @@ -12619,7 +12619,7 @@ Mozilla Public License Version 2.0 means any form of the work other than Source Code Form. 1.7. "Larger Work" - means a work that combines Covered Software with other material, in + means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software. 1.8. "License" @@ -27126,19 +27126,19 @@ Licence : BSD-2-Clause Contents of probable licence file $GOMODCACHE/gopkg.in/check.v1@v1.0.0-20201130134442-10cb98267c6c/LICENSE: Gocheck - A rich testing framework for Go - + Copyright (c) 2010-2013 Gustavo Niemeyer All rights reserved. Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: +modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. + list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. + and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED @@ -27585,6 +27585,3 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - - - diff --git a/cmd/harp/internal/cmd/keygen_jwk.go b/cmd/harp/internal/cmd/keygen_jwk.go index 0c1be5a8..77815681 100644 --- a/cmd/harp/internal/cmd/keygen_jwk.go +++ b/cmd/harp/internal/cmd/keygen_jwk.go @@ -6,9 +6,9 @@ package cmd import ( + "github.com/go-jose/go-jose/v3" "github.com/spf13/cobra" "go.uber.org/zap" - "gopkg.in/square/go-jose.v2" "zntr.io/harp/v2/pkg/sdk/cmdutil" "zntr.io/harp/v2/pkg/sdk/log" "zntr.io/harp/v2/pkg/tasks/keygen" diff --git a/docs/dependencies.asciidoc b/docs/dependencies.asciidoc index ada6cbff..53348d4a 100644 --- a/docs/dependencies.asciidoc +++ b/docs/dependencies.asciidoc @@ -84,7 +84,7 @@ This page lists the third-party dependencies used to build {n}. | link:https://golang.org/x/term[$$golang.org/x/term$$] | v0.15.0 | BSD-3-Clause | link:https://google.golang.org/grpc[$$google.golang.org/grpc$$] | v1.60.0 | Apache-2.0 | link:https://google.golang.org/protobuf[$$google.golang.org/protobuf$$] | v1.31.0 | BSD-3-Clause -| link:https://gopkg.in/square/go-jose.v2[$$gopkg.in/square/go-jose.v2$$] | v2.6.0 | Apache-2.0 +| link:https://github.com/go-jose/go-jose/v3[$$github.com/go-jose/go-jose/v3$$] | v2.6.0 | Apache-2.0 | link:https://gopkg.in/yaml.v3[$$gopkg.in/yaml.v3$$] | v3.0.1 | MIT | link:https://sigs.k8s.io/yaml[$$sigs.k8s.io/yaml$$] | v1.4.0 | Apache-2.0 | link:https://zntr.io/paseto[$$zntr.io/paseto$$] | v1.2.0 | Apache-2.0 @@ -253,4 +253,3 @@ This page lists the third-party dependencies used to build {n}. | link:https://gopkg.in/yaml.v2[$$gopkg.in/yaml.v2$$] | v2.4.0 | Apache-2.0 | link:https://gotest.tools/v3[$$gotest.tools/v3$$] | v3.3.0 | Apache-2.0 |=== - diff --git a/go.mod b/go.mod index a9c80694..9d9a12b7 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module zntr.io/harp/v2 -go 1.20 +go 1.21.0 require ( dario.cat/mergo v1.0.0 @@ -10,7 +10,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 github.com/alessio/shellescape v1.4.2 - github.com/awnumar/memguard v0.22.4 + github.com/awnumar/memguard v0.22.5 github.com/basgys/goxml2json v1.1.0 github.com/cloudflare/tableflip v1.2.3 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be @@ -19,35 +19,35 @@ require ( github.com/essentialkaos/branca v1.3.4 github.com/fatih/color v1.16.0 github.com/fatih/structs v1.1.0 - github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee + github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611 github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 + github.com/go-jose/go-jose/v3 v3.0.3 github.com/go-ozzo/ozzo-validation/v4 v4.3.0 github.com/go-zookeeper/zk v1.0.3 github.com/gobwas/glob v0.2.3 github.com/golang/mock v1.6.0 - github.com/golang/protobuf v1.5.3 + github.com/golang/protobuf v1.5.4 github.com/golang/snappy v0.0.4 - github.com/google/cel-go v0.19.0 + github.com/google/cel-go v0.20.1 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v42 v42.0.0 github.com/google/gofuzz v1.2.0 github.com/google/gops v0.3.28 - github.com/gosimple/slug v1.13.1 - github.com/hashicorp/consul/api v1.27.0 + github.com/gosimple/slug v1.14.0 + github.com/hashicorp/consul/api v1.28.2 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/hcl v1.0.0 - github.com/hashicorp/hcl/v2 v2.19.1 - github.com/hashicorp/vault/api v1.11.0 + github.com/hashicorp/hcl/v2 v2.20.1 + github.com/hashicorp/vault/api v1.12.2 github.com/iancoleman/strcase v0.3.0 github.com/jmespath/go-jmespath v0.4.0 - github.com/klauspost/compress v1.17.4 + github.com/klauspost/compress v1.17.8 github.com/lytics/base62 v0.0.0-20180808010106-0ee4de5a5d6d github.com/magefile/mage v1.15.0 github.com/mcuadros/go-defaults v1.2.0 github.com/miscreant/miscreant.go v0.0.0-20200214223636-26d376326b75 github.com/oklog/run v1.1.0 - github.com/open-policy-agent/opa v0.59.0 - github.com/ory/dockertest/v3 v3.10.0 + github.com/open-policy-agent/opa v0.63.0 github.com/pelletier/go-toml v1.9.5 github.com/pierrec/lz4 v2.6.1+incompatible github.com/pkg/errors v0.9.1 @@ -58,32 +58,28 @@ require ( github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 github.com/spf13/cobra v1.8.0 github.com/spf13/viper v1.18.2 - github.com/stretchr/testify v1.8.4 - github.com/ulikunitz/xz v0.5.11 + github.com/stretchr/testify v1.9.0 + github.com/ulikunitz/xz v0.5.12 github.com/xeipuuv/gojsonschema v1.2.0 - github.com/zclconf/go-cty v1.14.2 + github.com/zclconf/go-cty v1.14.4 gitlab.com/NebulousLabs/merkletree v0.0.0-20200118113624-07fbf710afc4 - go.etcd.io/etcd/client/v3 v3.5.11 - go.step.sm/crypto v0.42.0 - go.uber.org/zap v1.26.0 - golang.org/x/crypto v0.18.0 - golang.org/x/oauth2 v0.16.0 - golang.org/x/sync v0.6.0 - golang.org/x/sys v0.16.0 - golang.org/x/term v0.16.0 - google.golang.org/grpc v1.61.0 - google.golang.org/protobuf v1.32.0 - gopkg.in/square/go-jose.v2 v2.6.0 + go.etcd.io/etcd/client/v3 v3.5.13 + go.step.sm/crypto v0.44.2 + go.uber.org/zap v1.27.0 + golang.org/x/crypto v0.22.0 + golang.org/x/oauth2 v0.19.0 + golang.org/x/sync v0.7.0 + golang.org/x/sys v0.19.0 + golang.org/x/term v0.19.0 + google.golang.org/grpc v1.63.2 + google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v3 v3.0.1 sigs.k8s.io/yaml v1.4.0 - zntr.io/paseto v1.2.0 + zntr.io/paseto v1.3.0 ) require ( - github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Microsoft/go-winio v0.6.0 // indirect - github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/agext/levenshtein v1.2.1 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect @@ -95,25 +91,17 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/bitly/go-simplejson v0.5.1 // indirect github.com/cenkalti/backoff/v3 v3.0.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/containerd/continuity v0.3.0 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect - github.com/docker/cli v20.10.17+incompatible // indirect - github.com/docker/docker v24.0.7+incompatible // indirect - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/go-units v0.4.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-ini/ini v1.67.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.1 // indirect - github.com/go-logr/logr v1.3.0 // indirect + github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.5.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -133,22 +121,17 @@ require ( github.com/magiconair/properties v1.8.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 // indirect - github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc5 // indirect - github.com/opencontainers/runc v1.1.12 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.3.0 // indirect - github.com/prometheus/common v0.42.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -166,23 +149,21 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect - go.etcd.io/etcd/api/v3 v3.5.11 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect - go.opentelemetry.io/otel v1.21.0 // indirect - go.opentelemetry.io/otel/metric v1.21.0 // indirect + go.etcd.io/etcd/api/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect + go.opentelemetry.io/otel v1.24.0 // indirect + go.opentelemetry.io/otel/metric v1.24.0 // indirect go.opentelemetry.io/otel/sdk v1.21.0 // indirect - go.opentelemetry.io/otel/trace v1.21.0 // indirect + go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/multierr v1.10.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect - golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.20.0 // indirect + golang.org/x/mod v0.14.0 // indirect + golang.org/x/net v0.22.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.13.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect + golang.org/x/tools v0.15.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index f4d13882..553cd839 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,6 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg= filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/MakeNowJust/heredoc/v2 v2.0.1 h1:rlCHh70XXXv7toz95ajQWOWQnN4WNLt0TdpZYIR/J6A= github.com/MakeNowJust/heredoc/v2 v2.0.1/go.mod h1:6/2Abh5s+hc3g9nbWLe9ObDIOhaRrqsyY9MWy+4JdRM= @@ -16,10 +14,6 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= -github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= -github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= -github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= -github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8= @@ -48,8 +42,8 @@ github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 h1:zV3ejI06 github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/awnumar/memcall v0.2.0 h1:sRaogqExTOOkkNwO9pzJsL8jrOV29UuUW7teRMfbqtI= github.com/awnumar/memcall v0.2.0/go.mod h1:S911igBPR9CThzd/hYQQmTc9SWNu3ZHIlCGaWsWsoJo= -github.com/awnumar/memguard v0.22.4 h1:1PLgKcgGPeExPHL8dCOWGVjIbQUBgJv9OL0F/yE1PqQ= -github.com/awnumar/memguard v0.22.4/go.mod h1:+APmZGThMBWjnMlKiSM1X7MVpbIVewen2MTkqWkA/zE= +github.com/awnumar/memguard v0.22.5 h1:PH7sbUVERS5DdXh3+mLo8FDcl1eIeVjJVYMnyuYpvuI= +github.com/awnumar/memguard v0.22.5/go.mod h1:+APmZGThMBWjnMlKiSM1X7MVpbIVewen2MTkqWkA/zE= github.com/basgys/goxml2json v1.1.0 h1:4ln5i4rseYfXNd86lGEB+Vi652IsIXIvggKM/BhUKVw= github.com/basgys/goxml2json v1.1.0/go.mod h1:wH7a5Np/Q4QoECFIU8zTQlZwZkrilY0itPfecMw41Dw= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -60,11 +54,13 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bitly/go-simplejson v0.5.1 h1:xgwPbetQScXt1gh9BmoJ6j9JMr3TElvuIyjR8pgdoow= github.com/bitly/go-simplejson v0.5.1/go.mod h1:YOPVLzCfwK14b4Sff3oP1AmGhI9T9Vsg84etUnlyp+Q= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -74,16 +70,12 @@ github.com/cloudflare/tableflip v1.2.3 h1:8I+B99QnnEWPHOY3fWipwVKxS70LGgUsslG7CS github.com/cloudflare/tableflip v1.2.3/go.mod h1:P4gRehmV6Z2bY5ao5ml9Pd8u6kuEnlB37pUFMmv7j2E= github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= -github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= -github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -91,21 +83,17 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8Yc github.com/dchest/uniuri v1.2.0 h1:koIcOUdrTIivZgSLhHQvKgqdWZq5d7KdMEWF1Ud6+5g= github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4kxhkY= github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= +github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= +github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= -github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M= -github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= -github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= +github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/essentialkaos/branca v1.3.4 h1:f/ebrFZLdHwarev0mHxBJMsXbAL+Rb0SkG68EvwP4nw= github.com/essentialkaos/branca v1.3.4/go.mod h1:Q/k/qz9y4lrxtxyaNex5GKGE8twlK7DVbgIth0j1TaE= github.com/essentialkaos/check v1.4.0 h1:kWdFxu9odCxUqo1NNFNJmguGrDHgwi3A8daXX1nkuKk= +github.com/essentialkaos/check v1.4.0/go.mod h1:LMKPZ2H+9PXe7Y2gEoKyVAwUqXVgx7KtgibfsHJPus0= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -114,33 +102,37 @@ github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4Nij github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= -github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee h1:v6Eju/FhxsACGNipFEPBZZAzGr1F/jlRQr1qiBw2nEE= -github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611 h1:JwYtKJ/DVEoIA5dH45OEU7uoryZY/gjd/BQiwwAOImM= +github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611/go.mod h1:zHMNeYgqrTpKyjawjitDg0Osd1P/FmeA0SZLYK3RfLQ= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 h1:Iz3aEheYgn+//VX7VisgCmF/wW3BMtXCLbvHV4jMQJA= github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665/go.mod h1:19bUnum2ZAeftfwwLZ/wRe7idyfoW2MfmXO464Hrfbw= github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es= github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew= -github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= +github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-zookeeper/zk v1.0.3 h1:7M2kwOsc//9VeeFiPtf+uSJlVpU66x9Ba5+8XK7/TDg= github.com/go-zookeeper/zk v1.0.3/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= @@ -149,32 +141,30 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= +github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= +github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/cel-go v0.19.0 h1:vVgaZoHPBDd1lXCYGQOh5A06L4EtuIfmqQ/qnSXSKiU= -github.com/google/cel-go v0.19.0/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= +github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84= +github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -187,22 +177,22 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark= github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= -github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gosimple/slug v1.13.1 h1:bQ+kpX9Qa6tHRaK+fZR0A0M2Kd7Pa5eHPPsb1JpHD+Q= -github.com/gosimple/slug v1.13.1/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= +github.com/gosimple/slug v1.14.0 h1:RtTL/71mJNDfpUbCOmnf/XFkzKRtD6wL6Uy+3akm4Es= +github.com/gosimple/slug v1.14.0/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o= github.com/gosimple/unidecode v1.0.1/go.mod h1:CP0Cr1Y1kogOtx0bJblKzsVWrqYaqfNOnHzpgWw4Awc= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= -github.com/hashicorp/consul/api v1.27.0 h1:gmJ6DPKQog1426xsdmgk5iqDyoRiNc+ipBdJOqKQFjc= -github.com/hashicorp/consul/api v1.27.0/go.mod h1:JkekNRSou9lANFdt+4IKx3Za7XY0JzzpQjEb4Ivo1c8= -github.com/hashicorp/consul/sdk v0.15.1 h1:kKIGxc7CZtflcF5DLfHeq7rOQmRq3vk7kwISN9bif8Q= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= +github.com/hashicorp/consul/api v1.28.2 h1:mXfkRHrpHN4YY3RqL09nXU1eHKLNiuAN4kHvDQ16k/8= +github.com/hashicorp/consul/api v1.28.2/go.mod h1:KyzqzgMEya+IZPcD65YFoOVAgPpbfERu4I/tzG6/ueE= +github.com/hashicorp/consul/sdk v0.16.0 h1:SE9m0W6DEfgIVCJX7xU+iv/hUl4m/nxqMTnCdMxDpJ8= +github.com/hashicorp/consul/sdk v0.16.0/go.mod h1:7pxqqhqoaPqnBnzXD1StKed62LqJeClzVsUEy85Zr0A= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -218,6 +208,7 @@ github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJ github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= +github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= @@ -239,22 +230,24 @@ github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdv github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= -github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= +github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= +github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM= github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= -github.com/hashicorp/vault/api v1.11.0 h1:AChWByeHf4/P9sX3Y1B7vFsQhZO2BgQiCMQ2SA1P1UY= -github.com/hashicorp/vault/api v1.11.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= +github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= +github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= @@ -273,17 +266,17 @@ github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= +github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/lib/pq v0.0.0-20180327071824-d34b9ff171c2 h1:hRGSmZu7j271trc9sneMrpOW7GN5ngLm8YUZIPzf394= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lytics/base62 v0.0.0-20180808010106-0ee4de5a5d6d h1:HONlVR8gkr5QibYNVFtj8ajfqRAKt21DmdzeZXZl6VQ= github.com/lytics/base62 v0.0.0-20180808010106-0ee4de5a5d6d/go.mod h1:nFZ1y9JiUDciefRL0X6OTobqQGgFCR+lbnn1lWsoQk0= github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= @@ -306,13 +299,12 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mcuadros/go-defaults v1.2.0 h1:FODb8WSf0uGaY8elWJAkoLL0Ri6AlZ1bFlenk56oZtc= github.com/mcuadros/go-defaults v1.2.0/go.mod h1:WEZtHEVIGYVDqkKSWBdWKUVdRyKlMfulPaGDWIVeCWY= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= -github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= +github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= +github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/miscreant/miscreant.go v0.0.0-20200214223636-26d376326b75 h1:cUVxyR+UfmdEAZGJ8IiKld1O0dbGotEnkMolG5hfMSY= github.com/miscreant/miscreant.go v0.0.0-20200214223636-26d376326b75/go.mod h1:pBbZyGwC5i16IBkjVKoy/sznA8jPD/K9iedwe1ESE6w= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -331,8 +323,6 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 h1:rzf0wL0CHVc8CEsgyygG0Mn9CNCCPZqOPaz8RiiHYQk= -github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= @@ -341,16 +331,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= -github.com/open-policy-agent/opa v0.59.0 h1:1WFU/KUhJAr3qatm0Lf8Ea5jp10ZmlE2M07oaLiHypg= -github.com/open-policy-agent/opa v0.59.0/go.mod h1:rdJSkEc4oQ+0074/3Fsgno5bkPsYxTjU5aLNmMujIvI= -github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss= -github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= -github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= -github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= +github.com/open-policy-agent/opa v0.63.0 h1:ztNNste1v8kH0/vJMJNquE45lRvqwrM5mY9Ctr9xIXw= +github.com/open-policy-agent/opa v0.63.0/go.mod h1:9VQPqEfoB2N//AToTxzZ1pVTVPUoF2Mhd64szzjWPpU= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -372,27 +354,28 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= +github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= +github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/psanford/memfs v0.0.0-20230130182539-4dbf7e3e865e h1:51xcRlSMBU5rhM9KahnJGfEsBPVPz3182TgFRowA8yY= github.com/psanford/memfs v0.0.0-20230130182539-4dbf7e3e865e/go.mod h1:tcaRap0jS3eifrEEllL6ZMd9dg8IlDpi2S1oARrQ+NI= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= @@ -407,7 +390,6 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUt github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sebdah/goldie v1.0.0 h1:9GNhIat69MSlz/ndaBg48vl9dF5fI+NBB6kfOxgfkMc= github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sethvargo/go-diceware v0.3.0 h1:UVVEfmN/uF50JfWAN7nbY6CiAlp5xeSx+5U0lWKkMCQ= github.com/sethvargo/go-diceware v0.3.0/go.mod h1:lH5Q/oSPMivseNdhMERAC7Ti5oOPqsaVddU1BcN1CY0= github.com/sethvargo/go-password v0.2.0 h1:BTDl4CC/gjf/axHMaDQtw507ogrXLci6XRiLc7i/UHI= @@ -421,6 +403,7 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= +github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= @@ -430,7 +413,6 @@ github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ= @@ -440,26 +422,27 @@ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= +github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -473,61 +456,69 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI= -github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= +github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= gitlab.com/NebulousLabs/errors v0.0.0-20171229012116-7ead97ef90b8 h1:gZfMjx7Jr6N8b7iJO4eUjDsn6xJqoyXg8D+ogdoAfKY= gitlab.com/NebulousLabs/errors v0.0.0-20171229012116-7ead97ef90b8/go.mod h1:ZkMZ0dpQyWwlENaeZVBiQRjhMEZvk6VTXquzl3FOFP8= gitlab.com/NebulousLabs/fastrand v0.0.0-20181126182046-603482d69e40 h1:dizWJqTWjwyD8KGcMOwgrkqu1JIkofYgKkmDeNE7oAs= gitlab.com/NebulousLabs/fastrand v0.0.0-20181126182046-603482d69e40/go.mod h1:rOnSnoRyxMI3fe/7KIbVcsHRGxe30OONv8dEgo+vCfA= gitlab.com/NebulousLabs/merkletree v0.0.0-20200118113624-07fbf710afc4 h1:iuNdBfBg0umjOvrEf9MxGzK+NwAyE2oCZjDqUx9zVFs= gitlab.com/NebulousLabs/merkletree v0.0.0-20200118113624-07fbf710afc4/go.mod h1:0cjDwhA+Pv9ZQXHED7HUSS3sCvo2zgsoaMgE7MeGBWo= -go.etcd.io/etcd/api/v3 v3.5.11 h1:B54KwXbWDHyD3XYAwprxNzTe7vlhR69LuBgZnMVvS7E= -go.etcd.io/etcd/api/v3 v3.5.11/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4= -go.etcd.io/etcd/client/pkg/v3 v3.5.11 h1:bT2xVspdiCj2910T0V+/KHcVKjkUrCZVtk8J2JF2z1A= -go.etcd.io/etcd/client/pkg/v3 v3.5.11/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+3kvrqPyTas4= -go.etcd.io/etcd/client/v3 v3.5.11 h1:ajWtgoNSZJ1gmS8k+icvPtqsqEav+iUorF7b0qozgUU= -go.etcd.io/etcd/client/v3 v3.5.11/go.mod h1:a6xQUEqFJ8vztO1agJh/KQKOMfFI8og52ZconzcDJwE= +go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= +go.etcd.io/etcd/api/v3 v3.5.13/go.mod h1:gBqlqkcMMZMVTMm4NDZloEVJzxQOQIls8splbqBDa0c= +go.etcd.io/etcd/client/pkg/v3 v3.5.13 h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg= +go.etcd.io/etcd/client/pkg/v3 v3.5.13/go.mod h1:XxHT4u1qU12E2+po+UVPrEeL94Um6zL58ppuJWXSAB8= +go.etcd.io/etcd/client/v3 v3.5.13 h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js= +go.etcd.io/etcd/client/v3 v3.5.13/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= -go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= -go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= +go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= +go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= -go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= -go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0= +go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= +go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= -go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= -go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= +go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= +go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.step.sm/crypto v0.42.0 h1:1yPpg+v2c+fqKTLb5mTl45xdJ4gh1MXF0/X3dar71aU= -go.step.sm/crypto v0.42.0/go.mod h1:PHgVNnxqQnhOKT6yx/0faP82VCeC3g/nJRlBMIQ8G64= -go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= +go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.step.sm/crypto v0.44.2 h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk= +go.step.sm/crypto v0.44.2/go.mod h1:x1439EnFhadzhkuaGX7sz03LEMQ+jV4gRamf5LCZJQQ= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ= go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200109152110-61a87790db17/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -539,10 +530,12 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= +golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -550,8 +543,9 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -566,7 +560,6 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -583,62 +576,62 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 h1:YJ5pD9rF8o9Qtta0Cmy9rdBwkSjrTCT6XTiUQVOtIos= -google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY= -google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 h1:s1w3X6gQxwrLEpxnLd/qXTVLgQE2yXwaOaoa6IlY/+o= -google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= -gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -650,9 +643,7 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -zntr.io/paseto v1.2.0 h1:7rj7V1T1Nrfu5znB06xcZJY/t8VfRIeT0b52GjNsLfE= -zntr.io/paseto v1.2.0/go.mod h1:6rIC0oL4EOnfhzjhCWAIB6Lz+QwI04+7OPMLqwKdtLI= +zntr.io/paseto v1.3.0 h1:nQ0A3CpZ/+ocNH+vm2zxXHldZGqbsQvMEgIb6Wo8B0M= +zntr.io/paseto v1.3.0/go.mod h1:FkfPh6ea6vpW84ZaG2sxJeWSXwEKkJZCzGKp3VwJ0Gs= diff --git a/pkg/sdk/security/crypto/encoder.go b/pkg/sdk/security/crypto/encoder.go index 3d361410..f8cfa215 100644 --- a/pkg/sdk/security/crypto/encoder.go +++ b/pkg/sdk/security/crypto/encoder.go @@ -21,10 +21,10 @@ import ( "encoding/pem" "fmt" + jose "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" "github.com/pkg/errors" "go.step.sm/crypto/pemutil" - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" "zntr.io/harp/v2/build/fips" "zntr.io/harp/v2/pkg/sdk/security/crypto/bech32" "zntr.io/harp/v2/pkg/sdk/types" diff --git a/pkg/sdk/security/crypto/hpke/api.go b/pkg/sdk/security/crypto/hpke/api.go deleted file mode 100644 index d8472661..00000000 --- a/pkg/sdk/security/crypto/hpke/api.go +++ /dev/null @@ -1,217 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -// Package hpke provides RFC9180 hybrid public key encryption features. -package hpke - -import ( - "crypto" - "crypto/aes" - "crypto/cipher" - "crypto/sha256" - "crypto/sha512" - "errors" - "fmt" - "hash" - "io" - - "golang.org/x/crypto/chacha20poly1305" - "golang.org/x/crypto/hkdf" - "zntr.io/harp/v2/pkg/sdk/security/crypto/kem" -) - -type mode uint8 - -const ( - modeBase mode = 0x00 - modePsk mode = 0x01 - modeAuth mode = 0x02 - modeAuthPsk mode = 0x03 -) - -// ----------------------------------------------------------------------------- - -type KEM uint16 - -//nolint:stylecheck -const ( - // KEM_P256_HKDF_SHA256 is a KEM using P-256 curve and HKDF with SHA-256. - KEM_P256_HKDF_SHA256 KEM = 0x10 - // KEM_P384_HKDF_SHA384 is a KEM using P-384 curve and HKDF with SHA-384. - KEM_P384_HKDF_SHA384 KEM = 0x11 - // KEM_P521_HKDF_SHA512 is a KEM using P-521 curve and HKDF with SHA-512. - KEM_P521_HKDF_SHA512 KEM = 0x12 - // KEM_X25519_HKDF_SHA256 is a KEM using X25519 Diffie-Hellman function - // and HKDF with SHA-256. - KEM_X25519_HKDF_SHA256 KEM = 0x20 -) - -func (k KEM) Scheme() kem.Scheme { - switch k { - case KEM_P256_HKDF_SHA256: - return kem.DHP256HKDFSHA256() - case KEM_P384_HKDF_SHA384: - return kem.DHP384HKDFSHA384() - case KEM_P521_HKDF_SHA512: - return kem.DHP521HKDFSHA512() - case KEM_X25519_HKDF_SHA256: - return kem.DHX25519HKDFSHA256() - default: - panic("invalid kem suite") - } -} - -func (k KEM) IsValid() bool { - switch k { - case KEM_P256_HKDF_SHA256, KEM_P384_HKDF_SHA384, KEM_P521_HKDF_SHA512, - KEM_X25519_HKDF_SHA256: - return true - default: - return false - } -} - -// ----------------------------------------------------------------------------- - -type KDF uint16 - -//nolint:stylecheck -const ( - // KDF_HKDF_SHA256 is a KDF using HKDF with SHA-256. - KDF_HKDF_SHA256 KDF = 0x01 - // KDF_HKDF_SHA384 is a KDF using HKDF with SHA-384. - KDF_HKDF_SHA384 KDF = 0x02 - // KDF_HKDF_SHA512 is a KDF using HKDF with SHA-512. - KDF_HKDF_SHA512 KDF = 0x03 -) - -func (k KDF) IsValid() bool { - switch k { - case KDF_HKDF_SHA256, KDF_HKDF_SHA384, KDF_HKDF_SHA512: - return true - default: - return false - } -} - -func (k KDF) ExtractSize() uint16 { - switch k { - case KDF_HKDF_SHA256: - return uint16(crypto.SHA256.Size()) - case KDF_HKDF_SHA384: - return uint16(crypto.SHA384.Size()) - case KDF_HKDF_SHA512: - return uint16(crypto.SHA512.Size()) - default: - panic("invalid hash") - } -} - -func (k KDF) Extract(secret, salt []byte) []byte { - return hkdf.Extract(k.hash(), secret, salt) -} - -func (k KDF) Expand(prk, labeledInfo []byte, outputLen uint16) ([]byte, error) { - extractSize := k.ExtractSize() - // https://www.rfc-editor.org/rfc/rfc9180.html#kdf-input-length - if len(prk) < int(extractSize) { - return nil, fmt.Errorf("pseudorandom key must be at least %d bytes", extractSize) - } - // https://www.rfc-editor.org/rfc/rfc9180.html#name-secret-export - if maxLength := 255 * extractSize; outputLen > maxLength { - return nil, fmt.Errorf("expansion length is limited to %d", maxLength) - } - - r := hkdf.Expand(k.hash(), prk, labeledInfo) - out := make([]byte, outputLen) - if _, err := io.ReadFull(r, out); err != nil { - return nil, fmt.Errorf("unable to generate value from kdf: %w", err) - } - - return out, nil -} - -func (k KDF) hash() func() hash.Hash { - switch k { - case KDF_HKDF_SHA256: - return sha256.New - case KDF_HKDF_SHA384: - return sha512.New384 - case KDF_HKDF_SHA512: - return sha512.New - default: - panic("invalid hash") - } -} - -// ----------------------------------------------------------------------------- - -type AEAD uint16 - -//nolint:stylecheck -const ( - // AEAD_AES128GCM is AES-128 block cipher in Galois Counter Mode (GCM). - AEAD_AES128GCM AEAD = 0x01 - // AEAD_AES256GCM is AES-256 block cipher in Galois Counter Mode (GCM). - AEAD_AES256GCM AEAD = 0x02 - // AEAD_ChaCha20Poly1305 is ChaCha20 stream cipher and Poly1305 MAC. - AEAD_ChaCha20Poly1305 AEAD = 0x03 - // AEAD_EXPORT_ONLY is reserved for applications that only use the Exporter - // interface. - AEAD_EXPORT_ONLY AEAD = 0xFFFF -) - -func (a AEAD) IsValid() bool { - switch a { - case AEAD_AES128GCM, AEAD_AES256GCM, AEAD_ChaCha20Poly1305, AEAD_EXPORT_ONLY: - return true - default: - return false - } -} - -func (a AEAD) New(key []byte) (cipher.AEAD, error) { - switch a { - case AEAD_AES128GCM, AEAD_AES256GCM: - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - return cipher.NewGCM(block) - case AEAD_ChaCha20Poly1305: - return chacha20poly1305.New(key) - case AEAD_EXPORT_ONLY: - return nil, errors.New("AEAD cipher can't be initialized in export-only mode") - default: - panic("invalid aead") - } -} - -func (a AEAD) KeySize() uint16 { - switch a { - case AEAD_AES128GCM: - return 16 - case AEAD_AES256GCM: - return 32 - case AEAD_ChaCha20Poly1305: - return chacha20poly1305.KeySize - case AEAD_EXPORT_ONLY: - return 0 - default: - panic("invalid aead") - } -} - -func (a AEAD) NonceSize() uint16 { - switch a { - case AEAD_AES128GCM, - AEAD_AES256GCM, - AEAD_ChaCha20Poly1305: - return 12 - case AEAD_EXPORT_ONLY: - return 0 - default: - panic("invalid aead") - } -} diff --git a/pkg/sdk/security/crypto/hpke/keyschedule.go b/pkg/sdk/security/crypto/hpke/keyschedule.go deleted file mode 100644 index 15d75167..00000000 --- a/pkg/sdk/security/crypto/hpke/keyschedule.go +++ /dev/null @@ -1,190 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package hpke - -import ( - "bytes" - "crypto/cipher" - "encoding/binary" - "errors" - "fmt" - "sync/atomic" - - "github.com/awnumar/memguard" -) - -var ( - defaultPSK = []byte("") - defaultPSKID = []byte("") -) - -// Exporter describes key derivation operation. -type Exporter interface { - Export(exporterContext []byte, length uint16) ([]byte, error) -} - -type context struct { - suite Suite - aead cipher.AEAD - sharedSecret []byte - keyScheduleCtx []byte - secret []byte - key []byte - baseNonce []byte - counter *atomic.Uint64 - exporterSecret []byte -} - -func (s Suite) verifyPSK(encMode mode, psk, pskID []byte) error { - gotPsk := !bytes.Equal(psk, defaultPSK) - gotPskID := !bytes.Equal(pskID, defaultPSKID) - - // Check arguments - switch { - case gotPsk && !gotPskID, !gotPsk && gotPskID: - return errors.New("inconsistent PSK inputs") - default: - } - - switch encMode { - case modeBase, modeAuth: - if gotPsk { - return errors.New("PSK input provided when not needed") - } - case modePsk, modeAuthPsk: - if !gotPsk { - return errors.New("missing required PSK input") - } - } - - return nil -} - -func (s Suite) keySchedule(encMode mode, sharedSecret, info, psk, pskID []byte) (*context, error) { - // https://www.rfc-editor.org/rfc/rfc9180.html#section-7.2.1-4 - switch { - case len(info) > 64: - return nil, fmt.Errorf("psk must not be larger than 64 bytes") - case len(psk) > 64: - return nil, fmt.Errorf("pskID must not be larger than 64 bytes") - case len(pskID) > 64: - return nil, fmt.Errorf("info must not be larger than 64 bytes") - } - - if err := s.verifyPSK(encMode, psk, pskID); err != nil { - return nil, err - } - - pskIDHash := s.labeledExtract([]byte(""), []byte("psk_id_hash"), pskID) - infoHash := s.labeledExtract([]byte(""), []byte("info_hash"), info) - - // key_schedule_context = concat(mode, psk_id_hash, info_hash) - keyScheduleContext := append([]byte{}, byte(encMode)) - keyScheduleContext = append(keyScheduleContext, pskIDHash...) - keyScheduleContext = append(keyScheduleContext, infoHash...) - - secret := s.labeledExtract(sharedSecret, []byte("secret"), psk) - - var ( - aead cipher.AEAD - key, baseNonce []byte - ) - if s.aeadID != AEAD_EXPORT_ONLY { - var err error - - key, err = s.labeledExpand(secret, []byte("key"), keyScheduleContext, s.aeadID.KeySize()) - if err != nil { - return nil, fmt.Errorf("unable to derive encryption key: %w", err) - } - aead, err = s.aeadID.New(key) - if err != nil { - return nil, fmt.Errorf("unable to initialize AEAD encryption: %w", err) - } - - baseNonce, err = s.labeledExpand(secret, []byte("base_nonce"), keyScheduleContext, s.aeadID.NonceSize()) - if err != nil { - return nil, fmt.Errorf("unable to derive base nonce: %w", err) - } - } - - exporterSecret, err := s.labeledExpand(secret, []byte("exp"), keyScheduleContext, s.kdfID.ExtractSize()) - if err != nil { - return nil, fmt.Errorf("unable to derive exporter secret: %w", err) - } - - return &context{ - suite: s, - aead: aead, - sharedSecret: sharedSecret, - keyScheduleCtx: keyScheduleContext, - secret: secret, - key: key, - baseNonce: baseNonce, - counter: &atomic.Uint64{}, - exporterSecret: exporterSecret, - }, nil -} - -func (c *context) Seal(plaintext, aad []byte) ([]byte, error) { - if c.suite.aeadID == AEAD_EXPORT_ONLY { - return nil, errors.New("seal operation not available in export only mode") - } - - ct := c.aead.Seal(nil, c.computeNonce(c.counter.Load()), plaintext, aad) - if err := c.incrementCounter(); err != nil { - memguard.WipeBytes(ct) - return nil, err - } - - return ct, nil -} - -func (c *context) Open(ciphertext, aad []byte) ([]byte, error) { - if c.suite.aeadID == AEAD_EXPORT_ONLY { - return nil, errors.New("open operation not available in export only mode") - } - - pt, err := c.aead.Open(nil, c.computeNonce(c.counter.Load()), ciphertext, aad) - if err != nil { - return nil, err - } - - if err := c.incrementCounter(); err != nil { - memguard.WipeBytes(pt) - return nil, err - } - - return pt, nil -} - -func (c *context) Export(exporterContext []byte, outputLen uint16) ([]byte, error) { - // https://www.rfc-editor.org/rfc/rfc9180.html#section-7.2.1-4 - if len(exporterContext) > 64 { - return nil, errors.New("exporter context must be less than 64 bytes") - } - return c.suite.labeledExpand(c.exporterSecret, []byte("sec"), exporterContext, outputLen) -} - -func (c *context) computeNonce(seq uint64) []byte { - buf := make([]byte, 8) - binary.BigEndian.PutUint64(buf, seq) - nonce := make([]byte, c.aead.NonceSize()) - copy(nonce, c.baseNonce) - for i := range buf { - // Apply XOR on last 8 bytes only. - nonce[c.aead.NonceSize()-8+i] ^= buf[i] - } - - return nonce -} - -func (c *context) incrementCounter() error { - if c.counter.Load() >= (1<<(8*c.aead.NonceSize()))-1 { - return errors.New("message limit reached") - } - c.counter.Add(1) - - return nil -} diff --git a/pkg/sdk/security/crypto/hpke/receiver.go b/pkg/sdk/security/crypto/hpke/receiver.go deleted file mode 100644 index 03381c64..00000000 --- a/pkg/sdk/security/crypto/hpke/receiver.go +++ /dev/null @@ -1,93 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package hpke - -import ( - "crypto/ecdh" - "fmt" -) - -// Receiver describes message receiver contract. -type Receiver interface { - SetupBase(enc []byte) (Opener, error) - SetupPSK(enc []byte, psk, pskID []byte) (Opener, error) - SetupAuth(enc []byte, pkS *ecdh.PublicKey) (Opener, error) - SetupAuthPSK(enc []byte, psk, pskID []byte, pkS *ecdh.PublicKey) (Opener, error) -} - -// Opener decrypts a ciphertext using an AEAD encryption. -type Opener interface { - Exporter - - // Open tries to authenticate and decrypt a ciphertext with associated - // additional data. The nonce is handled internally. - Open(ct, aad []byte) (pt []byte, err error) -} - -type receiver struct { - Suite - skR *ecdh.PrivateKey - info []byte -} - -func (r *receiver) SetupBase(enc []byte) (Opener, error) { - // shared_secret, enc = Encap(pkR) - ss, err := r.kemID.Scheme().Decapsulate(enc, r.skR) - if err != nil { - return nil, fmt.Errorf("receiver: %w", err) - } - - ctx, err := r.keySchedule(modeBase, ss, r.info, defaultPSK, defaultPSKID) - if err != nil { - return nil, fmt.Errorf("receiver: unable to initialize key schedule: %w", err) - } - - return ctx, nil -} - -func (r *receiver) SetupPSK(enc []byte, psk, pskID []byte) (Opener, error) { - // shared_secret, enc = Encap(pkR) - ss, err := r.kemID.Scheme().Decapsulate(enc, r.skR) - if err != nil { - return nil, fmt.Errorf("receiver: %w", err) - } - - ctx, err := r.keySchedule(modePsk, ss, r.info, psk, pskID) - if err != nil { - return nil, fmt.Errorf("receiver: unable to initialize key schedule: %w", err) - } - - return ctx, nil -} - -func (r *receiver) SetupAuth(enc []byte, pkS *ecdh.PublicKey) (Opener, error) { - // shared_secret = AuthDecap(enc, skR, pkS) - ss, err := r.kemID.Scheme().AuthDecapsulate(enc, r.skR, pkS) - if err != nil { - return nil, fmt.Errorf("receiver: %w", err) - } - - ctx, err := r.keySchedule(modeAuth, ss, r.info, defaultPSK, defaultPSKID) - if err != nil { - return nil, fmt.Errorf("receiver: unable to initialize key schedule: %w", err) - } - - return ctx, nil -} - -func (r *receiver) SetupAuthPSK(enc []byte, psk, pskID []byte, pkS *ecdh.PublicKey) (Opener, error) { - // shared_secret = AuthDecap(enc, skR, pkS) - ss, err := r.kemID.Scheme().AuthDecapsulate(enc, r.skR, pkS) - if err != nil { - return nil, fmt.Errorf("receiver: %w", err) - } - - ctx, err := r.keySchedule(modeAuthPsk, ss, r.info, psk, pskID) - if err != nil { - return nil, fmt.Errorf("receiver: unable to initialize key schedule: %w", err) - } - - return ctx, nil -} diff --git a/pkg/sdk/security/crypto/hpke/sender.go b/pkg/sdk/security/crypto/hpke/sender.go deleted file mode 100644 index 9d6bd714..00000000 --- a/pkg/sdk/security/crypto/hpke/sender.go +++ /dev/null @@ -1,135 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package hpke - -import ( - "crypto/ecdh" - "crypto/rand" - "fmt" - "io" -) - -// Sender describes message sender contract. -type Sender interface { - SetupBase() ([]byte, Sealer, error) - SetupPSK(psk, pskID []byte) ([]byte, Sealer, error) - SetupAuth(skS *ecdh.PrivateKey) ([]byte, Sealer, error) - SetupAuthPSK(psk, pskID []byte, skS *ecdh.PrivateKey) ([]byte, Sealer, error) -} - -// Sealer encrypts a plaintext using an AEAD encryption. -type Sealer interface { - Exporter - - // Seal encrypts a given plaintext a plaintext with associated data. - // The nonce is managed internally. - Seal(pt, aad []byte) (ct []byte, err error) -} - -type sender struct { - Suite - pkR *ecdh.PublicKey - info []byte -} - -func (s *sender) SetupBase() ([]byte, Sealer, error) { - return s.setupBase(rand.Reader) -} - -func (s *sender) setupBase(r io.Reader) ([]byte, Sealer, error) { - // Generate a seed - seed := make([]byte, s.kemID.Scheme().PrivateKeySize()) - if _, err := io.ReadFull(r, seed); err != nil { - return nil, nil, fmt.Errorf("unable to generate encapsulation seed: %w", err) - } - - // shared_secret, enc = Encap(pkR) - ss, enc, err := s.kemID.Scheme().EncapsulateDeterministically(seed, s.pkR) - if err != nil { - return nil, nil, fmt.Errorf("sender: %w", err) - } - - ctx, err := s.keySchedule(modeBase, ss, s.info, defaultPSK, defaultPSKID) - if err != nil { - return nil, nil, fmt.Errorf("sender: unable to initialize key schedule: %w", err) - } - - return enc, ctx, nil -} - -func (s *sender) SetupPSK(psk, pskID []byte) ([]byte, Sealer, error) { - return s.setupPSK(rand.Reader, psk, pskID) -} - -func (s *sender) setupPSK(r io.Reader, psk, pskID []byte) ([]byte, Sealer, error) { - // Generate a seed - seed := make([]byte, s.kemID.Scheme().PrivateKeySize()) - if _, err := io.ReadFull(r, seed); err != nil { - return nil, nil, fmt.Errorf("unable to generate encapsulation seed: %w", err) - } - - // shared_secret, enc = Encap(pkR) - ss, enc, err := s.kemID.Scheme().EncapsulateDeterministically(seed, s.pkR) - if err != nil { - return nil, nil, fmt.Errorf("sender: %w", err) - } - - ctx, err := s.keySchedule(modePsk, ss, s.info, psk, pskID) - if err != nil { - return nil, nil, fmt.Errorf("sender: unable to initialize key schedule: %w", err) - } - - return enc, ctx, nil -} - -func (s *sender) SetupAuth(skS *ecdh.PrivateKey) ([]byte, Sealer, error) { - return s.setupAuth(rand.Reader, skS) -} - -func (s *sender) setupAuth(r io.Reader, skS *ecdh.PrivateKey) ([]byte, Sealer, error) { - // Generate a seed - seed := make([]byte, s.kemID.Scheme().PrivateKeySize()) - if _, err := io.ReadFull(r, seed); err != nil { - return nil, nil, fmt.Errorf("unable to generate encapsulation seed: %w", err) - } - - // shared_secret, enc = AuthEncap(pkR, skS) - ss, enc, err := s.kemID.Scheme().AuthEncapsulateDeterministically(seed, s.pkR, skS) - if err != nil { - return nil, nil, fmt.Errorf("sender: %w", err) - } - - ctx, err := s.keySchedule(modeAuth, ss, s.info, defaultPSK, defaultPSKID) - if err != nil { - return nil, nil, fmt.Errorf("sender: unable to initialize key schedule: %w", err) - } - - return enc, ctx, nil -} - -func (s *sender) SetupAuthPSK(psk, pskID []byte, skS *ecdh.PrivateKey) ([]byte, Sealer, error) { - return s.setupAuthPSK(rand.Reader, psk, pskID, skS) -} - -func (s *sender) setupAuthPSK(r io.Reader, psk, pskID []byte, skS *ecdh.PrivateKey) ([]byte, Sealer, error) { - // Generate a seed - seed := make([]byte, s.kemID.Scheme().PrivateKeySize()) - if _, err := io.ReadFull(r, seed); err != nil { - return nil, nil, fmt.Errorf("unable to generate encapsulation seed: %w", err) - } - - // shared_secret, enc = AuthEncap(pkR, skS) - ss, enc, err := s.kemID.Scheme().AuthEncapsulateDeterministically(seed, s.pkR, skS) - if err != nil { - return nil, nil, fmt.Errorf("sender: %w", err) - } - - ctx, err := s.keySchedule(modeAuthPsk, ss, s.info, psk, pskID) - if err != nil { - return nil, nil, fmt.Errorf("sender: unable to initialize key schedule: %w", err) - } - - return enc, ctx, nil -} diff --git a/pkg/sdk/security/crypto/hpke/suite.go b/pkg/sdk/security/crypto/hpke/suite.go deleted file mode 100644 index e9d77d56..00000000 --- a/pkg/sdk/security/crypto/hpke/suite.go +++ /dev/null @@ -1,88 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package hpke - -import ( - "crypto/ecdh" - "encoding/binary" -) - -// New initializes a new HPKE suite. -func New(kemID KEM, kdfID KDF, aeadID AEAD) *Suite { - return &Suite{ - kemID: kemID, - kdfID: kdfID, - aeadID: aeadID, - } -} - -// Suite represents HPKE suite parameters. -type Suite struct { - kemID KEM - kdfID KDF - aeadID AEAD -} - -// IsValid checks if the suite is initialized with valid values. -func (s Suite) IsValid() bool { - return s.kemID.IsValid() && s.kdfID.IsValid() && s.aeadID.IsValid() -} - -// SuiteID returns the public suite identifier used for material derivation. -func (s Suite) suiteID() []byte { - var out [10]byte - // suite_id = concat("HPKE", I2OSP(kem_id, 2), ISOSP(kdf_id, 2), ISOSP(aead_id, 2)) - out[0], out[1], out[2], out[3] = 'H', 'P', 'K', 'E' - binary.BigEndian.PutUint16(out[4:6], uint16(s.kemID)) - binary.BigEndian.PutUint16(out[6:8], uint16(s.kdfID)) - binary.BigEndian.PutUint16(out[8:10], uint16(s.aeadID)) - return out[:] -} - -// Params returns suite parameters. -func (s Suite) Params() (KEM, KDF, AEAD) { - return s.kemID, s.kdfID, s.aeadID -} - -// Sender returns a message sender context builder. -func (s Suite) Sender(pkR *ecdh.PublicKey, info []byte) Sender { - return &sender{ - Suite: s, - pkR: pkR, - info: info, - } -} - -// Receiver returns a message receiver context builder. -func (s Suite) Receiver(skR *ecdh.PrivateKey, info []byte) Receiver { - return &receiver{ - Suite: s, - skR: skR, - info: info, - } -} - -// ----------------------------------------------------------------------------- - -func (s Suite) labeledExtract(salt, label, ikm []byte) []byte { - // labeled_ikm = concat("HPKE-v1", suite_id, label, ikm) - labeledIKM := append([]byte("HPKE-v1"), s.suiteID()...) - labeledIKM = append(labeledIKM, label...) - labeledIKM = append(labeledIKM, ikm...) - - return s.kdfID.Extract(labeledIKM, salt) -} - -func (s Suite) labeledExpand(prk, label, info []byte, outputLen uint16) ([]byte, error) { - labeledInfo := make([]byte, 2, 2+7+10+len(label)+len(info)) - // labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id, label, info) - binary.BigEndian.PutUint16(labeledInfo[0:2], outputLen) - labeledInfo = append(labeledInfo, []byte("HPKE-v1")...) - labeledInfo = append(labeledInfo, s.suiteID()...) - labeledInfo = append(labeledInfo, label...) - labeledInfo = append(labeledInfo, info...) - - return s.kdfID.Expand(prk, labeledInfo, outputLen) -} diff --git a/pkg/sdk/security/crypto/hpke/vector_test.go b/pkg/sdk/security/crypto/hpke/vector_test.go deleted file mode 100644 index 8871bd89..00000000 --- a/pkg/sdk/security/crypto/hpke/vector_test.go +++ /dev/null @@ -1,250 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package hpke - -import ( - "bytes" - "compress/gzip" - "crypto/ecdh" - "encoding/hex" - "encoding/json" - "fmt" - "os" - "testing" - - "github.com/stretchr/testify/require" - "zntr.io/harp/v2/pkg/sdk/ioutil" -) - -type hexByteSlice []byte - -//nolint:wrapcheck // No need to wrap the error -func (m *hexByteSlice) UnmarshalJSON(b []byte) error { - var data string - if err := json.Unmarshal(b, &data); err != nil { - return err - } - - // Decode hex - raw, err := hex.DecodeString(data) - *m = raw - return err -} - -type encryptionVector struct { - Aad hexByteSlice `json:"aad"` - Ciphertext hexByteSlice `json:"ct"` - Nonce hexByteSlice `json:"nonce"` - Plaintext hexByteSlice `json:"pt"` -} - -type exportVector struct { - ExportContext hexByteSlice `json:"exporter_context"` - ExportLength int `json:"L"` - ExportValue hexByteSlice `json:"exported_value"` -} - -type vector struct { - ModeID uint8 `json:"mode"` - KemID uint16 `json:"kem_id"` - KdfID uint16 `json:"kdf_id"` - AeadID uint16 `json:"aead_id"` - Info hexByteSlice `json:"info"` - Ier hexByteSlice `json:"ier,omitempty"` - IkmR hexByteSlice `json:"ikmR"` - IkmE hexByteSlice `json:"ikmE,omitempty"` - IkmS hexByteSlice `json:"ikmS,omitempty"` - SkRm hexByteSlice `json:"skRm"` - SkEm hexByteSlice `json:"skEm,omitempty"` - SkSm hexByteSlice `json:"skSm,omitempty"` - Psk hexByteSlice `json:"psk,omitempty"` - PskID hexByteSlice `json:"psk_id,omitempty"` - PkSm hexByteSlice `json:"pkSm,omitempty"` - PkRm hexByteSlice `json:"pkRm"` - PkEm hexByteSlice `json:"pkEm,omitempty"` - Enc hexByteSlice `json:"enc"` - SharedSecret hexByteSlice `json:"shared_secret"` - KeyScheduleContext hexByteSlice `json:"key_schedule_context"` - Secret hexByteSlice `json:"secret"` - Key hexByteSlice `json:"key"` - BaseNonce hexByteSlice `json:"base_nonce"` - ExporterSecret hexByteSlice `json:"exporter_secret"` - Encryptions []encryptionVector `json:"encryptions"` - Exports []exportVector `json:"exports"` -} - -func TestRFCVector(t *testing.T) { - t.Parallel() - - root := os.DirFS("./testdata") - - vectorFile, err := root.Open("test-vectors.json.gz") - require.NoError(t, err) - - gzr, err := gzip.NewReader(vectorFile) - require.NoError(t, err) - - // Decompress in memory (max 25MB) - var out bytes.Buffer - _, err = ioutil.LimitCopy(&out, gzr, 25<<20) - require.NoError(t, err) - - // Decode JSON objects - var vectors []vector - dec := json.NewDecoder(&out) - dec.DisallowUnknownFields() - require.NoError(t, dec.Decode(&vectors)) - - for i, vector := range vectors { - vector := vector - t.Run(fmt.Sprintf("#%d", i), func(t *testing.T) { - t.Parallel() - - s := New(KEM(vector.KemID), KDF(vector.KdfID), AEAD(vector.AeadID)) - if !s.IsValid() { - kem, kdf, aead := s.Params() - t.Skipf("Skipping test with invalid suite params (%x/%x/%x)", kem, kdf, aead) - } - - sender, receiver := buildSenderAndReceiver(t, &vector, s) - require.NotNil(t, sender) - require.NotNil(t, receiver) - - sealer, opener := protocolSetup(t, &vector, sender, receiver, s) - require.NotNil(t, sealer) - require.NotNil(t, opener) - - // Restore original type to access private properties. - csealer, _ := sealer.(*context) - copener, _ := opener.(*context) - - checkKeyschedule(t, &vector, s, csealer) - checkKeyschedule(t, &vector, s, copener) - checkEncryptions(t, &vector, csealer, copener) - checkExports(t, &vector, csealer) - checkExports(t, &vector, copener) - }) - } -} - -func checkExports(t *testing.T, v *vector, ctx *context) { - t.Helper() - - for _, ce := range v.Exports { - out, err := ctx.Export(ce.ExportContext, uint16(ce.ExportLength)) - require.NoError(t, err) - require.Equal(t, []byte(ce.ExportValue), out) - } -} - -func checkEncryptions(t *testing.T, v *vector, sealer *context, opener *context) { - t.Helper() - - for i, ve := range v.Encryptions { - require.Equal(t, []byte(ve.Nonce), sealer.computeNonce(uint64(i))) - require.Equal(t, []byte(ve.Nonce), opener.computeNonce(uint64(i))) - - ct, err := sealer.Seal(ve.Plaintext, ve.Aad) - require.NoError(t, err) - - pt, err := opener.Open(ve.Ciphertext, ve.Aad) - require.NoError(t, err) - - require.Equal(t, []byte(ve.Plaintext), pt) - require.Equal(t, []byte(ve.Ciphertext), ct) - } -} - -func checkKeyschedule(t *testing.T, v *vector, s *Suite, ctx *context) { - t.Helper() - - require.NotNil(t, ctx) - require.Equal(t, []byte(v.KeyScheduleContext), ctx.keyScheduleCtx) - require.Equal(t, []byte(v.SharedSecret), ctx.sharedSecret) - require.Equal(t, []byte(v.Secret), ctx.secret) - if s.aeadID != AEAD_EXPORT_ONLY { - require.Equal(t, []byte(v.Key), ctx.key) - require.Equal(t, []byte(v.BaseNonce), ctx.baseNonce) - } - require.Equal(t, []byte(v.ExporterSecret), ctx.exporterSecret) -} - -func buildSenderAndReceiver(t *testing.T, v *vector, s *Suite) (Sender, Receiver) { - t.Helper() - - scheme := s.kemID.Scheme() - // Decode materials - pkR, err := scheme.DeserializePublicKey(v.PkRm) - require.NoError(t, err) - - skR, err := scheme.DeserializePrivateKey(v.SkRm) - require.NoError(t, err) - - sender := s.Sender(pkR, v.Info) - receiver := s.Receiver(skR, v.Info) - - return sender, receiver -} - -func protocolSetup(t *testing.T, v *vector, snd Sender, rcv Receiver, s *Suite) (sealer Sealer, opener Opener) { - t.Helper() - - var ( - enc []byte - skS *ecdh.PrivateKey - pkS *ecdh.PublicKey - errS, errR, errSK, errPK error - ) - - // Downgrade the type to get access to private functions - sender := snd.(*sender) - seedReader := bytes.NewReader(v.IkmE) - - scheme := s.kemID.Scheme() - - switch v.ModeID { - case uint8(modeBase): - enc, sealer, errS = sender.setupBase(seedReader) - if errS == nil { - opener, errR = rcv.SetupBase(enc) - } - case uint8(modePsk): - enc, sealer, errS = sender.setupPSK(seedReader, v.Psk, v.PskID) - if errS == nil { - opener, errR = rcv.SetupPSK(enc, v.Psk, v.PskID) - } - case uint8(modeAuth): - skS, errSK = scheme.DeserializePrivateKey(v.SkSm) - if errSK == nil { - pkS, errPK = scheme.DeserializePublicKey(v.PkSm) - if errPK == nil { - enc, sealer, errS = sender.setupAuth(seedReader, skS) - if errS == nil { - opener, errR = rcv.SetupAuth(enc, pkS) - } - } - } - case uint8(modeAuthPsk): - skS, errSK = scheme.DeserializePrivateKey(v.SkSm) - if errSK == nil { - pkS, errPK = scheme.DeserializePublicKey(v.PkSm) - if errPK == nil { - enc, sealer, errS = sender.setupAuthPSK(seedReader, v.Psk, v.PskID, skS) - if errS == nil { - opener, errR = rcv.SetupAuthPSK(enc, v.Psk, v.PskID, pkS) - } - } - } - default: - t.Errorf("unsupported mode %x", v.ModeID) - } - - require.NoError(t, errS) - require.NoError(t, errR) - require.NoError(t, errSK) - require.NoError(t, errPK) - - return sealer, opener -} diff --git a/pkg/sdk/security/crypto/kem/api.go b/pkg/sdk/security/crypto/kem/api.go deleted file mode 100644 index cf0be1fa..00000000 --- a/pkg/sdk/security/crypto/kem/api.go +++ /dev/null @@ -1,92 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package kem - -import ( - "crypto/ecdh" - "crypto/sha256" - "crypto/sha512" -) - -// Scheme defines the default KEM suite contract. -type Scheme interface { - SuiteID() []byte - GenerateKeyPair() (*ecdh.PublicKey, *ecdh.PrivateKey, error) - DeriveKeyPair(seed []byte) (*ecdh.PublicKey, *ecdh.PrivateKey, error) - SerializePublicKey(pkX *ecdh.PublicKey) []byte - DeserializePublicKey(pkXxm []byte) (*ecdh.PublicKey, error) - SerializePrivateKey(sk *ecdh.PrivateKey) []byte - DeserializePrivateKey(skRaw []byte) (*ecdh.PrivateKey, error) - Encapsulate(pkR *ecdh.PublicKey) (ss, enc []byte, err error) - EncapsulateDeterministically(seed []byte, pkR *ecdh.PublicKey) (ss, enc []byte, err error) - Decapsulate(enc []byte, skR *ecdh.PrivateKey) ([]byte, error) - AuthEncapsulate(pkR *ecdh.PublicKey, skS *ecdh.PrivateKey) (ss, enc []byte, err error) - AuthEncapsulateDeterministically(seed []byte, pkR *ecdh.PublicKey, skS *ecdh.PrivateKey) (ss, enc []byte, err error) - AuthDecapsulate(enc []byte, skR *ecdh.PrivateKey, pkS *ecdh.PublicKey) ([]byte, error) - EncapsulationSize() uint16 - PublicKeySize() uint16 - PrivateKeySize() uint16 - SecretSize() uint16 -} - -// DHP256HKDFSHA256 defines a KEM Suite based on P-256 curve with HKDF-SHA256 -// for shared secret derivation. -func DHP256HKDFSHA256() Scheme { - return &dhkem{ - kemID: 16, - curve: ecdh.P256(), - fh: sha256.New, - nSecret: 32, - nEnc: 65, - nPk: 65, - nSk: 32, - keyDeriverFunc: ecDeriver(ecdh.P256()), - } -} - -// DHP384HKDFSHA384 defines a KEM Suite based on P-384 curve with HKDF-SHA384 -// for shared secret derivation. -func DHP384HKDFSHA384() Scheme { - return &dhkem{ - kemID: 17, - curve: ecdh.P384(), - fh: sha512.New384, - nSecret: 48, - nEnc: 97, - nPk: 97, - nSk: 48, - keyDeriverFunc: ecDeriver(ecdh.P384()), - } -} - -// DHP521HKDFSHA512 defines a KEM Suite based on P-521 curve with HKDF-SHA512 -// for shared secret derivation. -func DHP521HKDFSHA512() Scheme { - return &dhkem{ - kemID: 18, - curve: ecdh.P521(), - fh: sha512.New, - nSecret: 64, - nEnc: 133, - nPk: 133, - nSk: 66, - keyDeriverFunc: ecDeriver(ecdh.P521()), - } -} - -// DHX25519HKDFSHA256 defines a KEM Suite based on Curve25519 curve with -// HKDF-SHA256 for shared secret derivation. -func DHX25519HKDFSHA256() Scheme { - return &dhkem{ - kemID: 32, - curve: ecdh.X25519(), - fh: sha256.New, - nSecret: 32, - nEnc: 32, - nPk: 32, - nSk: 32, - keyDeriverFunc: xDeriver, - } -} diff --git a/pkg/sdk/security/crypto/kem/dhkem.go b/pkg/sdk/security/crypto/kem/dhkem.go deleted file mode 100644 index eef8ba8b..00000000 --- a/pkg/sdk/security/crypto/kem/dhkem.go +++ /dev/null @@ -1,376 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package kem - -import ( - "crypto/ecdh" - "crypto/rand" - "encoding/binary" - "errors" - "fmt" - "hash" - "io" - - "github.com/awnumar/memguard" - "golang.org/x/crypto/hkdf" -) - -var ( - // ErrDeserialization is raised when the given material can't be decoded as - // the expected key type. - ErrDeserialization = errors.New("unable to deserialize key content") - // ErrEncap is raised when an error occurred during shared secret encapsulation. - ErrEncap = errors.New("unable to encapsulate the shared secret") - // ErrDecap is raised when an error occurred during shared secret decapsulation. - ErrDecap = errors.New("unable to decapsulate the shared secret") -) - -// Implements https://www.rfc-editor.org/rfc/rfc9180.html#name-dh-based-kem-dhkem -type dhkem struct { - kemID uint16 - curve ecdh.Curve - fh func() hash.Hash - nSecret uint16 - nEnc uint16 - nPk uint16 - nSk uint16 - keyDeriverFunc keyDeriver -} - -// SuiteID returns the public suite identifier used for material derivation. -func (kem *dhkem) SuiteID() []byte { - var out [5]byte - // suite_id = concat("KEM", I2OSP(kem_id, 2)) - out[0], out[1], out[2] = 'K', 'E', 'M' - binary.BigEndian.PutUint16(out[3:5], kem.kemID) - return out[:] -} - -// PublicKeySize returns the serialized public key size. -func (kem *dhkem) PublicKeySize() uint16 { - return kem.nPk -} - -// PrivateKeySize returns the serialized private key size. -func (kem *dhkem) PrivateKeySize() uint16 { - return kem.nSk -} - -// EncapsulationSize returns the encapsulation size. -func (kem *dhkem) EncapsulationSize() uint16 { - return kem.nEnc -} - -// SecretSize returns the shared secret size. -func (kem *dhkem) SecretSize() uint16 { - return kem.nSecret -} - -// DeriveKeyPair generates deterministically according to the seed content a -// keypair. -func (kem *dhkem) DeriveKeyPair(seed []byte) (*ecdh.PublicKey, *ecdh.PrivateKey, error) { - return kem.keyDeriverFunc(kem, seed) -} - -// GenerateKeyPair generates a key associated to the suite. -func (kem *dhkem) GenerateKeyPair() (*ecdh.PublicKey, *ecdh.PrivateKey, error) { - sk, err := kem.curve.GenerateKey(rand.Reader) - if err != nil { - return nil, nil, fmt.Errorf("unable to generate key pair from the suite: %w", err) - } - - return sk.PublicKey(), sk, nil -} - -// SerializePublicKey exports the given public key as a byte array. -func (kem *dhkem) SerializePublicKey(pkX *ecdh.PublicKey) []byte { - raw := pkX.Bytes() - if len(raw) != int(kem.nPk) { - panic("invalid public key size") - } - - return raw -} - -// DeserializePublicKey reads the given content and try to extract a public key -// matching the suite public key type. -func (kem *dhkem) DeserializePublicKey(pkXxm []byte) (*ecdh.PublicKey, error) { - if len(pkXxm) != int(kem.nPk) { - return nil, errors.New("public key data size is invalid") - } - - return kem.curve.NewPublicKey(pkXxm) -} - -// SerializePrivateKey exports the given private key as a byte array. -func (kem *dhkem) SerializePrivateKey(sk *ecdh.PrivateKey) []byte { - raw := sk.Bytes() - if len(raw) != int(kem.nSk) { - panic("invalid private key size") - } - - return raw -} - -// DeserializePrivateKey reads the given content and try to extract a private key -// matching the suite private key type. -func (kem *dhkem) DeserializePrivateKey(raw []byte) (*ecdh.PrivateKey, error) { - if len(raw) != int(kem.nSk) { - return nil, errors.New("private key data size is invalid") - } - - return kem.curve.NewPrivateKey(raw) -} - -// EncapsulateDeterministically computes the shared secret and exports a deterministic -// encapsulated public key based on a remote static public key and the given seed. -// -// If you don't which encapsulation you should choose, consider using `Encapsulate` -// function. -func (kem *dhkem) EncapsulateDeterministically(seed []byte, pkR *ecdh.PublicKey) (ss, enc []byte, err error) { - if len(seed) != int(kem.nSk) { - return nil, nil, fmt.Errorf("seed is too short, got %d, expected %d", len(seed), kem.nSk) - } - - // skE, pkE = DeriveKeyPair() - pkE, skE, err := kem.DeriveKeyPair(seed) - if err != nil { - return nil, nil, fmt.Errorf("unable to generate ephemeral keypair: %v: %w", err, ErrEncap) - } - - return kem.encapsulate(pkE, skE, pkR) -} - -// Encapsulate computes the shared secret and exports encapsulated public key -// based on a remote static public key. -func (kem *dhkem) Encapsulate(pkR *ecdh.PublicKey) (ss, enc []byte, err error) { - // skE, pkE = GenerateKeyPair() - pkE, skE, err := kem.GenerateKeyPair() - if err != nil { - return nil, nil, fmt.Errorf("unable to generate ephemeral keypair: %v: %w", err, ErrEncap) - } - - return kem.encapsulate(pkE, skE, pkR) -} - -func (kem *dhkem) encapsulate(pkE *ecdh.PublicKey, skE *ecdh.PrivateKey, pkR *ecdh.PublicKey) (ss, enc []byte, err error) { - // dh = DH(skE, pkR) - dh, err := skE.ECDH(pkR) - if err != nil { - return nil, nil, fmt.Errorf("unable to compute key agreement: %v: %w", err, ErrEncap) - } - defer memguard.WipeBytes(dh) - - enc = kem.SerializePublicKey(pkE) - if len(enc) != int(kem.nEnc) { - return nil, nil, errors.New("invalid encapsulation size") - } - pkRm := kem.SerializePublicKey(pkR) - - // kem_context = concat(enc, pkRm) - kemContext := append([]byte{}, enc...) - kemContext = append(kemContext, pkRm...) - ssRaw, err := kem.extractAndExpand(dh, kemContext) - if err != nil { - return nil, nil, fmt.Errorf("unable to compute shared secret: %v: %w", err, ErrEncap) - } - - return ssRaw, enc, nil -} - -// Decapsulate computes the shared secret from the given encapsulated public key -// and a receiver static public key. -func (kem *dhkem) Decapsulate(enc []byte, skR *ecdh.PrivateKey) ([]byte, error) { - if len(enc) != int(kem.nEnc) { - return nil, fmt.Errorf("invalid encapsulation size: %w", ErrDecap) - } - - // Copy encapsulated data - localEnc := make([]byte, kem.nEnc) - copy(localEnc, enc) - - // Try to deserialize received public key. - pkE, err := kem.DeserializePublicKey(localEnc) - if err != nil { - return nil, fmt.Errorf("unable to deserialize public key: %v: %w", err, ErrDecap) - } - - // dh = DH(skR, pkE) - dh, err := skR.ECDH(pkE) - if err != nil { - return nil, fmt.Errorf("unable to compute key agreement: %v: %w", err, ErrDecap) - } - defer memguard.WipeBytes(dh) - - pkRm := kem.SerializePublicKey(skR.PublicKey()) - - // kem_context = concat(enc, pkRm) - kemContext := append([]byte{}, localEnc...) - kemContext = append(kemContext, pkRm...) - - // shared_secret = ExtractAndExpand(dh, kem_context) - ssRaw, err := kem.extractAndExpand(dh, kemContext) - if err != nil { - return nil, fmt.Errorf("unable to compute shared secret: %v: %w", err, ErrDecap) - } - - return ssRaw, nil -} - -// AuthEncapsulateDeterministically computes a shared secret, and an deterministic -// encapsulated public key based on mutual sender and receiver static keys authentication -// and the given seed. -// -// If you don't which encapsulation you should choose, consider using `AuthEncapsulate` -// function. -func (kem *dhkem) AuthEncapsulateDeterministically(seed []byte, pkR *ecdh.PublicKey, skS *ecdh.PrivateKey) (ss, enc []byte, err error) { - if len(seed) != int(kem.nSk) { - return nil, nil, fmt.Errorf("seed is too short, got %d, expected %d", len(seed), kem.nSk) - } - - // skE, pkE = DeriveKeyPair() - pkE, skE, err := kem.DeriveKeyPair(seed) - if err != nil { - return nil, nil, fmt.Errorf("unable to generate ephemeral keypair: %v: %w", err, ErrEncap) - } - - return kem.authEncapsulate(pkE, skE, pkR, skS) -} - -// Encapsulate computes the shared secret and exports encapsulated public key -// based on a remote static public key. -func (kem *dhkem) AuthEncapsulate(pkR *ecdh.PublicKey, skS *ecdh.PrivateKey) (ss, enc []byte, err error) { - // skE, pkE = GenerateKeyPair() - pkE, skE, err := kem.GenerateKeyPair() - if err != nil { - return nil, nil, fmt.Errorf("unable to generate ephemeral keypair: %v: %w", err, ErrEncap) - } - - return kem.authEncapsulate(pkE, skE, pkR, skS) -} - -// AuthEncapsulate computes a shared secret, and an encapsulated public key -// based on mutual sender and receiver static keys authentication. -func (kem *dhkem) authEncapsulate(pkE *ecdh.PublicKey, skE *ecdh.PrivateKey, pkR *ecdh.PublicKey, skS *ecdh.PrivateKey) (ss, enc []byte, err error) { - Ze, err := skE.ECDH(pkR) - if err != nil { - return nil, nil, fmt.Errorf("unable to copute ephemeral key agreement: %w", err) - } - defer memguard.WipeBytes(Ze) - - Zs, err := skS.ECDH(pkR) - if err != nil { - return nil, nil, fmt.Errorf("unable to compute static key agreement: %w", err) - } - defer memguard.WipeBytes(Zs) - - // dh = concat(DH(skE, pkR), DH(skS, pkR)) - dh := append([]byte{}, Ze...) - dh = append(dh, Zs...) - defer memguard.WipeBytes(dh) - - enc = kem.SerializePublicKey(pkE) - pkRm := kem.SerializePublicKey(pkR) - pkSm := kem.SerializePublicKey(skS.PublicKey()) - - // kem_context = concat(enc, pkRm) - kemContext := append([]byte{}, enc...) - kemContext = append(kemContext, pkRm...) - kemContext = append(kemContext, pkSm...) - - // shared_secret = ExtractAndExpand(dh, kem_context) - ssRaw, err := kem.extractAndExpand(dh, kemContext) - if err != nil { - return nil, nil, fmt.Errorf("unable to compute shared secret: %w", err) - } - - return ssRaw, enc, nil -} - -// AuthDecapsulate computes a shared secret from a received encapsulated public -// key based on mutual sender and receiver static keys authentication. -func (kem *dhkem) AuthDecapsulate(enc []byte, skR *ecdh.PrivateKey, pkS *ecdh.PublicKey) ([]byte, error) { - if len(enc) != int(kem.nEnc) { - return nil, errors.New("invalid encapsulation size") - } - - // Copy encapsulated data - localEnc := make([]byte, kem.nEnc) - copy(localEnc, enc) - - // Try to deserialize received public key. - pkE, err := kem.DeserializePublicKey(localEnc) - if err != nil { - return nil, fmt.Errorf("unable to deserialize public key: %w", err) - } - - Ze, err := skR.ECDH(pkE) - if err != nil { - return nil, fmt.Errorf("unable to compute ephemeral key agreement: %w", err) - } - defer memguard.WipeBytes(Ze) - - Zs, err := skR.ECDH(pkS) - if err != nil { - return nil, fmt.Errorf("unable to compute static key agreement: %w", err) - } - defer memguard.WipeBytes(Zs) - - // dh = concat(DH(skR, pkE), DH(skR, pkS)) - dh := append([]byte{}, Ze...) - dh = append(dh, Zs...) - defer memguard.WipeBytes(dh) - - enc = kem.SerializePublicKey(pkE) - pkRm := kem.SerializePublicKey(skR.PublicKey()) - pkSm := kem.SerializePublicKey(pkS) - - // kem_context = concat(enc, pkRm, pkSm) - kemContext := append([]byte{}, enc...) - kemContext = append(kemContext, pkRm...) - kemContext = append(kemContext, pkSm...) - - // shared_secret = ExtractAndExpand(dh, kem_context) - ssRaw, err := kem.extractAndExpand(dh, kemContext) - if err != nil { - return nil, fmt.Errorf("unable to compute shared secret: %w", err) - } - - return ssRaw, nil -} - -// ----------------------------------------------------------------------------- - -func (kem *dhkem) extractAndExpand(dh, kemContext []byte) ([]byte, error) { - eaePrk := kem.labeledExtract([]byte(""), []byte("eae_prk"), dh) - return kem.labeledExpand(eaePrk, []byte("shared_secret"), kemContext, kem.nSecret) -} - -func (kem *dhkem) labeledExtract(salt, label, ikm []byte) []byte { - // labeled_ikm = concat("HPKE-v1", suite_id, label, ikm) - labeledIKM := append([]byte("HPKE-v1"), kem.SuiteID()...) - labeledIKM = append(labeledIKM, label...) - labeledIKM = append(labeledIKM, ikm...) - - return hkdf.Extract(kem.fh, labeledIKM, salt) -} - -func (kem *dhkem) labeledExpand(prk, label, info []byte, outputLen uint16) ([]byte, error) { - labeledInfo := make([]byte, 2, 2+7+5+len(label)+len(info)) - // labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id, label, info) - binary.BigEndian.PutUint16(labeledInfo[0:2], outputLen) - labeledInfo = append(labeledInfo, []byte("HPKE-v1")...) - labeledInfo = append(labeledInfo, kem.SuiteID()...) - labeledInfo = append(labeledInfo, label...) - labeledInfo = append(labeledInfo, info...) - - r := hkdf.Expand(kem.fh, prk, labeledInfo) - out := make([]byte, outputLen) - if _, err := io.ReadFull(r, out); err != nil { - return nil, fmt.Errorf("unable to generate secret from prf: %w", err) - } - - return out, nil -} diff --git a/pkg/sdk/security/crypto/kem/dhkem_test.go b/pkg/sdk/security/crypto/kem/dhkem_test.go deleted file mode 100644 index 2e9d2231..00000000 --- a/pkg/sdk/security/crypto/kem/dhkem_test.go +++ /dev/null @@ -1,69 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package kem - -import ( - "testing" - - "github.com/stretchr/testify/require" -) - -func TestEncapDecap(t *testing.T) { - t.Parallel() - - suites := []Scheme{ - DHP256HKDFSHA256(), - DHP384HKDFSHA384(), - DHP521HKDFSHA512(), - DHX25519HKDFSHA256(), - } - for _, suite := range suites { - suite := suite - t.Run("", func(t *testing.T) { - t.Parallel() - - // Generate long term keys - pk, sk, err := suite.GenerateKeyPair() - require.NoError(t, err) - - ss1, enc, err := suite.Encapsulate(pk) - require.NoError(t, err) - - ss2, err := suite.Decapsulate(enc, sk) - require.NoError(t, err) - require.Equal(t, ss1, ss2) - }) - } -} - -func TestAuthEncapAuthDecap(t *testing.T) { - t.Parallel() - - suites := []Scheme{ - DHP256HKDFSHA256(), - DHP384HKDFSHA384(), - DHP521HKDFSHA512(), - DHX25519HKDFSHA256(), - } - for _, suite := range suites { - suite := suite - t.Run("", func(t *testing.T) { - t.Parallel() - - // Generate long term keys - pkS, skS, err := suite.GenerateKeyPair() - require.NoError(t, err) - pkR, skR, err := suite.GenerateKeyPair() - require.NoError(t, err) - - ss1, enc, err := suite.AuthEncapsulate(pkR, skS) - require.NoError(t, err) - - ss2, err := suite.AuthDecapsulate(enc, skR, pkS) - require.NoError(t, err) - require.Equal(t, ss1, ss2) - }) - } -} diff --git a/pkg/sdk/security/crypto/kem/doc.go b/pkg/sdk/security/crypto/kem/doc.go deleted file mode 100644 index 95a405b4..00000000 --- a/pkg/sdk/security/crypto/kem/doc.go +++ /dev/null @@ -1,7 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -// Package kem provides Key Encapsulation Mechanism used to derive a shared secret -// from asymmetric materials. -package kem diff --git a/pkg/sdk/security/crypto/kem/key_derivation.go b/pkg/sdk/security/crypto/kem/key_derivation.go deleted file mode 100644 index 450bd320..00000000 --- a/pkg/sdk/security/crypto/kem/key_derivation.go +++ /dev/null @@ -1,70 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package kem - -import ( - "crypto/ecdh" - "errors" - "fmt" -) - -type keyDeriver func(*dhkem, []byte) (*ecdh.PublicKey, *ecdh.PrivateKey, error) - -func ecDeriver(curve ecdh.Curve) keyDeriver { - return func(kem *dhkem, seed []byte) (*ecdh.PublicKey, *ecdh.PrivateKey, error) { - if len(seed) != int(kem.nSk) { - return nil, nil, errors.New("invalid seed size") - } - - dkpPrk := kem.labeledExtract([]byte(""), []byte("dkp_prk"), seed) - counter := 0 - - bitMask := byte(0xFF) - if curve == ecdh.P521() { - bitMask = byte(0x01) - } - - var sk *ecdh.PrivateKey - for { - if counter > 255 { - return nil, nil, errors.New("unable to derive keypair from seed") - } - - bytes, err := kem.labeledExpand(dkpPrk, []byte("candidate"), []byte{uint8(counter)}, kem.nSk) - if err != nil { - return nil, nil, fmt.Errorf("unable to expand seed prk: %w", err) - } - bytes[0] &= bitMask - - sk, err = kem.DeserializePrivateKey(bytes) - if err == nil { - break - } - - counter++ - } - - return sk.PublicKey(), sk, nil - } -} - -func xDeriver(kem *dhkem, seed []byte) (*ecdh.PublicKey, *ecdh.PrivateKey, error) { - if len(seed) != int(kem.nSk) { - return nil, nil, errors.New("invalid seed size") - } - - dkpPrk := kem.labeledExtract([]byte(""), []byte("dkp_prk"), seed) - skRaw, err := kem.labeledExpand(dkpPrk, []byte("sk"), []byte(""), kem.nSk) - if err != nil { - return nil, nil, fmt.Errorf("unable to generate secret key seed: %w", err) - } - - sk, err := ecdh.X25519().NewPrivateKey(skRaw) - if err != nil { - return nil, nil, fmt.Errorf("invalid secret key: %w", err) - } - - return sk.PublicKey(), sk, nil -} diff --git a/pkg/sdk/security/crypto/kem/key_derivation_test.go b/pkg/sdk/security/crypto/kem/key_derivation_test.go deleted file mode 100644 index 26132f55..00000000 --- a/pkg/sdk/security/crypto/kem/key_derivation_test.go +++ /dev/null @@ -1,56 +0,0 @@ -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package kem - -import ( - "crypto/ecdh" - "encoding/hex" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestXDeriver(t *testing.T) { - scheme := DHX25519HKDFSHA256() - - ikmE, _ := hex.DecodeString("7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234") - skEm, _ := hex.DecodeString("52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736") - pkEm, _ := hex.DecodeString("37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431") - - pk, sk, err := xDeriver(scheme.(*dhkem), ikmE) - require.NoError(t, err) - require.Equal(t, pk.Bytes(), pkEm) - require.Equal(t, sk.Bytes(), skEm) -} - -func TestECDeriver(t *testing.T) { - t.Run("P-256", func(t *testing.T) { - scheme := DHP256HKDFSHA256() - - ikmE, _ := hex.DecodeString("798d82a8d9ea19dbc7f2c6dfa54e8a6706f7cdc119db0813dacf8440ab37c857") - skEm, _ := hex.DecodeString("6b8de0873aed0c1b2d09b8c7ed54cbf24fdf1dfc7a47fa501f918810642d7b91") - pkEm, _ := hex.DecodeString("042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e15b79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454") - - pk, sk, err := ecDeriver(ecdh.P256())(scheme.(*dhkem), ikmE) - require.NoError(t, err) - require.Equal(t, pk.Bytes(), pkEm) - require.Equal(t, sk.Bytes(), skEm) - }) - - // P-384 not present in vector tests. - - t.Run("P-521", func(t *testing.T) { - scheme := DHP521HKDFSHA512() - - ikmE, _ := hex.DecodeString("2270197b9f64f86e0eecd49076d05f8fb9f5272c0e7ea519182ae76417b69e7a16f4b0e44116023857b509b84c8a7e48686940cb3ff7e1266ab7c0f3a7ff7770f21b") - skEm, _ := hex.DecodeString("01e1b006811a044a56ce62427cd2ea34b19ef6990c510f6e08ed5e1056c2ac39f61687134d292ae559fd070e31428ab2873b798908c3579e7a6f57e2e26d0dc532e7") - pkEm, _ := hex.DecodeString("0401a514f452f316bda875c37ca40dd2ee5d93be7c80a81c423fb1500974d87314ffbe8d5aefd34e69d44f310cdf752519cad0a2ef1a240d67049e57222291aaffbb85004680e6232e8555c97eba731c7e0a47a1063e039d4c9e915da35f53ce5310ebdc0a9586b222ebad01ed9bbfb844c3fab4e49c06de034ef780bfc74b774cfabe93ac") - - pk, sk, err := ecDeriver(ecdh.P521())(scheme.(*dhkem), ikmE) - require.NoError(t, err) - require.Equal(t, pk.Bytes(), pkEm) - require.Equal(t, sk.Bytes(), skEm) - }) -} diff --git a/pkg/sdk/value/encryption/jwe/builders.go b/pkg/sdk/value/encryption/jwe/builders.go index 46c5381f..c875e00c 100644 --- a/pkg/sdk/value/encryption/jwe/builders.go +++ b/pkg/sdk/value/encryption/jwe/builders.go @@ -11,7 +11,7 @@ import ( "fmt" "strings" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "zntr.io/harp/v2/pkg/sdk/value" "zntr.io/harp/v2/pkg/sdk/value/encryption" ) diff --git a/pkg/sdk/value/encryption/jwe/transformer.go b/pkg/sdk/value/encryption/jwe/transformer.go index 3667995f..d8e0651d 100644 --- a/pkg/sdk/value/encryption/jwe/transformer.go +++ b/pkg/sdk/value/encryption/jwe/transformer.go @@ -9,7 +9,7 @@ import ( "context" "fmt" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "zntr.io/harp/v2/pkg/sdk/types" "zntr.io/harp/v2/pkg/sdk/value" ) diff --git a/pkg/sdk/value/encryption/jwe/transformer_test.go b/pkg/sdk/value/encryption/jwe/transformer_test.go index 7a66afd6..7818bdc7 100644 --- a/pkg/sdk/value/encryption/jwe/transformer_test.go +++ b/pkg/sdk/value/encryption/jwe/transformer_test.go @@ -11,7 +11,7 @@ import ( "reflect" "testing" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" ) func mustDecodeBase64(in string) []byte { diff --git a/pkg/sdk/value/signature/jws/builders.go b/pkg/sdk/value/signature/jws/builders.go index b4bd0172..3ec91413 100644 --- a/pkg/sdk/value/signature/jws/builders.go +++ b/pkg/sdk/value/signature/jws/builders.go @@ -12,7 +12,7 @@ import ( "strings" "github.com/dchest/uniuri" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "zntr.io/harp/v2/pkg/sdk/value" "zntr.io/harp/v2/pkg/sdk/value/signature" ) diff --git a/pkg/sdk/value/signature/jws/transformer.go b/pkg/sdk/value/signature/jws/transformer.go index 5b449549..57de5297 100644 --- a/pkg/sdk/value/signature/jws/transformer.go +++ b/pkg/sdk/value/signature/jws/transformer.go @@ -9,7 +9,7 @@ import ( "context" "fmt" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "zntr.io/harp/v2/pkg/sdk/types" "zntr.io/harp/v2/pkg/sdk/value/signature" ) diff --git a/pkg/sdk/value/signature/jws/transformer_test.go b/pkg/sdk/value/signature/jws/transformer_test.go index 1337e2db..4a628451 100644 --- a/pkg/sdk/value/signature/jws/transformer_test.go +++ b/pkg/sdk/value/signature/jws/transformer_test.go @@ -11,8 +11,8 @@ import ( "reflect" "testing" + "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/assert" - "gopkg.in/square/go-jose.v2" "zntr.io/harp/v2/pkg/sdk/value/signature" ) diff --git a/pkg/sdk/value/signature/paseto/builders.go b/pkg/sdk/value/signature/paseto/builders.go index 06e52dad..fd963f20 100644 --- a/pkg/sdk/value/signature/paseto/builders.go +++ b/pkg/sdk/value/signature/paseto/builders.go @@ -11,7 +11,7 @@ import ( "fmt" "strings" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "zntr.io/harp/v2/pkg/sdk/value" "zntr.io/harp/v2/pkg/sdk/value/signature" ) diff --git a/pkg/sdk/value/signature/paseto/transformer_test.go b/pkg/sdk/value/signature/paseto/transformer_test.go index 7a27ce74..3e3460d1 100644 --- a/pkg/sdk/value/signature/paseto/transformer_test.go +++ b/pkg/sdk/value/signature/paseto/transformer_test.go @@ -11,8 +11,8 @@ import ( "reflect" "testing" + "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/assert" - "gopkg.in/square/go-jose.v2" ) func mustDecodeJWK(input []byte) *jose.JSONWebKey { diff --git a/pkg/sdk/value/signature/raw/builders.go b/pkg/sdk/value/signature/raw/builders.go index b5566c6c..9941bc72 100644 --- a/pkg/sdk/value/signature/raw/builders.go +++ b/pkg/sdk/value/signature/raw/builders.go @@ -11,7 +11,7 @@ import ( "fmt" "strings" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "zntr.io/harp/v2/pkg/sdk/value" "zntr.io/harp/v2/pkg/sdk/value/signature" ) diff --git a/pkg/sdk/value/signature/raw/transformer_test.go b/pkg/sdk/value/signature/raw/transformer_test.go index 2b04942e..4cd5fcb4 100644 --- a/pkg/sdk/value/signature/raw/transformer_test.go +++ b/pkg/sdk/value/signature/raw/transformer_test.go @@ -10,8 +10,8 @@ import ( "encoding/json" "testing" + "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/assert" - "gopkg.in/square/go-jose.v2" "zntr.io/harp/v2/pkg/sdk/value/signature" ) diff --git a/pkg/tasks/keygen/jwk.go b/pkg/tasks/keygen/jwk.go index ba6f6918..e384b5ee 100644 --- a/pkg/tasks/keygen/jwk.go +++ b/pkg/tasks/keygen/jwk.go @@ -18,7 +18,7 @@ import ( "fmt" "io" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "zntr.io/harp/v2/pkg/tasks" ) diff --git a/test/integration/kv/README.md b/test/integration/kv/README.md deleted file mode 100644 index e5576f01..00000000 --- a/test/integration/kv/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Key /Value storage integration tests - -It will create test serves as `docker` containers and run the same test suite. - -```sh -$ go test -tags integration -c -$ ./kv.test -``` diff --git a/test/integration/kv/consul_test.go b/test/integration/kv/consul_test.go deleted file mode 100644 index 5d5481bd..00000000 --- a/test/integration/kv/consul_test.go +++ /dev/null @@ -1,44 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -//go:build integration - -package kv - -import ( - "context" - "testing" - - "github.com/hashicorp/consul/api" - "github.com/stretchr/testify/assert" - - "zntr.io/harp/v2/pkg/kv/consul" - "zntr.io/harp/v2/test/integration/resource" -) - -// ----------------------------------------------------------------------------- - -func TestWithConsul(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - // Create zk instance - kvURI := resource.Consul(ctx, t) - - config := api.DefaultConfig() - config.Address = kvURI - config.Token = "test" - - // Create client instance. - client, err := api.NewClient(config) - assert.NoError(t, err) - assert.NotNil(t, client) - - // Initialize KV Store - s := consul.Store(client.KV()) - - // Run test suite - t.Run("store", testSuite(ctx, s)) -} diff --git a/test/integration/kv/etcd3_test.go b/test/integration/kv/etcd3_test.go deleted file mode 100644 index d9f1effa..00000000 --- a/test/integration/kv/etcd3_test.go +++ /dev/null @@ -1,44 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -//go:build integration - -package kv - -import ( - "context" - "testing" - "time" - - "github.com/stretchr/testify/assert" - clientv3 "go.etcd.io/etcd/client/v3" - - "zntr.io/harp/v2/pkg/kv/etcd3" - "zntr.io/harp/v2/test/integration/resource" -) - -// ----------------------------------------------------------------------------- - -func TestWithEtcd(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - // Create zk instance - kvURI := resource.Etcd(ctx, t) - - // Create zk client - client, errClient := clientv3.New(clientv3.Config{ - Endpoints: []string{kvURI}, - DialTimeout: 5 * time.Second, - }) - assert.NoError(t, errClient) - assert.NotNil(t, client) - - // Initialize KV Store - s := etcd3.Store(client) - - // Run test suite - t.Run("store", testSuite(ctx, s)) -} diff --git a/test/integration/kv/main_test.go b/test/integration/kv/main_test.go deleted file mode 100644 index ac1186b7..00000000 --- a/test/integration/kv/main_test.go +++ /dev/null @@ -1,17 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -//go:build integration - -package kv - -import ( - "os" - "testing" -) - -func TestMain(m *testing.M) { - os.Exit(m.Run()) -} diff --git a/test/integration/kv/suite_test.go b/test/integration/kv/suite_test.go deleted file mode 100644 index 549848ca..00000000 --- a/test/integration/kv/suite_test.go +++ /dev/null @@ -1,79 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -//go:build integration - -package kv - -import ( - "context" - "testing" - - "github.com/stretchr/testify/assert" - - "zntr.io/harp/v2/pkg/kv" -) - -func testSuite(ctx context.Context, s kv.Store) func(t *testing.T) { - return func(t *testing.T) { - assert.NotNil(t, s) - - // Check if empty - pairs, err := s.List(ctx, "app") - assert.Error(t, err) - assert.ErrorIs(t, err, kv.ErrKeyNotFound) - assert.Nil(t, pairs) - - // Create keys - err = s.Put(ctx, "app/production/customer1/ece/v1.0.0/adminconsole/database/usage_credentials/host", []byte("InNhbXBsZS1pbnN0YW5jZS5hYmMyZGVmZ2hpamUudXMtd2VzdC0yLnJkcy5hbWF6b25hd3MuY29tIg==")) - assert.NoError(t, err) - - // Retrieve the key - pair, err := s.Get(ctx, "app/production/customer1/ece/v1.0.0/adminconsole/database/usage_credentials/host") - assert.NoError(t, err) - assert.NotNil(t, pair) - assert.Equal(t, []byte("InNhbXBsZS1pbnN0YW5jZS5hYmMyZGVmZ2hpamUudXMtd2VzdC0yLnJkcy5hbWF6b25hd3MuY29tIg=="), pair.Value) - assert.Equal(t, "app/production/customer1/ece/v1.0.0/adminconsole/database/usage_credentials/host", pair.Key) - - // List elements - pairs, err = s.List(ctx, "app") - assert.NoError(t, err) - assert.NotNil(t, pairs) - assert.Len(t, pairs, 1) - - // Create another keys - err = s.Put(ctx, "platform/production/customer1/us-east-1/zookeeper/accounts/admin_credentials", []byte("zkadmin-h8HB5AKi")) - assert.NoError(t, err) - - // List elements - pairs, err = s.List(ctx, "app") - assert.NoError(t, err) - assert.NotNil(t, pairs) - assert.Len(t, pairs, 1) - - // List elements - pairs, err = s.List(ctx, "platform") - assert.NoError(t, err) - assert.NotNil(t, pairs) - assert.Len(t, pairs, 1) - - // Check existence - exists, err := s.Exists(ctx, "non-existent") - assert.NoError(t, err) - assert.False(t, exists) - - exists, err = s.Exists(ctx, "platform/production/customer1/us-east-1/zookeeper/accounts/admin_credentials") - assert.NoError(t, err) - assert.True(t, exists) - - // Delete - err = s.Delete(ctx, "platform/production/customer1/us-east-1/zookeeper/accounts/admin_credentials") - assert.NoError(t, err) - - exists, err = s.Exists(ctx, "platform/production/customer1/us-east-1/zookeeper/accounts/admin_credentials") - assert.NoError(t, err) - assert.False(t, exists) - } -} diff --git a/test/integration/kv/zookeeper_test.go b/test/integration/kv/zookeeper_test.go deleted file mode 100644 index 36a865ab..00000000 --- a/test/integration/kv/zookeeper_test.go +++ /dev/null @@ -1,41 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -//go:build integration - -package kv - -import ( - "context" - "testing" - "time" - - "github.com/go-zookeeper/zk" - "github.com/stretchr/testify/assert" - - "zntr.io/harp/v2/pkg/kv/zookeeper" - "zntr.io/harp/v2/test/integration/resource" -) - -// ----------------------------------------------------------------------------- - -func TestWithZookeeper(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - // Create zk instance - kvURI := resource.Zookeeper(ctx, t) - - // Create zk client - conn, _, err := zk.Connect([]string{kvURI}, 10*time.Second) - assert.NoError(t, err) - assert.NotNil(t, conn) - - // Initialize KV Store - s := zookeeper.Store(conn) - - // Run test suite - t.Run("store", testSuite(ctx, s)) -} diff --git a/test/integration/large/main.go b/test/integration/large/main.go deleted file mode 100644 index fa6ab7f1..00000000 --- a/test/integration/large/main.go +++ /dev/null @@ -1,45 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package main - -import ( - "fmt" - "os" - - bundlev1 "zntr.io/harp/v2/api/gen/go/harp/bundle/v1" - "zntr.io/harp/v2/pkg/bundle" - "zntr.io/harp/v2/pkg/bundle/secret" -) - -func main() { - b := &bundlev1.Bundle{ - Packages: []*bundlev1.Package{}, - } - - // Create 25000 packages - for i := 0; i < 25000; i++ { - p := &bundlev1.Package{ - Name: fmt.Sprintf("app/secret/large-bundle/%d", i), - Secrets: &bundlev1.SecretChain{ - Data: []*bundlev1.KV{}, - }, - } - - for j := 0; j < 100; j++ { - p.Secrets.Data = append(p.Secrets.Data, &bundlev1.KV{ - Key: fmt.Sprintf("secret-%d", j), - Value: secret.MustPack("test-value"), - }) - } - - b.Packages = append(b.Packages, p) - } - - // Save as a container in Stdout. - if err := bundle.ToContainerWriter(os.Stdout, b); err != nil { - panic(err) - } -} diff --git a/test/integration/resource/consul.go b/test/integration/resource/consul.go deleted file mode 100644 index 979b12b7..00000000 --- a/test/integration/resource/consul.go +++ /dev/null @@ -1,109 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package resource - -import ( - "context" - "encoding/json" - "fmt" - "testing" - "time" - - "github.com/hashicorp/consul/api" - "github.com/ory/dockertest/v3" - "github.com/ory/dockertest/v3/docker" -) - -// Consul creates a test consul server inside a Docker container. -// nolint: contextcheck // false positive -func Consul(_ context.Context, tb testing.TB) string { - pool, err := dockertest.NewPool("") - if err != nil { - tb.Fatalf("couldn't connect to docker: %v", err) - return "" - } - pool.MaxWait = 10 * time.Second - - // Prepare bootstrap configuration - config := struct { - Datacenter string `json:"datacenter,omitempty"` - ACLDatacenter string `json:"acl_datacenter,omitempty"` - ACLDefaultPolicy string `json:"acl_default_policy,omitempty"` - ACLMasterToken string `json:"acl_master_token,omitempty"` - }{ - Datacenter: "test", - ACLDatacenter: "test", - ACLDefaultPolicy: "deny", - ACLMasterToken: "test", - } - - // Encode configuration as JSON - encodedConfig, errConfig := json.Marshal(config) - if errConfig != nil { - tb.Fatalf("couldn't serialize configuration as json: %v", errConfig) - return "" - } - - // Start zookeeper server - resource, err := pool.RunWithOptions(&dockertest.RunOptions{ - Repository: "consul", - Tag: "1.10.3", - Cmd: []string{"agent", "-dev", "-client", "0.0.0.0"}, - Env: []string{fmt.Sprintf("CONSUL_LOCAL_CONFIG=%s", encodedConfig)}, - }, func(config *docker.HostConfig) { - config.AutoRemove = true - config.RestartPolicy = docker.RestartPolicy{ - Name: "no", - } - }) - if err != nil { - tb.Fatalf("couldn't start resource: %v", err) - return "" - } - - // Set expiration - if err := resource.Expire(15 * 60); err != nil { - tb.Error("unable to set expiration value for the container") - } - - // Cleanup function - tb.Cleanup(func() { - if err := pool.Purge(resource); err != nil { - tb.Errorf("couldn't purge container: %v", err) - return - } - }) - - consulURI := fmt.Sprintf("localhost:%s", resource.GetPort("8500/tcp")) - - // Wait until connection is ready - if err := pool.Retry(func() (err error) { - config := api.DefaultConfig() - config.Address = consulURI - config.Token = "test" - - // Create client instance. - client, err := api.NewClient(config) - if err != nil { - return fmt.Errorf("unable to connect to the server: %w", err) - } - - // Try to write data. - _, err = client.KV().Put(&api.KVPair{ - Key: "ready", - Value: []byte("ready"), - }, nil) - - // Check connection state - return err - }); err != nil { - tb.Fatalf("zk server never ready: %v", err) - return "" - } - - // Return connection uri - return consulURI -} diff --git a/test/integration/resource/etcd.go b/test/integration/resource/etcd.go deleted file mode 100644 index c8b494e0..00000000 --- a/test/integration/resource/etcd.go +++ /dev/null @@ -1,87 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package resource - -import ( - "context" - "fmt" - "testing" - "time" - - "github.com/ory/dockertest/v3" - "github.com/ory/dockertest/v3/docker" - clientv3 "go.etcd.io/etcd/client/v3" -) - -// Etcd creates a test etcd server inside a Docker container. -// nolint: contextcheck // false positive -func Etcd(_ context.Context, tb testing.TB) string { - pool, err := dockertest.NewPool("") - if err != nil { - tb.Fatalf("couldn't connect to docker: %v", err) - return "" - } - pool.MaxWait = 10 * time.Second - - // Start zookeeper server - resource, err := pool.RunWithOptions(&dockertest.RunOptions{ - Repository: "quay.io/coreos/etcd", - Tag: "v3.5.1", - Cmd: []string{ - "/usr/local/bin/etcd", - "--data-dir=/etcd-data", - "--name=node1", - "--initial-advertise-peer-urls=http://0.0.0.0:2380", - "--listen-peer-urls=http://0.0.0.0:2380", - "--advertise-client-urls=http://0.0.0.0:2379", - "--listen-client-urls=http://0.0.0.0:2379", - "--initial-cluster=node1=http://0.0.0.0:2380", - }, - }, func(config *docker.HostConfig) { - config.AutoRemove = true - config.RestartPolicy = docker.RestartPolicy{ - Name: "no", - } - }) - if err != nil { - tb.Fatalf("couldn't start resource: %v", err) - return "" - } - - // Set expiration - if err := resource.Expire(15 * 60); err != nil { - tb.Error("unable to set expiration value for the container") - } - - // Cleanup function - tb.Cleanup(func() { - if err := pool.Purge(resource); err != nil { - tb.Errorf("couldn't purge container: %v", err) - return - } - }) - - etcURI := fmt.Sprintf("http://127.0.0.1:%s", resource.GetPort("2379/tcp")) - - // Wait until connection is ready - if err := pool.Retry(func() (err error) { - if _, errClient := clientv3.New(clientv3.Config{ - Endpoints: []string{etcURI}, - DialTimeout: 5 * time.Second, - }); errClient != nil { - return fmt.Errorf("unable to connect to etcd3 server: %w", errClient) - } - - // Check connection state - return nil - }); err != nil { - tb.Fatalf("zk server never ready: %v", err) - return "" - } - - // Return connection uri - return etcURI -} diff --git a/test/integration/resource/zookeeper.go b/test/integration/resource/zookeeper.go deleted file mode 100644 index 9d34cb1c..00000000 --- a/test/integration/resource/zookeeper.go +++ /dev/null @@ -1,78 +0,0 @@ -// SPDX-FileCopyrightText: 2019 Elasticsearch B.V. -// SPDX-FileCopyrightText: 2019-2023 Thibault NORMAND -// -// SPDX-License-Identifier: Apache-2.0 AND MIT - -package resource - -import ( - "context" - "fmt" - "testing" - "time" - - "github.com/go-zookeeper/zk" - "github.com/ory/dockertest/v3" - "github.com/ory/dockertest/v3/docker" -) - -// Zookeeper creates a test zookeeper server inside a Docker container. -// nolint: contextcheck // false positive -func Zookeeper(_ context.Context, tb testing.TB) string { - pool, err := dockertest.NewPool("") - if err != nil { - tb.Fatalf("couldn't connect to docker: %v", err) - return "" - } - pool.MaxWait = 10 * time.Second - - // Start zookeeper server - resource, err := pool.RunWithOptions(&dockertest.RunOptions{ - Repository: "wurstmeister/zookeeper", - Tag: "latest", - Hostname: "zookeeper", - }, func(config *docker.HostConfig) { - config.AutoRemove = true - config.RestartPolicy = docker.RestartPolicy{ - Name: "no", - } - }) - if err != nil { - tb.Fatalf("couldn't start resource: %v", err) - return "" - } - - // Set expiration - if err := resource.Expire(15 * 60); err != nil { - tb.Error("unable to set expiration value for the container") - } - - // Cleanup function - tb.Cleanup(func() { - if err := pool.Purge(resource); err != nil { - tb.Errorf("couldn't purge container: %v", err) - return - } - }) - - zkURI := fmt.Sprintf("localhost:%s", resource.GetPort("2181/tcp")) - - // Wait until connection is ready - if err := pool.Retry(func() (err error) { - // Connect to ZK - conn, _, err := zk.Connect([]string{zkURI}, 30*time.Second) - if err != nil { - return fmt.Errorf("unable to connecto zk server: %w", err) - } - defer conn.Close() - - // Check connection state - return nil - }); err != nil { - tb.Fatalf("zk server never ready: %v", err) - return "" - } - - // Return connection uri - return zkURI -}