├── deploy
    └── infomaniak-webhook
    │   ├── templates
    │       ├── NOTES.txt
    │       ├── namespace.yaml
    │       ├── service.yaml
    │       ├── apiservice.yaml
    │       ├── _helpers.tpl
    │       ├── pki.yaml
    │       ├── deployment.yaml
    │       └── rbac.yaml
    │   ├── Chart.yaml
    │   ├── .helmignore
    │   ├── README.md
    │   └── values.yaml
├── testdata
    └── infomaniak
    │   └── README.md
├── Dockerfile
├── .gitignore
├── Tilt.Dockerfile
├── tilt
    └── manifests.yaml
├── .github
    └── workflows
    │   ├── docker.yml
    │   └── manifest.yml
├── Makefile
├── main_test.go
├── README.md
├── Tiltfile
├── go.mod
├── main.go
├── infomaniak_api.go
├── LICENSE
└── go.sum


/deploy/infomaniak-webhook/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: "1.0"
3 | description: A Helm chart for Infomaniak's cert-manager webhook
4 | name: infomaniak-webhook
5 | version: 0.2.0
6 | 


--------------------------------------------------------------------------------
/testdata/infomaniak/README.md:
--------------------------------------------------------------------------------
1 | # Solver testdata directory
2 | 
3 | Running `go test` will generate 2 files here:
4 | - api-key.yaml: secret definition to contact APIs
5 | - config.json: the webhook config
6 | 
7 | Don't edit these files, export `INFOMANIAK_TOKEN` & run `TEST_ZONE_NAME=example.com. make test` instead


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/templates/namespace.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.createReleaseNamespace -}}
 2 | apiVersion: v1
 3 | kind: Namespace
 4 | metadata:
 5 |   name: {{ .Release.Namespace | quote }}
 6 |   labels:
 7 |     app: {{ include "infomaniak-webhook.name" . }}
 8 |     chart: {{ include "infomaniak-webhook.chart" . }}
 9 |     release: {{ .Release.Name }}
10 |     heritage: {{ .Release.Service }}
11 | {{- end -}}


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/.helmignore:
--------------------------------------------------------------------------------
 1 | # Patterns to ignore when building packages.
 2 | # This supports shell glob matching, relative path matching, and
 3 | # negation (prefixed with !). Only one pattern per line.
 4 | .DS_Store
 5 | # Common VCS dirs
 6 | .git/
 7 | .gitignore
 8 | .bzr/
 9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM golang:1.22.2-alpine3.19 AS build_deps
 2 | 
 3 | RUN apk add --no-cache git
 4 | 
 5 | WORKDIR /workspace
 6 | 
 7 | COPY go.mod .
 8 | COPY go.sum .
 9 | 
10 | RUN go mod download
11 | 
12 | FROM build_deps AS build
13 | 
14 | COPY . .
15 | 
16 | RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' .
17 | 
18 | FROM alpine:3.19
19 | 
20 | RUN apk add --no-cache ca-certificates
21 | 
22 | COPY --from=build /workspace/webhook /usr/local/bin/webhook
23 | 
24 | ENTRYPOINT ["webhook"]
25 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Binaries for programs and plugins
 2 | *.exe
 3 | *.exe~
 4 | *.dll
 5 | *.so
 6 | *.dylib
 7 | 
 8 | # Test binary, build with `go test -c`
 9 | *.test
10 | 
11 | # Output of the go coverage tool, specifically when used with LiteIDE
12 | *.out
13 | 
14 | # Ignore the built binary
15 | cert-manager-webhook-infomaniak
16 | 
17 | # Make artifacts
18 | _out
19 | _test
20 | apiserver.local.config
21 | testdata/infomaniak/*.yaml
22 | testdata/infomaniak/*.json
23 | deploy/rendered-manifest.yaml
24 | .tiltbuild
25 | 
26 | 


--------------------------------------------------------------------------------
/Tilt.Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM golang:1.24.3-alpine3.21 AS build
 2 | 
 3 | RUN go install github.com/go-delve/delve/cmd/dlv@v1.24
 4 | 
 5 | FROM alpine:3.21
 6 | 
 7 | RUN apk add --no-cache ca-certificates
 8 | 
 9 | ADD https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/master/restart.sh /restart.sh
10 | ADD https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/master/start.sh /start.sh
11 | RUN chmod +x /start.sh && chmod +x /restart.sh && touch /process.txt && chmod 0777 /process.txt
12 | COPY webhook /usr/local/bin/webhook
13 | COPY --from=build /go/bin/dlv /usr/local/bin/dlv
14 | 
15 | ENTRYPOINT ["/start.sh", "webhook"]
16 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/templates/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: {{ include "infomaniak-webhook.fullname" . }}
 5 |   namespace: {{ .Release.Namespace | quote }}
 6 |   labels:
 7 |     app: {{ include "infomaniak-webhook.name" . }}
 8 |     chart: {{ include "infomaniak-webhook.chart" . }}
 9 |     release: {{ .Release.Name }}
10 |     heritage: {{ .Release.Service }}
11 | spec:
12 |   type: {{ .Values.service.type }}
13 |   ports:
14 |     - port: {{ .Values.service.port }}
15 |       targetPort: https
16 |       protocol: TCP
17 |       name: https
18 |   selector:
19 |     app: {{ include "infomaniak-webhook.name" . }}
20 |     release: {{ .Release.Name }}
21 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/templates/apiservice.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiregistration.k8s.io/v1
 2 | kind: APIService
 3 | metadata:
 4 |   name: v1alpha1.{{ .Values.groupName }}
 5 |   labels:
 6 |     app: {{ include "infomaniak-webhook.name" . }}
 7 |     chart: {{ include "infomaniak-webhook.chart" . }}
 8 |     release: {{ .Release.Name }}
 9 |     heritage: {{ .Release.Service }}
10 |   annotations:
11 |     cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "infomaniak-webhook.servingCertificate" . }}"
12 | spec:
13 |   group: {{ .Values.groupName }}
14 |   groupPriorityMinimum: 1000
15 |   versionPriority: 15
16 |   service:
17 |     name: {{ include "infomaniak-webhook.fullname" . }}
18 |     namespace: {{ .Release.Namespace }}
19 |   version: v1alpha1
20 | 


--------------------------------------------------------------------------------
/tilt/manifests.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: infomaniak-api-credentials
 5 |   namespace: cert-manager
 6 | type: Opaque
 7 | stringData:
 8 |   api-token: ~
 9 | ---
10 | apiVersion: cert-manager.io/v1
11 | kind: ClusterIssuer
12 | metadata:
13 |   name: letsencrypt-staging
14 | spec:
15 |   acme:
16 |     email: ~
17 |     privateKeySecretRef:
18 |       name: le-staging-account-key
19 |     server: https://acme-staging-v02.api.letsencrypt.org/directory
20 |     solvers:
21 |     - selector: {}
22 |       dns01:
23 |         webhook:
24 |           groupName: acme.infomaniak.com
25 |           solverName: infomaniak
26 |           config:
27 |             apiTokenSecretRef:
28 |               name: infomaniak-api-credentials
29 |               key: api-token
30 | ---
31 | apiVersion: cert-manager.io/v1
32 | kind: Certificate
33 | metadata:
34 |   name: test-certificate
35 | spec:
36 |   secretName: test-certificate-tls
37 |   issuerRef:
38 |     name: letsencrypt-staging
39 |     kind: ClusterIssuer
40 |   dnsNames:
41 |   - ~
42 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/README.md:
--------------------------------------------------------------------------------
 1 | # Infomaniak ACME Webhook - Helm Chart
 2 | 
 3 | ## Flux Helm Release
 4 | 
 5 | If you are using Flux to manage your configuration, a `GitRepository` can be used as a source for the `HelmRelease`.
 6 | This also allows for customization of the chart values.
 7 | 
 8 | ```yaml
 9 | ---
10 | apiVersion: source.toolkit.fluxcd.io/v1
11 | kind: GitRepository
12 | metadata:
13 |   name: infomaniak-webhook
14 |   namespace: cert-manager
15 | spec:
16 |   interval: 5m
17 |   url: https://github.com/Infomaniak/cert-manager-webhook-infomaniak
18 |   ref:
19 |     branch: master
20 |   ignore: |
21 |     /*
22 |     !/deploy/
23 | ---
24 | apiVersion: helm.toolkit.fluxcd.io/v2beta2
25 | kind: HelmRelease
26 | metadata:
27 |   name: infomaniak-webhook
28 |   namespace: cert-manager
29 | spec:
30 |   interval: 5m
31 |   chart:
32 |     spec:
33 |       chart: deploy/infomaniak-webhook
34 |       sourceRef:
35 |         kind: GitRepository
36 |         name: infomaniak-webhook
37 |   values:
38 |     groupName: example.com
39 |     secretsNames:
40 |       - infomaniak-api-credentials
41 | ```
42 | 


--------------------------------------------------------------------------------
/.github/workflows/docker.yml:
--------------------------------------------------------------------------------
 1 | name: docker
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - master
 7 |     tags:
 8 |       - 'v*'
 9 | 
10 | jobs:
11 |   main:
12 |     runs-on: ubuntu-latest
13 |     steps:
14 |       - name: Checkout code
15 |         uses: actions/checkout@v4
16 | 
17 |       - name: Docker meta
18 |         id: meta
19 |         uses: docker/metadata-action@v5
20 |         with:
21 |           images: ghcr.io/${{ github.repository }}
22 | 
23 |       - name: Set up QEMU
24 |         uses: docker/setup-qemu-action@v3
25 | 
26 |       - name: Set up Docker Buildx
27 |         uses: docker/setup-buildx-action@v3
28 | 
29 |       - name: Log in to GitHub Container Registry
30 |         uses: docker/login-action@v3
31 |         with:
32 |           registry: ghcr.io
33 |           username: ${{ github.actor }}
34 |           password: ${{ secrets.GITHUB_TOKEN }}
35 | 
36 |       - name: Build and push
37 |         id: docker_build
38 |         uses: docker/build-push-action@v5
39 |         with:
40 |           context: .
41 |           platforms: linux/amd64,linux/arm64
42 |           push: true
43 |           tags: ${{ steps.meta.outputs.tags }}
44 |           labels: ${{ steps.meta.outputs.labels }}
45 | 
46 |       - name: Image digest
47 |         run: echo ${{ steps.docker_build.outputs.digest }}
48 | 


--------------------------------------------------------------------------------
/.github/workflows/manifest.yml:
--------------------------------------------------------------------------------
 1 | name: manifest
 2 | 
 3 | on:
 4 |   push:
 5 |     tags:
 6 |       - 'v*'
 7 | 
 8 | jobs:
 9 |   build:
10 |     name: Build & Upload Manifest
11 |     runs-on: ubuntu-latest
12 |     steps:
13 |       - name: Checkout code
14 |         uses: actions/checkout@v4
15 | 
16 |       - name: Setup helm
17 |         id: install
18 |         uses: azure/setup-helm@v4
19 | 
20 |       - name: Build rendered-manifest.yaml
21 |         run: |
22 |           sudo apt-get update
23 |           sudo apt-get install -y make
24 |           make rendered-manifest.yaml
25 | 
26 |       - name: Create Release
27 |         id: create_release
28 |         uses: actions/create-release@v1
29 |         env:
30 |           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
31 |         with:
32 |           tag_name: ${{ github.ref }}
33 |           release_name: Release ${{ github.ref }}
34 |           draft: false
35 |           prerelease: false
36 | 
37 |       - name: Upload rendered-manifest.yaml
38 |         id: upload-release-asset
39 |         uses: actions/upload-release-asset@v1
40 |         env:
41 |           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
42 |         with:
43 |           upload_url: ${{ steps.create_release.outputs.upload_url }}
44 |           asset_path: ./_out/rendered-manifest.yaml
45 |           asset_name: rendered-manifest.yaml
46 |           asset_content_type: application/yaml
47 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/templates/_helpers.tpl:
--------------------------------------------------------------------------------
 1 | {{/* vim: set filetype=mustache: */}}
 2 | {{/*
 3 | Expand the name of the chart.
 4 | */}}
 5 | {{- define "infomaniak-webhook.name" -}}
 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 7 | {{- end -}}
 8 | 
 9 | {{/*
10 | Create a default fully qualified app name.
11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
12 | If release name contains chart name it will be used as a full name.
13 | */}}
14 | {{- define "infomaniak-webhook.fullname" -}}
15 | {{- if .Values.fullnameOverride -}}
16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
17 | {{- else -}}
18 | {{- $name := default .Chart.Name .Values.nameOverride -}}
19 | {{- if contains $name .Release.Name -}}
20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
21 | {{- else -}}
22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
23 | {{- end -}}
24 | {{- end -}}
25 | {{- end -}}
26 | 
27 | {{/*
28 | Create chart name and version as used by the chart label.
29 | */}}
30 | {{- define "infomaniak-webhook.chart" -}}
31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
32 | {{- end -}}
33 | 
34 | {{- define "infomaniak-webhook.selfSignedIssuer" -}}
35 | {{ printf "%s-selfsign" (include "infomaniak-webhook.fullname" .) }}
36 | {{- end -}}
37 | 
38 | {{- define "infomaniak-webhook.rootCAIssuer" -}}
39 | {{ printf "%s-ca" (include "infomaniak-webhook.fullname" .) }}
40 | {{- end -}}
41 | 
42 | {{- define "infomaniak-webhook.rootCACertificate" -}}
43 | {{ printf "%s-ca" (include "infomaniak-webhook.fullname" .) }}
44 | {{- end -}}
45 | 
46 | {{- define "infomaniak-webhook.servingCertificate" -}}
47 | {{ printf "%s-webhook-tls" (include "infomaniak-webhook.fullname" .) }}
48 | {{- end -}}
49 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | GO ?= $(shell which go)
 2 | OS ?= $(shell $(GO) env GOOS)
 3 | ARCH ?= $(shell $(GO) env GOARCH)
 4 | 
 5 | IMAGE_NAME ?= "ghcr.io/infomaniak/cert-manager-webhook-infomaniak"
 6 | IMAGE_TAG ?= "latest"
 7 | NAMESPACE ?= "cert-manager-infomaniak"
 8 | 
 9 | OUT := $(shell pwd)/_out
10 | 
11 | KUBEBUILDER_VERSION=2.3.1
12 | 
13 | HELM_FILES := $(shell find deploy/infomaniak-webhook)
14 | 
15 | test: _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/etcd _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/kube-apiserver _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/kubectl
16 | 	TEST_ASSET_ETCD=_test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/etcd \
17 | 	TEST_ASSET_KUBE_APISERVER=_test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/kube-apiserver \
18 | 	TEST_ASSET_KUBECTL=_test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/kubectl \
19 | 	$(GO) test -v .
20 | 
21 | _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH).tar.gz: | _test
22 | 	curl -fsSL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v$(KUBEBUILDER_VERSION)/kubebuilder_$(KUBEBUILDER_VERSION)_$(OS)_$(ARCH).tar.gz -o $@
23 | 
24 | _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/etcd _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/kube-apiserver _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)/kubectl: _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH).tar.gz | _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH)
25 | 	tar xfO $< kubebuilder_$(KUBEBUILDER_VERSION)_$(OS)_$(ARCH)/bin/$(notdir $@) > $@ && chmod +x $@
26 | 
27 | .PHONY: clean
28 | clean:
29 | 	rm -rf _test $(OUT) apiserver.local.config testdata/infomaniak/*.json testdata/infomaniak/*.yaml
30 | 
31 | .PHONY: build
32 | build:
33 | 	docker build -t "$(IMAGE_NAME):$(IMAGE_TAG)" .
34 | 
35 | .PHONY: deploy
36 | deploy: rendered-manifest.yaml
37 | 	kubectl apply -f "$(OUT)/rendered-manifest.yaml"
38 | 
39 | .PHONY: rendered-manifest.yaml
40 | rendered-manifest.yaml: $(OUT)/rendered-manifest.yaml
41 | 
42 | $(OUT)/rendered-manifest.yaml: $(HELM_FILES) | $(OUT)
43 | 	helm template \
44 | 		infomaniak-webhook \
45 | 		--namespace $(NAMESPACE) \
46 | 		--set image.repository=$(IMAGE_NAME) \
47 | 		--set image.tag=$(IMAGE_TAG) \
48 | 		--set createReleaseNamespace=true \
49 | 		deploy/infomaniak-webhook > $@
50 | 
51 | _test $(OUT) _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH):
52 | 	mkdir -p $@
53 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/values.yaml:
--------------------------------------------------------------------------------
 1 | # The GroupName here is used to identify your company or business unit that
 2 | # created this webhook.
 3 | # For example, this may be "acme.mycompany.com".
 4 | # This name will need to be referenced in each Issuer's `webhook` stanza to
 5 | # inform cert-manager of where to send ChallengePayload resources in order to
 6 | # solve the DNS01 challenge.
 7 | # This group name should be **unique**, hence using your own company's domain
 8 | # here is recommended.
 9 | groupName: acme.infomaniak.com
10 | 
11 | certManager:
12 |   namespace: cert-manager
13 |   serviceAccountName: cert-manager
14 | 
15 | 
16 | # Use these variables to configure the HTTP_PROXY environment variables.
17 | 
18 | # Configures the HTTP_PROXY environment variable where a HTTP proxy is required.
19 | # +docs:property
20 | # http_proxy: "http://proxy:8080"
21 | 
22 | # Configures the HTTPS_PROXY environment variable where a HTTP proxy is required.
23 | # +docs:property
24 | # https_proxy: "https://proxy:8080"
25 | 
26 | # Configures the NO_PROXY environment variable where a HTTP proxy is required,
27 | # but certain domains should be excluded.
28 | # +docs:property
29 | # no_proxy: 127.0.0.1,localhost
30 | 
31 | # used to add a namespace declaration to the static manifest,
32 | # prefer `--create-namespaces` with `helm install` >= 3.2
33 | # see https://github.com/helm/helm/issues/6794
34 | createReleaseNamespace: false
35 | 
36 | replicaCount: 1
37 | 
38 | image:
39 |   repository: ghcr.io/infomaniak/cert-manager-webhook-infomaniak
40 |   tag: latest
41 |   pullPolicy: IfNotPresent
42 | 
43 | imagePullSecret: []
44 | 
45 | nameOverride: ""
46 | fullnameOverride: ""
47 | 
48 | secretsNames:
49 |   - "infomaniak-api-credentials"
50 | 
51 | service:
52 |   type: ClusterIP
53 |   port: 443
54 | 
55 | debug:
56 |   enabled: false
57 |   port: 30000
58 | 
59 | resources: {}
60 |   # We usually recommend not to specify default resources and to leave this as a conscious
61 |   # choice for the user. This also increases chances charts run on environments with little
62 |   # resources, such as Minikube. If you do want to specify resources, uncomment the following
63 |   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
64 |   # limits:
65 |   #  cpu: 100m
66 |   #  memory: 128Mi
67 |   # requests:
68 |   #  cpu: 100m
69 |   #  memory: 128Mi
70 | 
71 | nodeSelector: {}
72 | 
73 | tolerations: []
74 | 
75 | affinity: {}
76 | 


--------------------------------------------------------------------------------
/main_test.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"encoding/base64"
  5 | 	"errors"
  6 | 	"os"
  7 | 	"testing"
  8 | 	"text/template"
  9 | 
 10 | 	acmetest "github.com/cert-manager/cert-manager/test/acme"
 11 | )
 12 | 
 13 | var (
 14 | 	testZoneName = os.Getenv("TEST_ZONE_NAME")
 15 | 	manifestPath = "testdata/infomaniak"
 16 | )
 17 | 
 18 | func createSecretFile() error {
 19 | 	apiToken := os.Getenv("INFOMANIAK_TOKEN")
 20 | 	if apiToken == "" {
 21 | 		return errors.New("INFOMANIAK_TOKEN should be defined")
 22 | 	}
 23 | 	apiTokenBase64 := base64.StdEncoding.EncodeToString([]byte(apiToken))
 24 | 
 25 | 	secretTmpl := `---
 26 | apiVersion: v1
 27 | kind: Secret
 28 | metadata:
 29 |   name: infomaniak-api-credentials
 30 | type: Opaque
 31 | data:
 32 |   api-token: {{.}}
 33 | `
 34 | 	secretFile, err := os.Create(manifestPath + "/api-key.yaml")
 35 | 	if err != nil {
 36 | 		return err
 37 | 	}
 38 | 	defer secretFile.Close()
 39 | 
 40 | 	tmpl, err := template.New("api-key.yaml").Parse(secretTmpl)
 41 | 	if err != nil {
 42 | 		return err
 43 | 	}
 44 | 	err = tmpl.Execute(secretFile, apiTokenBase64)
 45 | 
 46 | 	return nil
 47 | }
 48 | 
 49 | func createConfig() error {
 50 | 	config := []byte(`{
 51 | 	"apiTokenSecretRef": {
 52 | 		"name": "infomaniak-api-credentials",
 53 | 		"key": "api-token"
 54 | 	}
 55 | }
 56 | `)
 57 | 	err := os.WriteFile(manifestPath+"/config.json", config, 0644)
 58 | 	if err != nil {
 59 | 		return err
 60 | 	}
 61 | 
 62 | 	return nil
 63 | }
 64 | 
 65 | func runTestSuite(t *testing.T, zone string) {
 66 | 	// The manifest path should contain a file named config.json that is a
 67 | 	// snippet of valid configuration that should be included on the
 68 | 	// ChallengeRequest passed as part of the test cases.
 69 | 
 70 | 	if len(zone) == 0 || zone == "api." {
 71 | 		t.Fatal("Can't run tests on empty zone, please define TEST_ZONE_NAME")
 72 | 	}
 73 | 
 74 | 	// Create the secret file from INFOMANIAK_TOKEN env. variable
 75 | 	if err := createSecretFile(); err != nil {
 76 | 		t.Fatal(err)
 77 | 	}
 78 | 
 79 | 	// Create the config file from TEST_METHOD env. variable
 80 | 	if err := createConfig(); err != nil {
 81 | 		t.Fatal(err)
 82 | 	}
 83 | 
 84 | 	fixture := acmetest.NewFixture(&infomaniakDNSProviderSolver{},
 85 | 		acmetest.SetResolvedZone(zone),
 86 | 		acmetest.SetAllowAmbientCredentials(false),
 87 | 		acmetest.SetManifestPath(manifestPath),
 88 | 	)
 89 | 
 90 | 	fixture.RunConformance(t)
 91 | 
 92 | }
 93 | 
 94 | func TestRunsSuiteIKAPI(t *testing.T) {
 95 | 	runTestSuite(t, testZoneName)
 96 | }
 97 | 
 98 | func TestRunsSuiteIKAPISubdomain(t *testing.T) {
 99 | 	runTestSuite(t, "api."+testZoneName)
100 | }
101 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/templates/pki.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # Create a selfsigned Issuer, in order to create a root CA certificate for
 3 | # signing webhook serving certificates
 4 | apiVersion: cert-manager.io/v1
 5 | kind: Issuer
 6 | metadata:
 7 |   name: {{ include "infomaniak-webhook.selfSignedIssuer" . }}
 8 |   namespace: {{ .Release.Namespace | quote }}
 9 |   labels:
10 |     app: {{ include "infomaniak-webhook.name" . }}
11 |     chart: {{ include "infomaniak-webhook.chart" . }}
12 |     release: {{ .Release.Name }}
13 |     heritage: {{ .Release.Service }}
14 | spec:
15 |   selfSigned: {}
16 | 
17 | ---
18 | 
19 | # Generate a CA Certificate used to sign certificates for the webhook
20 | apiVersion: cert-manager.io/v1
21 | kind: Certificate
22 | metadata:
23 |   name: {{ include "infomaniak-webhook.rootCACertificate" . }}
24 |   namespace: {{ .Release.Namespace | quote }}
25 |   labels:
26 |     app: {{ include "infomaniak-webhook.name" . }}
27 |     chart: {{ include "infomaniak-webhook.chart" . }}
28 |     release: {{ .Release.Name }}
29 |     heritage: {{ .Release.Service }}
30 | spec:
31 |   secretName: {{ include "infomaniak-webhook.rootCACertificate" . }}
32 |   duration: 43800h0m0s # 5y
33 |   issuerRef:
34 |     name: {{ include "infomaniak-webhook.selfSignedIssuer" . }}
35 |   commonName: "ca.infomaniak-webhook.cert-manager"
36 |   isCA: true
37 | 
38 | ---
39 | 
40 | # Create an Issuer that uses the above generated CA certificate to issue certs
41 | apiVersion: cert-manager.io/v1
42 | kind: Issuer
43 | metadata:
44 |   name: {{ include "infomaniak-webhook.rootCAIssuer" . }}
45 |   namespace: {{ .Release.Namespace | quote }}
46 |   labels:
47 |     app: {{ include "infomaniak-webhook.name" . }}
48 |     chart: {{ include "infomaniak-webhook.chart" . }}
49 |     release: {{ .Release.Name }}
50 |     heritage: {{ .Release.Service }}
51 | spec:
52 |   ca:
53 |     secretName: {{ include "infomaniak-webhook.rootCACertificate" . }}
54 | 
55 | ---
56 | 
57 | # Finally, generate a serving certificate for the webhook to use
58 | apiVersion: cert-manager.io/v1
59 | kind: Certificate
60 | metadata:
61 |   name: {{ include "infomaniak-webhook.servingCertificate" . }}
62 |   namespace: {{ .Release.Namespace | quote }}
63 |   labels:
64 |     app: {{ include "infomaniak-webhook.name" . }}
65 |     chart: {{ include "infomaniak-webhook.chart" . }}
66 |     release: {{ .Release.Name }}
67 |     heritage: {{ .Release.Service }}
68 | spec:
69 |   secretName: {{ include "infomaniak-webhook.servingCertificate" . }}
70 |   duration: 8760h0m0s # 1y
71 |   issuerRef:
72 |     name: {{ include "infomaniak-webhook.rootCAIssuer" . }}
73 |   dnsNames:
74 |   - {{ include "infomaniak-webhook.fullname" . }}
75 |   - {{ include "infomaniak-webhook.fullname" . }}.{{ .Release.Namespace }}
76 |   - {{ include "infomaniak-webhook.fullname" . }}.{{ .Release.Namespace }}.svc
77 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/templates/deployment.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: apps/v1
  2 | kind: Deployment
  3 | metadata:
  4 |   name: {{ include "infomaniak-webhook.fullname" . }}
  5 |   namespace: {{ .Release.Namespace | quote }}
  6 |   labels:
  7 |     app: {{ include "infomaniak-webhook.name" . }}
  8 |     chart: {{ include "infomaniak-webhook.chart" . }}
  9 |     release: {{ .Release.Name }}
 10 |     heritage: {{ .Release.Service }}
 11 | spec:
 12 |   replicas: {{ .Values.replicaCount }}
 13 |   selector:
 14 |     matchLabels:
 15 |       app: {{ include "infomaniak-webhook.name" . }}
 16 |       release: {{ .Release.Name }}
 17 |   template:
 18 |     metadata:
 19 |       labels:
 20 |         app: {{ include "infomaniak-webhook.name" . }}
 21 |         release: {{ .Release.Name }}
 22 |     spec:
 23 |       serviceAccountName: {{ include "infomaniak-webhook.fullname" . }}
 24 |       {{- with .Values.imagePullSecrets }}
 25 |       imagePullSecrets:
 26 |         {{- toYaml . | nindent 8 }}
 27 |       {{- end }}
 28 |       containers:
 29 |         - name: {{ .Chart.Name }}
 30 |           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
 31 |           imagePullPolicy: {{ .Values.image.pullPolicy }}
 32 |           {{- if .Values.debug.enabled }}
 33 |           command:
 34 |           - /start.sh
 35 |           args:
 36 |             - dlv
 37 |             - --listen=:{{ .Values.debug.port }}
 38 |             - --accept-multiclient
 39 |             - --api-version=2
 40 |             - --headless=true
 41 |             - exec
 42 |             - /usr/local/bin/webhook
 43 |             - --
 44 |           {{- else }}
 45 |           args:
 46 |           {{- end }}
 47 |             - --v=2
 48 |             - --tls-cert-file=/tls/tls.crt
 49 |             - --tls-private-key-file=/tls/tls.key
 50 |           env:
 51 |             - name: GROUP_NAME
 52 |               value: {{ .Values.groupName | quote }}
 53 |             {{- with .Values.http_proxy }}
 54 |             - name: HTTP_PROXY
 55 |               value: {{ . }}
 56 |             {{- end }}
 57 |             {{- with .Values.https_proxy }}
 58 |             - name: HTTPS_PROXY
 59 |               value: {{ . }}
 60 |             {{- end }}
 61 |             {{- with .Values.no_proxy }}
 62 |             - name: NO_PROXY
 63 |               value: {{ . }}
 64 |             {{- end }}
 65 |           ports:
 66 |             - name: https
 67 |               containerPort: 443
 68 |               protocol: TCP
 69 |           {{- if not .Values.debug.enabled }}
 70 |           livenessProbe:
 71 |             httpGet:
 72 |               scheme: HTTPS
 73 |               path: /healthz
 74 |               port: https
 75 |           readinessProbe:
 76 |             httpGet:
 77 |               scheme: HTTPS
 78 |               path: /healthz
 79 |               port: https
 80 |           {{- end }}
 81 |           volumeMounts:
 82 |             - name: certs
 83 |               mountPath: /tls
 84 |               readOnly: true
 85 |           resources:
 86 |             {{- toYaml .Values.resources | nindent 12 }}
 87 |       volumes:
 88 |         - name: certs
 89 |           secret:
 90 |             secretName: {{ include "infomaniak-webhook.servingCertificate" . }}
 91 |     {{- with .Values.nodeSelector }}
 92 |       nodeSelector:
 93 |         {{ toYaml . | nindent 8 }}
 94 |     {{- end }}
 95 |     {{- with .Values.affinity }}
 96 |       affinity:
 97 |         {{ toYaml . | nindent 8 }}
 98 |     {{- end }}
 99 |     {{- with .Values.tolerations }}
100 |       tolerations:
101 |         {{ toYaml . | nindent 8 }}
102 |     {{- end }}
103 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Infomaniak ACME webhook
  2 | 
  3 | A cert-manager webhook which works with domains handled by [Infomaniak](https://www.infomaniak.com), a 🇨🇭 Swiss hosting provider
  4 | 
  5 | ## Quick start
  6 | 
  7 | 1. Deploy cert-manager (if needed)
  8 |     ```
  9 |     $ kubectl apply --validate=false -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml
 10 |     ```
 11 | 
 12 | 1. Deploy Infomaniak webhook
 13 |     ```
 14 |     $ kubectl apply -f https://github.com/infomaniak/cert-manager-webhook-infomaniak/releases/download/v0.2.0/rendered-manifest.yaml
 15 |     ```
 16 | 
 17 | 1. Create a Secret with your Infomaniak API token. You can generate a new one by [clicking here](https://manager.infomaniak.com/v3/infomaniak-api). You need to have at least the `Domain` scope.
 18 |     ```
 19 |     $ cat <<EOF | kubectl apply -f -
 20 |     ---
 21 |     apiVersion: v1
 22 |     kind: Secret
 23 |     metadata:
 24 |       name: infomaniak-api-credentials
 25 |       namespace: cert-manager
 26 |     type: Opaque
 27 |     data:
 28 |       api-token: $(echo -n $INFOMANIAK_TOKEN|base64 -w0)
 29 |     EOF
 30 |     ```
 31 | 
 32 | 1. Create a Secret with your staging ACME private key (if you don't have one, the next step will generate one)
 33 | 
 34 |     ```
 35 |     $ cat <<EOF | kubectl apply -f -
 36 |     ---
 37 |     apiVersion: v1
 38 |     kind: Secret
 39 |     metadata:
 40 |       name: le-staging-account-key
 41 |       namespace: cert-manager
 42 |     type: Opaque
 43 |     data:
 44 |       tls.key: <<YOUR_KEY_BASE64>>
 45 |     EOF
 46 |     ```
 47 | 
 48 | 
 49 | 1. Create a staging ClusterIssuer
 50 |     ```
 51 |     $ cat <<EOF | kubectl apply -f -
 52 |     ---
 53 |     apiVersion: cert-manager.io/v1
 54 |     kind: ClusterIssuer
 55 |     metadata:
 56 |       name: letsencrypt-staging
 57 |     spec:
 58 |       acme:
 59 |         email: acme@example.com
 60 |         privateKeySecretRef:
 61 |           name: le-staging-account-key
 62 |         server: https://acme-staging-v02.api.letsencrypt.org/directory
 63 |         solvers:
 64 |         - selector: {}
 65 |           dns01:
 66 |             webhook:
 67 |               groupName: acme.infomaniak.com
 68 |               solverName: infomaniak
 69 |               config:
 70 |                 apiTokenSecretRef:
 71 |                   name: infomaniak-api-credentials
 72 |                   key: api-token
 73 |     EOF
 74 |     ```
 75 | 
 76 | 1. Create a Certificate, the issued cert will be stored in the specified Secret (keys tls.crt & tls.key)
 77 |     ```
 78 |     $ cat <<EOF | kubectl apply -f -
 79 |     ---
 80 |     apiVersion: cert-manager.io/v1
 81 |     kind: Certificate
 82 |     metadata:
 83 |       name: test-example-com
 84 |     spec:
 85 |       secretName: test-example-com-tls
 86 |       issuerRef:
 87 |         name: letsencrypt-staging
 88 |         kind: ClusterIssuer
 89 |       dnsNames:
 90 |       - test.example.com
 91 |     EOF
 92 | 
 93 |     $ kubectl get secret test-example-com-tls -o json | jq -r '.data."tls.crt"' | base64 -d | openssl x509 -text -noout | grep Subject:
 94 |         Subject: CN = test.example.com
 95 |     ```
 96 | 
 97 | 1. If everything worked as expected using letsencrypt staging environment, repeat the 3 last steps using letsencrypt's prod environment
 98 |     - ClusterIssuer `.spec.acme.server`: `https://acme-v02.api.letsencrypt.org/directory`
 99 |     - ClusterIssuer `.spec.acme.email`: your "prod" e-mail address
100 |     - ClusterIssuer `.spec.acme.privateKeySecretRef`: you can leave it blank and a new one will be generated for you
101 | 
102 | 1. Have fun 🎉 !
103 | 
104 | ## Building
105 | 
106 | Run `make build`
107 | 
108 | ## Running the test suite
109 | 
110 | All DNS providers **must** run the DNS01 provider conformance testing suite,
111 | else they will have undetermined behaviour when used with cert-manager.
112 | 
113 | You can run the test suite by exporting your API token in `INFOMANIAK_TOKEN`, then by running `TEST_ZONE_NAME=example.com. make test`.
114 | 


--------------------------------------------------------------------------------
/Tiltfile:
--------------------------------------------------------------------------------
  1 | # buildifier: disable=module-docstring
  2 | load("ext://podman", "podman_build")
  3 | load('ext://helm_resource', 'helm_resource', 'helm_repo')
  4 | load('ext://namespace', 'namespace_create')
  5 | 
  6 | if "Podman" in str(local("docker version", quiet = True)):
  7 |     docker_build = podman_build
  8 | 
  9 | # setup env
 10 | debug_enabled = os.getenv("DEBUG", "false").lower()
 11 | debug_port = os.getenv("DEBUG_PORT", "30000")
 12 | 
 13 | infomaniak_token = os.getenv("INFOMANIAK_TOKEN")
 14 | if infomaniak_token == None:
 15 |     fail("INFOMANIAK_TOKEN env variable should be set")
 16 | 
 17 | acme_email = os.getenv("EMAIL")
 18 | if acme_email == None:
 19 |     fail("EMAIL env variable should be set")
 20 | 
 21 | test_zone = os.getenv("TEST_ZONE")
 22 | if test_zone == None:
 23 |     fail("TEST_ZONE env variable should be set")
 24 | 
 25 | # setup cert-manager
 26 | update_settings(k8s_upsert_timeout_secs=300)
 27 | helm_repo("jetstack", "https://charts.jetstack.io", resource_name="jetstack-repo", labels = ["cert-manager"])
 28 | helm_resource(
 29 |     "cert-manager", "jetstack/cert-manager",
 30 |     namespace="cert-manager",
 31 |     flags = [
 32 |         "--create-namespace",
 33 |         "--set",
 34 |         "crds.enabled=true"
 35 |     ],
 36 |     labels = ["cert-manager"]
 37 | )
 38 | 
 39 | # build webhook
 40 | tiltbuild_path = ".tiltbuild"
 41 | webhook_bin = tiltbuild_path + "/webhook" 
 42 | local_resource(
 43 |     "dockerfile",
 44 |     cmd = "mkdir -p {tiltbuild_path};cp Tilt.Dockerfile {tiltbuild_path}/Dockerfile".format(
 45 |         tiltbuild_path = shlex.quote(tiltbuild_path),
 46 |     ),
 47 |     deps = ["Tilt.Dockerfile"],
 48 |     labels = ["cert-manager-infomaniak"]
 49 | )
 50 | local_resource(
 51 |     "webhook-binary",
 52 |     cmd = 'CGO_ENABLED=0 go build -o {webhook_bin} -gcflags "all=-N -l" .'.format(
 53 |         webhook_bin = webhook_bin,
 54 |     ),
 55 |     deps = [
 56 |         "main.go",
 57 |         "main_test.go",
 58 |         "infomaniak_api.go",
 59 |         "go.mod",
 60 |         "go.sum",
 61 |     ],
 62 |     resource_deps = ["dockerfile"],
 63 |     labels = ["cert-manager-infomaniak"]
 64 | )
 65 | docker_build(
 66 |     "cert-manager-webhook-infomaniak",
 67 |     tiltbuild_path,
 68 |     deps = [webhook_bin],
 69 |     live_update = [
 70 |         sync(webhook_bin, "/usr/local/bin/webhook"),
 71 |         run("sh /restart.sh"),
 72 |     ],
 73 | )
 74 | 
 75 | # deploy webhook
 76 | namespace_create("cert-manager-infomaniak")
 77 | webhook_yaml = helm(
 78 |                     "./deploy/infomaniak-webhook",
 79 |                     name="infomaniak-webhook",
 80 |                     namespace="cert-manager-infomaniak",
 81 |                     values = ["./deploy/infomaniak-webhook/values.yaml"],
 82 |                     set = [
 83 |                         "image.repository=cert-manager-webhook-infomaniak",
 84 |                         "debug.enabled=" + debug_enabled
 85 |                     ]
 86 | )
 87 | k8s_yaml(webhook_yaml)
 88 | 
 89 | port_forwards = []
 90 | if debug_enabled == "true":
 91 |   port_forwards = [port_forward(int(debug_port), int(debug_port))]
 92 | k8s_resource(
 93 |     workload = "infomaniak-webhook",
 94 |     port_forwards = port_forwards,
 95 |     objects = [
 96 |       "infomaniak-webhook:serviceaccount", "infomaniak-webhook\\:secret-reader:role", "infomaniak-webhook\\:domain-solver:clusterrole",
 97 |       "infomaniak-webhook\\:webhook-authentication-reader:rolebinding", "infomaniak-webhook\\:secret-reader:rolebinding",
 98 |       "infomaniak-webhook\\:auth-delegator:clusterrolebinding", "infomaniak-webhook\\:domain-solver:clusterrolebinding",
 99 |       "infomaniak-webhook-ca:certificate", "infomaniak-webhook-webhook-tls:certificate", "infomaniak-webhook-selfsign:issuer",
100 |       "infomaniak-webhook-ca:issuer", "cert-manager-infomaniak:namespace", "v1alpha1.acme.infomaniak.com:apiservice"
101 |     ],
102 |     resource_deps = ["cert-manager", "webhook-binary"],
103 |     labels = ["cert-manager-infomaniak"]
104 | )
105 | 
106 | # deploy additional test resources
107 | test_objects = read_yaml_stream("tilt/manifests.yaml")
108 | for o in test_objects:
109 |     if o.get("kind") == "Secret" and "stringData" in o and "api-token" in o["stringData"]:
110 |         o["stringData"]["api-token"] = infomaniak_token
111 |     if o.get("kind") == "ClusterIssuer" and "acme" in o["spec"] and "email" in o["spec"]["acme"]:
112 |         o["spec"]["acme"]["email"] = acme_email
113 |     if o.get("kind") == "Certificate" and "dnsNames" in o["spec"]:
114 |         o["spec"]["dnsNames"] = [test_zone]
115 | k8s_yaml(encode_yaml_stream(test_objects))
116 | k8s_resource(
117 |     new_name = "test-manifests",
118 |     objects = ["infomaniak-api-credentials:secret", "letsencrypt-staging:clusterissuer", "test-certificate:certificate"],
119 |     resource_deps = ["cert-manager"],
120 |     labels = ["tests"]
121 | )
122 | 


--------------------------------------------------------------------------------
/deploy/infomaniak-webhook/templates/rbac.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: v1
  2 | kind: ServiceAccount
  3 | metadata:
  4 |   name: {{ include "infomaniak-webhook.fullname" . }}
  5 |   namespace: {{ .Release.Namespace | quote }}
  6 |   labels:
  7 |     app: {{ include "infomaniak-webhook.name" . }}
  8 |     chart: {{ include "infomaniak-webhook.chart" . }}
  9 |     release: {{ .Release.Name }}
 10 |     heritage: {{ .Release.Service }}
 11 | ---
 12 | # Grant the webhook permission to read the ConfigMap containing the Kubernetes
 13 | # apiserver's requestheader-ca-certificate.
 14 | # This ConfigMap is automatically created by the Kubernetes apiserver.
 15 | apiVersion: rbac.authorization.k8s.io/v1
 16 | kind: RoleBinding
 17 | metadata:
 18 |   name: {{ include "infomaniak-webhook.fullname" . }}:webhook-authentication-reader
 19 |   namespace: kube-system
 20 |   labels:
 21 |     app: {{ include "infomaniak-webhook.name" . }}
 22 |     chart: {{ include "infomaniak-webhook.chart" . }}
 23 |     release: {{ .Release.Name }}
 24 |     heritage: {{ .Release.Service }}
 25 | roleRef:
 26 |   apiGroup: rbac.authorization.k8s.io
 27 |   kind: Role
 28 |   name: extension-apiserver-authentication-reader
 29 | subjects:
 30 |   - apiGroup: ""
 31 |     kind: ServiceAccount
 32 |     name: {{ include "infomaniak-webhook.fullname" . }}
 33 |     namespace: {{ .Release.Namespace }}
 34 | ---
 35 | # apiserver gets the auth-delegator role to delegate auth decisions to
 36 | # the core apiserver
 37 | apiVersion: rbac.authorization.k8s.io/v1
 38 | kind: ClusterRoleBinding
 39 | metadata:
 40 |   name: {{ include "infomaniak-webhook.fullname" . }}:auth-delegator
 41 |   labels:
 42 |     app: {{ include "infomaniak-webhook.name" . }}
 43 |     chart: {{ include "infomaniak-webhook.chart" . }}
 44 |     release: {{ .Release.Name }}
 45 |     heritage: {{ .Release.Service }}
 46 | roleRef:
 47 |   apiGroup: rbac.authorization.k8s.io
 48 |   kind: ClusterRole
 49 |   name: system:auth-delegator
 50 | subjects:
 51 |   - apiGroup: ""
 52 |     kind: ServiceAccount
 53 |     name: {{ include "infomaniak-webhook.fullname" . }}
 54 |     namespace: {{ .Release.Namespace }}
 55 | ---
 56 | # Grant cert-manager permission to validate using our apiserver
 57 | apiVersion: rbac.authorization.k8s.io/v1
 58 | kind: ClusterRole
 59 | metadata:
 60 |   name: {{ include "infomaniak-webhook.fullname" . }}:domain-solver
 61 |   labels:
 62 |     app: {{ include "infomaniak-webhook.name" . }}
 63 |     chart: {{ include "infomaniak-webhook.chart" . }}
 64 |     release: {{ .Release.Name }}
 65 |     heritage: {{ .Release.Service }}
 66 | rules:
 67 |   - apiGroups:
 68 |       - {{ .Values.groupName }}
 69 |     resources:
 70 |       - '*'
 71 |     verbs:
 72 |       - 'create'
 73 | ---
 74 | apiVersion: rbac.authorization.k8s.io/v1
 75 | kind: ClusterRoleBinding
 76 | metadata:
 77 |   name: {{ include "infomaniak-webhook.fullname" . }}:domain-solver
 78 |   labels:
 79 |     app: {{ include "infomaniak-webhook.name" . }}
 80 |     chart: {{ include "infomaniak-webhook.chart" . }}
 81 |     release: {{ .Release.Name }}
 82 |     heritage: {{ .Release.Service }}
 83 | roleRef:
 84 |   apiGroup: rbac.authorization.k8s.io
 85 |   kind: ClusterRole
 86 |   name: {{ include "infomaniak-webhook.fullname" . }}:domain-solver
 87 | subjects:
 88 |   - apiGroup: ""
 89 |     kind: ServiceAccount
 90 |     name: {{ .Values.certManager.serviceAccountName }}
 91 |     namespace: {{ .Values.certManager.namespace }}
 92 | # Role to access infomaniak-webhook secrets
 93 | ---
 94 | apiVersion: rbac.authorization.k8s.io/v1
 95 | kind: Role
 96 | metadata:
 97 |   name: {{ include "infomaniak-webhook.fullname" . }}:secret-reader
 98 |   namespace: {{ .Values.certManager.namespace }}
 99 |   labels:
100 |     app: {{ include "infomaniak-webhook.name" . }}
101 |     chart: {{ include "infomaniak-webhook.chart" . }}
102 |     release: {{ .Release.Name }}
103 |     heritage: {{ .Release.Service }}
104 | rules:
105 |   - apiGroups: [""]
106 |     resources:
107 |       - 'secrets'
108 |     resourceNames: {{ .Values.secretsNames }}
109 |     verbs:
110 |       - 'get'
111 |       - 'watch'
112 |       - 'list'
113 | # Allow infomaniak-webhook ServiceAccount to read its secrets
114 | ---
115 | apiVersion: rbac.authorization.k8s.io/v1
116 | kind: RoleBinding
117 | metadata:
118 |   name: {{ include "infomaniak-webhook.fullname" . }}:secret-reader
119 |   namespace: {{ .Values.certManager.namespace }}
120 |   labels:
121 |     app: {{ include "infomaniak-webhook.name" . }}
122 |     chart: {{ include "infomaniak-webhook.chart" . }}
123 |     release: {{ .Release.Name }}
124 |     heritage: {{ .Release.Service }}
125 | roleRef:
126 |   apiGroup: rbac.authorization.k8s.io
127 |   kind: Role
128 |   name: {{ include "infomaniak-webhook.fullname" . }}:secret-reader
129 | subjects:
130 |   - apiGroup: ""
131 |     kind: ServiceAccount
132 |     name: {{ include "infomaniak-webhook.fullname" . }}
133 |     namespace: {{ .Release.Namespace }}


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
  1 | module github.com/infomaniak/cert-manager-webhook-infomaniak
  2 | 
  3 | go 1.22
  4 | 
  5 | require (
  6 | 	github.com/cert-manager/cert-manager v1.14.4
  7 | 	k8s.io/apiextensions-apiserver v0.29.3
  8 | 	k8s.io/apimachinery v0.29.3
  9 | 	k8s.io/client-go v0.29.3
 10 | 	k8s.io/klog/v2 v2.120.1
 11 | )
 12 | 
 13 | require (
 14 | 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 15 | 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
 16 | 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 17 | 	github.com/beorn7/perks v1.0.1 // indirect
 18 | 	github.com/blang/semver/v4 v4.0.0 // indirect
 19 | 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 20 | 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 21 | 	github.com/coreos/go-semver v0.3.1 // indirect
 22 | 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 23 | 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 24 | 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 25 | 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 26 | 	github.com/evanphx/json-patch/v5 v5.7.0 // indirect
 27 | 	github.com/felixge/httpsnoop v1.0.4 // indirect
 28 | 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 29 | 	github.com/go-logr/logr v1.4.1 // indirect
 30 | 	github.com/go-logr/stdr v1.2.2 // indirect
 31 | 	github.com/go-logr/zapr v1.3.0 // indirect
 32 | 	github.com/go-openapi/jsonpointer v0.20.2 // indirect
 33 | 	github.com/go-openapi/jsonreference v0.20.4 // indirect
 34 | 	github.com/go-openapi/swag v0.22.7 // indirect
 35 | 	github.com/gogo/protobuf v1.3.2 // indirect
 36 | 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 37 | 	github.com/golang/protobuf v1.5.4 // indirect
 38 | 	github.com/google/cel-go v0.17.7 // indirect
 39 | 	github.com/google/gnostic-models v0.6.8 // indirect
 40 | 	github.com/google/go-cmp v0.6.0 // indirect
 41 | 	github.com/google/gofuzz v1.2.0 // indirect
 42 | 	github.com/google/uuid v1.5.0 // indirect
 43 | 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 44 | 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect
 45 | 	github.com/imdario/mergo v0.3.16 // indirect
 46 | 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 47 | 	github.com/josharian/intern v1.0.0 // indirect
 48 | 	github.com/json-iterator/go v1.1.12 // indirect
 49 | 	github.com/mailru/easyjson v0.7.7 // indirect
 50 | 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 51 | 	github.com/miekg/dns v1.1.57 // indirect
 52 | 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 53 | 	github.com/modern-go/reflect2 v1.0.2 // indirect
 54 | 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 55 | 	github.com/pkg/errors v0.9.1 // indirect
 56 | 	github.com/prometheus/client_golang v1.18.0 // indirect
 57 | 	github.com/prometheus/client_model v0.5.0 // indirect
 58 | 	github.com/prometheus/common v0.45.0 // indirect
 59 | 	github.com/prometheus/procfs v0.12.0 // indirect
 60 | 	github.com/spf13/cobra v1.8.0 // indirect
 61 | 	github.com/spf13/pflag v1.0.5 // indirect
 62 | 	github.com/stoewer/go-strcase v1.3.0 // indirect
 63 | 	go.etcd.io/etcd/api/v3 v3.5.11 // indirect
 64 | 	go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect
 65 | 	go.etcd.io/etcd/client/v3 v3.5.11 // indirect
 66 | 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
 67 | 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
 68 | 	go.opentelemetry.io/otel v1.21.0 // indirect
 69 | 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
 70 | 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
 71 | 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 72 | 	go.opentelemetry.io/otel/sdk v1.21.0 // indirect
 73 | 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 74 | 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 75 | 	go.uber.org/multierr v1.11.0 // indirect
 76 | 	go.uber.org/zap v1.26.0 // indirect
 77 | 	golang.org/x/crypto v0.22.0 // indirect
 78 | 	golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect
 79 | 	golang.org/x/mod v0.14.0 // indirect
 80 | 	golang.org/x/net v0.21.0 // indirect
 81 | 	golang.org/x/oauth2 v0.15.0 // indirect
 82 | 	golang.org/x/sync v0.5.0 // indirect
 83 | 	golang.org/x/sys v0.19.0 // indirect
 84 | 	golang.org/x/term v0.19.0 // indirect
 85 | 	golang.org/x/text v0.14.0 // indirect
 86 | 	golang.org/x/time v0.5.0 // indirect
 87 | 	golang.org/x/tools v0.16.1 // indirect
 88 | 	google.golang.org/appengine v1.6.8 // indirect
 89 | 	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
 90 | 	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
 91 | 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
 92 | 	google.golang.org/grpc v1.60.1 // indirect
 93 | 	google.golang.org/protobuf v1.33.0 // indirect
 94 | 	gopkg.in/inf.v0 v0.9.1 // indirect
 95 | 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 96 | 	gopkg.in/yaml.v2 v2.4.0 // indirect
 97 | 	gopkg.in/yaml.v3 v3.0.1 // indirect
 98 | 	k8s.io/api v0.29.3 // indirect
 99 | 	k8s.io/apiserver v0.29.3 // indirect
100 | 	k8s.io/component-base v0.29.3 // indirect
101 | 	k8s.io/kms v0.29.3 // indirect
102 | 	k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect
103 | 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
104 | 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
105 | 	sigs.k8s.io/controller-runtime v0.16.3 // indirect
106 | 	sigs.k8s.io/gateway-api v1.0.0 // indirect
107 | 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
108 | 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
109 | 	sigs.k8s.io/yaml v1.4.0 // indirect
110 | )
111 | 


--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"context"
  5 | 	"encoding/json"
  6 | 	"fmt"
  7 | 	"os"
  8 | 	"strings"
  9 | 
 10 | 	"golang.org/x/net/idna"
 11 | 
 12 | 	extapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 13 | 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 14 | 
 15 | 	"k8s.io/client-go/kubernetes"
 16 | 	"k8s.io/client-go/rest"
 17 | 	"k8s.io/klog/v2"
 18 | 
 19 | 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
 20 | 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
 21 | 	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 22 | 	"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
 23 | )
 24 | 
 25 | // GroupName is the API group name (should be unique cluster-wide)
 26 | var GroupName = os.Getenv("GROUP_NAME")
 27 | 
 28 | const (
 29 | 	// DefaultTTL is the TTL that will be set with Present
 30 | 	DefaultTTL = 300
 31 | )
 32 | 
 33 | type actionType int
 34 | 
 35 | const (
 36 | 	actionPresent actionType = iota
 37 | 	actionCleanup
 38 | )
 39 | 
 40 | var actionNames = map[actionType]string{
 41 | 	actionPresent: "Present",
 42 | 	actionCleanup: "Cleanup",
 43 | }
 44 | 
 45 | func main() {
 46 | 	if GroupName == "" {
 47 | 		panic("GROUP_NAME must be specified")
 48 | 	}
 49 | 
 50 | 	// This will register our custom DNS provider with the webhook serving
 51 | 	// library, making it available as an API under the provided GroupName.
 52 | 	// You can register multiple DNS provider implementations with a single
 53 | 	// webhook, where the Name() method will be used to disambiguate between
 54 | 	// the different implementations.
 55 | 	cmd.RunWebhookServer(GroupName,
 56 | 		&infomaniakDNSProviderSolver{},
 57 | 	)
 58 | 
 59 | }
 60 | 
 61 | // infomaniakDNSProviderSolver implements the provider-specific logic needed to
 62 | // 'present' an ACME challenge TXT record for your own DNS provider.
 63 | // To do so, it must implement the `github.com/cert-manager/cert-manager/pkg/acme/webhook.Solver`
 64 | // interface.
 65 | type infomaniakDNSProviderSolver struct {
 66 | 	client kubernetes.Clientset
 67 | }
 68 | 
 69 | // infomaniakDNSProviderConfig is a structure that is used to decode into when
 70 | // solving a DNS01 challenge.
 71 | // This information is provided by cert-manager, and may be a reference to
 72 | // additional configuration that's needed to solve the challenge for this
 73 | // particular certificate or issuer.
 74 | type infomaniakDNSProviderConfig struct {
 75 | 	APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"`
 76 | }
 77 | 
 78 | // Name is used as the name for this DNS solver when referencing it on the ACME
 79 | // Issuer resource.
 80 | // This should be unique **within the group name**, i.e. you can have two
 81 | // solvers configured with the same Name() **so long as they do not co-exist
 82 | // within a single webhook deployment**.
 83 | // For example, `cloudflare` may be used as the name of a solver.
 84 | func (c *infomaniakDNSProviderSolver) Name() string {
 85 | 	return "infomaniak"
 86 | }
 87 | 
 88 | // Present is responsible for actually presenting the DNS record with the
 89 | // DNS provider.
 90 | // This method should tolerate being called multiple times with the same value.
 91 | // cert-manager itself will later perform a self check to ensure that the
 92 | // solver has correctly configured the DNS provider.
 93 | func (c *infomaniakDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
 94 | 	err := c.do(ch, actionPresent)
 95 | 	if err != nil {
 96 | 		klog.Errorf("Error while presenting record `%s`: %v", ch.ResolvedFQDN, err)
 97 | 		klog.Flush()
 98 | 		return err
 99 | 	}
100 | 	klog.Flush()
101 | 	return nil
102 | }
103 | 
104 | // CleanUp should delete the relevant TXT record from the DNS provider console.
105 | // If multiple TXT records exist with the same record name (e.g.
106 | // _acme-challenge.example.com) then **only** the record with the same `key`
107 | // value provided on the ChallengeRequest should be cleaned up.
108 | // This is in order to facilitate multiple DNS validations for the same domain
109 | // concurrently.
110 | func (c *infomaniakDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
111 | 	err := c.do(ch, actionCleanup)
112 | 	if err != nil {
113 | 		klog.Errorf("Error while cleaning record `%s`: %v", ch.ResolvedFQDN, err)
114 | 		klog.Flush()
115 | 		return err
116 | 	}
117 | 	klog.Flush()
118 | 	return nil
119 | }
120 | 
121 | // getSecretKey fetch a secret key based on a selector and a namespace
122 | func (c *infomaniakDNSProviderSolver) getSecretKey(secret cmmeta.SecretKeySelector, namespace string) (string, error) {
123 | 	klog.V(6).Infof("getting key `%s` in secret `%s/%s`", secret.Key, namespace, secret.Name)
124 | 
125 | 	sec, err := c.client.CoreV1().Secrets(namespace).Get(context.Background(), secret.Name, metav1.GetOptions{})
126 | 	if err != nil {
127 | 		return "", fmt.Errorf("secret `%s/%s` not found", namespace, secret.Name)
128 | 	}
129 | 
130 | 	data, ok := sec.Data[secret.Key]
131 | 	if !ok {
132 | 		return "", fmt.Errorf("key `%q` not found in secret `%s/%s`", secret.Key, namespace, secret.Name)
133 | 	}
134 | 
135 | 	return string(data), nil
136 | }
137 | 
138 | // do is where the job is actually done (Present/CleanUp)
139 | func (c *infomaniakDNSProviderSolver) do(ch *v1alpha1.ChallengeRequest, action actionType) error {
140 | 	cfg, err := loadConfig(ch.Config)
141 | 	if err != nil {
142 | 		return err
143 | 	}
144 | 
145 | 	klog.V(2).Infof("%s record `%s`", actionNames[action], ch.ResolvedFQDN)
146 | 	zone, err := idna.ToASCII(util.UnFqdn(ch.ResolvedZone))
147 | 	if err != nil {
148 | 		return fmt.Errorf("error converting ResolvedZone (`%s`) to ASCII: %w", ch.ResolvedZone, err)
149 | 	}
150 | 	source, err := idna.ToASCII(util.UnFqdn(ch.ResolvedFQDN))
151 | 	if err != nil {
152 | 		return fmt.Errorf("error converting ResolvedFQDN (`%s`) to ASCII: %w", ch.ResolvedFQDN, err)
153 | 	}
154 | 	target := ch.Key
155 | 	ttl := uint64(DefaultTTL)
156 | 
157 | 	apiToken, err := c.getSecretKey(cfg.APITokenSecretRef, ch.ResourceNamespace)
158 | 	if err != nil {
159 | 		return err
160 | 	}
161 | 
162 | 	ikAPI := NewInfomaniakAPI(apiToken)
163 | 	domain, err := ikAPI.GetDomainByName(zone)
164 | 	if err != nil {
165 | 		return err
166 | 	}
167 | 
168 | 	domainASCII, err := domain.ASCIIName()
169 | 	if err != nil {
170 | 		return err
171 | 	}
172 | 	if strings.HasSuffix(source, domainASCII) {
173 | 		source = strings.TrimSuffix(source, domainASCII)
174 | 		source = strings.TrimSuffix(source, ".")
175 | 	}
176 | 
177 | 	switch action {
178 | 	case actionPresent:
179 | 		return ikAPI.EnsureDNSRecord(domain, source, target, "TXT", ttl)
180 | 	case actionCleanup:
181 | 		return ikAPI.RemoveDNSRecord(domain, source, target, "TXT")
182 | 	}
183 | 
184 | 	return nil
185 | }
186 | 
187 | // Initialize will be called when the webhook first starts.
188 | // This method can be used to instantiate the webhook, i.e. initialising
189 | // connections or warming up caches.
190 | // Typically, the kubeClientConfig parameter is used to build a Kubernetes
191 | // client that can be used to fetch resources from the Kubernetes API, e.g.
192 | // Secret resources containing credentials used to authenticate with DNS
193 | // provider accounts.
194 | // The stopCh can be used to handle early termination of the webhook, in cases
195 | // where a SIGTERM or similar signal is sent to the webhook process.
196 | func (c *infomaniakDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error {
197 | 	cl, err := kubernetes.NewForConfig(kubeClientConfig)
198 | 	if err != nil {
199 | 		return err
200 | 	}
201 | 
202 | 	c.client = *cl
203 | 
204 | 	return nil
205 | }
206 | 
207 | // loadConfig is a small helper function that decodes JSON configuration into
208 | // the typed config struct.
209 | func loadConfig(cfgJSON *extapi.JSON) (infomaniakDNSProviderConfig, error) {
210 | 	cfg := infomaniakDNSProviderConfig{}
211 | 	// handle the 'base case' where no configuration has been provided
212 | 	if cfgJSON == nil {
213 | 		return cfg, nil
214 | 	}
215 | 	if err := json.Unmarshal(cfgJSON.Raw, &cfg); err != nil {
216 | 		return cfg, fmt.Errorf("error decoding solver config: %v", err)
217 | 	}
218 | 
219 | 	return cfg, nil
220 | }
221 | 


--------------------------------------------------------------------------------
/infomaniak_api.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"bytes"
  5 | 	"encoding/json"
  6 | 	"errors"
  7 | 	"fmt"
  8 | 	"io"
  9 | 	"net/http"
 10 | 	"net/url"
 11 | 	"strings"
 12 | 
 13 | 	"golang.org/x/net/idna"
 14 | 
 15 | 	"k8s.io/klog/v2"
 16 | )
 17 | 
 18 | const (
 19 | 	infomaniakBaseURL = "https://api.infomaniak.com"
 20 | )
 21 | 
 22 | // InfomaniakAPI is a basic implementation of an API client to api.infomaniak.com
 23 | // It implements only the methods required for the ACME Challenge
 24 | type InfomaniakAPI struct {
 25 | 	apiToken string
 26 | }
 27 | 
 28 | // ErrorResponse defines the error response format, as described here https://api.infomaniak.com/doc#home
 29 | type ErrorResponse struct {
 30 | 	Code        string            `json:"code"`
 31 | 	Description string            `json:"description,omitempty"`
 32 | 	Context     map[string]string `json:"context,omitempty"`
 33 | 	Errors      []ErrorResponse   `json:"errors,omitempty"`
 34 | }
 35 | 
 36 | // InfomaniakAPIResponse defines the generic response format, as described here https://api.infomaniak.com/doc#home
 37 | type InfomaniakAPIResponse struct {
 38 | 	Result      string           `json:"result"`
 39 | 	Data        *json.RawMessage `json:"data,omitempty"`
 40 | 	ErrResponse ErrorResponse    `json:"error,omitempty"`
 41 | }
 42 | 
 43 | // NewInfomaniakAPI creates a new infomaniak API client
 44 | func NewInfomaniakAPI(apiToken string) *InfomaniakAPI {
 45 | 	return &InfomaniakAPI{
 46 | 		apiToken: apiToken,
 47 | 	}
 48 | }
 49 | 
 50 | // request builds the raw request
 51 | func (ik *InfomaniakAPI) request(method, path string, body io.Reader) (*InfomaniakAPIResponse, error) {
 52 | 	if path[0] != '/' {
 53 | 		path = "/" + path
 54 | 	}
 55 | 	url := infomaniakBaseURL + path
 56 | 
 57 | 	client := &http.Client{}
 58 | 
 59 | 	req, err := http.NewRequest(method, url, body)
 60 | 	if err != nil {
 61 | 		return nil, err
 62 | 	}
 63 | 	req.Header.Set("Authorization", "Bearer "+ik.apiToken)
 64 | 	req.Header.Set("Content-Type", "application/json")
 65 | 
 66 | 	klog.V(6).Infof("%s %s", method, url)
 67 | 	rawResp, err := client.Do(req)
 68 | 	if err != nil {
 69 | 		return nil, err
 70 | 	}
 71 | 
 72 | 	var resp InfomaniakAPIResponse
 73 | 	if err := json.NewDecoder(rawResp.Body).Decode(&resp); err != nil {
 74 | 		return nil, fmt.Errorf("%s %s response parsing error: %v", method, path, err)
 75 | 	}
 76 | 
 77 | 	rawJSON, _ := json.Marshal(resp)
 78 | 	klog.V(8).Infof("Response status: `%s` json response: `%v`", rawResp.Status, string(rawJSON))
 79 | 
 80 | 	if resp.Result != "success" {
 81 | 		return nil, fmt.Errorf("%s %s failed: %v", method, path, resp.ErrResponse)
 82 | 	}
 83 | 
 84 | 	return &resp, nil
 85 | }
 86 | 
 87 | // get is a helper to build a bare GET request
 88 | func (ik *InfomaniakAPI) get(path string, params url.Values) (*InfomaniakAPIResponse, error) {
 89 | 	base, err := url.Parse(path)
 90 | 	if err != nil {
 91 | 		return nil, err
 92 | 	}
 93 | 	if params != nil {
 94 | 		base.RawQuery = params.Encode()
 95 | 	}
 96 | 	return ik.request("GET", base.String(), nil)
 97 | }
 98 | 
 99 | // get is a helper to build a bare POST request
100 | func (ik *InfomaniakAPI) post(path string, body io.Reader) (*InfomaniakAPIResponse, error) {
101 | 	return ik.request("POST", path, body)
102 | }
103 | 
104 | // get is a helper to build a bare PUT request
105 | func (ik *InfomaniakAPI) put(path string, body io.Reader) (*InfomaniakAPIResponse, error) {
106 | 	return ik.request("PUT", path, body)
107 | }
108 | 
109 | // get is a helper to build a bare DELETE request
110 | func (ik *InfomaniakAPI) delete(path string) (*InfomaniakAPIResponse, error) {
111 | 	return ik.request("DELETE", path, nil)
112 | }
113 | 
114 | // InfomaniakDNSDomain defines the format of a Domain object
115 | type InfomaniakDNSDomain struct {
116 | 	ID                  uint64           `json:"id,omitempty"`
117 | 	AccountID           uint64           `json:"account_id,omitempty"`
118 | 	ServiceID           uint64           `json:"service_id,omitempty"`
119 | 	ServiceName         string           `json:"service_name,omitempty"`
120 | 	CustomerName        string           `json:"customer_name,omitempty"`
121 | 	InternalName        string           `json:"internal_name,omitempty,omitempty"`
122 | 	CreatedAt           uint64           `json:"created_at,omitempty"`
123 | 	ExpiredAt           uint64           `json:"expired_at,omitempty"`
124 | 	Version             uint64           `json:"version,omitempty"`
125 | 	Maintenance         bool             `json:"maintenance,omitempty"`
126 | 	Locked              bool             `json:"locked,omitempty"`
127 | 	OperationInProgress bool             `json:"operation_in_progress,omitempty"`
128 | 	Tags                *json.RawMessage `json:"tags,omitempty"`
129 | 	UniqueID            uint64           `json:"unique_id,omitempty"`
130 | 	Description         string           `json:"description,omitempty"`
131 | 	Isfree              bool             `json:"is_free,omitempty"`
132 | 	Rights              *json.RawMessage `json:"rights,omitempty"`
133 | 	Special             bool             `json:"special,omitempty"`
134 | }
135 | 
136 | func (d *InfomaniakDNSDomain) ASCIIName() (string, error) {
137 | 	domainASCII, err := idna.ToASCII(d.CustomerName)
138 | 	if err != nil {
139 | 		return "", fmt.Errorf("could not convert domain `%s` to ASCII: %w", d.CustomerName, err)
140 | 	}
141 | 	return domainASCII, nil
142 | }
143 | 
144 | // InfomaniakDNSRecord defines the format of a DNSRecord object
145 | type InfomaniakDNSRecord struct {
146 | 	ID         string `json:"id,omitempty"`
147 | 	Source     string `json:"source,omitempty"`
148 | 	SourceIdn  string `json:"source_idn,omitempty"`
149 | 	Type       string `json:"type,omitempty"`
150 | 	TTL        uint64 `json:"ttl,omitempty"`
151 | 	TTLIdn     string `json:"ttl_idn,omitempty"`
152 | 	Target     string `json:"target,omitempty"`
153 | 	TargetIdn  string `json:"target_idn,omitempty"`
154 | 	UpdatedAt  uint64 `json:"updated_at,omitempty"`
155 | 	DyndnsID   string `json:"dyndns_id,omitempty,omitempty"`
156 | 	Priority   uint64 `json:"priority,omitempty"`
157 | 	IsEditable bool   `json:"is_editable,omitempty"`
158 | }
159 | 
160 | // ErrDomainNotFound
161 | var ErrDomainNotFound = errors.New("domain not found")
162 | 
163 | // GetDomainByName gather a Domain object from its name
164 | func (ik *InfomaniakAPI) GetDomainByName(name string) (*InfomaniakDNSDomain, error) {
165 | 	klog.V(4).Infof("Getting domain matching `%s`", name)
166 | 
167 | 	// remove trailing . if present
168 | 	if strings.HasSuffix(name, ".") {
169 | 		name = name[:len(name)-1]
170 | 	}
171 | 
172 | 	// Try to find the most specific domain
173 | 	// starts with the FQDN, then remove each left label until we have a match
174 | 	for {
175 | 		i := strings.Index(name, ".")
176 | 		if i == -1 {
177 | 			break
178 | 		}
179 | 		params := url.Values{}
180 | 		params.Add("service_name", "domain")
181 | 		params.Add("customer_name", name)
182 | 
183 | 		resp, err := ik.get("/1/product", params)
184 | 		if err != nil {
185 | 			return nil, err
186 | 		}
187 | 
188 | 		var domains []InfomaniakDNSDomain
189 | 
190 | 		if err = json.Unmarshal(*resp.Data, &domains); err != nil {
191 | 			return nil, fmt.Errorf("expected array of Domain, got: %v", string(*resp.Data))
192 | 		}
193 | 
194 | 		for _, domain := range domains {
195 | 			domainASCII, err := domain.ASCIIName()
196 | 			if err != nil {
197 | 				return nil, err
198 | 			}
199 | 			if domainASCII == name {
200 | 				klog.V(4).Infof("Domain `%s` found, id=`%d`", name, domain.ID)
201 | 				return &domain, nil
202 | 			}
203 | 		}
204 | 		klog.V(4).Infof("Domain `%s` not found, trying with `%s`", name, name[i+1:])
205 | 		name = name[i+1:]
206 | 	}
207 | 
208 | 	return nil, ErrDomainNotFound
209 | }
210 | 
211 | // getRecordID gather a record id from its specs (domain, source, target, rtype)
212 | func (ik *InfomaniakAPI) getRecordID(domain *InfomaniakDNSDomain, source, target, rtype string) (*string, error) {
213 | 	klog.V(4).Infof("Getting all record for domain=%d, then match source=%s target=%s rtype=%s", domain.ID, source, target, rtype)
214 | 
215 | 	resp, err := ik.get(fmt.Sprintf("/1/domain/%d/dns/record", domain.ID), nil)
216 | 	if err != nil {
217 | 		return nil, err
218 | 	}
219 | 
220 | 	var records []InfomaniakDNSRecord
221 | 
222 | 	if err = json.Unmarshal(*resp.Data, &records); err != nil {
223 | 		return nil, fmt.Errorf("expected array of Record, got: %v", string(*resp.Data))
224 | 	}
225 | 
226 | 	if len(records) < 1 {
227 | 		return nil, fmt.Errorf("no records in zone")
228 | 	}
229 | 
230 | 	for _, record := range records {
231 | 		if record.Source == source && record.Target == target && record.Type == rtype {
232 | 			return &record.ID, nil
233 | 		}
234 | 	}
235 | 
236 | 	return nil, nil
237 | }
238 | 
239 | // EnsureDNSRecord ensures a record is present with the correct key
240 | func (ik *InfomaniakAPI) EnsureDNSRecord(domain *InfomaniakDNSDomain, source, target, rtype string, ttl uint64) error {
241 | 	klog.V(4).Infof("Ensure record domain=%d source=%s target=%s rtype=%s TTL=%d", domain.ID, source, target, rtype, ttl)
242 | 
243 | 	recordID, err := ik.getRecordID(domain, source, target, rtype)
244 | 	if err != nil {
245 | 		return err
246 | 	}
247 | 
248 | 	if recordID != nil {
249 | 		klog.V(4).Infof("Record already exists (domain=%d record=%s source=%s rtype=%s target=%s), skipping addition", domain.ID, *recordID, source, rtype, target)
250 | 		return nil
251 | 	}
252 | 
253 | 	record := InfomaniakDNSRecord{Source: source, Target: target, Type: rtype, TTL: ttl}
254 | 	rawJSON, err := json.Marshal(record)
255 | 	if err != nil {
256 | 		return err
257 | 	}
258 | 
259 | 	klog.V(4).Infof("Adding record domain=%d (source=%s rtype=%s target=%s ttl=%d)", domain.ID, source, rtype, target, ttl)
260 | 	_, err = ik.post(fmt.Sprintf("/1/domain/%d/dns/record", domain.ID), bytes.NewBuffer(rawJSON))
261 | 	return err
262 | }
263 | 
264 | // RemoveDNSRecord ensures a record is absent
265 | func (ik *InfomaniakAPI) RemoveDNSRecord(domain *InfomaniakDNSDomain, source, target, rtype string) error {
266 | 	klog.V(4).Infof("Remove record domain=%d source=%s rtype=%s target=%s", domain.ID, source, rtype, target)
267 | 	recordID, err := ik.getRecordID(domain, source, target, rtype)
268 | 	if err != nil {
269 | 		return err
270 | 	}
271 | 
272 | 	// the record is already absent doing nothing
273 | 	if recordID == nil || len(*recordID) < 1 {
274 | 		klog.V(4).Infof("No record found (domain=%d source=%s rtype=%s target=%s), skipping deletion", domain.ID, source, rtype, target)
275 | 		return nil
276 | 	}
277 | 
278 | 	klog.V(4).Infof("Deleting record domain=%d record=%s (source=%s rtype=%s target=%s)", domain.ID, *recordID, source, rtype, target)
279 | 	_, err = ik.delete(fmt.Sprintf("/1/domain/%d/dns/record/%s", domain.ID, *recordID))
280 | 	return err
281 | }
282 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright [yyyy] [name of copyright owner]
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
  1 | cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM=
  2 | cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
  3 | cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
  4 | cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
  5 | cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
  6 | github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
  7 | github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
  8 | github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
  9 | github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
 10 | github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 11 | github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 12 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 13 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 14 | github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 15 | github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 16 | github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 17 | github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 18 | github.com/cert-manager/cert-manager v1.14.4 h1:DLXIZHx3jhkViYfobXo+N7/od/oj4YgG6AJw4ORJnYs=
 19 | github.com/cert-manager/cert-manager v1.14.4/go.mod h1:d+CBeRu5MbpHTfXkkiiamUhnfdvhbThoOPwilU4UM98=
 20 | github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 21 | github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 22 | github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
 23 | github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 24 | github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
 25 | github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
 26 | github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 27 | github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 28 | github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 29 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 30 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 31 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 32 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 33 | github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 34 | github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 35 | github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 36 | github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 37 | github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
 38 | github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
 39 | github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 40 | github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 41 | github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
 42 | github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 43 | github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 44 | github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 45 | github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 46 | github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 47 | github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 48 | github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 49 | github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 50 | github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 51 | github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 52 | github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 53 | github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 54 | github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q=
 55 | github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs=
 56 | github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU=
 57 | github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4=
 58 | github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8=
 59 | github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0=
 60 | github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 61 | github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 62 | github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 63 | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 64 | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 65 | github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 66 | github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 67 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 68 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 69 | github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 70 | github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 71 | github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 72 | github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 73 | github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 74 | github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 75 | github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ=
 76 | github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
 77 | github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 78 | github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 79 | github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 80 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 81 | github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 82 | github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 83 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 84 | github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 85 | github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 86 | github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 87 | github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 88 | github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 89 | github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 90 | github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 91 | github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 92 | github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
 93 | github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 94 | github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
 95 | github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 96 | github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
 97 | github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 98 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 h1:6UKoz5ujsI55KNpsJH3UwCq3T8kKbZwNZBNPuTTje8U=
 99 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1/go.mod h1:YvJ2f6MplWDhfxiUC3KpyTy76kYUZA4W3pTv/wdKQ9Y=
100 | github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
101 | github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
102 | github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
103 | github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
104 | github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
105 | github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
106 | github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
107 | github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
108 | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
109 | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
110 | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
111 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
112 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
113 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
114 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
115 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
116 | github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
117 | github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
118 | github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
119 | github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
120 | github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
121 | github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
122 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
123 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
124 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
125 | github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
126 | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
127 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
128 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
129 | github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
130 | github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
131 | github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
132 | github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
133 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
134 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
135 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
136 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
137 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
138 | github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
139 | github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
140 | github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
141 | github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
142 | github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
143 | github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
144 | github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
145 | github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
146 | github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
147 | github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
148 | github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
149 | github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
150 | github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
151 | github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
152 | github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
153 | github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
154 | github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
155 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
156 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
157 | github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
158 | github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
159 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
160 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
161 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
162 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
163 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
164 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
165 | github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
166 | github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
167 | github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
168 | github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
169 | github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
170 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
171 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
172 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
173 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
174 | github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
175 | go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA=
176 | go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
177 | go.etcd.io/etcd/api/v3 v3.5.11 h1:B54KwXbWDHyD3XYAwprxNzTe7vlhR69LuBgZnMVvS7E=
178 | go.etcd.io/etcd/api/v3 v3.5.11/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4=
179 | go.etcd.io/etcd/client/pkg/v3 v3.5.11 h1:bT2xVspdiCj2910T0V+/KHcVKjkUrCZVtk8J2JF2z1A=
180 | go.etcd.io/etcd/client/pkg/v3 v3.5.11/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+3kvrqPyTas4=
181 | go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4=
182 | go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA=
183 | go.etcd.io/etcd/client/v3 v3.5.11 h1:ajWtgoNSZJ1gmS8k+icvPtqsqEav+iUorF7b0qozgUU=
184 | go.etcd.io/etcd/client/v3 v3.5.11/go.mod h1:a6xQUEqFJ8vztO1agJh/KQKOMfFI8og52ZconzcDJwE=
185 | go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM=
186 | go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs=
187 | go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA=
188 | go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc=
189 | go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg=
190 | go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo=
191 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE=
192 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE=
193 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
194 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
195 | go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
196 | go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
197 | go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
198 | go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
199 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
200 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
201 | go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
202 | go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
203 | go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
204 | go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
205 | go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
206 | go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
207 | go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
208 | go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
209 | go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
210 | go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
211 | go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
212 | go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
213 | go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
214 | go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
215 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
216 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
217 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
218 | golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
219 | golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
220 | golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
221 | golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4=
222 | golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
223 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
224 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
225 | golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
226 | golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
227 | golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
228 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
229 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
230 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
231 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
232 | golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
233 | golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
234 | golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
235 | golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
236 | golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
237 | golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
238 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
239 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
240 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
241 | golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
242 | golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
243 | golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
244 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
245 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
246 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
247 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
248 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
249 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
250 | golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
251 | golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
252 | golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
253 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
254 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
255 | golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
256 | golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
257 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
258 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
259 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
260 | golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
261 | golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
262 | golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
263 | golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
264 | golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
265 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
266 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
267 | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
268 | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
269 | golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
270 | golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
271 | golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
272 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
273 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
274 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
275 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
276 | gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
277 | gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
278 | google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
279 | google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
280 | google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg=
281 | google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0=
282 | google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM=
283 | google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0=
284 | google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ=
285 | google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
286 | google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
287 | google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
288 | google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
289 | google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
290 | google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
291 | google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
292 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
293 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
294 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
295 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
296 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
297 | gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
298 | gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
299 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
300 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
301 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
302 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
303 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
304 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
305 | k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
306 | k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
307 | k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI=
308 | k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc=
309 | k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
310 | k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
311 | k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE=
312 | k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs=
313 | k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
314 | k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
315 | k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo=
316 | k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio=
317 | k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
318 | k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
319 | k8s.io/kms v0.29.3 h1:ReljsAUhYlm2spdT4yXmY+9a8x8dc/OT4mXvwQPPteQ=
320 | k8s.io/kms v0.29.3/go.mod h1:TBGbJKpRUMk59neTMDMddjIDL+D4HuFUbpuiuzmOPg0=
321 | k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko=
322 | k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k=
323 | k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
324 | k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
325 | sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c=
326 | sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4=
327 | sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
328 | sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
329 | sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs=
330 | sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c=
331 | sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
332 | sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
333 | sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
334 | sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
335 | sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
336 | sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
337 | 


--------------------------------------------------------------------------------