From 9a608de653ffe1ce8f60b5f16249e2152b3522ad Mon Sep 17 00:00:00 2001
From: "uday.ruddarraju" <uday.ruddarraju@gmail.com>
Date: Wed, 9 Sep 2020 02:09:25 -0700
Subject: [PATCH] Encrypt and decrypt using sops
Design document: https://docs.google.com/document/d/1EjiCuXoiy8DEEXe15KxVJ4iWrwogCyG113_0LdzcWzQ/edit?usp=drive_web&ouid=102644738301620637153
Demo readme: https://hackmd.io/@WE7PUWXBRVeQJzCZkXkOLw/ryoW-aOLv
This patchset comprises of:
- package library to interact with sops
- integrate airshipctl encrypt/decrypt with sops
Change-Id: I2ca3ff3c8661d146708084728cb3f87365a4f39e
---
cmd/secret/decrypt/decrypt.go | 16 +-
.../decrypt-cmd-cmd-with-help.golden | 7 +-
cmd/secret/encrypt/encrypt.go | 15 +-
.../encrypt-cmd-cmd-with-help.golden | 7 +-
docs/source/cli/airshipctl_secret_decrypt.md | 7 +-
docs/source/cli/airshipctl_secret_encrypt.md | 7 +-
go.mod | 7 +-
go.sum | 162 +++++++--
pkg/config/config.go | 22 ++
pkg/config/config_test.go | 42 +++
pkg/secret/decrypt.go | 105 ++++++
pkg/secret/decrypt_test.go | 108 ++++++
pkg/secret/encrypt.go | 156 ++++++++
pkg/secret/encrypt_test.go | 125 +++++++
pkg/secret/sops/sops.go | 332 ++++++++++++++++++
pkg/secret/sops/sops_test.go | 211 +++++++++++
pkg/secret/sops/testdata/decryption.key | Bin 0 -> 2539 bytes
pkg/secret/sops/testdata/encryption.pub | 30 ++
.../qualified-decrypted-invalid-secret.yaml | 3 +
.../qualified-decrypted-invalid-yaml.yaml | 3 +
...qualified-decrypted-secret-with-regex.yaml | 10 +
.../secrets/qualified-decrypted-secret.yaml | 9 +
...ualified-encrypted-secret-no-metadata.yaml | 9 +
.../secrets/qualified-encrypted-secret.yaml | 34 ++
pkg/secret/testdata/decryption.key | Bin 0 -> 2539 bytes
pkg/secret/testdata/encryption.pub | 30 ++
.../decryption/manifests/metadata.yaml | 2 +
.../qualified-decrypted-secret.yaml | 9 +
.../qualified-encrypted-secret.yaml | 9 +
.../encryption/manifests/metadata.yaml | 2 +
.../qualified-decrypted-secret.yaml | 9 +
.../qualified-encrypted-secret.yaml | 34 ++
testdata/k8s/config.yaml | 6 +
testutil/testconfig.go | 42 +--
34 files changed, 1498 insertions(+), 72 deletions(-)
create mode 100644 pkg/secret/decrypt.go
create mode 100644 pkg/secret/decrypt_test.go
create mode 100644 pkg/secret/encrypt.go
create mode 100644 pkg/secret/encrypt_test.go
create mode 100644 pkg/secret/sops/sops.go
create mode 100644 pkg/secret/sops/sops_test.go
create mode 100644 pkg/secret/sops/testdata/decryption.key
create mode 100644 pkg/secret/sops/testdata/encryption.pub
create mode 100644 pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-secret.yaml
create mode 100644 pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-yaml.yaml
create mode 100644 pkg/secret/sops/testdata/secrets/qualified-decrypted-secret-with-regex.yaml
create mode 100644 pkg/secret/sops/testdata/secrets/qualified-decrypted-secret.yaml
create mode 100644 pkg/secret/sops/testdata/secrets/qualified-encrypted-secret-no-metadata.yaml
create mode 100644 pkg/secret/sops/testdata/secrets/qualified-encrypted-secret.yaml
create mode 100644 pkg/secret/testdata/decryption.key
create mode 100644 pkg/secret/testdata/encryption.pub
create mode 100644 pkg/secret/testdata/secrets/decryption/manifests/metadata.yaml
create mode 100644 pkg/secret/testdata/secrets/decryption/qualified-decrypted-secret.yaml
create mode 100644 pkg/secret/testdata/secrets/decryption/qualified-encrypted-secret.yaml
create mode 100644 pkg/secret/testdata/secrets/encryption/manifests/metadata.yaml
create mode 100644 pkg/secret/testdata/secrets/encryption/qualified-decrypted-secret.yaml
create mode 100644 pkg/secret/testdata/secrets/encryption/qualified-encrypted-secret.yaml
diff --git a/cmd/secret/decrypt/decrypt.go b/cmd/secret/decrypt/decrypt.go
index c3e8a7947..1f0eccaeb 100644
--- a/cmd/secret/decrypt/decrypt.go
+++ b/cmd/secret/decrypt/decrypt.go
@@ -18,8 +18,8 @@ import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
- "opendev.org/airship/airshipctl/pkg/errors"
"opendev.org/airship/airshipctl/pkg/log"
+ "opendev.org/airship/airshipctl/pkg/secret"
)
const (
@@ -38,23 +38,29 @@ airshipctl secret decrypt \
)
// NewDecryptCommand creates a new command for decrypting encrypted secrets in the manifests
-func NewDecryptCommand(_ config.Factory) *cobra.Command {
- var srcPath, dstPath string
+func NewDecryptCommand(cfgFactory config.Factory) *cobra.Command {
+ var srcPath, dstPath, kubeconfig string
decryptCmd := &cobra.Command{
Use: "decrypt",
Short: decryptShort[1:],
Example: decryptExample,
RunE: func(cmd *cobra.Command, args []string) error {
- // TODO: Need to integrate with business logic to decrypt with sops
- return errors.ErrNotImplemented{What: "secret encryption/decryption"}
+ airshipConfig, err := cfgFactory()
+ if err != nil {
+ return err
+ }
+ return secret.Decrypt(airshipConfig, kubeconfig, srcPath, dstPath)
},
}
+
decryptCmd.Flags().StringVar(&srcPath, "src", "",
`Path to the file or directory that has secrets in encrypted text that need to be decrypted. `+
`Defaults to the manifest location in airship config`)
decryptCmd.Flags().StringVar(&dstPath, "dst", "",
"Path to the file or directory to store decrypted secrets. Defaults to src if empty.")
+ decryptCmd.Flags().StringVar(&kubeconfig, "kubeconfig", "",
+ "Path to kubeconfig associated with cluster being managed")
err := decryptCmd.MarkFlagRequired("dst")
if err != nil {
diff --git a/cmd/secret/decrypt/testdata/TestDecryptGoldenOutput/decrypt-cmd-cmd-with-help.golden b/cmd/secret/decrypt/testdata/TestDecryptGoldenOutput/decrypt-cmd-cmd-with-help.golden
index 119794324..2f63c0bad 100644
--- a/cmd/secret/decrypt/testdata/TestDecryptGoldenOutput/decrypt-cmd-cmd-with-help.golden
+++ b/cmd/secret/decrypt/testdata/TestDecryptGoldenOutput/decrypt-cmd-cmd-with-help.golden
@@ -15,6 +15,7 @@ airshipctl secret decrypt \
Flags:
- --dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
- -h, --help help for decrypt
- --src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
+ --dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
+ -h, --help help for decrypt
+ --kubeconfig string Path to kubeconfig associated with cluster being managed
+ --src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
diff --git a/cmd/secret/encrypt/encrypt.go b/cmd/secret/encrypt/encrypt.go
index 2fa7972af..f42266764 100644
--- a/cmd/secret/encrypt/encrypt.go
+++ b/cmd/secret/encrypt/encrypt.go
@@ -18,8 +18,8 @@ import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
- "opendev.org/airship/airshipctl/pkg/errors"
"opendev.org/airship/airshipctl/pkg/log"
+ "opendev.org/airship/airshipctl/pkg/secret"
)
const (
@@ -38,22 +38,29 @@ airshipctl secret encrypt \
)
// NewEncryptCommand creates a new command for encrypting plain text secrets using sops
-func NewEncryptCommand(_ config.Factory) *cobra.Command {
- var srcPath, dstPath string
+func NewEncryptCommand(cfgFactory config.Factory) *cobra.Command {
+ var srcPath, dstPath, kubeconfig string
encryptCmd := &cobra.Command{
Use: "encrypt",
Short: encryptShort[1:],
Example: encryptExample,
RunE: func(cmd *cobra.Command, args []string) error {
- return errors.ErrNotImplemented{What: "secret encryption/decryption"}
+ airshipConfig, err := cfgFactory()
+ if err != nil {
+ return err
+ }
+ return secret.Encrypt(airshipConfig, kubeconfig, srcPath, dstPath)
},
}
+
encryptCmd.Flags().StringVar(&srcPath, "src", "",
`Path to the file or directory that has secrets in plaintext that need to be encrypted. `+
`Defaults to the manifest location in airship config`)
encryptCmd.Flags().StringVar(&dstPath, "dst", "",
"Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.")
+ encryptCmd.Flags().StringVar(&kubeconfig, "kubeconfig", "",
+ "Path to kubeconfig associated with cluster being managed")
err := encryptCmd.MarkFlagRequired("dst")
if err != nil {
diff --git a/cmd/secret/encrypt/testdata/TestDecryptGoldenOutput/encrypt-cmd-cmd-with-help.golden b/cmd/secret/encrypt/testdata/TestDecryptGoldenOutput/encrypt-cmd-cmd-with-help.golden
index e63f1fcb7..da8fd55d1 100644
--- a/cmd/secret/encrypt/testdata/TestDecryptGoldenOutput/encrypt-cmd-cmd-with-help.golden
+++ b/cmd/secret/encrypt/testdata/TestDecryptGoldenOutput/encrypt-cmd-cmd-with-help.golden
@@ -15,6 +15,7 @@ airshipctl secret encrypt \
Flags:
- --dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
- -h, --help help for encrypt
- --src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
+ --dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
+ -h, --help help for encrypt
+ --kubeconfig string Path to kubeconfig associated with cluster being managed
+ --src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
diff --git a/docs/source/cli/airshipctl_secret_decrypt.md b/docs/source/cli/airshipctl_secret_decrypt.md
index 05025665d..d7890264a 100644
--- a/docs/source/cli/airshipctl_secret_decrypt.md
+++ b/docs/source/cli/airshipctl_secret_decrypt.md
@@ -27,9 +27,10 @@ airshipctl secret decrypt \
### Options
```
- --dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
- -h, --help help for decrypt
- --src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
+ --dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
+ -h, --help help for decrypt
+ --kubeconfig string Path to kubeconfig associated with cluster being managed
+ --src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
```
### Options inherited from parent commands
diff --git a/docs/source/cli/airshipctl_secret_encrypt.md b/docs/source/cli/airshipctl_secret_encrypt.md
index e6b2e3b4f..ad8966a5c 100644
--- a/docs/source/cli/airshipctl_secret_encrypt.md
+++ b/docs/source/cli/airshipctl_secret_encrypt.md
@@ -27,9 +27,10 @@ airshipctl secret encrypt \
### Options
```
- --dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
- -h, --help help for encrypt
- --src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
+ --dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
+ -h, --help help for encrypt
+ --kubeconfig string Path to kubeconfig associated with cluster being managed
+ --src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
```
### Options inherited from parent commands
diff --git a/go.mod b/go.mod
index b96124ac2..52944398a 100644
--- a/go.mod
+++ b/go.mod
@@ -7,12 +7,10 @@ require (
github.com/Masterminds/goutils v1.1.0 // indirect
github.com/Masterminds/semver v1.5.0 // indirect
github.com/Masterminds/sprig v2.22.0+incompatible
- github.com/Microsoft/go-winio v0.4.14 // indirect
github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect
github.com/cheggaaa/pb/v3 v3.0.4
github.com/containerd/containerd v1.4.1 // indirect
github.com/docker/docker v1.4.2-0.20200203170920-46ec8731fbce
- github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c // indirect
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f // indirect
github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f // indirect
@@ -25,14 +23,13 @@ require (
github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de // indirect
github.com/gorilla/mux v1.7.4 // indirect
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
- github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
github.com/huandu/xstrings v1.3.1 // indirect
- github.com/mitchellh/copystructure v1.0.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect
- github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.0.0
github.com/stretchr/testify v1.6.1
+ go.mozilla.org/sops/v3 v3.6.0
+ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
k8s.io/api v0.17.9
k8s.io/apiextensions-apiserver v0.17.9
k8s.io/apimachinery v0.17.9
diff --git a/go.sum b/go.sum
index 5927fb42f..8fda70f61 100644
--- a/go.sum
+++ b/go.sum
@@ -2,6 +2,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.43.0 h1:banaiRPAM8kUVYneOSkhgcDsLzEvL25FinuiSZaH/2w=
+cloud.google.com/go v0.43.0/go.mod h1:BOSR3VbTLkk6FDC/TcffxP4NF/FFBGA5ku+jvKOP7pg=
cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
@@ -10,20 +12,26 @@ cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
github.com/360EntSecGroup-Skylar/excelize v1.4.1/go.mod h1:vnax29X2usfl7HHkBrX5EvSCJcmH3dT9luvxzu8iGAE=
+github.com/Azure/azure-sdk-for-go v31.2.0+incompatible h1:kZFnTLmdQYNGfakatSivKHUfUnDZhqNdchHD4oIhp5k=
+github.com/Azure/azure-sdk-for-go v31.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.9.0 h1:MRvx8gncNaXJqOoLmhNjUAKh33JJF8LyxPhomEtOsjs=
+github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg=
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
github.com/Azure/go-autorest/autorest v0.11.7 h1:lHnVA0bNUzUw2tYgGiwmOrlBi/VgmaTYfMbsww/7o2A=
github.com/Azure/go-autorest/autorest v0.11.7/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
-github.com/Azure/go-autorest/autorest/adal v0.5.0 h1:q2gDruN08/guU9vAjuPWff0+QIrpH6ediguzdAzXAUU=
+github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
github.com/Azure/go-autorest/autorest/adal v0.9.4 h1:1/DtH4Szusk4psLBrJn/gocMRIf1ji30WAz3GfyULRQ=
github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE=
-github.com/Azure/go-autorest/autorest/date v0.1.0 h1:YGrhWfrgtFs84+h0o46rJrlmsZtyZRg470CqAXTZaGM=
+github.com/Azure/go-autorest/autorest/azure/auth v0.1.0 h1:YgO/vSnJEc76NLw2ecIXvXa8bDWiqf1pOJzARAoZsYU=
+github.com/Azure/go-autorest/autorest/azure/auth v0.1.0/go.mod h1:Gf7/i2FUpyb/sGBLIFxTBzrNzBo7aPXXE3ZVeDRwdpM=
+github.com/Azure/go-autorest/autorest/azure/cli v0.1.0 h1:YTtBrcb6mhA+PoSW8WxFDoIIyjp13XqJeX80ssQtri4=
+github.com/Azure/go-autorest/autorest/azure/cli v0.1.0/go.mod h1:Dk8CUAt/b/PzkfeRsWzVG9Yj3ps8mS8ECztu43rdU8U=
github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
@@ -31,11 +39,14 @@ github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxB
github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY=
+github.com/Azure/go-autorest/autorest/to v0.3.0 h1:zebkZaadz7+wIQYgC7GXaz3Wb28yKYfVkkBKwc38VF8=
+github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
+github.com/Azure/go-autorest/autorest/validation v0.2.0 h1:15vMO4y76dehZSq7pAaOLQxC6dZYsSrj2GQpflyM/L4=
+github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE=
github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VYyQflFE619k=
+github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
@@ -54,6 +65,8 @@ github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuN
github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
@@ -64,6 +77,8 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
+github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
@@ -80,11 +95,16 @@ github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9Pq
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/aws/aws-sdk-go v1.23.13 h1:l/NG+mgQFRGG3dsFzEj0jw9JIs/zYdtU6MXhY1WIDmM=
+github.com/aws/aws-sdk-go v1.23.13/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -99,6 +119,9 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
github.com/bombsimon/wsl v1.2.5/go.mod h1:43lEF/i0kpXbLCeDXL9LMT8c92HyBywXb0AsgMHYngM=
github.com/caddyserver/caddy v1.0.3/go.mod h1:G+ouvOY32gENkJC+jhgl62TyhvqEsFaDiZ4uw0RzP1E=
github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
+github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
+github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
+github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
@@ -117,6 +140,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/containerd/containerd v1.4.1 h1:pASeJT3R3YyVn+94qEPk0SnU1OQ20Jd/T+SPKy9xehY=
github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8=
+github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -145,6 +170,8 @@ github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4=
+github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
@@ -164,6 +191,9 @@ github.com/drone/envsubst v1.0.3-0.20200709223903-efdb65b94e5a/go.mod h1:N2jZmlM
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustmop/soup v1.1.2-0.20190516214245-38228baa104e/go.mod h1:CgNC6SGbT+Xb8wGGvzilttZL1mc5sQ/5KkcxsZttMIk=
+github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
+github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
+github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
@@ -177,7 +207,6 @@ github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -186,6 +215,7 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM
github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
@@ -193,7 +223,6 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew=
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
@@ -215,12 +244,12 @@ github.com/go-git/go-git/v5 v5.0.0 h1:k5RWPm4iJwYtfWoxIJy4wJX9ON7ihPeZZYC1fLYDnp
github.com/go-git/go-git/v5 v5.0.0/go.mod h1:oYD8y9kWsGINPFJoLdaScGCN6dlKg23blmClfZwtUVA=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/zapr v0.1.0 h1:h+WVe9j6HAA01niTJPA/kKH0i7e0rLZBCwauQFcRE54=
github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
github.com/go-logr/zapr v0.1.1 h1:qXBXPDdNncunGs7XeEpsJt8wCjYBygluzfdLO0G5baE=
github.com/go-logr/zapr v0.1.1/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
@@ -276,6 +305,7 @@ github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2K
github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-openapi/validate v0.19.8/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
@@ -294,6 +324,7 @@ github.com/gobuffalo/flect v0.2.2/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20j
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
@@ -312,7 +343,6 @@ github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+
github.com/golang/protobuf v1.0.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@@ -321,6 +351,9 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0=
@@ -345,7 +378,6 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.4.1 h1:/exdXoGamhu5ONeUJH0deniYLWYvQwW66yvlfiiKTu0=
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -363,29 +395,35 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf/go.mod h1:RpwtwJQFrIEPstU94h88MWPXP2ektJZ8cZ0YntAmXiE=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk=
github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU=
-github.com/gophercloud/gophercloud v0.1.0 h1:P/nh25+rzXouhytV2pUHBb65fnds26Ghl8/391+sT5o=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
github.com/gophercloud/gophercloud v0.6.0 h1:Xb2lcqZtml1XjgYZxbeayEemq7ASbeTp09m36gQFpEU=
github.com/gophercloud/gophercloud v0.6.0/go.mod h1:GICNByuaEBibcjmjvI7QvYJSZEbGkcYwAR7EZK2WMqM=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de h1:F7WD09S8QB4LrkEpka0dFPLSotH11HRpCsLIbIcJ7sU=
github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
+github.com/gotestyourself/gotestyourself v2.2.0+incompatible h1:AQwinXlbQR2HvPjQZOmDhRqsv5mZf+Jb1RnSLxcqZcI=
+github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
+github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
+github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc h1:f8eY6cV/x1x+HLjOp4r72s/31/V2aTUtg5oKRRPf8/Q=
@@ -395,15 +433,31 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmg
github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.3.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
+github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6KdvN3Gig=
+github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
+github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY=
+github.com/hashicorp/go-retryablehttp v0.5.4 h1:1BZvpawXoJCWX6pNtow9+rpEj+3itIlutiqnntI6jOE=
+github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-rootcerts v1.0.1 h1:DMo4fmknnz0E0evoNYnV48RjWndOsmd6OW+09R3cEP8=
+github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
+github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
+github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-version v1.1.0 h1:bPIoEKD27tNdebFGGxxYwcL4nepeY4j1QP23PFRGzg0=
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.0.0-20180201235237-0fb14efe8c47/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -413,7 +467,14 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
+github.com/hashicorp/vault/api v1.0.4 h1:j08Or/wryXT4AcHj1oCbMd7IijXcKzYUGw59LGu9onU=
+github.com/hashicorp/vault/api v1.0.4/go.mod h1:gDcqh3WGcR1cpF5AJz/B1UFheUEneMoIospckxBxk6Q=
+github.com/hashicorp/vault/sdk v0.1.13 h1:mOEPeOhT7jl0J4AMl1E705+BcmeRs1VmKNb9F0sMLy8=
+github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
+github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c h1:kQWxfPIHVLbgLzphqk3QUflDy9QdksZR4ygR807bpy0=
+github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs=
github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -427,13 +488,14 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a/go.mod h1:wK6yTYYcgjHE1Z1QtXACPDjcFJyBskHEdagmnq3vsP8=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jonboulle/clockwork v0.1.0 h1:VKV+ZcuP6l3yW9doeqz6ziZGgcynBVQO+obU0+0hcPo=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns=
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -463,6 +525,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
+github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
@@ -488,6 +551,7 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
@@ -501,12 +565,14 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0j
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk=
+github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0=
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
@@ -525,6 +591,8 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c h1:yE1NxRAZA3wF0laDWECtOe2J0tFjSHUI6MXXbMif+QY=
+github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c/go.mod h1:Is/Ucts/yU/mWyGR8yELRoO46mejouKsJfQLAIfTR18=
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
@@ -537,11 +605,13 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWb
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.4.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ=
@@ -550,17 +620,23 @@ github.com/onsi/ginkgo v1.13.0 h1:M76yO2HkZASFjXL0HSoZJ1AYEmQxNJmY41Jx1zNUq1Y=
github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.3.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y=
+github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
+github.com/ory/dockertest v3.3.4+incompatible h1:VrpM6Gqg7CrPm3bL4Wm1skO+zFWLbh7/Xb5kGEbJRh8=
+github.com/ory/dockertest v3.3.4+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs=
+github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/paulmach/orb v0.1.3/go.mod h1:VFlX/8C+IQ1p6FTRRKzKoOPJnvEtA5G0Veuqwbu//Vk=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
@@ -568,6 +644,8 @@ github.com/pelletier/go-toml v1.6.0 h1:aetoXYr0Tv7xRU/V4B4IZJ2QcbtMUFoNb3ORp7TzI
github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
+github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -575,29 +653,33 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
+github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.5.1 h1:bdHYieyGlH+6OLEk2YQha8THib30KP0/yD0YH9m6xcA=
github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U=
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8=
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
github.com/prometheus/procfs v0.0.11 h1:DhHlBtkHWPYi8O2y31JkK0TF+DGM+51OopZjH/Ia5qI=
github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
@@ -605,6 +687,7 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d h1:K6eOUihrFLdZjZnA4XlRp864fmWXv9YTIk7VPLhRacA=
github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA=
github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
+github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
@@ -614,6 +697,9 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
+github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
@@ -633,6 +719,7 @@ github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v0.0.0-20190710185942-9d28bd7c0945/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.3/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@@ -706,7 +793,14 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI
go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
+go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:YDKUvO0b//78PaaEro6CAPH6NqohCmL2Cwju5XI2HoE=
+go.mozilla.org/sops/v3 v3.6.0 h1:V+RjhX96enZY9a5iVP/r60lLABq8/8Pv2Fybh10Np3g=
+go.mozilla.org/sops/v3 v3.6.0/go.mod h1:X8YOCEZzMFL0p28vkqtn3gW2eFt+dDUt7HwKXGvcXvA=
+go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
+go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.starlark.net v0.0.0-20190528202925-30ae18b8564f/go.mod h1:c1/X6cHgvdXj6pUlmWKMkuqRnW4K8x2vwt6JAaaircg=
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc=
@@ -730,14 +824,15 @@ golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnf
golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -784,13 +879,13 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -809,13 +904,16 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180117170059-2c42eef0765b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -823,6 +921,7 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -841,7 +940,6 @@ golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -852,7 +950,7 @@ golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fq
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20171227012246-e19ae1496984/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -863,6 +961,7 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqG
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -905,9 +1004,12 @@ gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3m
gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
+google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0 h1:9sdfJOzWlkqPltHAuzT2Cp+yrBeY1KRVYgms8soxMwM=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0 h1:jbyannxz0XFD3zdjgrSUsaJbgpH4eTrkdhRChkHPfO8=
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -917,18 +1019,25 @@ google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuh
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190716160619-c506a9f90610/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51 h1:Ex1mq5jaJof+kRnYi3SlYJ8KKa9Ao3NHyIT5XJ1gF6U=
google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg=
@@ -941,6 +1050,7 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -953,14 +1063,19 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
+gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/urfave/cli.v1 v1.20.0 h1:NdAVW6RYxDif9DhDHaAortIu956m2c0v+09AZBPTbE0=
+gopkg.in/urfave/cli.v1 v1.20.0/go.mod h1:vuBzUtMdQeixQj8LVd+/98pzhxNGQoyuPBlsXHOQNO0=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
@@ -969,7 +1084,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -980,17 +1094,16 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
k8s.io/api v0.0.0-20190918155943-95b840bb6a1f/go.mod h1:uWuOHnjmNrtQomJrvEBg0c0HRNyQ+8KTEERVsK0PW48=
k8s.io/api v0.0.0-20191214185829-ca1d04f8b0d3/go.mod h1:itOjKREfmUTvcjantxOsyYU5mbFsU7qUnyUuRfF5+5M=
k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4=
-k8s.io/api v0.17.4 h1:HbwOhDapkguO8lTAE8OX3hdF2qp8GtpC9CW/MQATXXo=
k8s.io/api v0.17.4/go.mod h1:5qxx6vjmwUVG2nHQTKGlLts8Tbok8PzHl4vHtVFuZCA=
k8s.io/api v0.17.9 h1:BA/U8qtSNzx7BbmQy3lODbCxVMKGNUpBJ2fjsKt6OOY=
k8s.io/api v0.17.9/go.mod h1:avJJAA1fSV6tnbCGW2K+S+ilDFW7WpNr5BScoiZ1M1U=
@@ -1003,7 +1116,6 @@ k8s.io/apimachinery v0.0.0-20191214185652-442f8fb2f03a/go.mod h1:Ng1IY8TS7sC44KJ
k8s.io/apimachinery v0.0.0-20191216025728-0ee8b4573e3a/go.mod h1:Ng1IY8TS7sC44KJxT/WUR6qFRfWwahYYYpNXyYRKOCY=
k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
-k8s.io/apimachinery v0.17.4 h1:UzM+38cPUJnzqSQ+E1PY4YxMHIzQyCg29LOoGfo79Zw=
k8s.io/apimachinery v0.17.4/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
k8s.io/apimachinery v0.17.9 h1:knQxNgMu57Oxlm12J6DS375kmGMeuWV0VNzRRUBB2Yk=
k8s.io/apimachinery v0.17.9/go.mod h1:Lg8zZ5iC/O8UjCqW6DNhcQG2m4TdjF9kwG3891OWbbA=
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 92ef31969..2560f0582 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -468,6 +468,18 @@ func (c *Config) GetEncryptionConfigs() []*EncryptionConfig {
return encryptionConfigs
}
+// GetEncryptionConfig returns encryption configs associated with name
+// Returns error if no encryption config with name is found
+func (c *Config) GetEncryptionConfig(name string) (*EncryptionConfig, error) {
+ encryptionConfig, exists := c.EncryptionConfigs[name]
+ if !exists {
+ return nil, ErrEncryptionConfigurationNotFound{
+ Name: fmt.Sprintf("Encryption Config with name '%s'", name),
+ }
+ }
+ return encryptionConfig, nil
+}
+
// AddEncryptionConfig creates a new encryption config
func (c *Config) AddEncryptionConfig(options *EncryptionConfigOptions) *EncryptionConfig {
encryptionConfig := &EncryptionConfig{
@@ -525,6 +537,16 @@ func (c *Config) CurrentContextManagementConfig() (*ManagementConfiguration, err
return managementCfg, nil
}
+// CurrentContextEncryptionConfig returns the encryption config for the current context
+func (c *Config) CurrentContextEncryptionConfig() (*EncryptionConfig, error) {
+ currentContext, err := c.GetCurrentContext()
+ if err != nil {
+ return nil, err
+ }
+
+ return c.GetEncryptionConfig(currentContext.EncryptionConfig)
+}
+
// Purge removes the config file
func (c *Config) Purge() error {
return os.Remove(c.loadedConfigPath)
diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
index 93bf74656..81816ec30 100644
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
@@ -201,6 +201,23 @@ func TestCurrentContextManagementConfig(t *testing.T) {
assert.Equal(t, conf.ManagementConfiguration[defaultString], managementConfig)
}
+func TestCurrentContextEncryptionConfig(t *testing.T) {
+ conf, cleanup := testutil.InitConfig(t)
+ defer cleanup(t)
+
+ defaultEncryptionConfig, err := conf.CurrentContextEncryptionConfig()
+ require.Error(t, err)
+ assert.Nil(t, defaultEncryptionConfig)
+
+ conf.CurrentContext = currentContextName
+ conf.Contexts[currentContextName].EncryptionConfig = defaultString
+ conf.EncryptionConfigs[defaultString] = defaultEncryptionConfig
+
+ currentContextEncryptionConfig, err := conf.CurrentContextEncryptionConfig()
+ require.NoError(t, err)
+ assert.Equal(t, conf.EncryptionConfigs[defaultString], currentContextEncryptionConfig)
+}
+
func TestPurge(t *testing.T) {
conf, cleanup := testutil.InitConfig(t)
defer cleanup(t)
@@ -486,6 +503,31 @@ func TestGetDefaultEncryptionConfigs(t *testing.T) {
assert.Equal(t, 0, len(encryptionConfigs))
}
+func TestGetNonExistingEncryptionConfig(t *testing.T) {
+ conf, cleanup := testutil.InitConfig(t)
+ defer cleanup(t)
+
+ encryptionConfig, err := conf.GetEncryptionConfig("test")
+ require.Nil(t, encryptionConfig)
+ assert.Error(t, err)
+}
+
+func TestGetEncryptionConfig(t *testing.T) {
+ conf, cleanup := testutil.InitConfig(t)
+ defer cleanup(t)
+
+ eco := testutil.DummyEncryptionConfigOptions()
+ encryptionConfig := conf.AddEncryptionConfig(eco)
+ require.NotNil(t, encryptionConfig)
+
+ encryptionConfig, err := conf.GetEncryptionConfig(eco.Name)
+ assert.NoError(t, err)
+ assert.Equal(t, eco.DecryptionKeyPath, encryptionConfig.DecryptionKeyPath)
+ assert.Equal(t, eco.EncryptionKeyPath, encryptionConfig.EncryptionKeyPath)
+ assert.Equal(t, eco.KeySecretNamespace, encryptionConfig.KeySecretNamespace)
+ assert.Equal(t, eco.KeySecretName, encryptionConfig.KeySecretName)
+}
+
func TestModifyEncryptionConfigs(t *testing.T) {
conf, cleanup := testutil.InitConfig(t)
defer cleanup(t)
diff --git a/pkg/secret/decrypt.go b/pkg/secret/decrypt.go
new file mode 100644
index 000000000..30a35869b
--- /dev/null
+++ b/pkg/secret/decrypt.go
@@ -0,0 +1,105 @@
+/*
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package secret
+
+import (
+ "os"
+ "path/filepath"
+
+ "opendev.org/airship/airshipctl/pkg/config"
+ "opendev.org/airship/airshipctl/pkg/document"
+ "opendev.org/airship/airshipctl/pkg/k8s/client"
+ kcfg "opendev.org/airship/airshipctl/pkg/k8s/kubeconfig"
+ "opendev.org/airship/airshipctl/pkg/phase"
+ "opendev.org/airship/airshipctl/pkg/secret/sops"
+)
+
+// Decrypt decrypts all encrypted files in the srcPath and writes plain text files into dstPath
+func Decrypt(airconfig *config.Config, kubeconfig string,
+ srcPath string, dstPath string) error {
+ var cleanup kcfg.Cleanup
+ var err error
+ if kubeconfig == "" {
+ kubeConfig := kcfg.NewBuilder().Build()
+ kubeconfig, cleanup, err = kubeConfig.GetFile()
+ if err != nil {
+ // ignore error here and return an error later if encryption
+ // config refers to secrets in apiserver
+ }
+ defer cleanup()
+ }
+
+ kclient, err := client.DefaultClient(airconfig.LoadedConfigPath(), kubeconfig)
+ if err != nil {
+ // ignore error here and return an error later if encryption
+ // config refers to secrets in apiserver
+ }
+
+ return decrypt(airconfig, kclient, srcPath, dstPath)
+}
+
+func decrypt(airconfig *config.Config, kclient client.Interface, srcPath string, dstPath string) error {
+ encryptionConfig, encryptionConfigErr := airconfig.CurrentContextEncryptionConfig()
+ if encryptionConfigErr != nil {
+ return encryptionConfigErr
+ }
+
+ if srcPath == "" {
+ helper, err := phase.NewHelper(airconfig)
+ if err != nil {
+ return err
+ }
+ srcPath = helper.PhaseRoot()
+ }
+ if dstPath == "" {
+ dstPath = srcPath
+ }
+
+ options := &sops.Options{
+ KeySecretName: encryptionConfig.KeySecretName,
+ KeySecretNamespace: encryptionConfig.KeySecretNamespace,
+ EncryptionKeyPath: encryptionConfig.EncryptionKeyPath,
+ DecryptionKeyPath: encryptionConfig.DecryptionKeyPath,
+ }
+
+ sopsClient, err := sops.NewClient(kclient, options)
+ if err != nil {
+ return err
+ }
+
+ fs := document.NewDocumentFs()
+ if fs.IsDir(srcPath) {
+ absPath, _, pathErr := fs.CleanedAbs(srcPath)
+ if pathErr != nil {
+ return pathErr
+ }
+
+ // iterate through all files recursively and check if the directory
+ // contains any secret objects with encrypt annotation
+ err = fs.Walk(absPath.String(), func(encryptedFilePath string, info os.FileInfo, err error) error {
+ decryptedFilePath := filepath.Join(dstPath, filepath.Base(info.Name()))
+ if info.IsDir() {
+ return nil
+ }
+ if _, err = sopsClient.Decrypt(encryptedFilePath, decryptedFilePath); err != nil {
+ return err
+ }
+ return nil
+ })
+ return err
+ }
+ _, err = sopsClient.Decrypt(srcPath, dstPath)
+ return err
+}
diff --git a/pkg/secret/decrypt_test.go b/pkg/secret/decrypt_test.go
new file mode 100644
index 000000000..dd0c86b2c
--- /dev/null
+++ b/pkg/secret/decrypt_test.go
@@ -0,0 +1,108 @@
+/*
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package secret
+
+import (
+ "io/ioutil"
+ "os"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+
+ "opendev.org/airship/airshipctl/pkg/config"
+ "opendev.org/airship/airshipctl/pkg/k8s/client/fake"
+ "opendev.org/airship/airshipctl/testutil"
+)
+
+const (
+ qualifiedEncryptedSecret = "testdata/secrets/decryption/qualified-encrypted-secret.yaml"
+ encryptionKey = "testdata/encryption.pub"
+ decryptionKey = "testdata/decryption.key"
+
+ currentContext = "def_ephemeral"
+ testEncryptionConfig = "test"
+ testManifest = "test"
+)
+
+func TestDecrypt(t *testing.T) {
+ defer deleteGpgKeys()
+ cfg, _ := testutil.InitConfig(t)
+ cfg.CurrentContext = currentContext
+ cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
+ EncryptionKeyFileSource: config.EncryptionKeyFileSource{
+ DecryptionKeyPath: decryptionKey,
+ EncryptionKeyPath: encryptionKey,
+ },
+ }
+ ctx, err := cfg.GetContext(currentContext)
+ ctx.EncryptionConfig = testEncryptionConfig
+ require.NoError(t, err)
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-public-key")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ err = decrypt(cfg, fake.NewClient(), qualifiedEncryptedSecret, tmpFile.Name())
+ assert.NoError(t, err)
+}
+
+func TestDecryptWithContextPath(t *testing.T) {
+ defer deleteGpgKeys()
+ cfg, _ := testutil.InitConfig(t)
+ cfg.CurrentContext = currentContext
+ cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
+ EncryptionKeyFileSource: config.EncryptionKeyFileSource{
+ DecryptionKeyPath: decryptionKey,
+ EncryptionKeyPath: encryptionKey,
+ },
+ }
+ manifest := &config.Manifest{
+ TargetPath: "testdata/secrets/decryption/",
+ MetadataPath: "metadata.yaml",
+ Repositories: map[string]*config.Repository{"primary": testutil.DummyRepository()},
+ PhaseRepositoryName: "primary",
+ }
+ if cfg.Manifests == nil {
+ cfg.Manifests = make(map[string]*config.Manifest)
+ }
+ cfg.Manifests[testManifest] = manifest
+ ctx, err := cfg.GetCurrentContext()
+ ctx.EncryptionConfig = testEncryptionConfig
+ ctx.Manifest = testManifest
+ require.NoError(t, err)
+ err = decrypt(cfg, fake.NewClient(), "", "")
+ assert.NoError(t, err)
+}
+
+func TestDecryptInvalidPrivateKey(t *testing.T) {
+ defer deleteGpgKeys()
+ cfg, _ := testutil.InitConfig(t)
+ cfg.CurrentContext = currentContext
+ cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
+ EncryptionKeyFileSource: config.EncryptionKeyFileSource{
+ DecryptionKeyPath: "dummy",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ },
+ }
+ ctx, err := cfg.GetContext(currentContext)
+ ctx.EncryptionConfig = testEncryptionConfig
+ require.NoError(t, err)
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-public-key")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ err = decrypt(cfg, fake.NewClient(), qualifiedEncryptedSecret, tmpFile.Name())
+ assert.Error(t, err)
+}
diff --git a/pkg/secret/encrypt.go b/pkg/secret/encrypt.go
new file mode 100644
index 000000000..e1192a172
--- /dev/null
+++ b/pkg/secret/encrypt.go
@@ -0,0 +1,156 @@
+/*
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package secret
+
+import (
+ "io/ioutil"
+ "os"
+ "path/filepath"
+
+ "k8s.io/apimachinery/pkg/api/meta"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/util/yaml"
+
+ "opendev.org/airship/airshipctl/pkg/config"
+ "opendev.org/airship/airshipctl/pkg/document"
+ "opendev.org/airship/airshipctl/pkg/k8s/client"
+ kcfg "opendev.org/airship/airshipctl/pkg/k8s/kubeconfig"
+ "opendev.org/airship/airshipctl/pkg/phase"
+ "opendev.org/airship/airshipctl/pkg/secret/sops"
+)
+
+const (
+ encryptionFilterAnnotationKey = "airshipit.org/encrypt"
+)
+
+// Encrypt encrypts all plaintext files in the srcPath and writes encrypted files into dstPath
+func Encrypt(airconfig *config.Config, kubeconfig string,
+ srcPath string, dstPath string) error {
+ var cleanup kcfg.Cleanup
+ var err error
+ if kubeconfig == "" {
+ kubeConfig := kcfg.NewBuilder().Build()
+ kubeconfig, cleanup, err = kubeConfig.GetFile()
+ if err != nil {
+ // ignore error here and return an error later if encryption
+ // config refers to secrets in apiserver
+ }
+ defer cleanup()
+ }
+
+ kclient, err := client.DefaultClient(airconfig.LoadedConfigPath(), kubeconfig)
+ if err != nil {
+ // ignore error here and return an error later if encryption
+ // config refers to secrets in apiserver
+ }
+
+ return encrypt(airconfig, kclient, srcPath, dstPath)
+}
+
+func encrypt(airconfig *config.Config, kclient client.Interface, srcPath string, dstPath string) error {
+ encryptionConfig, encryptionConfigErr := airconfig.CurrentContextEncryptionConfig()
+ if encryptionConfigErr != nil {
+ return encryptionConfigErr
+ }
+
+ if srcPath == "" {
+ helper, err := phase.NewHelper(airconfig)
+ if err != nil {
+ return err
+ }
+ srcPath = helper.PhaseRoot()
+ }
+
+ if dstPath == "" {
+ dstPath = srcPath
+ }
+
+ options := &sops.Options{
+ KeySecretName: encryptionConfig.KeySecretName,
+ KeySecretNamespace: encryptionConfig.KeySecretNamespace,
+ EncryptionKeyPath: encryptionConfig.EncryptionKeyPath,
+ DecryptionKeyPath: encryptionConfig.DecryptionKeyPath,
+ }
+
+ sopsClient, err := sops.NewClient(kclient, options)
+ if err != nil {
+ return err
+ }
+
+ // if from file is directory
+ fs := document.NewDocumentFs()
+ if fs.IsDir(srcPath) {
+ absPath, _, pathErr := fs.CleanedAbs(srcPath)
+ if pathErr != nil {
+ return pathErr
+ }
+
+ // iterate through all files recursively and check if the directory
+ // contains any secret objects with encrypt annotation
+ err = fs.Walk(absPath.String(), func(plainTextFilePath string, info os.FileInfo, err error) error {
+ if info.IsDir() {
+ return nil
+ }
+ // check if the file is a secret yaml
+ if isValidSecret(plainTextFilePath) {
+ encryptedFilePath := filepath.Join(dstPath, filepath.Base(info.Name()))
+ // check if the secret has an annotation to encrypt, if not skip
+ // when a directory option is passed, in place takes effect
+ if _, err = sopsClient.Encrypt(plainTextFilePath, encryptedFilePath); err != nil {
+ return err
+ }
+ }
+ return nil
+ })
+ return err
+ }
+
+ if !isValidSecret(srcPath) {
+ return nil
+ }
+
+ _, err = sopsClient.Encrypt(srcPath, dstPath)
+ return err
+}
+
+// checks if the file passed is a secret object that has to be encrypted or decrypted
+func isValidSecret(fileName string) bool {
+ contents, err := ioutil.ReadFile(fileName)
+ if err != nil {
+ return false
+ }
+ jsonContents, err := yaml.ToJSON(contents)
+ if err != nil {
+ return false
+ }
+
+ object, err := runtime.Decode(unstructured.UnstructuredJSONScheme, jsonContents)
+ if err != nil {
+ return false
+ }
+ accessor, err := meta.Accessor(object)
+ if err != nil {
+ return false
+ }
+
+ if accessor.GetAnnotations() != nil {
+ if value, ok := accessor.GetAnnotations()[encryptionFilterAnnotationKey]; ok && value == "true" {
+ return true
+ }
+ }
+
+ return false
+}
diff --git a/pkg/secret/encrypt_test.go b/pkg/secret/encrypt_test.go
new file mode 100644
index 000000000..ae5891b8d
--- /dev/null
+++ b/pkg/secret/encrypt_test.go
@@ -0,0 +1,125 @@
+/*
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package secret
+
+import (
+ "io/ioutil"
+ "os"
+ "os/exec"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+
+ "opendev.org/airship/airshipctl/pkg/config"
+ "opendev.org/airship/airshipctl/pkg/k8s/client/fake"
+ "opendev.org/airship/airshipctl/testutil"
+)
+
+const (
+ qualifiedDecryptedFile = "testdata/secrets/encryption/qualified-decrypted-secret.yaml"
+
+ keyID = "681E3A89EB1DAFD36EB883120A73BB48E26694D8"
+)
+
+func TestEncrypt(t *testing.T) {
+ defer deleteGpgKeys()
+ cfg, _ := testutil.InitConfig(t)
+ cfg.CurrentContext = currentContext
+ cfg.EncryptionConfigs["test"] = &config.EncryptionConfig{
+ EncryptionKeyFileSource: config.EncryptionKeyFileSource{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ },
+ }
+ ctx, err := cfg.GetContext(currentContext)
+ require.NoError(t, err)
+ ctx.EncryptionConfig = testEncryptionConfig
+
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ err = encrypt(cfg, fake.NewClient(), qualifiedDecryptedFile, tmpFile.Name())
+ assert.NoError(t, err)
+}
+
+func TestEncryptWithContextPath(t *testing.T) {
+ defer deleteGpgKeys()
+ cfg, _ := testutil.InitConfig(t)
+ cfg.CurrentContext = currentContext
+ cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
+ EncryptionKeyFileSource: config.EncryptionKeyFileSource{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ },
+ }
+ manifest := &config.Manifest{
+ TargetPath: "testdata/secrets/encryption/",
+ MetadataPath: "metadata.yaml",
+ Repositories: map[string]*config.Repository{"primary": testutil.DummyRepository()},
+ PhaseRepositoryName: "primary",
+ }
+ if cfg.Manifests == nil {
+ cfg.Manifests = make(map[string]*config.Manifest)
+ }
+ cfg.Manifests[testManifest] = manifest
+ ctx, err := cfg.GetCurrentContext()
+ require.NoError(t, err)
+ ctx.EncryptionConfig = testEncryptionConfig
+ ctx.Manifest = testManifest
+ dir, err := ioutil.TempDir("/tmp/", "encrypt-context-path")
+ require.NoError(t, err)
+ defer os.RemoveAll(dir)
+
+ err = encrypt(cfg, fake.NewClient(), "", dir)
+ assert.NoError(t, err)
+}
+
+func TestEncryptInvalidPublicKey(t *testing.T) {
+ defer deleteGpgKeys()
+ cfg, _ := testutil.InitConfig(t)
+ cfg.CurrentContext = currentContext
+ cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
+ EncryptionKeyFileSource: config.EncryptionKeyFileSource{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/decryption.key",
+ },
+ }
+ ctx, err := cfg.GetContext(currentContext)
+ require.NoError(t, err)
+ ctx.EncryptionConfig = testEncryptionConfig
+
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-public-key")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ err = encrypt(cfg, fake.NewClient(), qualifiedDecryptedFile, tmpFile.Name())
+ assert.Error(t, err)
+}
+
+func deleteGpgKeys() {
+ gpgCmd := exec.Command("gpg", "--delete-secret-keys", "--batch", "--yes", keyID)
+ if err := gpgCmd.Run(); err != nil {
+ // best effort to delete the secret keys
+ return
+ }
+ gpgCmd = exec.Command("gpg", "--delete-keys", "--batch", "--yes", keyID)
+ if err := gpgCmd.Run(); err != nil {
+ // best effort to delete the secret keys
+ return
+ }
+ return
+}
diff --git a/pkg/secret/sops/sops.go b/pkg/secret/sops/sops.go
new file mode 100644
index 000000000..deb44f35a
--- /dev/null
+++ b/pkg/secret/sops/sops.go
@@ -0,0 +1,332 @@
+/*
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package sops
+
+import (
+ "bufio"
+ "bytes"
+ "fmt"
+ "io/ioutil"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "time"
+
+ "go.mozilla.org/sops/v3"
+ "go.mozilla.org/sops/v3/aes"
+ "go.mozilla.org/sops/v3/cmd/sops/common"
+ "go.mozilla.org/sops/v3/keys"
+ "go.mozilla.org/sops/v3/keyservice"
+ "go.mozilla.org/sops/v3/pgp"
+ "golang.org/x/crypto/openpgp"
+ "golang.org/x/crypto/openpgp/packet"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/meta"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/util/yaml"
+
+ "opendev.org/airship/airshipctl/pkg/k8s/client"
+)
+
+const (
+ tempEncryptionKeyFile = "/tmp/encryption-key.pri"
+ encryptionRegexAnnotationKey = "airshipit.org/encryption-regex"
+ encryptionFilterAnnotationKey = "airshipit.org/encrypt"
+)
+
+// Options holds the key information used to encrypt and decrypt secrets using Sops
+type Options struct {
+ KeySecretName string
+ KeySecretNamespace string
+ EncryptionKeyPath string
+ DecryptionKeyPath string
+}
+
+// Client is an interface that is used to encrypt and decrypt secrets
+type Client interface {
+ // Encrypt reads plain text secrets from srcPath and writes encrypted secrets to dstPath
+ Encrypt(srcPath string, dstPath string) ([]byte, error)
+ // Decrypt reads encrypted secrets from srcPath and writes plain text secrets to dstPath
+ Decrypt(srcPath string, dstPath string) ([]byte, error)
+}
+
+// localGpg implements Client with local gpg keys for encryption and decryption
+type localGpg struct {
+ *Options
+ kclient client.Interface
+ publicKey []byte
+ privateKey []byte
+}
+
+// NewClient returns a localGpg Client implementation
+func NewClient(kclient client.Interface, options *Options) (Client, error) {
+ client := &localGpg{
+ kclient: kclient,
+ Options: options,
+ }
+ err := client.initializeKeys()
+ return client, err
+}
+
+func (lg *localGpg) initializeKeys() error {
+ var publicKey, privateKey []byte
+ var err error
+ if lg.DecryptionKeyPath == "" && lg.EncryptionKeyPath == "" {
+ // retrieve sops keys from the apiserver
+ if lg.kclient == nil {
+ return fmt.Errorf("kube client not initialized")
+ }
+ secret, apiErr := lg.getSecretFromAPI(lg.KeySecretName, lg.KeySecretNamespace)
+ if apiErr != nil {
+ return err
+ }
+ privateKey = secret.Data["pri_key"]
+ publicKey = secret.Data["pub_key"]
+ } else {
+ // load the keys from disk
+ if lg.DecryptionKeyPath != "" {
+ privateKey, err = ioutil.ReadFile(lg.DecryptionKeyPath)
+ if err != nil {
+ return err
+ }
+ }
+ if lg.EncryptionKeyPath != "" {
+ publicKey, err = ioutil.ReadFile(lg.EncryptionKeyPath)
+ if err != nil {
+ return err
+ }
+ }
+ }
+ lg.publicKey = publicKey
+ lg.privateKey = privateKey
+
+ if len(lg.privateKey) > 0 {
+ // import the key locally
+ if err := lg.importGpgKeyPairLocally(); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (lg *localGpg) importGpgKeyPairLocally() error {
+ tmpPriKeyFileName := fmt.Sprintf(tempEncryptionKeyFile)
+
+ if err := writeFile(tmpPriKeyFileName, lg.privateKey); err != nil {
+ return err
+ }
+ defer func() {
+ os.Remove(tmpPriKeyFileName)
+ }()
+
+ gpgCmd := exec.Command("gpg", "--import", tmpPriKeyFileName)
+ err := gpgCmd.Run()
+ if err != nil {
+ return err
+ }
+
+ // gpg --export-secret-keys >~/.gnupg/secring.gpg
+ // make this work with gpg1 as well for linux
+ homeDir, err := os.UserHomeDir()
+ if err != nil {
+ return err
+ }
+
+ gpgSecretImportCmd := exec.Command("gpg", "--export-secret-keys")
+ secringBytes, err := gpgSecretImportCmd.Output()
+ if err != nil {
+ return err
+ }
+
+ err = ioutil.WriteFile(filepath.Join(homeDir, ".gnupg", "secring.gpg"), secringBytes, 0600)
+ return err
+}
+
+func (lg *localGpg) Encrypt(fromFile string, toFile string) ([]byte, error) {
+ groups, err := lg.getKeyGroup(lg.publicKey)
+ if err != nil {
+ return nil, err
+ }
+ store := common.DefaultStoreForPath(fromFile)
+ fileBytes, err := ioutil.ReadFile(fromFile)
+ if err != nil {
+ return nil, fmt.Errorf("error reading file: %s", err)
+ }
+
+ branches, err := store.LoadPlainFile(fileBytes)
+ if err != nil {
+ return nil, err
+ }
+
+ if err = lg.ensureNoMetadata(branches[0]); err != nil {
+ // do not return error to keep this function idempotent
+ // ensureNoMetadata will return an error if the file is already encrypted
+ return nil, nil
+ }
+
+ // get encryption regex
+ encryptionRegex, err := getEncryptionRegex(fileBytes)
+ if err != nil || encryptionRegex == "" {
+ encryptionRegex = "^data"
+ } else if encryptionRegex != "" {
+ encryptionRegex = "^data|" + encryptionRegex
+ }
+
+ tree := sops.Tree{
+ Branches: branches,
+ Metadata: sops.Metadata{
+ KeyGroups: groups,
+ Version: "3.6.0",
+ EncryptedRegex: encryptionRegex,
+ },
+ FilePath: fromFile,
+ }
+
+ keySvc := keyservice.NewLocalClient()
+ dataKey, errors := tree.GenerateDataKeyWithKeyServices([]keyservice.KeyServiceClient{keySvc})
+ if len(errors) > 0 {
+ return nil, fmt.Errorf("%s", errors)
+ }
+ if err = common.EncryptTree(common.EncryptTreeOpts{
+ Tree: &tree,
+ Cipher: aes.NewCipher(),
+ DataKey: dataKey,
+ }); err != nil {
+ return nil, err
+ }
+
+ dstStore := common.DefaultStoreForPath(toFile)
+ output, err := dstStore.EmitEncryptedFile(tree)
+ if err != nil {
+ return nil, err
+ }
+
+ if toFile != "" {
+ err = ioutil.WriteFile(toFile, output, 0600)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return output, nil
+}
+
+func (lg *localGpg) Decrypt(fromFile string, toFile string) ([]byte, error) {
+ keySvc := keyservice.NewLocalClient()
+ tree, err := common.LoadEncryptedFileWithBugFixes(common.GenericDecryptOpts{
+ Cipher: aes.NewCipher(),
+ InputStore: common.DefaultStoreForPath(fromFile),
+ InputPath: fromFile,
+ KeyServices: []keyservice.KeyServiceClient{keySvc},
+ })
+ if err != nil && err.Error() == sops.MetadataNotFound.Error() {
+ return nil, nil
+ } else if err != nil {
+ return nil, err
+ }
+
+ if _, err = common.DecryptTree(common.DecryptTreeOpts{
+ Tree: tree,
+ KeyServices: []keyservice.KeyServiceClient{keySvc},
+ Cipher: aes.NewCipher(),
+ }); err != nil {
+ return nil, err
+ }
+
+ dstStore := common.DefaultStoreForPath(toFile)
+ output, err := dstStore.EmitPlainFile(tree.Branches)
+ if err != nil {
+ return nil, err
+ }
+
+ if toFile != "" {
+ if err = writeFile(toFile, output); err != nil {
+ return nil, err
+ }
+ }
+
+ return output, nil
+}
+
+// Config for generating keys.
+type Config struct {
+ packet.Config
+ // Expiry is the duration that the generated key will be valid for.
+ Expiry time.Duration
+}
+
+// Key represents an OpenPGP key.
+type Key struct {
+ openpgp.Entity
+}
+
+func (lg *localGpg) getSecretFromAPI(name string, namespace string) (*corev1.Secret, error) {
+ return lg.kclient.ClientSet().CoreV1().Secrets(namespace).Get(name, metav1.GetOptions{})
+}
+
+func (lg *localGpg) getKeyGroup(publicKeyBytes []byte) ([]sops.KeyGroup, error) {
+ b := bytes.NewReader(publicKeyBytes)
+ bufferedReader := bufio.NewReader(b)
+ entities, err := openpgp.ReadArmoredKeyRing(bufferedReader)
+ if err != nil {
+ return nil, err
+ }
+ fingerprint := fmt.Sprintf("%X", entities[0].PrimaryKey.Fingerprint[:])
+ pgpKeys := make([]keys.MasterKey, 1)
+ for index, k := range pgp.MasterKeysFromFingerprintString(fingerprint) {
+ pgpKeys[index] = k
+ }
+
+ var group sops.KeyGroup
+ group = append(group, pgpKeys...)
+ return []sops.KeyGroup{group}, nil
+}
+
+func (lg *localGpg) ensureNoMetadata(branch sops.TreeBranch) error {
+ for _, b := range branch {
+ if b.Key == "sops" {
+ return fmt.Errorf("file already encrypted")
+ }
+ }
+ return nil
+}
+
+func writeFile(path string, content []byte) error {
+ return ioutil.WriteFile(path, content, 0600)
+}
+
+func getEncryptionRegex(yamlContent []byte) (string, error) {
+ jsonContents, err := yaml.ToJSON(yamlContent)
+ if err != nil {
+ return "", err
+ }
+ object, err := runtime.Decode(unstructured.UnstructuredJSONScheme, jsonContents)
+ if err != nil {
+ return "", err
+ }
+ accessor, err := meta.Accessor(object)
+ if err != nil {
+ return "", err
+ }
+
+ if accessor.GetAnnotations() != nil &&
+ accessor.GetAnnotations()[encryptionFilterAnnotationKey] == "true" &&
+ accessor.GetAnnotations()[encryptionRegexAnnotationKey] != "" {
+ return accessor.GetAnnotations()[encryptionRegexAnnotationKey], nil
+ }
+ return "", nil
+}
diff --git a/pkg/secret/sops/sops_test.go b/pkg/secret/sops/sops_test.go
new file mode 100644
index 000000000..5028a0091
--- /dev/null
+++ b/pkg/secret/sops/sops_test.go
@@ -0,0 +1,211 @@
+/*
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package sops_test
+
+import (
+ "fmt"
+ "io/ioutil"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+
+ "opendev.org/airship/airshipctl/pkg/secret/sops"
+)
+
+const (
+ qualifiedEncryptedFile = "testdata/secrets/qualified-encrypted-secret.yaml"
+ qualifiedDecryptedFile = "testdata/secrets/qualified-decrypted-secret.yaml"
+ qualifiedDecryptedFileWithRegex = "testdata/secrets/qualified-decrypted-secret-with-regex.yaml"
+ invalidYamlDecryptedFile = "testdata/secrets/qualified-decrypted-invalid-yaml.yaml"
+ missingMetadataEncryptedFile = "testdata/secrets/qualified-encrypted-secret-missing-metadata.yaml"
+
+ keyID = "681E3A89EB1DAFD36EB883120A73BB48E26694D8"
+)
+
+func TestEncrypt(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.NoError(t, err)
+
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-*.yaml")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ _, err = sopsClient.Encrypt(qualifiedDecryptedFile, tmpFile.Name())
+ assert.NoError(t, err)
+}
+
+func TestEncryptInvalidKey(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.pub",
+ EncryptionKeyPath: "testdata/encryption.key",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.Error(t, err)
+
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-key-")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ _, err = sopsClient.Encrypt(qualifiedDecryptedFile, tmpFile.Name())
+ assert.Error(t, err)
+}
+
+func TestEncryptInvalidSourceFile(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.NoError(t, err)
+
+ _, err = sopsClient.Encrypt("/invalidFile", "")
+ assert.Error(t, err)
+}
+
+func TestEncryptInvalidYaml(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.NoError(t, err)
+
+ _, err = sopsClient.Encrypt(invalidYamlDecryptedFile, "")
+ assert.Error(t, err)
+}
+
+func TestEncryptWithRegex(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.NoError(t, err)
+
+ _, err = sopsClient.Encrypt(qualifiedDecryptedFileWithRegex, "")
+ assert.NoError(t, err)
+}
+
+func TestDecrypt(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.NoError(t, err)
+
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-decrypt-*.yaml")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ _, err = sopsClient.Decrypt(qualifiedEncryptedFile, tmpFile.Name())
+ assert.NoError(t, err)
+}
+
+func TestDecryptInvalidKey(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.pub",
+ EncryptionKeyPath: "testdata/encryption.key",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ require.Error(t, err)
+
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-decrypt-invalid-key-*.yaml")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ _, err = sopsClient.Decrypt(qualifiedEncryptedFile, tmpFile.Name())
+ assert.Error(t, err)
+}
+
+func TestDecryptInvalidSrc(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.NoError(t, err)
+
+ _, err = sopsClient.Decrypt("dummy", "dummy")
+ assert.Error(t, err)
+}
+
+func TestDecryptMissingMetadata(t *testing.T) {
+ defer deleteGpgKeys()
+ options := &sops.Options{
+ DecryptionKeyPath: "testdata/decryption.key",
+ EncryptionKeyPath: "testdata/encryption.pub",
+ }
+
+ sopsClient, err := sops.NewClient(nil, options)
+ assert.NoError(t, err)
+
+ tmpFile, err := ioutil.TempFile("/tmp/", "test-decrypt-missing-metadata-*.yaml")
+ require.NoError(t, err)
+ defer os.Remove(tmpFile.Name())
+
+ _, err = sopsClient.Decrypt(missingMetadataEncryptedFile, tmpFile.Name())
+ assert.Error(t, err)
+}
+
+func deleteGpgKeys() {
+ gpgCmd := exec.Command("gpg", "--delete-keys", "--batch", "--yes", keyID)
+ if _, err := gpgCmd.Output(); err != nil {
+ fmt.Printf("error deleting key: %s\n", err)
+ }
+
+ gpgCmd = exec.Command("gpg", "--delete-secret-keys", "--batch", "--yes", keyID)
+ if _, err := gpgCmd.Output(); err != nil {
+ fmt.Printf("error deleting secret key: %s\n", err)
+ }
+
+ homeDir, err := os.UserHomeDir()
+ if err != nil {
+ fmt.Printf("error getting home dir: %s\n", err)
+ return
+ }
+
+ secRingFile := filepath.Join(homeDir, ".gnupg", "secring.gpg")
+ gpgCmd = exec.Command("rm", secRingFile)
+ if _, err := gpgCmd.Output(); err != nil {
+ fmt.Printf("error deleting secring: %s\n", err)
+ }
+
+ return
+}
diff --git a/pkg/secret/sops/testdata/decryption.key b/pkg/secret/sops/testdata/decryption.key
new file mode 100644
index 0000000000000000000000000000000000000000..5798b8f408bfc5abf37d8760e483f23afb9cfaf3
GIT binary patch
literal 2539
zcmajfc{~#i1IO`=G1rLP$0Au2BG-d3xvyA`+<uHHIcIVYAvd`~&am9MiaBS7%0iAY
zp;2g+AHQ<^obCBNuix{$p69>kukT;qKR@q6=3<bC9`*~64Y2s5nX~;8qr^c6MFOn6
z4Di<RDw^+T+A7yUE0sXrD=%oal1}6_x2eJJj{0_Lm=4>*e3kDWYxZg-|J)e+ta`sl
z<wSYN&%QUvbC0q;3x|-bIg~%g+)Kxu4NDV;V+~a%O5kw|rtoF6#=DzqFCKokqI_Y*
zwGfT#qt~vk+tu5?3FkJ})q9p2eb0*d;<1qFw+3DJdUE@?z**|8`t)4sq}42+_EERo
z{GGZ#c~4gNzK-qUFd;ryhf~}eO{ZEeDOVNH=r@Chd+AbLWD&6Dm(QDq4)NZAvfH!4
z?8mObNKx6QsQTPDo~j=L68BlHGeuGyMo{_Izs5#`@vi~AKmZT`{&jhzX1h##Cilkx
zZ(MJ)=DY0cK_=B1tUZt}0r6~hcKm#FSWk8Z>V?e-+<=faE{M@cZ|*Q$2d@-<Rn;6s
zxbsoS<c)3|&*QA6&<OBeD{Ob@WQ&kwQbSAO9yZLh7S}^mnRQ<g9nS&d#U!q<@uO1h
z)*b0LD9bWtnlY_*4;BXpPYAq<{3JkUf4R^QLx0UhOpf+AU9ZS%Cy`Qr-B!A`n%gHN
z8Q<Q&`BXC?x7^>}$5ptX)hJ?yKE&ia9qk<>98P{mwwI5g+@n1VXpws~Ud2A2!e&vG
zQ6Gp$5sRNfSTg5N-6)+tz-ai)lfzpkh3Ec&+Cy`U%3dXd0L!8=4;vvdm8>y5kTo&I
z=$9}`pL_N<;Lj=ZqXW5}a5oWs_$wV`O4>E?&c3=`=hRUC^)&RgQg^n@U7&|v-PolI
z@{vCf>dFR&E?k=n;3uJagXc0TbPgli>`F3h^h{HSu|lSR(PPp+q{4MW`dA%?DfOI9
zvMTczvnP6=fB<K)V6OQgrYOX!BQ62Wo#896GO6xbmkbNY7EFoaG5_Qybvo0!UF=e(
zOK4nCxgfraHyez;zNHNmh_-Fdhm8j3rhWEY2o627tcUJJF6F!Ad})*(7q5W0bMp+!
zH8ji!M13-Re=(fLp?4RD<(zmrKO!k;iiqXR#2zX|;y{36{dcZQuB%S_Gydzwdd#q%
zglsO4Nr|K_ZPiBQXzR-cIaK-_f)IblyKcQ0Gq23}ZNQ^Z&w<4VC!j`unH<)jV9E~C
zeKA}8Q9pKF3<Gt;#^b?Qx+@pv?D<#$WPrt`lI1bJb^;1_+Iw7H65=4OqdpGzA&Tqu
zXfI5}QZ(MZlrRiJ-uFRE-uQdrNdK@<j1OATKM3jRubT$61D*dXTU|jZ&|Roj+INZ8
z*+6_EA4h1P=_gbHm4)eFT{DR>v#>J{`vO=v+1bEMtO6YDY@AFWK_+G(6BNiK6c6BF
zKlh)D^e-^Ou0qy8vRpbG%Lt6WZ7S>-a@*~orQ<@-vzfqTtHS22J#B~K)b_LbeTOeA
zTvbU{Lmx#@9KBzOId)pG0bG{T±m$S2eTIn432WhS&kNmEXS%>6sO%M)qJN~}7
zz|gmVu+#=yV8oG<WSvCs(C^c9ON28NUe@$np-#W0o!;G(uQ4t4*z7<vspkUP*t_eI
zh#oQTg~${wupIfD>Z-+4bDGNNtagT@-NkO?rs~tx*YYMm)Q54HvTs0Q;a3J&&C*2A
zJfLsDw(X|bwu3x~SW^3(U<3QXwkDr?YBD-CB9ieHZ(&b|i`O3E#t#AvF$wVyDhKdU
z7f`bNzaZjwSq|=IC>mfGfYIH3w!rXDNlW*bD`i@eyEIG*A1gyD8K$wn(__Pqq}?d$
z<&Xpe*<^{SIOT8SPJIt@GS>~o4RM$?Dyn6jJ-waOY%<4Q1#Q=M+f#JwJjM{ke_q<7
zoh6liba<ffYv+3RPZqf-tC2c)wPmu@$divGjCHBk#)`gdMK)8gwPkw{S!`#Gej;fc
zJHH1`foFWklOqRlL(R+bL8FXH`RjNEOQmtLTH$LRE_AP`l<W!0W>rHHom%brN|6?Z
z2yUI!61I&+huN$~G&2<y=6vH+2YRN4X5SLiU-YwaQ;b#@BIoY-dK0`|=)9sj9q}uO
ze}i}gR1DHoT1X@^-%?ZxODuud6h*0kh4L_&sdl;~dLETpZC`~o52Vq|uIifeVO`HJ
z`WJTz$T_P$cfnS@xG+_FpiN4)>`xr_c6>%8D^B{sIs`{VCZ4{UE|Z-#c498W@I}3P
zV6dg6{(eXq2HgaWZ_mZhI&&l|G9t73Bc2r*z>fg^&n@pj$&-%DXnx(+_(r)<!J5~F
z)VcsFAZanRL#rOw_pzwXsLf-~*+AIw2;gpV+E%@Y&>8vOUG~|bWo~n=?tvJ|xW-Z;
zcEZK^e3+5(GX%2{7WsCiC^R+QBx37z3IKW1S@OZtN%LUktso!q4?$KfCn&ao69@uK
zhMZ~T;wP^cNO;Y9*Zf|gUU<w(tIgP7R8@+IMlys)*~QTou<fCy6K7uQNVDLpwZ?0X
zwdVcO{vjUli+3a}WPzb~!iZN|6Z8UH;5kyYZIud7zI?whH#gK>y9<SS7Z%;-d1#NQ
zsh^@&*w!M|PVKIiwk!_fkgD0aFBsDxz=osvg3R&oX*l@!G?^w?wWqz|aWL-d5&6rr
zBamV~l4aK0Bf~v#yo4>b{~UW!LYq|KaG1cZBs%cq5LwZ+)ja;F#s8LM54stlu2FYv
z(@rpqp;+E1Q1t#VxTauTNqK|KXVT*SiYJ$!6{P2>^gPLm{zHYM`A@2!9dG|e0toO{
zVm;dSzCEi<6JvL&Ei^|-7&T1yz%L2PxmQg5c(CWQ0;cF7Hl8&q9B5pHF4wdJ-UtO|
zUR0Vd{$@{Q<FMxS$khG0y>qYl@la?efm@1%<^wmUk%T~in?~5_1OI#Luo17r&X{zn
zgwHeyJ8I%7;fZq!J0zU=j&)iw9vb<j0dIhW{}K=Of5hYZTfG03?eH(z(1xO@#ao-r
zrjSj!<7%Nn!Uz8E5y;Y7Z`QHlf5bW_%LSs2t2PMudPao@55=yKsCD{h_OZ@DGA+SZ
zOf;&!B%>+jS{}JG!|pdjsS)xy*Gqc@kA2Zk4Kl;-M#~As<T->%q6}OsKCTS5+^?H$
zg@6P+-z<&DQB5I~mk4>$Nfs8U9qx@IynWzZI4VGe^}ZV4KHK~4=Dv6ZcQe~E*P#2C
z$93eX2L&xk$|0O)+&A2Q1&5qy1-Hg;@p@j49?cE63Tqt6^SXAra(2GRC%D~~!dgDU
t|7P=M_>EmFRv&v4)RjT6ei%k=a=Aw%cc$o^ZmB|0-JKf|hBpl={|P4T##;aY
literal 0
HcmV?d00001
diff --git a/pkg/secret/sops/testdata/encryption.pub b/pkg/secret/sops/testdata/encryption.pub
new file mode 100644
index 000000000..8ee029404
--- /dev/null
+++ b/pkg/secret/sops/testdata/encryption.pub
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF8/fucBCADZ8awLsST/mVY9ZsMA3bRtZD1il9ayq+ydPXIwmQ3QMdc5r8P7
+KTnu2HDM+bvvowL4sHVnMWj6Obo6hfLlxuM0a5cz+zHAalW6b2H01e7TQA3DTwox
+43xpiqX9wiPBwn1EM82ZQH/XSEDcSapo5uGugutN1ef/f63BRqh74SvkVKhTyHcO
+Rj4/oYh7aU0DIvoXSOqpPl6oy7HKFf2ITqiKkSOE4I1lscVdkZPvp/cR++D06cbz
+pXRxZSvCh16qSM+tJDGglN/oQnDCuughtssZBznn4+ZEVoBkAJxS03AJ+lxwYxoo
+q3qokchhNNptg/UGT4wZh1bEZpNP/sbFcLjHABEBAAG0HURvY2tlciA8RG9ja2Vy
+QGNsdXN0ZXIubG9jYWw+iQFUBBMBCAA+FiEEaB46iesdr9NuuIMSCnO7SOJmlNgF
+Al8/fucCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQCnO7SOJm
+lNgj/gf/VJ4oQyCdI3d+/26AUkgYWHFSXfatsh9vodJuhU2VrI30O1bCiLH9qPVW
+590MoIRNwN4ZZgq66cGPVDomvaWNWfKNfwm009NqOooKa77fXMSGairLBsAppasN
+CkpUFLt/bnPJAHWIqVMBePkwIKcdusDt0ehMUVoeQJyrpi2nQa2x6Le5kzfRIZBJ
+9jmEuR9yRmS2hhk/wZKuGc/fbp1jYDTgS5pK3zPF0zuLWFQit2PmNJrgxyxH8TbC
+pXSc6gHBlen/BzVMRz9Kbbu9U7BCSe5WLATBmaSmv1Am8QjhLIj8R8XPxBmL6bhL
+VehAHKT5pcr2bUR0gYAN2AoBhrYBILkBDQRfP37nAQgAuPMF9miLLkN0/wDF8/UI
+bnfihNtpA58lrYW2N0i/3p9xn/9Ife3ofXX5I13VNp0NgUMohR3PfzHqylm7do+M
+5EQcRKV04dhmreQJirHDrEfUCaAesTtd9C5ds/p0wRzyJPTf/YSb3lZ2Lf7vMrfy
+BSl6TcSnXjXcyyHElt7DdE+bYuXdQSiejgJwT0yxb8sb7+Ho+yBGfdb0B4dAi9qS
+KctvDh5KnJMExf+fLDK4LUwwyss1lccPDHK6GiEo+2ZQ4DcgcoiiYbUu33VRcK/O
+OhhTfXJ1UOB4rAKXlY/qCzYBYYhzjk4bQdlqUF0uezYXy5HvZ2S/ZFvoERo9soDd
+UQARAQABiQE8BBgBCAAmFiEEaB46iesdr9NuuIMSCnO7SOJmlNgFAl8/fucCGwwF
+CQPCZwAACgkQCnO7SOJmlNj4/gf/ckQaZtlO5qxIDeYp+qIXvr/aFOt4Y5ukZAbG
+wjh9WIUpbmb6oOW/uKj/nl8P1VSVwTr89476Pb2F34FnGxp6sZmLq3wvksuzi1Rg
+RCHEyxBcJPS/X/Ua4qklwl5F3IGYy9RRR4MlQDqAf5wm3Lw+jk1RDW2m5pt4jzSH
+v52ZF2Low0tLZu8O5fm4VW5oQGZtMwZrNRL1CNDurLuALV5JU5xcb2snyj0s2PaU
+rTAxcQtJDjxd/nBx+zpwr4DsEWEne8WRd011qsSSYi/83f0Tl2VwsVPVBp3EFMjm
+Qnc8800GZVVHZiq+YrwmdDXO3Lk3kdKXED6bLW+nVzx4REJDnw==
+=/eQ3
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-secret.yaml b/pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-secret.yaml
new file mode 100644
index 000000000..8c29d68c2
--- /dev/null
+++ b/pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-secret.yaml
@@ -0,0 +1,3 @@
+data:
+ username: bXktYXBw
+ password: Mzk1MjgkdmRnN0pi
diff --git a/pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-yaml.yaml b/pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-yaml.yaml
new file mode 100644
index 000000000..8aaf12aac
--- /dev/null
+++ b/pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-yaml.yaml
@@ -0,0 +1,3 @@
+data: hello
+ username: bXktYXBw
+ password: Mzk1MjgkdmRnN0pi
diff --git a/pkg/secret/sops/testdata/secrets/qualified-decrypted-secret-with-regex.yaml b/pkg/secret/sops/testdata/secrets/qualified-decrypted-secret-with-regex.yaml
new file mode 100644
index 000000000..080334806
--- /dev/null
+++ b/pkg/secret/sops/testdata/secrets/qualified-decrypted-secret-with-regex.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+ airshipit.org/encryption-regex: "^password"
+data:
+ username: bXktYXBw
+ password: Mzk1MjgkdmRnN0pi
diff --git a/pkg/secret/sops/testdata/secrets/qualified-decrypted-secret.yaml b/pkg/secret/sops/testdata/secrets/qualified-decrypted-secret.yaml
new file mode 100644
index 000000000..8a76b9a2f
--- /dev/null
+++ b/pkg/secret/sops/testdata/secrets/qualified-decrypted-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+data:
+ username: bXktYXBw
+ password: Mzk1MjgkdmRnN0pi
diff --git a/pkg/secret/sops/testdata/secrets/qualified-encrypted-secret-no-metadata.yaml b/pkg/secret/sops/testdata/secrets/qualified-encrypted-secret-no-metadata.yaml
new file mode 100644
index 000000000..28412d326
--- /dev/null
+++ b/pkg/secret/sops/testdata/secrets/qualified-encrypted-secret-no-metadata.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+data:
+ username: ENC[AES256_GCM,data:+TMyICt6MRI=,iv:7IjbAU60OSj5A6UUSSPWi4Dwq4FV3jTRM6mSVASMqIY=,tag:tv3f5brnkfUXvHBd0FdtCw==,type:str]
+ password: ENC[AES256_GCM,data:hZKQZaO0mFksUeuKWClR9g==,iv:dO92fSV9Kq+UhoqqP/hagjLVDmYggJRbstxM/3pl0BQ=,tag:eN/0kpPuCkqCSSwf3Qr+4A==,type:str]
diff --git a/pkg/secret/sops/testdata/secrets/qualified-encrypted-secret.yaml b/pkg/secret/sops/testdata/secrets/qualified-encrypted-secret.yaml
new file mode 100644
index 000000000..71bd39c9f
--- /dev/null
+++ b/pkg/secret/sops/testdata/secrets/qualified-encrypted-secret.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+data:
+ username: ENC[AES256_GCM,data:z2Sq90zr2L4=,iv:LzkahTEI1suQv6DkQ/gVfoSEoOTFDkTjP8WQZNwbB8k=,tag:atJk7aZD3B3hcQ3ByK5YzQ==,type:str]
+ password: ENC[AES256_GCM,data:p1q3zocDYbYTel8AdIej3g==,iv:FRB/nWJWUXkw4jEvBqxqcmGyLzc/sKAFS0zRNoPrcXs=,tag:KV/Z8QpxtXl2yAJ3RAXYoA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ lastmodified: '2020-10-05T15:38:49Z'
+ mac: ENC[AES256_GCM,data:/3PB4c6fhm4TA3UsG+rsdIEA6Dv35DaLM+Ln11utUhH8kZ3nGpaqH4SpqMnwq23JaB862WnFQ32NUwe5gmamqJti6od4Vc9Cw4TFqY19gUJj6CZe27k6F64R9t6dXAMcOvrdsh80Ma61OtKOE6Ww5Kt5Ptiz+/+yX9pdnllzwbU=,iv:jN8pUZDoOTlip23JXEhNSFiGHMIjFHNQ9Aw8HgGKSDU=,tag:aXlp6TqjJDBrUOe+hnVwWg==,type:str]
+ pgp:
+ - created_at: '2020-10-05T15:38:48Z'
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQEMA0Xswh95z+O7AQgAjEZVEckXmCfZZ4k4iEAAG2Pz5IPBzi1+p7q+jDI0Plvk
+ nZuoMdbXuG5yyb32xEok+GDYeHRUYpOrInY2v8sFz8ebh93GWKOPBqpmfwErxMCj
+ Ujj50VBFObw7d/+TS6akQEdkPktMJRP+FaGGPZljzPdIz7Z6Fx3Q2dzDFIwnoCBb
+ 9E4i8D0M+BKpegHVqkpq4MEPzyJRClaZbw1kVBCYodyyOEkw44hT9+9Dr+JbPdZZ
+ Rx4g/81CTVmkC7vnZ87s9dqICTlqmMCuVtRcUA5vrfHL5w/phi2vgjoXSE6OdJwp
+ fh2nJ/nvJ1jFdO+z+DOAtbEJBKwj8iNsy39yChIGIdJeATVdcGzXoU7NfBURoPcy
+ kYdYJO0iM6sykDe7pCP9d7Hnyb3Yb2iS0C6axMXmfu2k5yXFoQctzm3wPk2Uogfg
+ r5vcmjnfViO69MH3JVMYuRv9hjcQWghCqeir8l0nag==
+ =pcEY
+ -----END PGP MESSAGE-----
+ fp: 681E3A89EB1DAFD36EB883120A73BB48E26694D8
+ encrypted_regex: ^data
+ version: 3.6.0
diff --git a/pkg/secret/testdata/decryption.key b/pkg/secret/testdata/decryption.key
new file mode 100644
index 0000000000000000000000000000000000000000..5798b8f408bfc5abf37d8760e483f23afb9cfaf3
GIT binary patch
literal 2539
zcmajfc{~#i1IO`=G1rLP$0Au2BG-d3xvyA`+<uHHIcIVYAvd`~&am9MiaBS7%0iAY
zp;2g+AHQ<^obCBNuix{$p69>kukT;qKR@q6=3<bC9`*~64Y2s5nX~;8qr^c6MFOn6
z4Di<RDw^+T+A7yUE0sXrD=%oal1}6_x2eJJj{0_Lm=4>*e3kDWYxZg-|J)e+ta`sl
z<wSYN&%QUvbC0q;3x|-bIg~%g+)Kxu4NDV;V+~a%O5kw|rtoF6#=DzqFCKokqI_Y*
zwGfT#qt~vk+tu5?3FkJ})q9p2eb0*d;<1qFw+3DJdUE@?z**|8`t)4sq}42+_EERo
z{GGZ#c~4gNzK-qUFd;ryhf~}eO{ZEeDOVNH=r@Chd+AbLWD&6Dm(QDq4)NZAvfH!4
z?8mObNKx6QsQTPDo~j=L68BlHGeuGyMo{_Izs5#`@vi~AKmZT`{&jhzX1h##Cilkx
zZ(MJ)=DY0cK_=B1tUZt}0r6~hcKm#FSWk8Z>V?e-+<=faE{M@cZ|*Q$2d@-<Rn;6s
zxbsoS<c)3|&*QA6&<OBeD{Ob@WQ&kwQbSAO9yZLh7S}^mnRQ<g9nS&d#U!q<@uO1h
z)*b0LD9bWtnlY_*4;BXpPYAq<{3JkUf4R^QLx0UhOpf+AU9ZS%Cy`Qr-B!A`n%gHN
z8Q<Q&`BXC?x7^>}$5ptX)hJ?yKE&ia9qk<>98P{mwwI5g+@n1VXpws~Ud2A2!e&vG
zQ6Gp$5sRNfSTg5N-6)+tz-ai)lfzpkh3Ec&+Cy`U%3dXd0L!8=4;vvdm8>y5kTo&I
z=$9}`pL_N<;Lj=ZqXW5}a5oWs_$wV`O4>E?&c3=`=hRUC^)&RgQg^n@U7&|v-PolI
z@{vCf>dFR&E?k=n;3uJagXc0TbPgli>`F3h^h{HSu|lSR(PPp+q{4MW`dA%?DfOI9
zvMTczvnP6=fB<K)V6OQgrYOX!BQ62Wo#896GO6xbmkbNY7EFoaG5_Qybvo0!UF=e(
zOK4nCxgfraHyez;zNHNmh_-Fdhm8j3rhWEY2o627tcUJJF6F!Ad})*(7q5W0bMp+!
zH8ji!M13-Re=(fLp?4RD<(zmrKO!k;iiqXR#2zX|;y{36{dcZQuB%S_Gydzwdd#q%
zglsO4Nr|K_ZPiBQXzR-cIaK-_f)IblyKcQ0Gq23}ZNQ^Z&w<4VC!j`unH<)jV9E~C
zeKA}8Q9pKF3<Gt;#^b?Qx+@pv?D<#$WPrt`lI1bJb^;1_+Iw7H65=4OqdpGzA&Tqu
zXfI5}QZ(MZlrRiJ-uFRE-uQdrNdK@<j1OATKM3jRubT$61D*dXTU|jZ&|Roj+INZ8
z*+6_EA4h1P=_gbHm4)eFT{DR>v#>J{`vO=v+1bEMtO6YDY@AFWK_+G(6BNiK6c6BF
zKlh)D^e-^Ou0qy8vRpbG%Lt6WZ7S>-a@*~orQ<@-vzfqTtHS22J#B~K)b_LbeTOeA
zTvbU{Lmx#@9KBzOId)pG0bG{T±m$S2eTIn432WhS&kNmEXS%>6sO%M)qJN~}7
zz|gmVu+#=yV8oG<WSvCs(C^c9ON28NUe@$np-#W0o!;G(uQ4t4*z7<vspkUP*t_eI
zh#oQTg~${wupIfD>Z-+4bDGNNtagT@-NkO?rs~tx*YYMm)Q54HvTs0Q;a3J&&C*2A
zJfLsDw(X|bwu3x~SW^3(U<3QXwkDr?YBD-CB9ieHZ(&b|i`O3E#t#AvF$wVyDhKdU
z7f`bNzaZjwSq|=IC>mfGfYIH3w!rXDNlW*bD`i@eyEIG*A1gyD8K$wn(__Pqq}?d$
z<&Xpe*<^{SIOT8SPJIt@GS>~o4RM$?Dyn6jJ-waOY%<4Q1#Q=M+f#JwJjM{ke_q<7
zoh6liba<ffYv+3RPZqf-tC2c)wPmu@$divGjCHBk#)`gdMK)8gwPkw{S!`#Gej;fc
zJHH1`foFWklOqRlL(R+bL8FXH`RjNEOQmtLTH$LRE_AP`l<W!0W>rHHom%brN|6?Z
z2yUI!61I&+huN$~G&2<y=6vH+2YRN4X5SLiU-YwaQ;b#@BIoY-dK0`|=)9sj9q}uO
ze}i}gR1DHoT1X@^-%?ZxODuud6h*0kh4L_&sdl;~dLETpZC`~o52Vq|uIifeVO`HJ
z`WJTz$T_P$cfnS@xG+_FpiN4)>`xr_c6>%8D^B{sIs`{VCZ4{UE|Z-#c498W@I}3P
zV6dg6{(eXq2HgaWZ_mZhI&&l|G9t73Bc2r*z>fg^&n@pj$&-%DXnx(+_(r)<!J5~F
z)VcsFAZanRL#rOw_pzwXsLf-~*+AIw2;gpV+E%@Y&>8vOUG~|bWo~n=?tvJ|xW-Z;
zcEZK^e3+5(GX%2{7WsCiC^R+QBx37z3IKW1S@OZtN%LUktso!q4?$KfCn&ao69@uK
zhMZ~T;wP^cNO;Y9*Zf|gUU<w(tIgP7R8@+IMlys)*~QTou<fCy6K7uQNVDLpwZ?0X
zwdVcO{vjUli+3a}WPzb~!iZN|6Z8UH;5kyYZIud7zI?whH#gK>y9<SS7Z%;-d1#NQ
zsh^@&*w!M|PVKIiwk!_fkgD0aFBsDxz=osvg3R&oX*l@!G?^w?wWqz|aWL-d5&6rr
zBamV~l4aK0Bf~v#yo4>b{~UW!LYq|KaG1cZBs%cq5LwZ+)ja;F#s8LM54stlu2FYv
z(@rpqp;+E1Q1t#VxTauTNqK|KXVT*SiYJ$!6{P2>^gPLm{zHYM`A@2!9dG|e0toO{
zVm;dSzCEi<6JvL&Ei^|-7&T1yz%L2PxmQg5c(CWQ0;cF7Hl8&q9B5pHF4wdJ-UtO|
zUR0Vd{$@{Q<FMxS$khG0y>qYl@la?efm@1%<^wmUk%T~in?~5_1OI#Luo17r&X{zn
zgwHeyJ8I%7;fZq!J0zU=j&)iw9vb<j0dIhW{}K=Of5hYZTfG03?eH(z(1xO@#ao-r
zrjSj!<7%Nn!Uz8E5y;Y7Z`QHlf5bW_%LSs2t2PMudPao@55=yKsCD{h_OZ@DGA+SZ
zOf;&!B%>+jS{}JG!|pdjsS)xy*Gqc@kA2Zk4Kl;-M#~As<T->%q6}OsKCTS5+^?H$
zg@6P+-z<&DQB5I~mk4>$Nfs8U9qx@IynWzZI4VGe^}ZV4KHK~4=Dv6ZcQe~E*P#2C
z$93eX2L&xk$|0O)+&A2Q1&5qy1-Hg;@p@j49?cE63Tqt6^SXAra(2GRC%D~~!dgDU
t|7P=M_>EmFRv&v4)RjT6ei%k=a=Aw%cc$o^ZmB|0-JKf|hBpl={|P4T##;aY
literal 0
HcmV?d00001
diff --git a/pkg/secret/testdata/encryption.pub b/pkg/secret/testdata/encryption.pub
new file mode 100644
index 000000000..8ee029404
--- /dev/null
+++ b/pkg/secret/testdata/encryption.pub
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF8/fucBCADZ8awLsST/mVY9ZsMA3bRtZD1il9ayq+ydPXIwmQ3QMdc5r8P7
+KTnu2HDM+bvvowL4sHVnMWj6Obo6hfLlxuM0a5cz+zHAalW6b2H01e7TQA3DTwox
+43xpiqX9wiPBwn1EM82ZQH/XSEDcSapo5uGugutN1ef/f63BRqh74SvkVKhTyHcO
+Rj4/oYh7aU0DIvoXSOqpPl6oy7HKFf2ITqiKkSOE4I1lscVdkZPvp/cR++D06cbz
+pXRxZSvCh16qSM+tJDGglN/oQnDCuughtssZBznn4+ZEVoBkAJxS03AJ+lxwYxoo
+q3qokchhNNptg/UGT4wZh1bEZpNP/sbFcLjHABEBAAG0HURvY2tlciA8RG9ja2Vy
+QGNsdXN0ZXIubG9jYWw+iQFUBBMBCAA+FiEEaB46iesdr9NuuIMSCnO7SOJmlNgF
+Al8/fucCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQCnO7SOJm
+lNgj/gf/VJ4oQyCdI3d+/26AUkgYWHFSXfatsh9vodJuhU2VrI30O1bCiLH9qPVW
+590MoIRNwN4ZZgq66cGPVDomvaWNWfKNfwm009NqOooKa77fXMSGairLBsAppasN
+CkpUFLt/bnPJAHWIqVMBePkwIKcdusDt0ehMUVoeQJyrpi2nQa2x6Le5kzfRIZBJ
+9jmEuR9yRmS2hhk/wZKuGc/fbp1jYDTgS5pK3zPF0zuLWFQit2PmNJrgxyxH8TbC
+pXSc6gHBlen/BzVMRz9Kbbu9U7BCSe5WLATBmaSmv1Am8QjhLIj8R8XPxBmL6bhL
+VehAHKT5pcr2bUR0gYAN2AoBhrYBILkBDQRfP37nAQgAuPMF9miLLkN0/wDF8/UI
+bnfihNtpA58lrYW2N0i/3p9xn/9Ife3ofXX5I13VNp0NgUMohR3PfzHqylm7do+M
+5EQcRKV04dhmreQJirHDrEfUCaAesTtd9C5ds/p0wRzyJPTf/YSb3lZ2Lf7vMrfy
+BSl6TcSnXjXcyyHElt7DdE+bYuXdQSiejgJwT0yxb8sb7+Ho+yBGfdb0B4dAi9qS
+KctvDh5KnJMExf+fLDK4LUwwyss1lccPDHK6GiEo+2ZQ4DcgcoiiYbUu33VRcK/O
+OhhTfXJ1UOB4rAKXlY/qCzYBYYhzjk4bQdlqUF0uezYXy5HvZ2S/ZFvoERo9soDd
+UQARAQABiQE8BBgBCAAmFiEEaB46iesdr9NuuIMSCnO7SOJmlNgFAl8/fucCGwwF
+CQPCZwAACgkQCnO7SOJmlNj4/gf/ckQaZtlO5qxIDeYp+qIXvr/aFOt4Y5ukZAbG
+wjh9WIUpbmb6oOW/uKj/nl8P1VSVwTr89476Pb2F34FnGxp6sZmLq3wvksuzi1Rg
+RCHEyxBcJPS/X/Ua4qklwl5F3IGYy9RRR4MlQDqAf5wm3Lw+jk1RDW2m5pt4jzSH
+v52ZF2Low0tLZu8O5fm4VW5oQGZtMwZrNRL1CNDurLuALV5JU5xcb2snyj0s2PaU
+rTAxcQtJDjxd/nBx+zpwr4DsEWEne8WRd011qsSSYi/83f0Tl2VwsVPVBp3EFMjm
+Qnc8800GZVVHZiq+YrwmdDXO3Lk3kdKXED6bLW+nVzx4REJDnw==
+=/eQ3
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/pkg/secret/testdata/secrets/decryption/manifests/metadata.yaml b/pkg/secret/testdata/secrets/decryption/manifests/metadata.yaml
new file mode 100644
index 000000000..612bf8047
--- /dev/null
+++ b/pkg/secret/testdata/secrets/decryption/manifests/metadata.yaml
@@ -0,0 +1,2 @@
+phase:
+ path: ""
\ No newline at end of file
diff --git a/pkg/secret/testdata/secrets/decryption/qualified-decrypted-secret.yaml b/pkg/secret/testdata/secrets/decryption/qualified-decrypted-secret.yaml
new file mode 100644
index 000000000..8a76b9a2f
--- /dev/null
+++ b/pkg/secret/testdata/secrets/decryption/qualified-decrypted-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+data:
+ username: bXktYXBw
+ password: Mzk1MjgkdmRnN0pi
diff --git a/pkg/secret/testdata/secrets/decryption/qualified-encrypted-secret.yaml b/pkg/secret/testdata/secrets/decryption/qualified-encrypted-secret.yaml
new file mode 100644
index 000000000..8a76b9a2f
--- /dev/null
+++ b/pkg/secret/testdata/secrets/decryption/qualified-encrypted-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+data:
+ username: bXktYXBw
+ password: Mzk1MjgkdmRnN0pi
diff --git a/pkg/secret/testdata/secrets/encryption/manifests/metadata.yaml b/pkg/secret/testdata/secrets/encryption/manifests/metadata.yaml
new file mode 100644
index 000000000..612bf8047
--- /dev/null
+++ b/pkg/secret/testdata/secrets/encryption/manifests/metadata.yaml
@@ -0,0 +1,2 @@
+phase:
+ path: ""
\ No newline at end of file
diff --git a/pkg/secret/testdata/secrets/encryption/qualified-decrypted-secret.yaml b/pkg/secret/testdata/secrets/encryption/qualified-decrypted-secret.yaml
new file mode 100644
index 000000000..8a76b9a2f
--- /dev/null
+++ b/pkg/secret/testdata/secrets/encryption/qualified-decrypted-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+data:
+ username: bXktYXBw
+ password: Mzk1MjgkdmRnN0pi
diff --git a/pkg/secret/testdata/secrets/encryption/qualified-encrypted-secret.yaml b/pkg/secret/testdata/secrets/encryption/qualified-encrypted-secret.yaml
new file mode 100644
index 000000000..2b64e705a
--- /dev/null
+++ b/pkg/secret/testdata/secrets/encryption/qualified-encrypted-secret.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: test-secret
+ annotations:
+ airshipit.org/encrypt: "true"
+data:
+ username: ENC[AES256_GCM,data:mGzbHwXK7eg=,iv:HaGzz1M4qvUDc7L/Lzdb//bSBRd/BfC2O1tA6kqCU8c=,tag:QTkCtqN6duiGOnV06ieubQ==,type:str]
+ password: ENC[AES256_GCM,data:eiQt1Hp7wZCXMupCrMvwsQ==,iv:qo4TtuwJJAj5KV/fFpcvxIGmaX5hWCNPu7i6lo3QnqE=,tag:w/LB8kfRKQrDc5N8eBZhaA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ lastmodified: '2020-10-02T16:53:07Z'
+ mac: ENC[AES256_GCM,data:EX5USe77E2GGHs3osFmtHAIJqOFFMONpRg5k8qG92SVStBszCY/X3mnh1Eabc1jViUdxfH2v1Ki0nDozMGyZM/VOLbU4h1HI3z7a3k9SyslaJyTiy7k7HVhbQxadc+djGxnh6AXYyluh3cmfEQ3Eo/PU8w7gnwsnC4IMjpeahcY=,iv:HZGDl8hyAQwx3b2V27vhhHH9W6sNVYwhR0HfA6NcJQI=,tag:6WQ/RnTNGKRgYrYA566+vw==,type:str]
+ pgp:
+ - created_at: '2020-10-02T16:53:06Z'
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQEMA0Xswh95z+O7AQf6AwKVezvk53aboUjXfYXaeY9z2BuWtlmZrmJTm/UuTbTC
+ jS5aWboKyUj3iOzbdOXXtuKhF5SgqfKQcNDz/98p5KU+ZYKPgT883a1/UqH+trpo
+ ntYpzYC/CCXeIEZypIXgLqDbnaz4tB1+15ZESLBGIxIRSqjX4ofyRpnZaf77vO7y
+ 0C3RFYAlo2sjoQDaH1gotPBdBbCgaOui4v4imYCU/NIhGX+HP2oAhOq7A0LcAGiF
+ 6UpTVuyo5sm2jE8IYXUsizTdj8DPMy50Dl1sR7EhkGmg4nxGresRPBZPAoGBYfk4
+ am7UYyQDbKbSwjUwgVcwYZtA6HanZ3ABP1SbqwJvVdJeAYNIB9LzsVE2/2mGTJRU
+ b578RurdBvccttDOg4bIsSIVpFSwK6x9UWxo+dRpgzgw/zWFV3KTit0CBmjVGuq4
+ /VHwBz6R4acvNl3AqkM88lTemGEDxv17D+DyCuWORg==
+ =GYMw
+ -----END PGP MESSAGE-----
+ fp: 681E3A89EB1DAFD36EB883120A73BB48E26694D8
+ encrypted_regex: ^data
+ version: 3.6.0
diff --git a/testdata/k8s/config.yaml b/testdata/k8s/config.yaml
index f7ac37512..655b9f7a2 100644
--- a/testdata/k8s/config.yaml
+++ b/testdata/k8s/config.yaml
@@ -16,3 +16,9 @@ manifests:
tag: ""
url: https://opendev.org/airship/treasuremap
targetPath: /tmp/default
+encryptionConfigs:
+ dummy_encryption_config:
+ decryptionKeyPath: /tmp/decryption.pub
+ encryptionKeyPath: /tmp/encryption.key
+ keySecretName: dummySecret
+ keySecretNamespace: dummyNamespace
diff --git a/testutil/testconfig.go b/testutil/testconfig.go
index 647dcaf18..68a2c09b4 100644
--- a/testutil/testconfig.go
+++ b/testutil/testconfig.go
@@ -139,27 +139,6 @@ func DummyContextOptions() *config.ContextOptions {
return co
}
-// DummyEncryptionConfig creates EncryptionConfigOptions object
-// for unit testing
-func DummyEncryptionConfig() *config.EncryptionConfig {
- return &config.EncryptionConfig{
- EncryptionKeyFileSource: config.EncryptionKeyFileSource{
- EncryptionKeyPath: "/tmp/encryption.key",
- DecryptionKeyPath: "/tmp/decryption.pub",
- },
- }
-}
-
-// DummyEncryptionConfigOptions creates ManifestOptions config object
-// for unit testing
-func DummyEncryptionConfigOptions() *config.EncryptionConfigOptions {
- return &config.EncryptionConfigOptions{
- Name: "dummy_encryption_config",
- EncryptionKeyPath: "/tmp/encryption.key",
- DecryptionKeyPath: "/tmp/decryption.pub",
- }
-}
-
// DummyManagementConfiguration creates a management configuration for unit testing
func DummyManagementConfiguration() *config.ManagementConfiguration {
return &config.ManagementConfiguration{
@@ -184,6 +163,27 @@ func DummyManifestOptions() *config.ManifestOptions {
}
}
+// DummyEncryptionConfig creates EncryptionConfigOptions object
+// for unit testing
+func DummyEncryptionConfig() *config.EncryptionConfig {
+ return &config.EncryptionConfig{
+ EncryptionKeyFileSource: config.EncryptionKeyFileSource{
+ EncryptionKeyPath: "/tmp/encryption.key",
+ DecryptionKeyPath: "/tmp/decryption.pub",
+ },
+ }
+}
+
+// DummyEncryptionConfigOptions creates ManifestOptions config object
+// for unit testing
+func DummyEncryptionConfigOptions() *config.EncryptionConfigOptions {
+ return &config.EncryptionConfigOptions{
+ Name: "dummy_encryption_config",
+ EncryptionKeyPath: "/tmp/encryption.key",
+ DecryptionKeyPath: "/tmp/decryption.pub",
+ }
+}
+
const (
testConfigYAML = `apiVersion: airshipit.org/v1alpha1
contexts: