├── .codeclimate.yml ├── .dockerignore ├── .github ├── dependabot.yml └── workflows │ ├── codeql-analysis.yml │ ├── deploy.yml │ └── test.yml ├── .gitignore ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── config ├── custom-environment-variables.yaml └── default.yaml ├── deploy └── helm-chart │ └── kube-mail │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── charts │ └── redis-17.9.2.tgz │ ├── crds │ ├── kube-mail.helmich.me_emailpolicies.yaml │ └── kube-mail.helmich.me_smtpservers.yaml │ ├── templates │ ├── _helpers.tpl │ ├── alerts.yaml │ ├── deployment.yaml │ ├── networkpolicy-metrics.yaml │ ├── networkpolicy.yaml │ ├── rbac.yaml │ ├── service.yaml │ └── servicemonitor.yaml │ └── values.yaml ├── go ├── apis │ └── kube-mail │ │ └── v1alpha1 │ │ ├── emailpolicy_types.go │ │ ├── groupversion_info.go │ │ ├── smtpserver_types.go │ │ └── zz_generated.deepcopy.go ├── generate │ └── types.go ├── go.mod └── go.sum ├── package-lock.json ├── package.json ├── src ├── backend.ts ├── config.ts ├── debug.ts ├── k8s │ ├── api.ts │ ├── factory.ts │ ├── pod_store.ts │ ├── policy_store.ts │ └── types │ │ └── v1alpha1 │ │ ├── emailpolicy.ts │ │ ├── emailpolicy_spec.ts │ │ ├── enums.ts │ │ ├── smtpserver.ts │ │ └── smtpserver_spec.ts ├── main.ts ├── monitoring.ts ├── policy │ ├── factory.ts │ ├── kubernetes.ts │ ├── provider.ts │ └── static.ts ├── ratelimit │ ├── factory.ts │ ├── ratelimiter.ts │ └── ratelimiter_redis.ts ├── server.ts ├── stats │ └── recorder.ts ├── tester.ts ├── upstream │ └── smtp.ts └── util.ts ├── tests ├── integration │ ├── setup │ │ ├── policy.yaml │ │ ├── sender.yaml │ │ └── smtpserver.yaml │ └── smtp_delivery.test.ts └── unit │ └── k8s │ └── policy_store.test.ts ├── tsconfig.base.json ├── tsconfig.build.json ├── tsconfig.json └── tsconfig.test.json /.codeclimate.yml: -------------------------------------------------------------------------------- 1 | engines: 2 | # Die, tslint, die 3 | tslint: 4 | enabled: false -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !src 3 | !config 4 | !package*.json 5 | !tsconfig* 6 | !proto -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "npm" 9 | directory: "/" 10 | schedule: 11 | interval: "daily" 12 | - package-ecosystem: "github-actions" 13 | directory: "/" 14 | schedule: 15 | interval: "weekly" -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ master ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ master ] 20 | schedule: 21 | - cron: '31 22 * * 0' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ubuntu-latest 27 | permissions: 28 | actions: read 29 | contents: read 30 | security-events: write 31 | 32 | strategy: 33 | fail-fast: false 34 | matrix: 35 | language: [ 'go', 'javascript' ] 36 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] 37 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support 38 | 39 | steps: 40 | - name: Checkout repository 41 | uses: actions/checkout@v3 42 | 43 | # Initializes the CodeQL tools for scanning. 44 | - name: Initialize CodeQL 45 | uses: github/codeql-action/init@v2 46 | with: 47 | languages: ${{ matrix.language }} 48 | # If you wish to specify custom queries, you can do so here or in a config file. 49 | # By default, queries listed here will override any specified in a config file. 50 | # Prefix the list here with "+" to use these queries and those in the config file. 51 | 52 | # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 53 | # queries: security-extended,security-and-quality 54 | 55 | 56 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 57 | # If this step fails, then you should remove it and run the build manually (see below) 58 | - name: Autobuild 59 | uses: github/codeql-action/autobuild@v2 60 | 61 | # ℹ️ Command-line programs to run using the OS shell. 62 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun 63 | 64 | # If the Autobuild fails above, remove it and uncomment the following three lines. 65 | # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. 66 | 67 | # - run: | 68 | # echo "Run, Build Application using script" 69 | # ./location_of_script_within_repo/buildscript.sh 70 | 71 | - name: Perform CodeQL Analysis 72 | uses: github/codeql-action/analyze@v2 73 | -------------------------------------------------------------------------------- /.github/workflows/deploy.yml: -------------------------------------------------------------------------------- 1 | name: Create release 2 | 3 | on: 4 | push: 5 | tags: 6 | - '*' 7 | 8 | env: 9 | IMAGE_NAME: quay.io/mittwald/kube-mail 10 | REGISTRY_URL: quay.io 11 | 12 | jobs: 13 | deploytagged: 14 | name: Deploy Helm chart 15 | runs-on: ubuntu-latest 16 | if: github.repository == 'mittwald/kube-mail' 17 | steps: 18 | - name: Docker registry login 19 | run: docker login -u "${{ secrets.QUAY_IO_USER }}" -p "${{ secrets.QUAY_IO_TOKEN }}" "${REGISTRY_URL}" 20 | 21 | - uses: actions/checkout@v3 22 | 23 | - name: Build docker image 24 | run: docker build -t "$IMAGE_NAME:latest" . 25 | 26 | - name: Tag latest docker image 27 | run: docker tag "$IMAGE_NAME:latest" "$IMAGE_NAME:${GITHUB_REF##*/}" 28 | 29 | - name: Push images 30 | run: docker push "$IMAGE_NAME:latest" && docker push "$IMAGE_NAME:${GITHUB_REF##*/}" 31 | 32 | - name: Bump chart version 33 | uses: mittwald/bump-app-version-action@v1 34 | with: 35 | mode: 'publish' 36 | chartYaml: './deploy/helm-chart/kube-mail/Chart.yaml' 37 | env: 38 | GITHUB_TOKEN: "${{ secrets.RELEASE_USER_TOKEN }}" 39 | HELM_REPO_PASSWORD: "${{ secrets.HELM_REPO_PASSWORD }}" -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Compile & Test 2 | on: 3 | push: 4 | branches: 5 | - 'master' 6 | tags: 7 | - '*' 8 | pull_request: 9 | jobs: 10 | compile: 11 | name: Compile TypeScript 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@v3 15 | - uses: actions/setup-node@v4 16 | with: 17 | node-version: "18.x" 18 | - run: npm ci 19 | - run: npm run compile 20 | 21 | test: 22 | name: Run unit test suite 23 | runs-on: ubuntu-latest 24 | steps: 25 | - uses: actions/checkout@v3 26 | - uses: actions/setup-node@v4 27 | with: 28 | node-version: "18.x" 29 | - run: npm ci 30 | - run: npm run test 31 | 32 | helm: 33 | name: Verify Helm chart 34 | runs-on: ubuntu-latest 35 | steps: 36 | - uses: actions/checkout@v3 37 | - name: Setup Helm 38 | run: | 39 | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash 40 | - name: Lint Helm chart 41 | run: | 42 | helm lint ./deploy/helm-chart/kube-mail 43 | - name: Render Helm chart 44 | run: | 45 | helm template test ./deploy/helm-chart/kube-mail > /dev/null 46 | 47 | generate: 48 | runs-on: ubuntu-latest 49 | steps: 50 | - uses: actions/checkout@v3 51 | - uses: actions/setup-node@v4 52 | with: 53 | node-version: "18.x" 54 | - uses: actions/setup-go@v4 55 | with: 56 | go-version: '^1.18' 57 | - name: install controller-gen 58 | run: go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.11.3 59 | - run: npm ci 60 | - run: make generate 61 | - name: assert no files are modified 62 | run: | 63 | git diff | cat 64 | git status --porcelain=v1 65 | test $(git status --porcelain=v1 | wc -l) -eq 0 66 | 67 | integration: 68 | name: Run integation test suite 69 | runs-on: ubuntu-latest 70 | steps: 71 | - uses: actions/checkout@v3 72 | - uses: actions/setup-node@v4 73 | with: 74 | node-version: "18.x" 75 | - uses: engineerd/setup-kind@v0.5.0 76 | with: 77 | version: "v0.14.0" 78 | wait: "600s" 79 | - run: npm ci 80 | - name: Testing 81 | run: | 82 | kubectl cluster-info 83 | kubectl get pods -n kube-system 84 | 85 | kind get kubeconfig > ./kind-kubeconfig 86 | - name: Build and load image 87 | run: | 88 | docker build -t kube-mail . 89 | kind load docker-image kube-mail 90 | - name: Setup Helm 91 | run: | 92 | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash 93 | - name: Install kube-mail in KinD 94 | run: | 95 | helm install --set image.repository=kube-mail --set image.pullPolicy=Never kube-mail ./deploy/helm-chart/kube-mail 96 | - name: Run tests 97 | run: | 98 | POD_NAME=$(kubectl get po -l app.kubernetes.io/name=kube-mail -o=jsonpath='{.items[0].metadata.name}') 99 | kubectl apply -f tests/integration/setup 100 | 101 | kubectl wait pod/upstream --for=condition=ready 102 | kubectl wait pod/$POD_NAME --for=condition=ready 103 | 104 | kubectl port-forward upstream 8080:8080 & 105 | kubectl port-forward $POD_NAME 9100:9100 & 106 | 107 | if ! npm run test:integration ; then 108 | kubectl get pods 109 | kubectl describe pod $POD_NAME 110 | kubectl logs $POD_NAME 111 | 112 | exit 1 113 | fi 114 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.idea/ 2 | /node_modules 3 | /dist 4 | /kind-kubeconfig 5 | /go/.idea 6 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:18 2 | 3 | WORKDIR /app 4 | 5 | COPY package*.json /app/ 6 | 7 | RUN npm install -g npm@^6.1.0 && npm install 8 | 9 | COPY tsconfig* /app/ 10 | COPY src /app/src 11 | 12 | RUN npm run compile 13 | 14 | FROM node:18 15 | 16 | WORKDIR /app 17 | COPY package*.json /app/ 18 | 19 | RUN npm install -g npm@^6.1.0 && npm install --production 20 | 21 | FROM node:18-slim 22 | 23 | WORKDIR /app 24 | 25 | COPY config /app/config 26 | COPY --from=1 /app/node_modules /app/node_modules 27 | COPY --from=0 /app/dist /app/dist 28 | 29 | CMD ["/usr/local/bin/node", "dist/server.js"] 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: generate 2 | generate: 3 | cd go && controller-gen paths=./... crd object output:crd:artifacts:config=../deploy/helm-chart/kube-mail/crds/ 4 | cd go/generate && go run types.go 5 | 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # kube-mail -- SMTP server for Kubernetes 2 | 3 | [![Build Status](https://travis-ci.org/martin-helmich/kube-mail.svg?branch=master)](https://travis-ci.org/martin-helmich/kube-mail) 4 | [![Docker Repository on Quay](https://quay.io/repository/martinhelmich/kube-mail/status "Docker Repository on Quay")](https://quay.io/repository/martinhelmich/kube-mail) 5 | [![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=martin-helmich/kube-mail)](https://dependabot.com) 6 | 7 |
8 | 9 | **:warning: CAUTION** This is entirely experimental and may eat your cluster. 10 | 11 |
12 | 13 | kube-mail is a policy-based SMTP server designed for running in a Kubernetes cluster. It is configurable using Kubernetes Custom Resources and allows you to define policies for outgoing emails based on Pod labels (much like [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)). 14 | 15 | ## Table of Contents 16 | 17 | 18 | 19 | 20 | 21 | - [Installation](#installation) 22 | - [Basic architecture](#basic-architecture) 23 | - [Custom Resources](#custom-resources) 24 | - [`SMTPServer` resources](#smtpserver-resources) 25 | - [`EmailPolicy` resources](#emailpolicy-resources) 26 | - [How-Tos](#how-tos) 27 | - [Forward all emails from a Pod into a mail catcher](#forward-all-emails-from-a-pod-into-a-mail-catcher) 28 | - [Sending mails from within a Pod](#sending-mails-from-within-a-pod) 29 | - [PHP and ssmtp](#php-and-ssmtp) 30 | - [Pending features](#pending-features) 31 | 32 | 33 | 34 | ## License 35 | 36 | This project is licensed under the Apache-2.0 license. 37 | 38 | Copyright 2023 Martin Helmich, Mittwald CM Service GmbH & Co. KG and [other contributors](https://github.com/martin-helmich/kube-mail/graphs/contributors). 39 | 40 | ## Installation 41 | 42 | The helm chart of this controller can be found under [./deploy/helm-chart/kube-mail](./deploy/helm-chart/kube-mail). 43 | 44 | Alternatively, you can use the [Mittwald Kubernetes Helm Charts](https://github.com/mittwald/helm-charts) repository: 45 | ```shell script 46 | helm repo add mittwald https://helm.mittwald.de 47 | helm repo update 48 | helm install kube-mail mittwald/kube-mail --namespace kube-system 49 | ``` 50 | 51 | ## Basic architecture 52 | 53 | When installed, kube-mail acts as an SMTP server that Pods in your cluster can use to send outgoing mails. This server works without any of the typical SMTP authentication mechanisms; instead, the kube-mail SMTP server authenticates a Pod by its IP address and then tries to find a `EmailPolicy` resource that matches the source Pod (by label). 54 | 55 | If an `EmailPolicy` has been found for a Pod, kube-mail will forward the email that should be sent to the upstream SMTP server configured in the `EmailPolicy`. If no `EmailPolicy` matches, kube-mail will reject the email. 56 | 57 | Within your Pod, simply use `kube-mail..svc` as SMTP server without any authentication. kube-mail will do the rest. 58 | 59 | ## Custom Resources 60 | 61 | This controller adds two Custom Resources to your Kubernetes cluster: A `SMTPServer` and a `EmailPolicy` resource, both from the `kube-mail.helmich.me/v1alpha1` API group. 62 | 63 | ### `SMTPServer` resources 64 | 65 | An `SMTPServer` resource describes an SMTP server that should be used for outgoing mails. It is defined like follows: 66 | 67 | ```yaml 68 | apiVersion: kube-mail.helmich.me/v1alpha1 69 | kind: SMTPServer 70 | metadata: 71 | name: default 72 | spec: 73 | server: smtp.yourserver.example 74 | port: 465 75 | tls: true 76 | authType: PLAIN 77 | ``` 78 | 79 | Concerning the individual properties: 80 | 81 |
82 |
.spec.server
83 |
The host name of your upstream SMTP server. This may be either an external service, or a cluster-internal service (for example, specified by its .svc.cluster.local address)
84 |
.spec.port
85 |
The port that the upstream SMTP server is listening on. If omitted, 587 is assumed as default.
86 |
.spec.tls
87 |
Defines if the upstream server uses TLS.
88 |
.spec.authType
89 |
The SMTP authentation type. Supported values are PLAIN, LOGIN, CRAM-MD5 and SCRAM-SHA-1.
90 |
91 | 92 | ### `EmailPolicy` resources 93 | 94 | An `EmailPolicy` defines what kube-mail should do with mails received from a certain pod. An email policy will forward the received email to one of the SMTP servers configured using the `SMTPServer` resources. 95 | 96 | A forwarding email policy is defined like follows: 97 | 98 | ```yaml 99 | apiVersion: kube-mail.helmich.me/v1alpha1 100 | kind: EmailPolicy 101 | metadata: 102 | name: my-policy 103 | spec: 104 | podSelector: 105 | matchLabels: 106 | app.kubernetes.io/name: my-name 107 | ratelimiting: 108 | maximum: 100 109 | period: hour 110 | sink: 111 | smtp: 112 | server: 113 | name: default 114 | namespace: default 115 | credentials: 116 | name: default-credentials 117 | namespace: default 118 | ``` 119 | 120 | Concerning the individual properties: 121 | 122 |
123 |
.spec.podSelector
124 |
This is a selector for the Pods this EmailPolicy should apply to. When a SMTP connection is opened to kube-mail, it will identity the source Pod by its Pod IP address and then test if the source Pod matches this label selector.
125 |
.spec.ratelimiting
126 |
Rate limiting may be configured per Policy. Allowed periods are "hour" and "minute". Messages are counted per policy, not per Pod.
127 |
.spec.sink
128 |
129 | sink describes where kube-mail should deliver received emails. This may either be an SMTP server (described by a SMTPServer resource) or kube-mail's internal database. 130 |
131 |
.spec.sink.smtp.server
132 |
server is a reference to a SMTPServer resource. It may be placed in a different namespace.
133 |
.spec.sink.smtp.credentials
134 |
credentials is a reference to a Secret resource with a "username" and "password" key. It may be placed in a different namespace. NOTE: If omitted, kube-mail will attempt an unauthenticated connection to the SMTP server.
135 |
136 |
137 |
138 | 139 | ## How-Tos 140 | 141 | ### Forward all emails from a Pod into a mail catcher 142 | 143 | Forwarding all outgoing emails into a mail catcher (like [MailHog](https://github.com/mailhog/MailHog)) is a common use case in development environments, where an application should not be allowed to actually send emails out into the world. To configure kube-mail to forward all emails into a mail catcher, proceed as follows. 144 | 145 | 1. Make sure that kube-mail is up and running in a namespace of your choice (for this example, we'll assume that kube-mail is running in the `kube-system` namespace). 146 | 147 | 1. Install the mail catcher of your choice. MailHog, for example, has a [Helm chart](https://github.com/codecentric/helm-charts/tree/master/charts/mailhog) that makes it easy to install: 148 | 149 | ``` 150 | $ helm repo add codecentric https://codecentric.github.io/helm-charts 151 | $ helm install \ 152 | --namespace kube-system \ 153 | --name mailhog \ 154 | codecentric/mailhog 155 | ``` 156 | 157 | 1. Configure an `SMTPServer` resource pointing to your MailHog service: 158 | 159 | ```yaml 160 | apiVersion: kube-mail.helmich.me/v1alpha1 161 | kind: SMTPServer 162 | metadata: 163 | name: mailhog 164 | namespace: kube-system 165 | spec: 166 | server: mailhog.kubemail-system.svc.cluster.local 167 | port: 1025 168 | tls: false 169 | ``` 170 | 171 | 1. Configure an `EmailPolicy` to catch emails from a Pod and forward them to the configured `SMTPServer`. The policy resource needs to be in the same namespace as the Pod that's sending mails. 172 | 173 | ```yaml 174 | apiVersion: kube-mail.helmich.me/v1alpha1 175 | kind: EmailPolicy 176 | metadata: 177 | name: pod-to-mailhog 178 | namespace: default # needs to be same namespace as Pod 179 | spec: 180 | podSelector: 181 | matchLabels: 182 | app.kubernetes.io/name: my-name 183 | sink: 184 | smtp: 185 | server: # server may be in a different namespace than policy 186 | name: mailhog 187 | namespace: kube-system 188 | ``` 189 | 190 | ## Sending mails from within a Pod 191 | 192 | ### PHP and ssmtp 193 | 194 | Provide `ssmtp` in your Pod; use the following configuration (`/etc/ssmtp/ssmtp.conf`): 195 | 196 | ``` 197 | mailhub=kube-mail.kube-system.svc.cluster.local 198 | hostname=foo 199 | FromLineOverride=yes 200 | ``` 201 | 202 | Then in the php.ini: 203 | 204 | ``` 205 | sendmail_path = /usr/sbin/ssmtp -t 206 | ``` 207 | 208 | ## Pending features 209 | 210 | - [ ] Rate limiting 211 | - [ ] TLS for cluster-internal communication 212 | -------------------------------------------------------------------------------- /config/custom-environment-variables.yaml: -------------------------------------------------------------------------------- 1 | policy: 2 | provider: kubernetes 3 | kubernetes: 4 | inCluster: 5 | __name: KUBEMAIL_KUBERNETES_INCLUSTER 6 | __format: json 7 | static: KUBEMAIL_KUBERNETES_POLICY 8 | 9 | rateLimiter: 10 | redis: 11 | host: KUBEMAIL_REDIS_HOST 12 | port: KUBEMAIL_REDIS_PORT 13 | password: KUBEMAIL_REDIS_PASSWORD 14 | sentinel: 15 | host: KUBEMAIL_REDIS_SENTINEL_HOST 16 | port: KUBEMAIL_REDIS_SENTINEL_PORT 17 | masterSet: KUBEMAIL_REDIS_SENTINEL_MASTERSET 18 | watcher: 19 | emailPolicyInformer: 20 | selector: 21 | __name: WATCHER_EMAILPOLICYINFORMER_SELECTOR 22 | __format: json 23 | podInformer: 24 | selector: 25 | __name: WATCHER_PODINFORMER_SELECTOR 26 | __format: json 27 | -------------------------------------------------------------------------------- /config/default.yaml: -------------------------------------------------------------------------------- 1 | policy: 2 | provider: kubernetes 3 | kubernetes: 4 | inCluster: false 5 | config: /Users/mhelmich/.kube/config 6 | static: ~ 7 | 8 | rateLimiter: 9 | redis: 10 | host: localhost 11 | port: 6379 12 | password: ~ 13 | sentinel: ~ 14 | # host: ~ 15 | # port: ~ 16 | # masterSet: ~ 17 | 18 | watcher: 19 | emailPolicyInformer: 20 | #selector: {"foo":"bar","bar":"foo"} 21 | podInformer: 22 | #selector: {"foo":"bar","bar":"foo"} 23 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 17.9.2 5 | digest: sha256:e01928282e1a82660c7695bc1691b4670325fe44bac267142ab194bf29ce8582 6 | generated: "2023-03-27T08:23:30.576981318+02:00" 7 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: A Helm chart for KubeMail 3 | name: kube-mail 4 | version: 0.9.0 5 | dependencies: 6 | - name: redis 7 | version: 17.9.2 8 | repository: https://charts.bitnami.com/bitnami 9 | condition: redis.enabled 10 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/charts/redis-17.9.2.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/martin-helmich/kube-mail/3caa60b6c45c1e39844cc804e31ff24830f5cfb0/deploy/helm-chart/kube-mail/charts/redis-17.9.2.tgz -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/crds/kube-mail.helmich.me_emailpolicies.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.11.3 7 | creationTimestamp: null 8 | name: emailpolicies.kube-mail.helmich.me 9 | spec: 10 | group: kube-mail.helmich.me 11 | names: 12 | kind: EmailPolicy 13 | listKind: EmailPolicyList 14 | plural: emailpolicies 15 | shortNames: 16 | - emailpolicy 17 | singular: emailpolicy 18 | scope: Namespaced 19 | versions: 20 | - additionalPrinterColumns: 21 | - description: describes if this is the default policy 22 | jsonPath: .spec.default 23 | name: default 24 | type: boolean 25 | - description: which SMTP server mails are forwarded to 26 | jsonPath: .spec.sink.smtp.server 27 | name: SMTP Server 28 | type: string 29 | name: v1alpha1 30 | schema: 31 | openAPIV3Schema: 32 | description: EmailPolicy is the Schema for the emailpolicy API 33 | properties: 34 | apiVersion: 35 | description: 'APIVersion defines the versioned schema of this representation 36 | of an object. Servers should convert recognized schemas to the latest 37 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 38 | type: string 39 | kind: 40 | description: 'Kind is a string value representing the REST resource this 41 | object represents. Servers may infer this from the endpoint the client 42 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 43 | type: string 44 | metadata: 45 | type: object 46 | spec: 47 | properties: 48 | default: 49 | type: boolean 50 | podSelector: 51 | description: A label selector is a label query over a set of resources. 52 | The result of matchLabels and matchExpressions are ANDed. An empty 53 | label selector matches all objects. A null label selector matches 54 | no objects. 55 | properties: 56 | matchExpressions: 57 | description: matchExpressions is a list of label selector requirements. 58 | The requirements are ANDed. 59 | items: 60 | description: A label selector requirement is a selector that 61 | contains values, a key, and an operator that relates the key 62 | and values. 63 | properties: 64 | key: 65 | description: key is the label key that the selector applies 66 | to. 67 | type: string 68 | operator: 69 | description: operator represents a key's relationship to 70 | a set of values. Valid operators are In, NotIn, Exists 71 | and DoesNotExist. 72 | type: string 73 | values: 74 | description: values is an array of string values. If the 75 | operator is In or NotIn, the values array must be non-empty. 76 | If the operator is Exists or DoesNotExist, the values 77 | array must be empty. This array is replaced during a strategic 78 | merge patch. 79 | items: 80 | type: string 81 | type: array 82 | required: 83 | - key 84 | - operator 85 | type: object 86 | type: array 87 | matchLabels: 88 | additionalProperties: 89 | type: string 90 | description: matchLabels is a map of {key,value} pairs. A single 91 | {key,value} in the matchLabels map is equivalent to an element 92 | of matchExpressions, whose key field is "key", the operator 93 | is "In", and the values array contains only "value". The requirements 94 | are ANDed. 95 | type: object 96 | type: object 97 | x-kubernetes-map-type: atomic 98 | ratelimiting: 99 | properties: 100 | maximum: 101 | type: integer 102 | period: 103 | enum: 104 | - hour 105 | - minute 106 | type: string 107 | required: 108 | - maximum 109 | type: object 110 | sink: 111 | properties: 112 | smtp: 113 | properties: 114 | credentials: 115 | properties: 116 | name: 117 | type: string 118 | namespace: 119 | type: string 120 | required: 121 | - name 122 | type: object 123 | server: 124 | properties: 125 | name: 126 | type: string 127 | namespace: 128 | type: string 129 | required: 130 | - name 131 | type: object 132 | required: 133 | - server 134 | type: object 135 | required: 136 | - smtp 137 | type: object 138 | required: 139 | - sink 140 | type: object 141 | status: 142 | type: object 143 | type: object 144 | served: true 145 | storage: true 146 | subresources: 147 | status: {} 148 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/crds/kube-mail.helmich.me_smtpservers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.11.3 7 | creationTimestamp: null 8 | name: smtpservers.kube-mail.helmich.me 9 | spec: 10 | group: kube-mail.helmich.me 11 | names: 12 | kind: SMTPServer 13 | listKind: SMTPServerList 14 | plural: smtpservers 15 | shortNames: 16 | - smtpserver 17 | singular: smtpserver 18 | scope: Namespaced 19 | versions: 20 | - additionalPrinterColumns: 21 | - description: SMTP server hostname 22 | jsonPath: .spec.server 23 | name: SMTP Server 24 | type: string 25 | name: v1alpha1 26 | schema: 27 | openAPIV3Schema: 28 | description: SMTPServer is the Schema for the smtpserver API 29 | properties: 30 | apiVersion: 31 | description: 'APIVersion defines the versioned schema of this representation 32 | of an object. Servers should convert recognized schemas to the latest 33 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 34 | type: string 35 | kind: 36 | description: 'Kind is a string value representing the REST resource this 37 | object represents. Servers may infer this from the endpoint the client 38 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 39 | type: string 40 | metadata: 41 | type: object 42 | spec: 43 | properties: 44 | authType: 45 | enum: 46 | - PLAIN 47 | - LOGIN 48 | - CRAM-MD5 49 | - SCRAM-SHA-1 50 | type: string 51 | connect: 52 | enum: 53 | - plain 54 | - ssl 55 | - starttls 56 | type: string 57 | port: 58 | type: integer 59 | server: 60 | type: string 61 | tls: 62 | description: 'DEPRECATED: Use Connect, instead' 63 | type: boolean 64 | required: 65 | - server 66 | type: object 67 | status: 68 | type: object 69 | type: object 70 | served: true 71 | storage: true 72 | subresources: 73 | status: {} 74 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "chart.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "chart.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- if contains $name .Release.Name -}} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | 26 | {{- define "chart.mongodb.fullname" -}} 27 | {{- $name := "mongodb" -}} 28 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 29 | {{- end -}} 30 | 31 | {{/* 32 | Create chart name and version as used by the chart label. 33 | */}} 34 | {{- define "chart.chart" -}} 35 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 36 | {{- end }} 37 | 38 | {{/* 39 | Common annotations 40 | */}} 41 | {{- define "chart.commonAnnotations" -}} 42 | {{- if .Values.commonAnnotations }} 43 | {{- toYaml .Values.commonAnnotations }} 44 | {{- end }} 45 | {{- end }} 46 | 47 | {{/* 48 | Common labels 49 | */}} 50 | {{- define "chart.commonLabels" -}} 51 | {{- if .Values.commonLabels }} 52 | {{- toYaml .Values.commonLabels }} 53 | {{- end }} 54 | {{ include "chart.metaLabels" . }} 55 | {{- end }} 56 | 57 | {{/* 58 | Meta labels 59 | */}} 60 | {{- define "chart.metaLabels" -}} 61 | helm.sh/chart: {{ include "chart.chart" . }} 62 | {{ include "chart.selectorLabels" . }} 63 | {{- if .Chart.AppVersion }} 64 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 65 | {{- end }} 66 | app.kubernetes.io/managed-by: {{ .Release.Service }} 67 | {{- end }} 68 | 69 | {{/* 70 | Selector labels 71 | */}} 72 | {{- define "chart.selectorLabels" -}} 73 | app.kubernetes.io/name: {{ include "chart.name" . }} 74 | app.kubernetes.io/instance: {{ .Release.Name }} 75 | {{- end }} 76 | 77 | {{/* 78 | Return the Redis hostname 79 | */}} 80 | {{- define "chart.redis.host" -}} 81 | {{- ternary (printf "%s-redis" .Release.Name ) .Values.externalRedis.host .Values.redis.enabled -}} 82 | {{- end -}} 83 | 84 | {{/* 85 | Return the Redis port 86 | */}} 87 | {{- define "chart.redis.port" -}} 88 | {{- ternary .Values.redis.master.service.ports.redis .Values.externalRedis.port .Values.redis.enabled -}} 89 | {{- end -}} 90 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/alerts.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.prometheus.enabled .Values.prometheus.alerting.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ template "chart.fullname" . }} 6 | {{- $commonLabels := (include "chart.commonLabels" .) }} 7 | {{- if or $commonLabels .Values.prometheus.alerting.additionalLabels }} 8 | labels: 9 | {{- with .Values.prometheus.alerting.additionalLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with $commonLabels }} 13 | {{- . | nindent 4 }} 14 | {{- end }} 15 | {{- end }} 16 | {{- $commonAnnotations := (include "chart.commonAnnotations" .) }} 17 | {{- if or $commonAnnotations .Values.prometheus.alerting.additionalAnnotations }} 18 | annotations: 19 | {{- with .Values.prometheus.alerting.additionalAnnotations }} 20 | {{- toYaml . | nindent 4 }} 21 | {{- end }} 22 | {{- with $commonAnnotations }} 23 | {{- . | nindent 4 }} 24 | {{- end }} 25 | {{- end }} 26 | spec: 27 | groups: 28 | - name: kube-mail.rules 29 | rules: 30 | {{- /* alerts for individual pods and policies -- generally considered as warnings */ -}} 31 | {{- if .Values.prometheus.alerting.rules.KubeMailForwardErrorsByPolicy.enabled }} 32 | - alert: KubeMailForwardErrorsByPolicy 33 | annotations: 34 | message: | 35 | {{ `Email policy {{ $labels.policy_namespace }}/{{ $labels.policy_name }} has {{ $values }} errors per second while fowarding mails` }} 36 | summary: Email policy has high forwarding error rate 37 | expr: sum(rate(kubemail_forward_errors[5m])) by (policy_namespace, policy_name) > 0 38 | labels: {{ .Values.prometheus.alerting.rules.KubeMailForwardErrorsByPolicy.labels | toYaml | nindent 12 }} 39 | for: 5m 40 | {{- end }} 41 | {{- if .Values.prometheus.alerting.rules.KubeMailForwardErrorsByServer.enabled }} 42 | - alert: KubeMailForwardErrorsByServer 43 | annotations: 44 | message: | 45 | {{ `SMTP server {{ $labels.server_namespace }}/{{ $labels.server_name }} has {{ $values }} errors per second while fowarding mails` }} 46 | summary: SMTP server has high forwarding error rate 47 | expr: sum(rate(kubemail_forward_errors[5m])) by (server_namespace, server_name) > 0 48 | labels: {{ .Values.prometheus.alerting.rules.KubeMailForwardErrorsByServer.labels | toYaml | nindent 12 }} 49 | for: 5m 50 | {{- end }} 51 | {{- if .Values.prometheus.alerting.rules.KubeMailRejectedNoPod.enabled }} 52 | - alert: KubeMailRejectedNoPod 53 | annotations: 54 | message: | 55 | {{ `{{ $values }} mails per second are rejected because they originate from unknown pod IPs (is the informer stuck?)` }} 56 | summary: High "unknown pod" email rejection rate 57 | expr: sum(rate(kubemail_rejected_emails_nopod)[5m]) > 0 58 | labels: {{ .Values.prometheus.alerting.rules.KubeMailRejectedNoPod.labels | toYaml | nindent 12 }} 59 | for: 5m 60 | {{- end }} 61 | {{- if .Values.prometheus.alerting.rules.KubeMailRejectedNoPolicy.enabled }} 62 | - alert: KubeMailRejectedNoPolicy 63 | annotations: 64 | message: | 65 | {{ `{{ $values }} mails per second are rejected from pod {{ $labels.pod_namespace }}/{{ $labels.pod_name }} because there is no forwarding policy for their pod` }} 66 | summary: High email rejection rate due to missing email policy 67 | expr: sum(rate(kubemail_rejected_emails_nopolicy)[5m]) by (pod_namespace, pod_name) > 0 68 | labels: {{ .Values.prometheus.alerting.rules.KubeMailRejectedNoPolicy.labels | toYaml | nindent 12 }} 69 | for: 5m 70 | {{- end }} 71 | {{- if .Values.prometheus.alerting.rules.KubeMailRejectedRatelimit.enabled }} 72 | - alert: KubeMailRejectedRatelimit 73 | annotations: 74 | message: | 75 | {{ `{{ $values }} mails per second are rejected from policy {{ $labels.policy_namespace }}/{{ $labels.policy_name }} because its rate limit was exceeded` }} 76 | summary: High email rejection rate due to exceeded rate limit 77 | expr: sum(rate(kubemail_rejected_emails_ratelimit)[5m]) by (policy_namespace, policy_name) > 0 78 | labels: {{ .Values.prometheus.alerting.rules.KubeMailRejectedRatelimit.labels | toYaml | nindent 12 }} 79 | for: 5m 80 | {{- end }} 81 | {{- if .Values.prometheus.alerting.rules.KubeMailForwardErrors.enabled }} 82 | - alert: KubeMailForwardErrors 83 | annotations: 84 | message: | 85 | {{ `Overall forwarding error rate is high, at {{ $values }} rejections per second` }} 86 | summary: High overall email forwarding error rate 87 | expr: sum(rate(kubemail_forward_errors[5m])) > 0 88 | labels: {{ .Values.prometheus.alerting.rules.KubeMailForwardErrors.labels | toYaml | nindent 12 }} 89 | for: 10m 90 | {{- end }} 91 | {{- end }} 92 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "chart.fullname" . }} 5 | {{- with (include "chart.commonLabels" .) }} 6 | labels: {{ . | nindent 4 }} 7 | {{- end }} 8 | {{- with (include "chart.commonAnnotations" .) }} 9 | annotations: {{ . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | replicas: {{ .Values.replicaCount }} 13 | {{- with .Values.updateStrategy }} 14 | strategy: {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | selector: 17 | matchLabels: {{- include "chart.selectorLabels" . | nindent 6 }} 18 | template: 19 | metadata: 20 | labels: {{- include "chart.selectorLabels" . | nindent 8 }} 21 | {{- if .Values.redis.networkPolicy.enabled }} 22 | {{ template "chart.fullname" . }}-redis-client: "true" 23 | {{- end }} 24 | {{- if and .Values.prometheus.enabled (not .Values.prometheus.serviceMonitor.enabled) }} 25 | annotations: 26 | prometheus.io/scrape: "true" 27 | prometheus.io/port: "9100" 28 | prometheus.io/path: "/metrics" 29 | {{- end }} 30 | spec: 31 | {{- if .Values.rbac.enabled }} 32 | serviceAccountName: {{ template "chart.fullname" . }} 33 | {{- end }} 34 | {{- if .Values.podSecurityContext.enabled }} 35 | securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} 36 | {{- end }} 37 | {{- with .Values.priorityClassName }} 38 | priorityClassName: {{ . | quote }} 39 | {{- end }} 40 | containers: 41 | - name: kube-mail 42 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 43 | imagePullPolicy: {{ .Values.image.pullPolicy }} 44 | {{- if .Values.containerSecurityContext.enabled }} 45 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} 46 | {{- end }} 47 | ports: 48 | - containerPort: {{ .Values.smtp.service.internalPort }} 49 | name: smtp 50 | - containerPort: {{ .Values.prometheus.metricsPort }} 51 | name: metrics 52 | livenessProbe: 53 | httpGet: 54 | path: /status 55 | port: {{ .Values.prometheus.metricsPort }} 56 | readinessProbe: 57 | httpGet: 58 | path: /readiness 59 | port: {{ .Values.prometheus.metricsPort }} 60 | env: 61 | - name: KUBEMAIL_KUBERNETES_INCLUSTER 62 | value: "true" 63 | {{- if .Values.redis.usePassword }} 64 | - name: KUBEMAIL_REDIS_PASSWORD 65 | valueFrom: 66 | secretKeyRef: 67 | name: {{ template "chart.fullname" . }}-redis 68 | key: redis-password 69 | {{- end }} 70 | {{- if .Values.redis.sentinel.enabled }} 71 | - name: KUBEMAIL_REDIS_SENTINEL_HOST 72 | value: {{ include "chart.redis.host" . }} 73 | - name: KUBEMAIL_REDIS_SENTINEL_PORT 74 | value: {{ .Values.redis.sentinel.service.ports.sentinel | quote }} 75 | - name: KUBEMAIL_REDIS_SENTINEL_MASTERSET 76 | value: {{ .Values.redis.sentinel.masterSet | quote }} 77 | {{- else }} 78 | - name: KUBEMAIL_REDIS_HOST 79 | value: {{ include "chart.redis.host" . }}-master 80 | - name: KUBEMAIL_REDIS_PORT 81 | value: {{ include "chart.redis.port" . | quote }} 82 | {{- end }} 83 | - name: DEBUG 84 | value: "*" 85 | {{- if .Values.watcher.emailPolicyInformer.selector }} 86 | - name: WATCHER_EMAILPOLICYINFORMER_SELECTOR 87 | value: |- 88 | {{ toJson .Values.watcher.emailPolicyInformer.selector }} 89 | {{- end }} 90 | {{- if .Values.watcher.podInformer.selector }} 91 | - name: WATCHER_PODINFORMER_SELECTOR 92 | value: |- 93 | {{ toJson .Values.watcher.podInformer.selector }} 94 | {{- end }} 95 | resources: 96 | {{ toYaml .Values.resources | indent 12 }} 97 | {{- if .Values.extraVolumeMounts }} 98 | volumeMounts: {{- toYaml .Values.extraVolumeMounts | nindent 12 }} 99 | {{- end }} 100 | {{- with .Values.affinity }} 101 | affinity: {{- toYaml . | nindent 8 }} 102 | {{- end }} 103 | {{- with .Values.tolerations }} 104 | tolerations: {{- toYaml . | nindent 8 }} 105 | {{- end }} 106 | {{- with .Values.topologySpreadConstraints }} 107 | topologySpreadConstraints: {{ toYaml . | nindent 8}} 108 | {{- end }} 109 | {{- if .Values.nodeSelector }} 110 | nodeSelector: 111 | {{ toYaml .Values.nodeSelector | indent 8 }} 112 | {{- end }} 113 | {{- if .Values.extraVolumes }} 114 | volumes: {{ toYaml .Values.extraVolumes | nindent 8 }} 115 | {{- end }} 116 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/networkpolicy-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheus.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ template "chart.fullname" . }}-metrics 6 | {{- with (include "chart.commonLabels" .) }} 7 | labels: {{ . | nindent 4 }} 8 | {{- end }} 9 | {{- with (include "chart.commonAnnotations" .) }} 10 | annotations: {{ . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | podSelector: 14 | matchLabels: {{- include "chart.selectorLabels" . | nindent 6 }} 15 | policyTypes: 16 | - Ingress 17 | ingress: 18 | - ports: 19 | - protocol: TCP 20 | port: {{ .Values.prometheus.metricsPort }} 21 | {{- if .Values.prometheus.networkPolicyIngress }} 22 | from: {{ .Values.prometheus.networkPolicyIngress | toYaml | nindent 6 }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: {{ template "chart.fullname" . }}-smtp 5 | {{- with (include "chart.commonLabels" .) }} 6 | labels: {{ . | nindent 4 }} 7 | {{- end }} 8 | {{- with (include "chart.commonAnnotations" .) }} 9 | annotations: {{ . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | podSelector: 13 | matchLabels: {{- include "chart.selectorLabels" . | nindent 6 }} 14 | policyTypes: 15 | - Ingress 16 | ingress: 17 | - from: 18 | - namespaceSelector: 19 | matchLabels: 20 | "kube-mail.helmich.me/smtp-access": "true" 21 | ports: 22 | - protocol: TCP 23 | port: {{ .Values.smtp.service.internalPort }} 24 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.enabled }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "chart.fullname" . }}-policies 6 | {{- with (include "chart.commonLabels" .) }} 7 | labels: {{ . | nindent 4 }} 8 | {{- end }} 9 | {{- with (include "chart.commonAnnotations" .) }} 10 | annotations: {{ . | nindent 4 }} 11 | {{- end }} 12 | rules: 13 | - apiGroups: ["kube-mail.helmich.me"] 14 | resources: ["emailpolicies", "smtpservers"] 15 | verbs: 16 | - get 17 | - list 18 | - watch 19 | - apiGroups: [""] 20 | resources: ["secrets"] 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | --- 26 | kind: ClusterRole 27 | apiVersion: rbac.authorization.k8s.io/v1 28 | metadata: 29 | name: {{ template "chart.fullname" . }}-podwatcher 30 | {{- with (include "chart.commonLabels" .) }} 31 | labels: {{ . | nindent 4 }} 32 | {{- end }} 33 | {{- with (include "chart.commonAnnotations" .) }} 34 | annotations: {{ . | nindent 4 }} 35 | {{- end }} 36 | rules: 37 | - apiGroups: [""] 38 | resources: ["pods"] 39 | verbs: 40 | - get 41 | - list 42 | - watch 43 | 44 | 45 | --- 46 | kind: ServiceAccount 47 | apiVersion: v1 48 | metadata: 49 | name: {{ template "chart.fullname" . }} 50 | {{- with (include "chart.commonLabels" .) }} 51 | labels: {{ . | nindent 4 }} 52 | {{- end }} 53 | {{- with (include "chart.commonAnnotations" .) }} 54 | annotations: {{ . | nindent 4 }} 55 | {{- end }} 56 | --- 57 | kind: ClusterRoleBinding 58 | apiVersion: rbac.authorization.k8s.io/v1 59 | metadata: 60 | name: {{ template "chart.fullname" . }}-podwatcher 61 | {{- with (include "chart.commonLabels" .) }} 62 | labels: {{ . | nindent 4 }} 63 | {{- end }} 64 | {{- with (include "chart.commonAnnotations" .) }} 65 | annotations: {{ . | nindent 4 }} 66 | {{- end }} 67 | subjects: 68 | - kind: ServiceAccount 69 | name: {{ template "chart.fullname" . }} 70 | namespace: {{ .Release.Namespace }} 71 | roleRef: 72 | kind: ClusterRole 73 | name: {{ template "chart.fullname" . }}-podwatcher 74 | apiGroup: rbac.authorization.k8s.io 75 | --- 76 | kind: ClusterRoleBinding 77 | apiVersion: rbac.authorization.k8s.io/v1 78 | metadata: 79 | name: {{ template "chart.fullname" . }}-policies 80 | {{- with (include "chart.commonLabels" .) }} 81 | labels: {{ . | nindent 4 }} 82 | {{- end }} 83 | {{- with (include "chart.commonAnnotations" .) }} 84 | annotations: {{ . | nindent 4 }} 85 | {{- end }} 86 | subjects: 87 | - kind: ServiceAccount 88 | name: {{ template "chart.fullname" . }} 89 | namespace: {{ .Release.Namespace }} 90 | roleRef: 91 | kind: ClusterRole 92 | name: {{ template "chart.fullname" . }}-policies 93 | apiGroup: rbac.authorization.k8s.io 94 | {{- end }} 95 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.service.name }} 5 | {{- with (include "chart.commonLabels" .) }} 6 | labels: {{ . | nindent 4 }} 7 | {{- end }} 8 | {{- with (include "chart.commonAnnotations" .) }} 9 | annotations: {{ . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | type: {{ .Values.service.type }} 13 | ports: 14 | - port: {{ .Values.smtp.service.externalPort }} 15 | targetPort: {{ .Values.smtp.service.internalPort }} 16 | protocol: TCP 17 | name: smtp 18 | - port: {{ .Values.prometheus.metricsPort }} 19 | targetPort: {{ .Values.prometheus.metricsPort }} 20 | protocol: TCP 21 | name: metrics 22 | selector: {{- include "chart.selectorLabels" . | nindent 4 }} 23 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "chart.fullname" . }} 6 | {{- $commonLabels := (include "chart.commonLabels" .) }} 7 | {{- if or $commonLabels .Values.prometheus.serviceMonitor.additionalLabels }} 8 | labels: 9 | {{- with .Values.prometheus.serviceMonitor.additionalLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with $commonLabels }} 13 | {{- . | nindent 4 }} 14 | {{- end }} 15 | {{- end }} 16 | {{- $commonAnnotations := (include "chart.commonAnnotations" .) }} 17 | {{- if or $commonAnnotations .Values.prometheus.serviceMonitor.additionalAnnotations }} 18 | annotations: 19 | {{- with .Values.prometheus.serviceMonitor.additionalAnnotations }} 20 | {{- toYaml . | nindent 4 }} 21 | {{- end }} 22 | {{- with $commonAnnotations }} 23 | {{- . | nindent 4 }} 24 | {{- end }} 25 | {{- end }} 26 | spec: 27 | selector: 28 | matchLabels: {{- include "chart.selectorLabels" . | nindent 6 }} 29 | endpoints: 30 | - port: metrics 31 | {{- if .Values.prometheus.serviceMonitor.interval }} 32 | interval: {{ .Values.prometheus.serviceMonitor.interval }} 33 | {{- end }} 34 | {{- if .Values.prometheus.serviceMonitor.scrapeTimeout }} 35 | scrapeTimeout: {{ .Values.prometheus.serviceMonitor.scrapeTimeout }} 36 | {{- end }} 37 | {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} 38 | metricRelabelings: {{ toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} 39 | {{- end }} 40 | {{- if .Values.prometheus.serviceMonitor.relabelings }} 41 | relabelings: {{ toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /deploy/helm-chart/kube-mail/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for chart. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | replicaCount: 1 5 | updateStrategy: {} 6 | image: 7 | repository: quay.io/mittwald/kube-mail 8 | tag: latest 9 | pullPolicy: Always 10 | rbac: 11 | enabled: true 12 | podSecurityContext: 13 | enabled: false 14 | fsGroup: 1001 15 | containerSecurityContext: 16 | enabled: false 17 | runAsUser: 1001 18 | runAsNonRoot: true 19 | # priorityClassName: "system-cluster-critical" 20 | smtp: 21 | service: 22 | externalPort: 25 23 | internalPort: 1025 24 | service: 25 | name: kube-mail 26 | type: ClusterIP 27 | watcher: 28 | emailPolicyInformer: 29 | selector: {} 30 | #foo: bar 31 | #bar: foo 32 | podInformer: 33 | selector: {} 34 | #foo: bar 35 | #bar: foo 36 | prometheus: 37 | enabled: true 38 | metricsPort: 9100 39 | serviceMonitor: 40 | enabled: false 41 | interval: "" 42 | scrapeTimeout: "" 43 | metricRelabelings: [] 44 | relabelings: [] 45 | additionalLabels: {} 46 | additionalAnnotations: {} 47 | alerting: 48 | enabled: false 49 | additionalLabels: {} 50 | additionalAnnotations: {} 51 | rules: 52 | KubeMailForwardErrorsByPolicy: &commonWarningAlertSettings 53 | enabled: true 54 | labels: 55 | severity: warning 56 | KubeMailForwardErrorsByServer: *commonWarningAlertSettings 57 | KubeMailRejectedNoPolicy: *commonWarningAlertSettings 58 | KubeMailRejectedRatelimit: *commonWarningAlertSettings 59 | 60 | KubeMailForwardErrors: &commonCriticalAlertSettings 61 | enabled: true 62 | labels: 63 | severity: critical 64 | KubeMailRejectedNoPod: *commonCriticalAlertSettings 65 | 66 | # networkPolicyIngress: 67 | # - namespaceSelector: 68 | # matchLabels: 69 | # kubernetes.io/metadata.name: monitoring 70 | extraVolumeMounts: [] 71 | extraVolumes: [] 72 | commonLabels: {} 73 | commonAnnotations: {} 74 | resources: {} 75 | # We usually recommend not to specify default resources and to leave this as a conscious 76 | # choice for the user. This also increases chances charts run on environments with little 77 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 78 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 79 | # limits: 80 | # cpu: 100m 81 | # memory: 128Mi 82 | # requests: 83 | # cpu: 100m 84 | # memory: 128Mi 85 | nodeSelector: {} 86 | tolerations: [] 87 | affinity: {} 88 | topologySpreadConstraints: [] 89 | redis: 90 | enabled: true 91 | architecture: replication 92 | replica: 93 | replicaCount: 1 94 | sentinel: 95 | enabled: true 96 | auth: 97 | enabled: false 98 | sentinel: false 99 | networkPolicy: 100 | enabled: true 101 | allowExternal: false 102 | externalRedis: 103 | port: 104 | host: 105 | -------------------------------------------------------------------------------- /go/apis/kube-mail/v1alpha1/emailpolicy_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | ) 6 | 7 | type RateLimitingPeriod string 8 | 9 | const ( 10 | RateLimitingPeriodHour RateLimitingPeriod = "hour" 11 | RateLimitingPeriodMinute RateLimitingPeriod = "minute" 12 | ) 13 | 14 | type ObjectReference struct { 15 | Name string `json:"name"` 16 | // +optional 17 | Namespace string `json:"namespace,omitempty"` 18 | } 19 | 20 | type EmailPolicySMTPSink struct { 21 | Server ObjectReference `json:"server"` 22 | 23 | // +optional 24 | Credentials ObjectReference `json:"credentials,omitempty"` 25 | } 26 | 27 | type EmailPolicyRateLimiting struct { 28 | Maximum int `json:"maximum"` 29 | 30 | // +optional 31 | // +kubebuilder:validation:Enum=hour;minute 32 | Period RateLimitingPeriod `json:"period,omitempty" ts_type:"policyPeriod"` 33 | } 34 | 35 | type EmailPolicySink struct { 36 | SMTP EmailPolicySMTPSink `json:"smtp"` 37 | } 38 | 39 | type EmailPolicySpec struct { 40 | // +optional 41 | Default bool `json:"default,omitempty"` 42 | 43 | // +optional 44 | PodSelector metav1.LabelSelector `json:"podSelector,omitempty" ts_type:"LabelSelector"` 45 | 46 | // +optional 47 | RateLimiting EmailPolicyRateLimiting `json:"ratelimiting,omitempty"` 48 | 49 | Sink EmailPolicySink `json:"sink"` 50 | } 51 | 52 | type EmailPolicyStatus struct { 53 | } 54 | 55 | // +kubebuilder:object:root=true 56 | // +kubebuilder:subresource:status 57 | // +kubebuilder:resource:path=emailpolicies,scope=Namespaced,shortName=emailpolicy 58 | // +kubebuilder:printcolumn:name="default",type="boolean",JSONPath=".spec.default",description="describes if this is the default policy" 59 | // +kubebuilder:printcolumn:name="SMTP Server",type="string",JSONPath=".spec.sink.smtp.server",description="which SMTP server mails are forwarded to" 60 | 61 | // EmailPolicy is the Schema for the emailpolicy API 62 | type EmailPolicy struct { 63 | metav1.TypeMeta `json:",inline"` 64 | metav1.ObjectMeta `json:"metadata,omitempty"` 65 | 66 | Spec EmailPolicySpec `json:"spec,omitempty"` 67 | Status EmailPolicyStatus `json:"status,omitempty"` 68 | } 69 | 70 | // +kubebuilder:object:root=true 71 | 72 | // EmailPolicyList contains a list of Project 73 | type EmailPolicyList struct { 74 | metav1.TypeMeta `json:",inline"` 75 | metav1.ListMeta `json:"metadata,omitempty"` 76 | Items []EmailPolicy `json:"items"` 77 | } 78 | 79 | func init() { 80 | SchemeBuilder.Register(&EmailPolicy{}, &EmailPolicyList{}) 81 | } 82 | -------------------------------------------------------------------------------- /go/apis/kube-mail/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // Package v1alpha1 contains API Schema definitions for the kube-mail v1alpha1 API group 2 | // +kubebuilder:object:generate=true 3 | // +groupName=kube-mail.helmich.me 4 | package v1alpha1 5 | 6 | import ( 7 | "k8s.io/apimachinery/pkg/runtime/schema" 8 | "sigs.k8s.io/controller-runtime/pkg/scheme" 9 | ) 10 | 11 | var ( 12 | // GroupVersion is group version used to register these objects 13 | GroupVersion = schema.GroupVersion{Group: "kube-mail.helmich.me", Version: "v1alpha1"} 14 | 15 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 16 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 17 | 18 | // AddToScheme adds the types in this group-version to the given scheme. 19 | AddToScheme = SchemeBuilder.AddToScheme 20 | ) 21 | -------------------------------------------------------------------------------- /go/apis/kube-mail/v1alpha1/smtpserver_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 4 | 5 | type SMTPAuthType string 6 | 7 | const ( 8 | SMTPAuthTypePlain SMTPAuthType = "PLAIN" 9 | SMTPAuthTypeLogin SMTPAuthType = "LOGIN" 10 | SMTPAuthTypeCRAMMD5 SMTPAuthType = "CRAM-MD5" 11 | SMTPAuthTypeSCRAMSHA1 SMTPAuthType = "SCRAM-SHA-1" 12 | ) 13 | 14 | type SMTPConnectType string 15 | 16 | const ( 17 | SMTPConnectTypePlain SMTPConnectType = "plain" 18 | SMTPConnectTypeSSL SMTPConnectType = "ssl" 19 | SMTPConnectTypeSTARTTLS SMTPConnectType = "starttls" 20 | ) 21 | 22 | type SMTPServerSpec struct { 23 | Server string `json:"server"` 24 | 25 | // +optional 26 | Port int `json:"port,omitempty"` 27 | 28 | // DEPRECATED: Use Connect, instead 29 | // +kubebuilder:deprecatedversion:warning="TLS is deprecated use Connect instead." 30 | // +optional 31 | TLS bool `json:"tls,omitempty"` 32 | 33 | // +kubebuilder:validation:Enum=plain;ssl;starttls 34 | // +optional 35 | Connect SMTPConnectType `json:"connect,omitempty" ts_type:"connect"` 36 | 37 | // +optional 38 | // +kubebuilder:validation:Enum=PLAIN;LOGIN;CRAM-MD5;SCRAM-SHA-1 39 | AuthType SMTPAuthType `json:"authType,omitempty" ts_type:"authType"` 40 | } 41 | 42 | type SMTPServerStatus struct { 43 | } 44 | 45 | // +kubebuilder:object:root=true 46 | // +kubebuilder:subresource:status 47 | // +kubebuilder:resource:path=smtpservers,scope=Namespaced,shortName=smtpserver 48 | // +kubebuilder:printcolumn:name="SMTP Server",type="string",JSONPath=".spec.server",description="SMTP server hostname" 49 | 50 | // SMTPServer is the Schema for the smtpserver API 51 | type SMTPServer struct { 52 | metav1.TypeMeta `json:",inline"` 53 | metav1.ObjectMeta `json:"metadata,omitempty"` 54 | 55 | Spec SMTPServerSpec `json:"spec,omitempty"` 56 | Status SMTPServerStatus `json:"status,omitempty"` 57 | } 58 | 59 | // +kubebuilder:object:root=true 60 | 61 | // SMTPServerList contains a list of Project 62 | type SMTPServerList struct { 63 | metav1.TypeMeta `json:",inline"` 64 | metav1.ListMeta `json:"metadata,omitempty"` 65 | Items []SMTPServer `json:"items"` 66 | } 67 | 68 | func init() { 69 | SchemeBuilder.Register(&SMTPServer{}, &SMTPServerList{}) 70 | } 71 | -------------------------------------------------------------------------------- /go/apis/kube-mail/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | // Code generated by controller-gen. DO NOT EDIT. 5 | 6 | package v1alpha1 7 | 8 | import ( 9 | runtime "k8s.io/apimachinery/pkg/runtime" 10 | ) 11 | 12 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 13 | func (in *EmailPolicy) DeepCopyInto(out *EmailPolicy) { 14 | *out = *in 15 | out.TypeMeta = in.TypeMeta 16 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 17 | in.Spec.DeepCopyInto(&out.Spec) 18 | out.Status = in.Status 19 | } 20 | 21 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailPolicy. 22 | func (in *EmailPolicy) DeepCopy() *EmailPolicy { 23 | if in == nil { 24 | return nil 25 | } 26 | out := new(EmailPolicy) 27 | in.DeepCopyInto(out) 28 | return out 29 | } 30 | 31 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 32 | func (in *EmailPolicy) DeepCopyObject() runtime.Object { 33 | if c := in.DeepCopy(); c != nil { 34 | return c 35 | } 36 | return nil 37 | } 38 | 39 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 40 | func (in *EmailPolicyList) DeepCopyInto(out *EmailPolicyList) { 41 | *out = *in 42 | out.TypeMeta = in.TypeMeta 43 | in.ListMeta.DeepCopyInto(&out.ListMeta) 44 | if in.Items != nil { 45 | in, out := &in.Items, &out.Items 46 | *out = make([]EmailPolicy, len(*in)) 47 | for i := range *in { 48 | (*in)[i].DeepCopyInto(&(*out)[i]) 49 | } 50 | } 51 | } 52 | 53 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailPolicyList. 54 | func (in *EmailPolicyList) DeepCopy() *EmailPolicyList { 55 | if in == nil { 56 | return nil 57 | } 58 | out := new(EmailPolicyList) 59 | in.DeepCopyInto(out) 60 | return out 61 | } 62 | 63 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 64 | func (in *EmailPolicyList) DeepCopyObject() runtime.Object { 65 | if c := in.DeepCopy(); c != nil { 66 | return c 67 | } 68 | return nil 69 | } 70 | 71 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 72 | func (in *EmailPolicyRateLimiting) DeepCopyInto(out *EmailPolicyRateLimiting) { 73 | *out = *in 74 | } 75 | 76 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailPolicyRateLimiting. 77 | func (in *EmailPolicyRateLimiting) DeepCopy() *EmailPolicyRateLimiting { 78 | if in == nil { 79 | return nil 80 | } 81 | out := new(EmailPolicyRateLimiting) 82 | in.DeepCopyInto(out) 83 | return out 84 | } 85 | 86 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 87 | func (in *EmailPolicySMTPSink) DeepCopyInto(out *EmailPolicySMTPSink) { 88 | *out = *in 89 | out.Server = in.Server 90 | out.Credentials = in.Credentials 91 | } 92 | 93 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailPolicySMTPSink. 94 | func (in *EmailPolicySMTPSink) DeepCopy() *EmailPolicySMTPSink { 95 | if in == nil { 96 | return nil 97 | } 98 | out := new(EmailPolicySMTPSink) 99 | in.DeepCopyInto(out) 100 | return out 101 | } 102 | 103 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 104 | func (in *EmailPolicySink) DeepCopyInto(out *EmailPolicySink) { 105 | *out = *in 106 | out.SMTP = in.SMTP 107 | } 108 | 109 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailPolicySink. 110 | func (in *EmailPolicySink) DeepCopy() *EmailPolicySink { 111 | if in == nil { 112 | return nil 113 | } 114 | out := new(EmailPolicySink) 115 | in.DeepCopyInto(out) 116 | return out 117 | } 118 | 119 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 120 | func (in *EmailPolicySpec) DeepCopyInto(out *EmailPolicySpec) { 121 | *out = *in 122 | in.PodSelector.DeepCopyInto(&out.PodSelector) 123 | out.RateLimiting = in.RateLimiting 124 | out.Sink = in.Sink 125 | } 126 | 127 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailPolicySpec. 128 | func (in *EmailPolicySpec) DeepCopy() *EmailPolicySpec { 129 | if in == nil { 130 | return nil 131 | } 132 | out := new(EmailPolicySpec) 133 | in.DeepCopyInto(out) 134 | return out 135 | } 136 | 137 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 138 | func (in *EmailPolicyStatus) DeepCopyInto(out *EmailPolicyStatus) { 139 | *out = *in 140 | } 141 | 142 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailPolicyStatus. 143 | func (in *EmailPolicyStatus) DeepCopy() *EmailPolicyStatus { 144 | if in == nil { 145 | return nil 146 | } 147 | out := new(EmailPolicyStatus) 148 | in.DeepCopyInto(out) 149 | return out 150 | } 151 | 152 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 153 | func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { 154 | *out = *in 155 | } 156 | 157 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. 158 | func (in *ObjectReference) DeepCopy() *ObjectReference { 159 | if in == nil { 160 | return nil 161 | } 162 | out := new(ObjectReference) 163 | in.DeepCopyInto(out) 164 | return out 165 | } 166 | 167 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 168 | func (in *SMTPServer) DeepCopyInto(out *SMTPServer) { 169 | *out = *in 170 | out.TypeMeta = in.TypeMeta 171 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 172 | out.Spec = in.Spec 173 | out.Status = in.Status 174 | } 175 | 176 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SMTPServer. 177 | func (in *SMTPServer) DeepCopy() *SMTPServer { 178 | if in == nil { 179 | return nil 180 | } 181 | out := new(SMTPServer) 182 | in.DeepCopyInto(out) 183 | return out 184 | } 185 | 186 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 187 | func (in *SMTPServer) DeepCopyObject() runtime.Object { 188 | if c := in.DeepCopy(); c != nil { 189 | return c 190 | } 191 | return nil 192 | } 193 | 194 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 195 | func (in *SMTPServerList) DeepCopyInto(out *SMTPServerList) { 196 | *out = *in 197 | out.TypeMeta = in.TypeMeta 198 | in.ListMeta.DeepCopyInto(&out.ListMeta) 199 | if in.Items != nil { 200 | in, out := &in.Items, &out.Items 201 | *out = make([]SMTPServer, len(*in)) 202 | for i := range *in { 203 | (*in)[i].DeepCopyInto(&(*out)[i]) 204 | } 205 | } 206 | } 207 | 208 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SMTPServerList. 209 | func (in *SMTPServerList) DeepCopy() *SMTPServerList { 210 | if in == nil { 211 | return nil 212 | } 213 | out := new(SMTPServerList) 214 | in.DeepCopyInto(out) 215 | return out 216 | } 217 | 218 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 219 | func (in *SMTPServerList) DeepCopyObject() runtime.Object { 220 | if c := in.DeepCopy(); c != nil { 221 | return c 222 | } 223 | return nil 224 | } 225 | 226 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 227 | func (in *SMTPServerSpec) DeepCopyInto(out *SMTPServerSpec) { 228 | *out = *in 229 | } 230 | 231 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SMTPServerSpec. 232 | func (in *SMTPServerSpec) DeepCopy() *SMTPServerSpec { 233 | if in == nil { 234 | return nil 235 | } 236 | out := new(SMTPServerSpec) 237 | in.DeepCopyInto(out) 238 | return out 239 | } 240 | 241 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 242 | func (in *SMTPServerStatus) DeepCopyInto(out *SMTPServerStatus) { 243 | *out = *in 244 | } 245 | 246 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SMTPServerStatus. 247 | func (in *SMTPServerStatus) DeepCopy() *SMTPServerStatus { 248 | if in == nil { 249 | return nil 250 | } 251 | out := new(SMTPServerStatus) 252 | in.DeepCopyInto(out) 253 | return out 254 | } 255 | -------------------------------------------------------------------------------- /go/generate/types.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "path" 6 | 7 | "github.com/mittwald/kube-mail/go/apis/kube-mail/v1alpha1" 8 | "github.com/tkrajina/typescriptify-golang-structs/typescriptify" 9 | ) 10 | 11 | const tsPath = "../../src/k8s/types/v1alpha1/" 12 | 13 | func main() { 14 | t := typescriptify.New() 15 | t.CreateInterface = true 16 | t.BackupDir = "" 17 | 18 | t.AddImport(`import {LabelSelector} from "@mittwald/kubernetes/types/meta/v1"`) 19 | t.AddImport(`import {policyPeriod} from "./enums"`) 20 | 21 | t.Add(v1alpha1.ObjectReference{}) 22 | t.Add(v1alpha1.EmailPolicySMTPSink{}) 23 | t.Add(v1alpha1.EmailPolicyRateLimiting{}) 24 | t.Add(v1alpha1.EmailPolicySink{}) 25 | t.Add(v1alpha1.EmailPolicySpec{}) 26 | 27 | err := t.ConvertToFile(path.Join(tsPath, "emailpolicy_spec.ts")) 28 | if err != nil { 29 | panic(err.Error()) 30 | } 31 | fmt.Println("OK") 32 | 33 | t = typescriptify.New() 34 | t.CreateInterface = true 35 | t.BackupDir = "" 36 | 37 | t.AddImport(`import {authType, connect} from "./enums"`) 38 | 39 | t.Add(v1alpha1.SMTPServerSpec{}) 40 | 41 | err = t.ConvertToFile(path.Join(tsPath, "smtpserver_spec.ts")) 42 | if err != nil { 43 | panic(err.Error()) 44 | } 45 | fmt.Println("OK") 46 | } 47 | -------------------------------------------------------------------------------- /go/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/mittwald/kube-mail/go 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/tkrajina/typescriptify-golang-structs v0.1.5 7 | k8s.io/apimachinery v0.21.0 8 | sigs.k8s.io/controller-runtime v0.8.3 9 | ) 10 | -------------------------------------------------------------------------------- /go/go.sum: -------------------------------------------------------------------------------- 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 2 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 3 | cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= 4 | cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= 5 | cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= 6 | cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= 7 | cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= 8 | cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= 9 | cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= 10 | cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= 11 | cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= 12 | cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= 13 | cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= 14 | cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= 15 | cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= 16 | cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= 17 | cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= 18 | cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= 19 | cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= 20 | cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= 21 | cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= 22 | cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= 23 | cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= 24 | dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= 25 | github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= 26 | github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= 27 | github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= 28 | github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= 29 | github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= 30 | github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= 31 | github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= 32 | github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= 33 | github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= 34 | github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= 35 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 36 | github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= 37 | github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= 38 | github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= 39 | github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= 40 | github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= 41 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= 42 | github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= 43 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= 44 | github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= 45 | github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= 46 | github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= 47 | github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= 48 | github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= 49 | github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= 50 | github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= 51 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= 52 | github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= 53 | github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= 54 | github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= 55 | github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= 56 | github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= 57 | github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 58 | github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= 59 | github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= 60 | github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= 61 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= 62 | github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= 63 | github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= 64 | github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= 65 | github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= 66 | github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= 67 | github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= 68 | github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= 69 | github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= 70 | github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= 71 | github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= 72 | github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= 73 | github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= 74 | github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= 75 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 76 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 77 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 78 | github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= 79 | github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= 80 | github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= 81 | github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= 82 | github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= 83 | github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= 84 | github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= 85 | github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= 86 | github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= 87 | github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 88 | github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= 89 | github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= 90 | github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= 91 | github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= 92 | github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= 93 | github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= 94 | github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= 95 | github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= 96 | github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= 97 | github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= 98 | github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= 99 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 100 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 101 | github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= 102 | github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= 103 | github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= 104 | github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= 105 | github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= 106 | github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= 107 | github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= 108 | github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc= 109 | github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= 110 | github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU= 111 | github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= 112 | github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= 113 | github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= 114 | github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= 115 | github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= 116 | github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= 117 | github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= 118 | github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= 119 | github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= 120 | github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= 121 | github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= 122 | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= 123 | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= 124 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= 125 | github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 126 | github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 127 | github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 128 | github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 129 | github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 130 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 131 | github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 132 | github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= 133 | github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 134 | github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 135 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 136 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 137 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 138 | github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 139 | github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 140 | github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= 141 | github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= 142 | github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= 143 | github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= 144 | github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= 145 | github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= 146 | github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 147 | github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 148 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 149 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 150 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= 151 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 152 | github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 153 | github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 154 | github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 155 | github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM= 156 | github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 157 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 158 | github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= 159 | github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 160 | github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= 161 | github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 162 | github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 163 | github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 164 | github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 165 | github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 166 | github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= 167 | github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 168 | github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 169 | github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 170 | github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= 171 | github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= 172 | github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= 173 | github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= 174 | github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= 175 | github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= 176 | github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= 177 | github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= 178 | github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= 179 | github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= 180 | github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= 181 | github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= 182 | github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= 183 | github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= 184 | github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= 185 | github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= 186 | github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= 187 | github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= 188 | github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= 189 | github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= 190 | github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= 191 | github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= 192 | github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= 193 | github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= 194 | github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= 195 | github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= 196 | github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 197 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 198 | github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= 199 | github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= 200 | github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= 201 | github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= 202 | github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= 203 | github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= 204 | github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= 205 | github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= 206 | github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= 207 | github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= 208 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= 209 | github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= 210 | github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= 211 | github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 212 | github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= 213 | github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 214 | github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= 215 | github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= 216 | github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= 217 | github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= 218 | github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= 219 | github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= 220 | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= 221 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 222 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= 223 | github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= 224 | github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= 225 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 226 | github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= 227 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 228 | github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= 229 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 230 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 231 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 232 | github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= 233 | github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 234 | github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 235 | github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= 236 | github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= 237 | github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= 238 | github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= 239 | github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= 240 | github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= 241 | github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= 242 | github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= 243 | github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= 244 | github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= 245 | github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= 246 | github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= 247 | github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= 248 | github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= 249 | github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= 250 | github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= 251 | github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= 252 | github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= 253 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 254 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 255 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 256 | github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 257 | github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= 258 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 259 | github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 260 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 261 | github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= 262 | github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= 263 | github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= 264 | github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= 265 | github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= 266 | github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= 267 | github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= 268 | github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= 269 | github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 270 | github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 271 | github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 272 | github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= 273 | github.com/onsi/ginkgo v1.14.1 h1:jMU0WaQrP0a/YAEq8eJmJKjBoMs+pClEr1vDMlM/Do4= 274 | github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= 275 | github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= 276 | github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= 277 | github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= 278 | github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= 279 | github.com/onsi/gomega v1.10.2 h1:aY/nuoWlKJud2J6U0E3NWsjlg+0GtwXxgEqthRdzlcs= 280 | github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= 281 | github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= 282 | github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= 283 | github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= 284 | github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 285 | github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 286 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 287 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 288 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 289 | github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= 290 | github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= 291 | github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= 292 | github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= 293 | github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= 294 | github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= 295 | github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= 296 | github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 297 | github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 298 | github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 299 | github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= 300 | github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= 301 | github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= 302 | github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= 303 | github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= 304 | github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= 305 | github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= 306 | github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= 307 | github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= 308 | github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= 309 | github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= 310 | github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= 311 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 312 | github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= 313 | github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= 314 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= 315 | github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= 316 | github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= 317 | github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= 318 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= 319 | github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= 320 | github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= 321 | github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= 322 | github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= 323 | github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= 324 | github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= 325 | github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= 326 | github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= 327 | github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= 328 | github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 329 | github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 330 | github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 331 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= 332 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 333 | github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= 334 | github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= 335 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 336 | github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 337 | github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= 338 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 339 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 340 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 341 | github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= 342 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 343 | github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= 344 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 345 | github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= 346 | github.com/tkrajina/go-reflector v0.5.4 h1:dS9aJEa/eYNQU/fwsb5CSiATOxcNyA/gG/A7a582D5s= 347 | github.com/tkrajina/go-reflector v0.5.4/go.mod h1:9PyLgEOzc78ey/JmQQHbW8cQJ1oucLlNQsg8yFvkVk8= 348 | github.com/tkrajina/typescriptify-golang-structs v0.1.5 h1:lpAO3BgdscYUFk3qEFUNVq6/4aXiKezKkDcjYXy9+UA= 349 | github.com/tkrajina/typescriptify-golang-structs v0.1.5/go.mod h1:mfb2iqie4FjTKHfbjjCp08SRphjYaM7f2LdfUcNP7wY= 350 | github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= 351 | github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= 352 | github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= 353 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= 354 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 355 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 356 | go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= 357 | go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= 358 | go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= 359 | go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= 360 | go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= 361 | go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= 362 | go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 363 | go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 364 | go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= 365 | go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= 366 | go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= 367 | go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= 368 | go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= 369 | go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= 370 | go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= 371 | go.uber.org/zap v1.8.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= 372 | go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= 373 | go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= 374 | golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 375 | golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 376 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 377 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 378 | golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 379 | golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 380 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 381 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 382 | golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 383 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 384 | golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 385 | golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= 386 | golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= 387 | golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= 388 | golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 389 | golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 390 | golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 391 | golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= 392 | golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= 393 | golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= 394 | golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= 395 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 396 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= 397 | golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 398 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 399 | golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 400 | golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 401 | golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 402 | golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= 403 | golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 404 | golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 405 | golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= 406 | golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= 407 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= 408 | golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= 409 | golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 410 | golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 411 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 412 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 413 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 414 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 415 | golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 416 | golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 417 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 418 | golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 419 | golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 420 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 421 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 422 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 423 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 424 | golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 425 | golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 426 | golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= 427 | golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 428 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 429 | golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 430 | golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 431 | golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 432 | golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 433 | golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 434 | golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 435 | golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 436 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 437 | golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 438 | golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 439 | golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 440 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 441 | golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 442 | golang.org/x/net v0.0.0-20210224082022-3d97a244fca7 h1:OgUuv8lsRpBibGNbSizVwKWlysjaNzmC9gYMhPVfqFM= 443 | golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 444 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= 445 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 446 | golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 447 | golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 448 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 449 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 450 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 451 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 452 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 453 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 454 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 455 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 456 | golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 457 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 458 | golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 459 | golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 460 | golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 461 | golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 462 | golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 463 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 464 | golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 465 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 466 | golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 467 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 468 | golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 469 | golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 470 | golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 471 | golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 472 | golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 473 | golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 474 | golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 475 | golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 476 | golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 477 | golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 478 | golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 479 | golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 480 | golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 481 | golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 482 | golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 483 | golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 484 | golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 485 | golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 486 | golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 487 | golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 488 | golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 489 | golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 490 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 491 | golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 492 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 493 | golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073 h1:8qxJSnu+7dRq6upnbntrmriWByIakBuct5OM/MdQC1M= 494 | golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 495 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 496 | golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 497 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 498 | golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 499 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 500 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 501 | golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc= 502 | golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 503 | golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 504 | golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 505 | golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 506 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 507 | golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 508 | golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 509 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 510 | golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 511 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 512 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= 513 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 514 | golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 515 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 516 | golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 517 | golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 518 | golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 519 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 520 | golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 521 | golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 522 | golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 523 | golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 524 | golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 525 | golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 526 | golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 527 | golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 528 | golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 529 | golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 530 | golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 531 | golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 532 | golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 533 | golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 534 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 535 | golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 536 | golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 537 | golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 538 | golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 539 | golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 540 | golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 541 | golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 542 | golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 543 | golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 544 | golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 545 | golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 546 | golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= 547 | golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 548 | golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 549 | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 550 | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 551 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 552 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 553 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 554 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= 555 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 556 | gomodules.xyz/jsonpatch/v2 v2.1.0/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= 557 | google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= 558 | google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= 559 | google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 560 | google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 561 | google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 562 | google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 563 | google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 564 | google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 565 | google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 566 | google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 567 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= 568 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 569 | google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 570 | google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= 571 | google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 572 | google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 573 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= 574 | google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 575 | google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 576 | google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 577 | google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 578 | google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 579 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 580 | google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= 581 | google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 582 | google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 583 | google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 584 | google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 585 | google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 586 | google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 587 | google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= 588 | google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 589 | google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 590 | google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 591 | google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= 592 | google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 593 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= 594 | google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= 595 | google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= 596 | google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= 597 | google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 598 | google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 599 | google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 600 | google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= 601 | google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= 602 | google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= 603 | google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= 604 | google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= 605 | google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 606 | google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 607 | google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 608 | google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= 609 | google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= 610 | gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= 611 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 612 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 613 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 614 | gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= 615 | gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 616 | gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= 617 | gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= 618 | gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= 619 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 620 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 621 | gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= 622 | gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= 623 | gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= 624 | gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= 625 | gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= 626 | gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= 627 | gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= 628 | gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 629 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 630 | gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 631 | gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 632 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 633 | gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 634 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= 635 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 636 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 637 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= 638 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 639 | gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= 640 | gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= 641 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 642 | honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 643 | honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 644 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 645 | honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= 646 | honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= 647 | k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= 648 | k8s.io/api v0.20.2 h1:y/HR22XDZY3pniu9hIFDLpUCPq2w5eQ6aV/VFQ7uJMw= 649 | k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8= 650 | k8s.io/apiextensions-apiserver v0.20.1/go.mod h1:ntnrZV+6a3dB504qwC5PN/Yg9PBiDNt1EVqbW2kORVk= 651 | k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= 652 | k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= 653 | k8s.io/apimachinery v0.21.0 h1:3Fx+41if+IRavNcKOz09FwEXDBG6ORh6iMsTSelhkMA= 654 | k8s.io/apimachinery v0.21.0/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= 655 | k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= 656 | k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= 657 | k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE= 658 | k8s.io/code-generator v0.20.1/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg= 659 | k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= 660 | k8s.io/component-base v0.20.2/go.mod h1:pzFtCiwe/ASD0iV7ySMu8SYVJjCapNM9bjvk7ptpKh0= 661 | k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= 662 | k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= 663 | k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= 664 | k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= 665 | k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= 666 | k8s.io/klog/v2 v2.8.0 h1:Q3gmuM9hKEjefWFFYF0Mat+YyFJvsUyYuwyNNJ5C9Ts= 667 | k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= 668 | k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= 669 | k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= 670 | k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= 671 | k8s.io/utils v0.0.0-20210111153108-fddb29f9d009/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= 672 | rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= 673 | rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= 674 | rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= 675 | sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= 676 | sigs.k8s.io/controller-runtime v0.8.3 h1:GMHvzjTmaWHQB8HadW+dIvBoJuLvZObYJ5YoZruPRao= 677 | sigs.k8s.io/controller-runtime v0.8.3/go.mod h1:U/l+DUopBc1ecfRZ5aviA9JDmGFQKvLf5YkZNx2e0sU= 678 | sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= 679 | sigs.k8s.io/structured-merge-diff/v4 v4.1.0 h1:C4r9BgJ98vrKnnVCjwCSXcWjWe0NKcUQkmzDXZXGwH8= 680 | sigs.k8s.io/structured-merge-diff/v4 v4.1.0/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= 681 | sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= 682 | sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= 683 | sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= 684 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "kube-mail", 3 | "version": "1.0.0", 4 | "description": "SMTP server to handle outgoing emails from Kubernetes", 5 | "main": "dist/server.js", 6 | "repository": "https://github.com/martin-helmich/kube-mail", 7 | "author": "Martin Helmich", 8 | "license": "Apache-2.0", 9 | "engines": { 10 | "node": "^18" 11 | }, 12 | "devDependencies": { 13 | "@types/config": "^0.0.37", 14 | "@types/ioredis": "^4.22.0", 15 | "@types/express": "^4.17.17", 16 | "@types/jest": "^29.5.0", 17 | "@types/js-yaml": "^4.0.5", 18 | "@types/mailparser": "^3.0.2", 19 | "@types/node": "18", 20 | "@types/nodemailer": "^6.4.7", 21 | "@types/smtp-server": "^3.5.7", 22 | "axios": "^1.2.2", 23 | "jest": "^29.5.0", 24 | "json-refs": "^3.0.15", 25 | "ts-jest": "^29.0.3", 26 | "ts-json-schema-generator": "^0.78.0", 27 | "ts-node": "^10.9.1", 28 | "typescript": "^5.0.2" 29 | }, 30 | "scripts": { 31 | "compile": "tsc -p tsconfig.build.json", 32 | "start": "node dist/server.js", 33 | "test": "jest tests/unit", 34 | "test:integration": "jest tests/integration" 35 | }, 36 | "dependencies": { 37 | "@mittwald/kubernetes": "^3.5.1", 38 | "config": "^3.3.6", 39 | "debug": "^4.3.4", 40 | "express": "^4.17.3", 41 | "ioredis": "^4.19.4", 42 | "js-yaml": "^4.1.0", 43 | "mailparser": "^3.6.4", 44 | "nodemailer": "^6.9.1", 45 | "prom-client": "^12.0.0", 46 | "smtp-server": "^3.11.0" 47 | }, 48 | "jest": { 49 | "globals": { 50 | "ts-jest": { 51 | "tsConfig": "tsconfig.base.json" 52 | } 53 | }, 54 | "testEnvironment": "node", 55 | "transform": { 56 | ".(ts|tsx)": "ts-jest" 57 | }, 58 | "testRegex": "/tests/.*test.*$", 59 | "moduleFileExtensions": [ 60 | "js", 61 | "ts", 62 | "tsx" 63 | ] 64 | } 65 | } -------------------------------------------------------------------------------- /src/backend.ts: -------------------------------------------------------------------------------- 1 | import {SMTPServerAuthentication, SMTPServerAuthenticationResponse, SMTPServerSession} from "smtp-server"; 2 | import {Readable} from "stream"; 3 | import {Policy, PolicyProvider} from "./policy/provider"; 4 | import {readStreamIntoBuffer} from "./util"; 5 | import {SMTPUpstream} from "./upstream/smtp"; 6 | import {StatisticsRecorder} from "./stats/recorder"; 7 | import {RateLimiter} from "./ratelimit/ratelimiter"; 8 | 9 | const debug = require("debug")("backend"); 10 | 11 | export interface ExtendedSMTPServerSession extends SMTPServerSession { 12 | policy?: Policy; 13 | } 14 | 15 | export class SMTPBackend { 16 | private readonly policyProvider: PolicyProvider; 17 | private readonly recorder: StatisticsRecorder; 18 | private readonly rateLimiter: RateLimiter; 19 | private readonly upstream: SMTPUpstream; 20 | 21 | public constructor( 22 | policyProvider: PolicyProvider, 23 | recorder: StatisticsRecorder, 24 | rateLimiter: RateLimiter, 25 | upstream: SMTPUpstream, 26 | ) { 27 | this.policyProvider = policyProvider; 28 | this.recorder = recorder; 29 | this.rateLimiter = rateLimiter; 30 | this.upstream = upstream; 31 | } 32 | 33 | public handleAuthentication(auth: SMTPServerAuthentication, session: ExtendedSMTPServerSession, callback: (err: Error | null | undefined, response: SMTPServerAuthenticationResponse) => void): void { 34 | debug("handling authentication: %o, %o", auth, session); 35 | callback(undefined, {user: "martin"}); 36 | } 37 | 38 | public async onConnect(session: ExtendedSMTPServerSession, callback: (err?: Error | null) => void) { 39 | debug("connection attempt by %s", session.remoteAddress); 40 | const [policy, pod] = await this.policyProvider.getByClientIP(session.remoteAddress); 41 | 42 | if (!policy) { 43 | // noinspection JSIgnoredPromiseFromCall,ES6MissingAwait 44 | this.recorder.observeRejectedNoPolicy(pod?.metadata.namespace, pod?.metadata.name); 45 | 46 | debug("rejection connection; no policy found"); 47 | callback(new Error("access forbidden by policy")); 48 | return; 49 | } 50 | 51 | session.policy = policy; 52 | 53 | debug("connecting %o", session); 54 | callback(undefined); 55 | } 56 | 57 | public async onData(stream: Readable, session: ExtendedSMTPServerSession, callback: (err?: Error | null) => void) { 58 | const {policy, envelope} = session; 59 | if (!policy) { 60 | callback(new Error("access forbidden by policy")); 61 | return; 62 | } 63 | 64 | debug("receiving message: %o", session); 65 | 66 | const {mailFrom, rcptTo} = envelope; 67 | if (!mailFrom || !rcptTo) { 68 | callback(new Error("incomplete envelope")); 69 | return; 70 | } 71 | 72 | try { 73 | const buf = await readStreamIntoBuffer(stream); 74 | 75 | if (policy.ratelimit) { 76 | debug("ratelimit is enabled for policy %o: %o", policy.id, policy.ratelimit); 77 | 78 | const ok = await this.rateLimiter.take(policy, rcptTo.length); 79 | if (!ok) { 80 | const desc = `${policy.ratelimit.maximum} emails per ${policy.ratelimit.limitPeriod}`; 81 | 82 | debug(`ratelimit (${desc}) is exceeded`); 83 | 84 | // noinspection JSIgnoredPromiseFromCall,ES6MissingAwait 85 | this.recorder.observeRejectedRatelimitExceeded(policy, mailFrom.address, rcptTo.map(r => r.address)); 86 | 87 | callback(new Error(`rate limit (${desc}) exceeded`)); 88 | return; 89 | } 90 | 91 | debug("ratelimit allows sending message"); 92 | } 93 | 94 | await this.upstream.forward(policy, envelope, buf); 95 | 96 | // noinspection JSIgnoredPromiseFromCall,ES6MissingAwait 97 | this.recorder.observeSent(policy, mailFrom.address, rcptTo.map(r => r.address)); 98 | 99 | callback(); 100 | } catch (err) { 101 | // noinspection JSIgnoredPromiseFromCall,ES6MissingAwait 102 | this.recorder.observeError(policy, mailFrom.address); 103 | callback(err); 104 | } 105 | } 106 | 107 | } 108 | -------------------------------------------------------------------------------- /src/config.ts: -------------------------------------------------------------------------------- 1 | export type Config = { 2 | policy: PolicyConfig; 3 | rateLimiter: RateLimiterConfig; 4 | watcher?: IIWatcherConfig; 5 | } 6 | 7 | export type PolicyConfig = { 8 | provider: "kubernetes", 9 | kubernetes: { 10 | static?: string; 11 | } & ({ 12 | inCluster: true 13 | } | { 14 | inCluster?: false; 15 | config: string; 16 | }) 17 | }; 18 | 19 | export type RateLimiterConfig = { 20 | redis: { 21 | host: string; 22 | port: number | string; 23 | password?: string; 24 | sentinel?: { 25 | host: string; 26 | port: number | string; 27 | masterSet: string; 28 | } 29 | }; 30 | } 31 | 32 | export interface IIWatcherConfig { 33 | emailPolicyInformer?: IInformerConfig; 34 | podInformer?: IInformerConfig; 35 | } 36 | 37 | export interface IInformerConfig { 38 | selector?: IInformerConfigSelector; 39 | } 40 | 41 | export interface IInformerConfigSelector { 42 | [s: string]: string; 43 | } 44 | -------------------------------------------------------------------------------- /src/debug.ts: -------------------------------------------------------------------------------- 1 | export const debug = require("debug")("kube-mail"); 2 | -------------------------------------------------------------------------------- /src/k8s/api.ts: -------------------------------------------------------------------------------- 1 | import { 2 | CustomResourceClient, IKubernetesRESTClient, INamespacedResourceClient, 3 | NamespacedResourceClient 4 | } from "@mittwald/kubernetes"; 5 | import {EmailPolicy} from "./types/v1alpha1/emailpolicy"; 6 | import {SMTPServer} from "./types/v1alpha1/smtpserver"; 7 | import {Registry} from "prom-client"; 8 | 9 | export const apiGroup = "kube-mail.helmich.me"; 10 | export const apiVersion = "v1alpha1"; 11 | export const apiGroupVersion = `${apiGroup}/${apiVersion}`; 12 | 13 | export type APIGroupVersion = typeof apiGroupVersion; 14 | 15 | export interface KubemailV1Alpha1API { 16 | emailPolicies(): INamespacedResourceClient 17 | smtpServers(): INamespacedResourceClient 18 | } 19 | 20 | export interface KubemailAPI { 21 | v1alpha1(): KubemailV1Alpha1API 22 | } 23 | 24 | export interface KubemailCustomResourceAPIInterface { 25 | kubemail(): KubemailAPI; 26 | } 27 | 28 | export class KubemailCustomResourceAPI implements KubemailCustomResourceAPIInterface { 29 | public constructor(private restClient: IKubernetesRESTClient, private registry: Registry) { 30 | } 31 | 32 | public kubemail(): KubemailAPI { 33 | return { 34 | v1alpha1: () => ({ 35 | emailPolicies: () => new CustomResourceClient( 36 | new NamespacedResourceClient(this.restClient, `/apis/${apiGroupVersion}`, "/emailpolicies", this.registry), 37 | "EmailPolicy", 38 | apiGroupVersion, 39 | ), 40 | smtpServers: () => new CustomResourceClient( 41 | new NamespacedResourceClient(this.restClient, `/apis/${apiGroupVersion}`, "/smtpservers", this.registry), 42 | "SMTPServer", 43 | apiGroupVersion, 44 | ) 45 | }), 46 | }; 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /src/k8s/factory.ts: -------------------------------------------------------------------------------- 1 | import {PolicyConfig} from "../config"; 2 | import { 3 | FileBasedConfig, IKubernetesAPI, IKubernetesClientConfig, InClusterConfig, KubernetesAPI, KubernetesRESTClient, 4 | MonitoringKubernetesRESTClient 5 | } from "@mittwald/kubernetes"; 6 | import {KubemailCustomResourceAPI} from "./api"; 7 | import {Registry} from "prom-client"; 8 | 9 | export const buildKubernetesClientFromConfig = (cfg: PolicyConfig, registry: Registry): IKubernetesAPI & KubemailCustomResourceAPI => { 10 | let config: IKubernetesClientConfig; 11 | 12 | if (cfg.kubernetes.inCluster) { 13 | config = new InClusterConfig(); 14 | } else { 15 | config = new FileBasedConfig(cfg.kubernetes.config); 16 | } 17 | 18 | const client = new MonitoringKubernetesRESTClient( 19 | new KubernetesRESTClient(config), 20 | registry 21 | ); 22 | 23 | return new KubernetesAPI(client, registry) 24 | .extend("kubemail", new KubemailCustomResourceAPI(client, registry)); 25 | }; -------------------------------------------------------------------------------- /src/k8s/pod_store.ts: -------------------------------------------------------------------------------- 1 | import {Pod, PodWithStatus} from "@mittwald/kubernetes/types/core/v1"; 2 | import {INamespacedResourceClient} from "@mittwald/kubernetes"; 3 | import {Store} from "@mittwald/kubernetes/cache"; 4 | 5 | class PodStoreCacheSet { 6 | private podsByIP = new Map(); 7 | private podsByName = new Map(); 8 | 9 | public store(obj: PodWithStatus) { 10 | this.podsByName.set(`${obj.metadata.namespace}/${obj.metadata.name}`, obj); 11 | 12 | if (obj.status.podIP) { 13 | this.podsByIP.set(obj.status.podIP, obj); 14 | } 15 | } 16 | 17 | public pull(obj: PodWithStatus) { 18 | this.podsByName.delete(`${obj.metadata.namespace}/${obj.metadata.name}`); 19 | this.podsByIP.delete(obj.status.podIP); 20 | } 21 | 22 | public getByName(namespace: string, name: string): PodWithStatus | undefined { 23 | return this.podsByName.get(`${namespace}/${name}`); 24 | } 25 | 26 | public getByIP(ip: string): PodWithStatus | undefined { 27 | return this.podsByIP.get(ip); 28 | } 29 | } 30 | 31 | export type PodPredicate = (pod: PodWithStatus) => boolean 32 | 33 | export const PodPredicates = { 34 | Any: (p: PodWithStatus) => true, 35 | OnlyRunning: (p: PodWithStatus) => p.status.phase === "Running", 36 | } 37 | 38 | export class PodStore implements Store { 39 | private cache = new PodStoreCacheSet(); 40 | private readonly predicate: PodPredicate; 41 | 42 | public constructor(private inner: Store, private podClient: INamespacedResourceClient, predicate = PodPredicates.Any) { 43 | this.predicate = predicate; 44 | } 45 | 46 | public async store(obj: PodWithStatus): Promise { 47 | if (this.predicate(obj)) { 48 | this.cache.store(obj); 49 | } else { 50 | this.cache.pull(obj); 51 | } 52 | } 53 | 54 | public async sync(pods: PodWithStatus[]): Promise { 55 | const newCache = new PodStoreCacheSet() 56 | 57 | for (const pod of pods.filter(this.predicate)) { 58 | newCache.store(pod); 59 | } 60 | 61 | this.cache = newCache; 62 | } 63 | 64 | public async get(namespace: string, name: string): Promise { 65 | const fromCache = this.cache.getByName(namespace, name); 66 | if (fromCache) { 67 | return fromCache; 68 | } 69 | 70 | const fromInner = await this.inner.get(namespace, name); 71 | if (fromInner) { 72 | this.store(fromInner); 73 | } 74 | 75 | return fromInner; 76 | } 77 | 78 | public async getByPodIP(podIP: string): Promise { 79 | const fromCache = this.cache.getByIP(podIP); 80 | if (fromCache) { 81 | return fromCache; 82 | } 83 | 84 | const fromAPI = await this.podClient.allNamespaces().list({fieldSelector: {"status.podIP": podIP}}); 85 | if (fromAPI.length === 0) { 86 | return undefined; 87 | } 88 | 89 | const pod = fromAPI[0]; 90 | this.store(pod); 91 | return pod; 92 | } 93 | 94 | public async pull(obj: PodWithStatus): Promise { 95 | this.cache.pull(obj); 96 | } 97 | } -------------------------------------------------------------------------------- /src/k8s/policy_store.ts: -------------------------------------------------------------------------------- 1 | import {EmailPolicy} from "./types/v1alpha1/emailpolicy"; 2 | import {MetadataObject} from "@mittwald/kubernetes/types/meta"; 3 | import {Store} from "@mittwald/kubernetes/cache"; 4 | 5 | const debug = require("debug")("kubemail:policystore"); 6 | 7 | type Label = { key: string, value: string, combined: string }; 8 | 9 | const name = (p: EmailPolicy) => `${p.metadata.namespace}/${p.metadata.name}`; 10 | const orderedLabels = (input: { [key: string]: string }): Label[] => 11 | Object.keys(input).sort().map(key => ({key, value: input[key], combined: key + "=" + input[key]})); 12 | 13 | class SearchTreeNode { 14 | public subNodes: { [labelAndValue: string]: SearchTreeNode } = {}; 15 | 16 | public constructor(public values: E[] = []) { 17 | } 18 | 19 | public remove(obj: E) { 20 | this.values = this.values.filter(e => !(e.metadata.namespace === obj.metadata.namespace && e.metadata.name === obj.metadata.name)); 21 | 22 | for (const sub of Object.keys(this.subNodes)) { 23 | this.subNodes[sub].remove(obj); 24 | } 25 | } 26 | 27 | public match(selector: Label[]): E[] { 28 | if (selector.length === 0) { 29 | return this.values; 30 | } 31 | 32 | const relevantLabels = selector.filter(f => f.combined in this.subNodes); 33 | 34 | if (relevantLabels.length === 0) { 35 | return this.values; 36 | } 37 | 38 | const subMatches = relevantLabels.map(l => this.subNodes[l.combined].match(selector.slice(1))) 39 | 40 | return subMatches.reduce((prev, cur) => [...prev, ...cur], []); 41 | } 42 | 43 | public insertWithSelector(selector: { [k: string]: string } | Label[], obj: E) { 44 | if (!Array.isArray(selector)) { 45 | selector = orderedLabels(selector); 46 | } 47 | 48 | if (selector.length === 0) { 49 | this.values.push(obj); 50 | return; 51 | } 52 | 53 | const current = selector.shift()!; 54 | const currentS = current.key + "=" + current.value; 55 | 56 | if (!(currentS in this.subNodes)) { 57 | this.subNodes[currentS] = new SearchTreeNode(); 58 | } 59 | 60 | this.subNodes[currentS].insertWithSelector(selector, obj); 61 | } 62 | } 63 | 64 | class PolicyStoreCacheContainer { 65 | public policies = new Map(); 66 | public defaults: EmailPolicy[] = []; 67 | public searchTrees: { [ns: string]: SearchTreeNode } = {}; 68 | 69 | public match(namespace: string, labels: { [k: string]: string }): EmailPolicy[] { 70 | if (!(namespace in this.searchTrees)) { 71 | return this.defaults; 72 | } 73 | 74 | const ordered = orderedLabels(labels); 75 | const matches = this.searchTrees[namespace].match(ordered); 76 | 77 | if (matches.length > 0) { 78 | return matches; 79 | } 80 | 81 | return this.defaults; 82 | } 83 | 84 | public store(obj: EmailPolicy): void { 85 | const {namespace = ""} = obj.metadata; 86 | 87 | this.policies.set(name(obj), obj); 88 | 89 | if (!(namespace in this.searchTrees)) { 90 | this.searchTrees[namespace] = new SearchTreeNode(); 91 | } 92 | 93 | if (obj.spec.podSelector && obj.spec.podSelector.matchLabels) { 94 | this.searchTrees[namespace].insertWithSelector(obj.spec.podSelector.matchLabels, obj); 95 | } 96 | 97 | if (obj.spec.default) { 98 | this.defaults.push(obj); 99 | } 100 | 101 | debug("updated policy store: %O", this); 102 | } 103 | 104 | public get(namespace: string, name: string): EmailPolicy | undefined { 105 | return this.policies.get(namespace + "/" + name); 106 | } 107 | 108 | public pull(obj: EmailPolicy): void { 109 | const {namespace = ""} = obj.metadata; 110 | 111 | this.policies.delete(name(obj)); 112 | 113 | if (namespace in this.searchTrees) { 114 | this.searchTrees[namespace].remove(obj); 115 | } 116 | 117 | this.defaults = this.defaults.filter(e => !(e.metadata.namespace === obj.metadata.namespace && e.metadata.name === obj.metadata.name)); 118 | } 119 | } 120 | 121 | export class PolicyStore implements Store { 122 | private cache = new PolicyStoreCacheContainer(); 123 | 124 | public match(namespace: string, labels: { [k: string]: string }): EmailPolicy[] { 125 | return this.cache.match(namespace, labels); 126 | } 127 | 128 | public async store(obj: EmailPolicy): Promise { 129 | return this.cache.store(obj); 130 | } 131 | 132 | public async sync(objs: EmailPolicy[]): Promise { 133 | const newCache = new PolicyStoreCacheContainer(); 134 | 135 | for (const obj of objs) { 136 | newCache.store(obj); 137 | } 138 | 139 | this.cache = newCache; 140 | } 141 | 142 | public async get(namespace: string, name: string): Promise { 143 | return this.cache.get(namespace, name); 144 | } 145 | 146 | public async pull(obj: EmailPolicy): Promise { 147 | this.cache.pull(obj); 148 | } 149 | } -------------------------------------------------------------------------------- /src/k8s/types/v1alpha1/emailpolicy.ts: -------------------------------------------------------------------------------- 1 | import {MetadataObject} from "@mittwald/kubernetes/types/meta"; 2 | import {EmailPolicySpec} from "./emailpolicy_spec"; 3 | 4 | export type EmailPolicy = MetadataObject & { 5 | spec: EmailPolicySpec; 6 | } 7 | -------------------------------------------------------------------------------- /src/k8s/types/v1alpha1/emailpolicy_spec.ts: -------------------------------------------------------------------------------- 1 | /* Do not change, this code is generated from Golang structs */ 2 | 3 | import {LabelSelector} from "@mittwald/kubernetes/types/meta/v1" 4 | import {policyPeriod} from "./enums" 5 | 6 | export interface ObjectReference { 7 | name: string; 8 | namespace?: string; 9 | } 10 | export interface EmailPolicySMTPSink { 11 | server: ObjectReference; 12 | credentials?: ObjectReference; 13 | } 14 | export interface EmailPolicyRateLimiting { 15 | maximum: number; 16 | period?: policyPeriod; 17 | } 18 | export interface EmailPolicySink { 19 | smtp: EmailPolicySMTPSink; 20 | } 21 | export interface EmailPolicySpec { 22 | default?: boolean; 23 | podSelector?: LabelSelector; 24 | ratelimiting?: EmailPolicyRateLimiting; 25 | sink: EmailPolicySink; 26 | } -------------------------------------------------------------------------------- /src/k8s/types/v1alpha1/enums.ts: -------------------------------------------------------------------------------- 1 | export type authType = "PLAIN" | "LOGIN" | "CRAM-MD5" | "SCRAM-SHA-1"; 2 | export type policyPeriod = "hour" | "minute"; 3 | export type connect = "plain" | "ssl" | "starttls"; 4 | -------------------------------------------------------------------------------- /src/k8s/types/v1alpha1/smtpserver.ts: -------------------------------------------------------------------------------- 1 | import {MetadataObject} from "@mittwald/kubernetes/types/meta"; 2 | import {SMTPServerSpec} from "./smtpserver_spec"; 3 | 4 | 5 | export type SMTPServer = MetadataObject & { 6 | spec: SMTPServerSpec; 7 | } 8 | -------------------------------------------------------------------------------- /src/k8s/types/v1alpha1/smtpserver_spec.ts: -------------------------------------------------------------------------------- 1 | /* Do not change, this code is generated from Golang structs */ 2 | 3 | import {authType, connect} from "./enums" 4 | 5 | export interface SMTPServerSpec { 6 | server: string; 7 | port?: number; 8 | tls?: boolean; 9 | connect?: connect; 10 | authType?: authType; 11 | } -------------------------------------------------------------------------------- /src/main.ts: -------------------------------------------------------------------------------- 1 | import {SMTPServer} from "smtp-server"; 2 | import {SMTPBackend} from "./backend"; 3 | import {SMTPUpstream} from "./upstream/smtp"; 4 | import {Registry} from "prom-client"; 5 | import {IInformerConfig, PolicyConfig, RateLimiterConfig} from "./config"; 6 | import {buildKubernetesClientFromConfig} from "./k8s/factory"; 7 | import {KubernetesPolicyProviderFactory} from "./policy/factory"; 8 | import {MonitoringServer} from "./monitoring"; 9 | import {PrometheusRecorder} from "./stats/recorder"; 10 | import {debug as d} from "./debug"; 11 | import {buildRatelimiterFromConfig} from "./ratelimit/factory"; 12 | 13 | export async function main( 14 | policyConfig: PolicyConfig, 15 | rateLimiterConfig: RateLimiterConfig, 16 | emailPolicyInformerConfig: IInformerConfig, 17 | podInformerConfig: IInformerConfig, 18 | register: Registry, 19 | ): Promise<() => Promise> { 20 | d("starting"); 21 | 22 | const api = buildKubernetesClientFromConfig(policyConfig, register); 23 | 24 | const providerFactory = new KubernetesPolicyProviderFactory(api, emailPolicyInformerConfig, podInformerConfig, policyConfig.kubernetes.static || null); 25 | const [provider, providerInitialized, stopProvider] = providerFactory.build(); 26 | 27 | const rateLimiter = buildRatelimiterFromConfig(rateLimiterConfig); 28 | 29 | const recorder = new PrometheusRecorder(register); 30 | const upstream = new SMTPUpstream(); 31 | const backend = new SMTPBackend(provider, recorder, rateLimiter, upstream); 32 | 33 | const smtpServer = new SMTPServer({ 34 | authOptional: true, 35 | banner: "KubeMail 1.0", 36 | logger: true, 37 | onAuth: backend.handleAuthentication.bind(backend), 38 | onConnect: backend.onConnect.bind(backend), 39 | onData: backend.onData.bind(backend), 40 | }); 41 | 42 | const monitoringServer = new MonitoringServer(); 43 | 44 | await providerInitialized; 45 | 46 | monitoringServer.listen(9100); 47 | smtpServer.listen(1025); 48 | 49 | return async () => { 50 | d("stopping servers"); 51 | await stopProvider(); 52 | await monitoringServer.close(); 53 | await new Promise(res => smtpServer.close(res)); 54 | 55 | d("servers stopped"); 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /src/monitoring.ts: -------------------------------------------------------------------------------- 1 | import {Application} from "express"; 2 | import * as express from "express"; 3 | import {register} from "prom-client"; 4 | import { Server } from "http"; 5 | 6 | const debug = require("debug")("kubemail:monitoring"); 7 | 8 | export class MonitoringServer { 9 | private app: Application; 10 | private server?: Server; 11 | 12 | public constructor() { 13 | this.app = express(); 14 | 15 | this.app.get("/readiness", (req, res) => { 16 | res.status(204).end(); 17 | }); 18 | 19 | this.app.get("/status", (req, res) => { 20 | res.status(204).end(); 21 | }); 22 | 23 | this.app.get("/metrics", (req, res) => { 24 | res.send(register.metrics()); 25 | }) 26 | } 27 | 28 | public listen(port: number) { 29 | debug("starting monitoring server on port %o", port); 30 | this.server = this.app.listen(port, () => { 31 | debug("monitoring server started"); 32 | }) 33 | } 34 | 35 | public close(): Promise { 36 | return new Promise((res, rej)=> { 37 | if (this.server) { 38 | this.server.close(err => { 39 | if (err) { 40 | rej(err); 41 | } else { 42 | res(); 43 | } 44 | }); 45 | } else { 46 | res(); 47 | } 48 | }) 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /src/policy/factory.ts: -------------------------------------------------------------------------------- 1 | import {KubernetesPolicyProvider} from "./kubernetes"; 2 | import {PolicyStore} from "../k8s/policy_store"; 3 | import {PodPredicates, PodStore} from "../k8s/pod_store"; 4 | import {IKubernetesAPI} from "@mittwald/kubernetes"; 5 | import {KubemailCustomResourceAPI} from "../k8s/api"; 6 | import {CachingLookupStore, Controller, Informer} from "@mittwald/kubernetes/cache"; 7 | import {IInformerConfig} from '../config'; 8 | import {Pod, PodWithStatus} from "@mittwald/kubernetes/types/core/v1"; 9 | import {EmailPolicy} from "../k8s/types/v1alpha1/emailpolicy"; 10 | 11 | export class KubernetesPolicyProviderFactory { 12 | private readonly api: IKubernetesAPI & KubemailCustomResourceAPI 13 | private readonly emailPolicyInformerConfig: IInformerConfig; 14 | private readonly podInformerConfig: IInformerConfig; 15 | private readonly staticPolicy: string | null; 16 | 17 | public constructor( 18 | api: IKubernetesAPI & KubemailCustomResourceAPI, 19 | emailPolicyInformerConfig: IInformerConfig, 20 | podInformerConfig: IInformerConfig, 21 | staticPolicy: string | null, 22 | ) { 23 | this.api = api; 24 | this.emailPolicyInformerConfig = emailPolicyInformerConfig; 25 | this.podInformerConfig = podInformerConfig; 26 | this.staticPolicy = staticPolicy; 27 | } 28 | 29 | public build(): [KubernetesPolicyProvider, Promise, () => Promise] { 30 | const kubemailAPIv1a1 = this.api.kubemail().v1alpha1(); 31 | const coreAPIv1 = this.api.core().v1(); 32 | 33 | const smtpServerInformer = new Informer(kubemailAPIv1a1.smtpServers()); 34 | const [emailPolicyInformer, emailPolicyStore] = this.buildEmailPolicyInformer(); 35 | const [podInformer, podStore] = this.buildPodInformer(); 36 | 37 | const secretStore = new CachingLookupStore(coreAPIv1.secrets()); 38 | 39 | const podController = podInformer.start(); 40 | const emailPolicyController = emailPolicyInformer.start(); 41 | const smtpServerController = smtpServerInformer.start(); 42 | 43 | const initialized = this.initializeController(smtpServerController, emailPolicyController, podController); 44 | 45 | Promise.all([ 46 | podController.waitUntilFinish(), 47 | emailPolicyController.waitUntilFinish(), 48 | smtpServerController.waitUntilFinish(), 49 | ]).catch(err => { 50 | console.error("error while listening for Kubernetes objects", err); 51 | process.exit(1); 52 | }); 53 | 54 | const policyProvider = new KubernetesPolicyProvider(podStore, emailPolicyStore, smtpServerInformer.store, secretStore, this.staticPolicy); 55 | const stop = async () => { 56 | await Promise.all([ 57 | smtpServerController.stop(), 58 | emailPolicyController.stop(), 59 | podController.stop(), 60 | ]); 61 | }; 62 | 63 | return [policyProvider, initialized, stop]; 64 | } 65 | 66 | private buildEmailPolicyInformer(): [Informer, PolicyStore] { 67 | const kubemailAPIv1a1 = this.api.kubemail().v1alpha1(); 68 | const emailPolicyInformerLabelSelectorConfig = this.emailPolicyInformerConfig; 69 | 70 | let emailPolicyInformerLabelSelector = {}; 71 | if (emailPolicyInformerLabelSelectorConfig && emailPolicyInformerLabelSelectorConfig.selector) { 72 | emailPolicyInformerLabelSelector = emailPolicyInformerLabelSelectorConfig.selector; 73 | } 74 | 75 | const emailPolicyStore = new PolicyStore(); 76 | 77 | return [new Informer(kubemailAPIv1a1.emailPolicies(), emailPolicyInformerLabelSelector, emailPolicyStore), emailPolicyStore]; 78 | } 79 | 80 | private buildPodInformer(): [Informer, PodStore] { 81 | const coreAPIv1 = this.api.core().v1(); 82 | const podInformerLabelSelectorConfig = this.podInformerConfig; 83 | 84 | let podInformerLabelSelector = {}; 85 | if (podInformerLabelSelectorConfig && podInformerLabelSelectorConfig.selector) { 86 | podInformerLabelSelector = podInformerLabelSelectorConfig.selector; 87 | } 88 | 89 | const podStore = new PodStore(new CachingLookupStore(coreAPIv1.pods()), coreAPIv1.pods(), PodPredicates.OnlyRunning); 90 | return [new Informer(coreAPIv1.pods(), podInformerLabelSelector, podStore), podStore]; 91 | } 92 | 93 | private initializeController(serverController: Controller, policyController: Controller, podController: Controller): Promise { 94 | return Promise.all([ 95 | serverController.waitForInitialList(), 96 | policyController.waitForInitialList(), 97 | podController.waitForInitialList(), 98 | ]).then(() => { 99 | }); 100 | } 101 | } 102 | -------------------------------------------------------------------------------- /src/policy/kubernetes.ts: -------------------------------------------------------------------------------- 1 | import {ForwardPolicy, Policy, PolicyProvider, SourceReference} from "./provider"; 2 | import {PolicyStore} from "../k8s/policy_store"; 3 | import {PodStore} from "../k8s/pod_store"; 4 | import {SMTPServer} from "../k8s/types/v1alpha1/smtpserver"; 5 | import {PodWithStatus, Secret} from "@mittwald/kubernetes/types/core/v1"; 6 | import {MetadataObject} from "@mittwald/kubernetes/types/meta"; 7 | import {Store} from "@mittwald/kubernetes/cache"; 8 | 9 | const debug = require("debug")("policy:k8s"); 10 | 11 | export class KubernetesPolicyProvider implements PolicyProvider { 12 | 13 | public constructor(private podStore: PodStore, 14 | private policyStore: PolicyStore, 15 | private smtpServerStore: Store, 16 | private secretStore: Store, 17 | private staticPolicy: string | null) { 18 | } 19 | 20 | public async getByClientIP(clientIP: string): Promise<[Policy | undefined, PodWithStatus | undefined]> { 21 | debug("resolving policy for pod IP %s", clientIP); 22 | 23 | let pod = await this.podStore.getByPodIP(clientIP); 24 | if (!pod) { 25 | if (this.staticPolicy) { 26 | pod = { 27 | metadata: { 28 | name: "localhost", 29 | namespace: "default" 30 | }, 31 | spec: { 32 | containers: [] 33 | }, 34 | status: { 35 | conditions: [], 36 | hostIP: "127.0.0.1", 37 | message: "Test", 38 | podIP: "127.0.0.1", 39 | phase: "Running", 40 | qosClass: "Guaranteed", 41 | reason: "no reason", 42 | startTime: new Date().toISOString(), 43 | } 44 | } 45 | } else { 46 | debug("pod not found"); 47 | return [undefined, undefined]; 48 | } 49 | } 50 | 51 | const {namespace = "", labels = {}} = pod.metadata; 52 | const policies = this.policyStore.match(namespace, labels); 53 | 54 | if (this.staticPolicy) { 55 | const [ns, n] = this.staticPolicy.split("/"); 56 | const p = await this.policyStore.get(ns, n); 57 | 58 | if (p) { 59 | policies.push(p) 60 | } 61 | } 62 | 63 | if (policies.length === 0) { 64 | debug("no policies defined"); 65 | return [undefined, pod]; 66 | } 67 | 68 | const policy = policies[0]; 69 | const {spec} = policy; 70 | const sourceReference: SourceReference = { 71 | namespace: pod.metadata.namespace || "", 72 | podName: pod.metadata.name, 73 | labels: pod.metadata.labels, 74 | }; 75 | 76 | debug("policy found: %o", policy.metadata.name); 77 | 78 | if ("smtp" in spec.sink) { 79 | const {smtp} = spec.sink; 80 | 81 | const smtpServerNamespace = smtp.server.namespace || policy.metadata.namespace || ""; 82 | const smtpServer = await this.smtpServerStore.get(smtpServerNamespace, smtp.server.name); 83 | 84 | if (!smtpServer) { 85 | return [undefined, pod]; 86 | } 87 | 88 | let connect: "plain" | "ssl" | "starttls"; 89 | // Convert deprecated tls field to connect 90 | if (smtpServer.spec.connect === undefined) { 91 | let tls = smtpServer.spec.tls === undefined ? true : smtpServer.spec.tls; 92 | connect = tls ? "ssl" : "plain"; 93 | } else { 94 | connect = smtpServer.spec.connect; 95 | } 96 | 97 | const forwardPolicy: ForwardPolicy = { 98 | id: objectMetaToString(policy), 99 | namespace: policy.metadata.namespace!, 100 | name: policy.metadata.name, 101 | sourceReference, 102 | smtp: { 103 | id: objectMetaToString(smtpServer), 104 | namespace: smtpServer.metadata.namespace!, 105 | name: smtpServer.metadata.name, 106 | server: smtpServer.spec.server, 107 | port: smtpServer.spec.port || 587, 108 | connect: connect, 109 | }, 110 | }; 111 | 112 | if (smtp.credentials) { 113 | const smtpSecretNamespace = smtp.credentials.namespace || policy.metadata.namespace || ""; 114 | const smtpSecret = await this.secretStore.get(smtpSecretNamespace, smtp.credentials.name); 115 | 116 | if (!smtpSecret) { 117 | return [undefined, pod]; 118 | } 119 | 120 | const {data: secretData = {}} = smtpSecret; 121 | 122 | forwardPolicy.smtp.auth = { 123 | method: smtpServer.spec.authType || "PLAIN", 124 | username: new Buffer(secretData["username"], "base64").toString("utf-8"), 125 | password: new Buffer(secretData["password"], "base64").toString("utf-8"), 126 | }; 127 | } 128 | 129 | if (spec.ratelimiting) { 130 | forwardPolicy.ratelimit = { 131 | limitPeriod: spec.ratelimiting.period || "minute", 132 | maximum: spec.ratelimiting.maximum, 133 | } 134 | } 135 | 136 | return [forwardPolicy, pod]; 137 | } 138 | 139 | return [undefined, pod]; 140 | } 141 | } 142 | 143 | function objectMetaToString(o: MetadataObject): string { 144 | return `${o.metadata.namespace}/${o.metadata.name}`; 145 | } 146 | -------------------------------------------------------------------------------- /src/policy/provider.ts: -------------------------------------------------------------------------------- 1 | import {Pod, PodWithStatus} from "@mittwald/kubernetes/types/core/v1"; 2 | 3 | export type SourceReference = { 4 | namespace: string; 5 | podName: string; 6 | labels?: { [k: string]: string }; 7 | } 8 | 9 | export type RateLimitPolicy = { 10 | maximum: number; 11 | limitPeriod: "hour" | "minute"; 12 | }; 13 | 14 | export type ForwardPolicy = { 15 | id: string; 16 | namespace: string; 17 | name: string; 18 | sourceReference: SourceReference; 19 | ratelimit?: RateLimitPolicy; 20 | smtp: { 21 | id: string; 22 | name: string; 23 | namespace: string; 24 | server: string; 25 | port: number; 26 | connect?: "plain" | "ssl" | "starttls"; 27 | auth?: { 28 | method: "PLAIN" | "LOGIN" | "CRAM-MD5" | "SCRAM-SHA-1"; 29 | username: string; 30 | password: string; 31 | } 32 | debug?: boolean; 33 | logger?: boolean; 34 | }; 35 | } 36 | 37 | export type Policy = ForwardPolicy; 38 | 39 | export interface PolicyProvider { 40 | getByClientIP(clientIP: string): Promise<[Policy | undefined, PodWithStatus | undefined]>; 41 | } 42 | -------------------------------------------------------------------------------- /src/policy/static.ts: -------------------------------------------------------------------------------- 1 | import {Policy, PolicyProvider} from "./provider"; 2 | import {PodWithStatus} from "@mittwald/kubernetes/types/core/v1"; 3 | 4 | export class StaticPolicyProvider implements PolicyProvider { 5 | 6 | public constructor(private policy: Policy) { 7 | 8 | } 9 | 10 | public async getByClientIP(clientIP: string): Promise<[Policy | undefined, PodWithStatus | undefined]> { 11 | return [this.policy, undefined]; 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/ratelimit/factory.ts: -------------------------------------------------------------------------------- 1 | import {RateLimiterConfig} from "../config"; 2 | import {RateLimiter} from "./ratelimiter"; 3 | import * as IORedis from "ioredis"; 4 | import {RedisRateLimiter} from "./ratelimiter_redis"; 5 | 6 | function forceNumber(i: number | string): number { 7 | if (typeof i === "string") { 8 | return parseInt(i, 10); 9 | } 10 | 11 | return i; 12 | } 13 | 14 | export function buildRatelimiterFromConfig(c: RateLimiterConfig): RateLimiter { 15 | if (c.redis.sentinel?.host) { 16 | const {sentinel} = c.redis; 17 | const client = new IORedis({ 18 | sentinelPassword: c.redis.password, 19 | sentinels: [{host: sentinel.host, port: forceNumber(sentinel.port)}], 20 | name: sentinel.masterSet, 21 | }); 22 | 23 | return new RedisRateLimiter(client); 24 | } 25 | 26 | const client = new IORedis({ 27 | host: c.redis.host, 28 | port: forceNumber(c.redis.port), 29 | password: c.redis.password, 30 | }); 31 | 32 | return new RedisRateLimiter(client); 33 | } 34 | -------------------------------------------------------------------------------- /src/ratelimit/ratelimiter.ts: -------------------------------------------------------------------------------- 1 | import {Policy} from "../policy/provider"; 2 | 3 | export interface RateLimiter { 4 | take(policy: Policy, amount: number): Promise; 5 | } 6 | -------------------------------------------------------------------------------- /src/ratelimit/ratelimiter_redis.ts: -------------------------------------------------------------------------------- 1 | import {RateLimiter} from "./ratelimiter"; 2 | import {Commands} from "ioredis"; 3 | import {Policy, RateLimitPolicy} from "../policy/provider"; 4 | 5 | const keyForPolicy = (p: Policy) => `rl_${p.id}`; 6 | 7 | const ttlForRL = (r: RateLimitPolicy) => { 8 | switch (r.limitPeriod) { 9 | case "hour": 10 | return 3600; 11 | case "minute": 12 | return 60; 13 | default: 14 | throw new Error(`unsupported period: ${r.limitPeriod}`); 15 | } 16 | } 17 | 18 | export class RedisRateLimiter implements RateLimiter { 19 | private readonly client: Commands; 20 | 21 | public constructor(redis: Commands) { 22 | this.client = redis; 23 | } 24 | 25 | public async take(policy: Policy, amount: number): Promise { 26 | const {ratelimit} = policy; 27 | 28 | if (!ratelimit) { 29 | return true; 30 | } 31 | 32 | const key = keyForPolicy(policy); 33 | const currentCounter = await this.client.get(key); 34 | 35 | if (currentCounter !== null && (parseInt(currentCounter, 10) + amount) > ratelimit.maximum) { 36 | return false; 37 | } 38 | 39 | const incremented = await this.client.incrby(key, amount); 40 | 41 | if (incremented === amount) { 42 | const ttl = ttlForRL(ratelimit); 43 | await this.client.expire(key, ttl); 44 | } 45 | 46 | return true; 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /src/server.ts: -------------------------------------------------------------------------------- 1 | import {register} from "prom-client"; 2 | import * as config from "config"; 3 | import {IInformerConfig, PolicyConfig, RateLimiterConfig} from "./config"; 4 | import {main} from "./main"; 5 | 6 | main( 7 | config.get("policy"), 8 | config.get("rateLimiter"), 9 | config.get('watcher.emailPolicyInformer'), 10 | config.get('watcher.podInformer'), 11 | register, 12 | ).catch(err => { 13 | console.error(err); 14 | process.exit(1); 15 | }); 16 | -------------------------------------------------------------------------------- /src/stats/recorder.ts: -------------------------------------------------------------------------------- 1 | import {Policy} from "../policy/provider"; 2 | import {Counter, Registry} from "prom-client"; 3 | 4 | export class PrometheusRecorder implements StatisticsRecorder { 5 | private messageCount: Counter; 6 | private rateLimitExceededCount: Counter; 7 | private rejectedCount: Counter; 8 | private rejectedNoPodCount: Counter; 9 | private errorCount: Counter; 10 | 11 | public constructor(register: Registry) { 12 | this.messageCount = new Counter({ 13 | name: "kubemail_received_emails", 14 | help: "amount of received emails", 15 | labelNames: ["pod_namespace", "pod_name", "policy_namespace", "policy_name", "server_namespace", "server_name"], 16 | registers: [register], 17 | }); 18 | this.rateLimitExceededCount = new Counter({ 19 | name: "kubemail_rejected_emails_ratelimit", 20 | help: "amount of emails rejected due to a received rate limit", 21 | labelNames: ["pod_namespace", "pod_name", "policy_namespace", "policy_name", "server_namespace", "server_name"], 22 | registers: [register], 23 | }); 24 | this.rejectedCount = new Counter({ 25 | name: "kubemail_rejected_emails_nopolicy", 26 | help: "amount of emails rejected due to a missing policy", 27 | labelNames: ["pod_namespace", "pod_name"], 28 | registers: [register], 29 | }); 30 | this.rejectedNoPodCount = new Counter({ 31 | name: "kubemail_rejected_emails_nopod", 32 | help: "amount of emails rejected due to not originating from a known Pod IP", 33 | labelNames: [], 34 | registers: [register], 35 | }); 36 | this.errorCount = new Counter({ 37 | name: "kubemail_forward_errors", 38 | help: "amount of errors while forwarding emails to upstream SMTP servers", 39 | labelNames: ["pod_namespace", "pod_name", "policy_namespace", "policy_name", "server_namespace", "server_name"], 40 | registers: [register], 41 | }); 42 | } 43 | 44 | public async observeSent(policy: Policy, sender: string, recipients: string[]): Promise { 45 | this.messageCount.labels( 46 | policy.sourceReference.namespace, 47 | policy.sourceReference.podName, 48 | policy.namespace, 49 | policy.name, 50 | policy.smtp.namespace, 51 | policy.smtp.name, 52 | ).inc(recipients.length); 53 | } 54 | 55 | public async observeRejectedRatelimitExceeded(policy: Policy, sender: string, recipients: string[]): Promise { 56 | this.rateLimitExceededCount.labels( 57 | policy.sourceReference.namespace, 58 | policy.sourceReference.podName, 59 | policy.namespace, 60 | policy.name, 61 | policy.smtp.namespace, 62 | policy.smtp.name, 63 | ).inc(recipients.length); 64 | } 65 | 66 | public async observeError(policy: Policy, sender: string): Promise { 67 | this.errorCount.labels( 68 | policy.sourceReference.namespace, 69 | policy.sourceReference.podName, 70 | policy.namespace, 71 | policy.name, 72 | policy.smtp.namespace, 73 | policy.smtp.name 74 | ).inc(1); 75 | } 76 | 77 | public async observeRejectedNoPolicy(podNamespace: string | undefined, podName: string | undefined): Promise { 78 | if (podNamespace && podName) { 79 | this.rejectedCount.labels(podNamespace, podName).inc(1); 80 | } else { 81 | this.rejectedNoPodCount.inc(1); 82 | } 83 | } 84 | 85 | } 86 | 87 | export interface StatisticsRecorder { 88 | observeSent(policy: Policy, sender: string, recipients: string[]): Promise; 89 | observeRejectedRatelimitExceeded(policy: Policy, sender: string, recipients: string[]): Promise; 90 | observeRejectedNoPolicy(podNamespace: string | undefined, podName: string | undefined): Promise; 91 | observeError(policy: Policy, sender: string): Promise; 92 | } 93 | -------------------------------------------------------------------------------- /src/tester.ts: -------------------------------------------------------------------------------- 1 | import {SMTPServer} from "smtp-server"; 2 | import {readStreamIntoBuffer} from "./util"; 3 | import * as express from "express"; 4 | 5 | const handleInterrupt = () => process.exit(0); 6 | const mails: any[] = []; 7 | 8 | const app = express(); 9 | const server = new SMTPServer({ 10 | authOptional: true, 11 | secure: false, 12 | async onData(stream, session, callback) { 13 | const content = await readStreamIntoBuffer(stream); 14 | const {envelope} = session; 15 | 16 | console.log("mailFrom: " + JSON.stringify(envelope.mailFrom)); 17 | console.log("rcptTo: " + JSON.stringify(envelope.rcptTo)); 18 | console.log(content.toString("base64")); 19 | 20 | mails.push({ 21 | mailFrom: envelope.mailFrom, 22 | rcptTo: envelope.rcptTo, 23 | body: content.toString("utf-8"), 24 | }); 25 | 26 | callback(); 27 | } 28 | }); 29 | 30 | app.get("/emails", (req, res) => { 31 | res.json(mails); 32 | }); 33 | 34 | process.on("SIGINT", handleInterrupt); 35 | process.on("SIGTERM", handleInterrupt); 36 | 37 | app.listen(8080); 38 | server.listen(1025); 39 | -------------------------------------------------------------------------------- /src/upstream/smtp.ts: -------------------------------------------------------------------------------- 1 | import {ForwardPolicy} from "../policy/provider"; 2 | import * as SMTPConnection from "nodemailer/lib/smtp-connection"; 3 | import {AuthenticationCredentials, Envelope, SentMessageInfo} from "nodemailer/lib/smtp-connection"; 4 | import {SMTPServerEnvelope} from "smtp-server"; 5 | 6 | export interface SMTPUpstreamOptions { 7 | name: string; 8 | connectionTimeout?: number; 9 | socketTimeout?: number; 10 | } 11 | 12 | const debug = require("debug")("upstream:smtp"); 13 | const defaultOptions: SMTPUpstreamOptions = { 14 | name: "kube-mail.local" 15 | }; 16 | 17 | export class SMTPUpstream { 18 | 19 | private options: SMTPUpstreamOptions; 20 | 21 | public constructor(options: Partial = {}) { 22 | this.options = {...defaultOptions, ...options}; 23 | } 24 | 25 | public async forward(policy: ForwardPolicy, envelope: SMTPServerEnvelope, message: Buffer): Promise { 26 | const {auth} = policy.smtp; 27 | const {mailFrom} = envelope; 28 | 29 | if (!mailFrom) { 30 | throw new Error("incomplete envelope") 31 | } 32 | 33 | const conn = await this.connectionForPolicy(policy); 34 | 35 | if (auth) { 36 | debug("authenticating as %o", auth.username); 37 | await conn.login({ 38 | credentials: { 39 | user: auth.username, 40 | pass: auth.password, 41 | } 42 | }) 43 | } 44 | 45 | debug("sending message"); 46 | 47 | await conn.send({ 48 | from: mailFrom.address, 49 | to: envelope.rcptTo.map(r => r.address), 50 | }, message); 51 | 52 | conn.close(); 53 | 54 | debug("message sent"); 55 | } 56 | 57 | private connectionForPolicy(policy: ForwardPolicy): Promise { 58 | const {server, port, connect, auth} = policy.smtp; 59 | const enableDebug = policy.smtp.debug === undefined ? false : policy.smtp.debug; 60 | const enableLogger = policy.smtp.logger === undefined ? false : policy.smtp.logger; 61 | const {name, connectionTimeout, socketTimeout} = this.options; 62 | 63 | debug("connecting to SMTP server %o, port %o", server, port); 64 | 65 | const conn = new SMTPConnection({ 66 | host: server, 67 | port: port, 68 | secure: connect === "ssl", 69 | ignoreTLS: connect === "plain", 70 | requireTLS: connect === "starttls", 71 | name, 72 | connectionTimeout, 73 | socketTimeout, 74 | authMethod: auth ? auth.method : undefined, 75 | debug: enableDebug, 76 | logger: enableLogger, 77 | }); 78 | 79 | return new Promise((res, rej) => { 80 | conn.on("error", err => { 81 | debug("error on connection: %o", err); 82 | rej(err); 83 | }); 84 | 85 | conn.connect(() => { 86 | debug("connection established"); 87 | res(new PromisifiedSMTPConnection(conn)); 88 | }); 89 | }); 90 | } 91 | 92 | } 93 | 94 | class PromisifiedSMTPConnection { 95 | 96 | public constructor(private inner: SMTPConnection) { 97 | } 98 | 99 | public login(auth: AuthenticationCredentials): Promise { 100 | return new Promise((res, rej) => { 101 | this.inner.login(auth, err => { 102 | err ? rej(err) : res(); 103 | }); 104 | }); 105 | } 106 | 107 | public send(envelope: Envelope, message: Buffer): Promise { 108 | return new Promise((res, rej) => { 109 | this.inner.send(envelope, message, (err, info) => { 110 | if (err) { 111 | rej(err); 112 | return; 113 | } 114 | 115 | res(info); 116 | }); 117 | }) 118 | } 119 | 120 | public close() { 121 | this.inner.close(); 122 | } 123 | 124 | } 125 | -------------------------------------------------------------------------------- /src/util.ts: -------------------------------------------------------------------------------- 1 | import {Readable, Stream} from "stream"; 2 | 3 | export const readStreamIntoBuffer = (stream: Readable): Promise => { 4 | return new Promise((res, rej) => { 5 | const buffers: Buffer[] = []; 6 | 7 | stream.on("data", chunk => { 8 | if (!(chunk instanceof Buffer)) { 9 | chunk = Buffer.from(chunk, "utf-8"); 10 | } 11 | buffers.push(chunk); 12 | }); 13 | 14 | stream.on("end", () => { 15 | res(Buffer.concat(buffers)); 16 | }); 17 | 18 | stream.on("error", rej); 19 | }); 20 | }; 21 | 22 | export declare class TypedStream extends Stream { 23 | on(event: "data", callback: (obj: T) => any): any; 24 | on(event: "end", callback: () => any): any; 25 | on(event: "error", callback: (err: Error) => any): any; 26 | } 27 | -------------------------------------------------------------------------------- /tests/integration/setup/policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kube-mail.helmich.me/v1alpha1 2 | kind: EmailPolicy 3 | metadata: 4 | name: default 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | foo: bar 9 | sink: 10 | smtp: 11 | server: 12 | name: default-smtp 13 | namespace: default 14 | --- 15 | apiVersion: kube-mail.helmich.me/v1alpha1 16 | kind: EmailPolicy 17 | metadata: 18 | name: ratelimited 19 | spec: 20 | podSelector: 21 | matchLabels: 22 | ratelimited: "true" 23 | ratelimiting: 24 | maximum: 1 25 | period: "hour" 26 | sink: 27 | smtp: 28 | server: 29 | name: default-smtp 30 | namespace: default 31 | -------------------------------------------------------------------------------- /tests/integration/setup/sender.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: tester-ssmtp 5 | data: 6 | ssmtp.conf: | 7 | mailhub=kube-mail.default.svc:25 8 | UserSTARTTLS=NO 9 | -------------------------------------------------------------------------------- /tests/integration/setup/smtpserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kube-mail.helmich.me/v1alpha1 2 | kind: SMTPServer 3 | metadata: 4 | name: default-smtp 5 | spec: 6 | server: upstream 7 | port: 25 8 | tls: false 9 | --- 10 | apiVersion: v1 11 | kind: Service 12 | metadata: 13 | name: upstream 14 | spec: 15 | selector: 16 | app: upstream 17 | ports: 18 | - targetPort: 1025 19 | port: 25 20 | --- 21 | apiVersion: v1 22 | kind: Pod 23 | metadata: 24 | name: upstream 25 | labels: 26 | app: upstream 27 | spec: 28 | containers: 29 | - name: smtp 30 | ports: 31 | - containerPort: 1025 32 | - containerPort: 8080 33 | image: kube-mail 34 | imagePullPolicy: Never 35 | command: ["/usr/local/bin/node", "dist/tester.js"] 36 | -------------------------------------------------------------------------------- /tests/integration/smtp_delivery.test.ts: -------------------------------------------------------------------------------- 1 | import {FileBasedConfig, IKubernetesAPI, KubernetesAPI, KubernetesRESTClient} from "@mittwald/kubernetes"; 2 | import {KubemailCustomResourceAPI, KubemailCustomResourceAPIInterface} from "../../src/k8s/api"; 3 | import {Registry} from "prom-client"; 4 | import {PodWithStatus} from "@mittwald/kubernetes/types/core/v1"; 5 | import {ObjectMeta} from "@mittwald/kubernetes/types/meta/v1"; 6 | import axios from "axios"; 7 | 8 | describe("SMTP delivery", () => { 9 | const config = new FileBasedConfig("./kind-kubeconfig"); 10 | const client = new KubernetesRESTClient(config); 11 | const registry = new Registry(); 12 | const api: IKubernetesAPI & KubemailCustomResourceAPIInterface = new KubernetesAPI(client, registry) 13 | .extend("kubemail", new KubemailCustomResourceAPI(client, registry)); 14 | 15 | jest.setTimeout(300 * 1000); 16 | 17 | const sleep = (t: number) => new Promise(res => setTimeout(res, t)); 18 | const waitUntilPodCompletion = async (pod: PodWithStatus) => { 19 | while (pod.status.phase !== "Succeeded") { 20 | await sleep(1000); 21 | const updatedPod = await api.core().v1().pods().namespace(pod.metadata.namespace!).get(pod.metadata.name); 22 | 23 | if (!updatedPod) { 24 | throw new Error("pod was deleted"); 25 | } 26 | 27 | if (updatedPod.status.phase === "Failed") { 28 | throw new Error("pod has failed"); 29 | } 30 | 31 | pod = updatedPod; 32 | } 33 | } 34 | const waitUntilPodFailure = async (pod: PodWithStatus) => { 35 | while (pod.status.phase !== "Failed") { 36 | await sleep(1000); 37 | const updatedPod = await api.core().v1().pods().namespace(pod.metadata.namespace!).get(pod.metadata.name); 38 | 39 | if (!updatedPod) { 40 | throw new Error("pod was deleted"); 41 | } 42 | 43 | if (updatedPod.status.phase === "Succeeded") { 44 | throw new Error("pod has succeeded"); 45 | } 46 | 47 | pod = updatedPod; 48 | } 49 | } 50 | 51 | const sendMailFromPod = async (to: string, labels: Record): Promise => { 52 | return await api.core().v1().pods().namespace("default").post({ 53 | metadata: { 54 | generateName: "tester-", 55 | labels, 56 | } as any as ObjectMeta, 57 | spec: { 58 | restartPolicy: "Never", 59 | containers: [{ 60 | name: "tester", 61 | image: "alpine:latest", 62 | command: ["sh", "-c"], 63 | args: [`apk add -U ssmtp && ln -sf /etc/kube-ssmtp/ssmtp.conf /etc/ssmtp/ssmtp.conf && sleep 3 && echo "Hello World!" | ssmtp -vvv ${to}`], 64 | volumeMounts: [{ 65 | name: "ssmtp-config", 66 | mountPath: "/etc/kube-ssmtp", 67 | readOnly: true, 68 | }] 69 | }], 70 | volumes: [{ 71 | name: "ssmtp-config", 72 | configMap: { 73 | name: "tester-ssmtp" 74 | } 75 | }] 76 | } 77 | }); 78 | } 79 | 80 | const mailWasSentFromRecipient = async (from: string): Promise => { 81 | const response = await axios.get("http://localhost:8080/emails"); 82 | const data: Array<{mailFrom: {address: string}}> = response.data; 83 | const mail = data.find((a: any) => a.mailFrom.address === from); 84 | 85 | return !!mail; 86 | } 87 | 88 | test("mail from Pod matching policy is delivered", async () => { 89 | const pod = await sendMailFromPod("test@kube-mail.example", {"foo": "bar"}); 90 | 91 | await waitUntilPodCompletion(pod); 92 | await sleep(3); 93 | 94 | await expect(mailWasSentFromRecipient(`root@${pod.metadata.name}`)).resolves.not.toBeFalsy(); 95 | }); 96 | 97 | test("mail from Pod NOT matching policy is not delivered", async () => { 98 | const pod = await sendMailFromPod("test@kube-mail.example", {"foo": "baz"}); 99 | 100 | await waitUntilPodFailure(pod); 101 | await sleep(3); 102 | 103 | await expect(mailWasSentFromRecipient(`root@${pod.metadata.name}`)).resolves.toBeFalsy(); 104 | }); 105 | 106 | test("metrics are exported", async () => { 107 | const response = await axios.get("http://localhost:9100/metrics"); 108 | 109 | expect(response.data).toMatch(/kubemail_received_emails{pod_namespace="default",pod_name=".*",policy_namespace="default",policy_name="default",server_namespace="default",server_name="default-smtp"}/) 110 | }); 111 | 112 | test("mails are rate-limited", async () => { 113 | const firstPod = await sendMailFromPod("test@kube-mail.example", {"ratelimited": "true"}); 114 | await waitUntilPodCompletion(firstPod); 115 | 116 | const secondPod = await sendMailFromPod("test@kube-mail.example", {"ratelimited": "true"}); 117 | await waitUntilPodFailure(secondPod); 118 | 119 | await sleep(3); 120 | 121 | await expect(mailWasSentFromRecipient(`root@${firstPod.metadata.name}`)).resolves.not.toBeFalsy(); 122 | await expect(mailWasSentFromRecipient(`root@${secondPod.metadata.name}`)).resolves.toBeFalsy(); 123 | }); 124 | }); 125 | -------------------------------------------------------------------------------- /tests/unit/k8s/policy_store.test.ts: -------------------------------------------------------------------------------- 1 | import {EmailPolicy} from "../../../src/k8s/types/v1alpha1/emailpolicy"; 2 | import {PolicyStore} from "../../../src/k8s/policy_store"; 3 | 4 | describe("PolicyStore", () => { 5 | const defaultPolicy: EmailPolicy = { 6 | metadata: {name: "default", namespace: "default"}, 7 | spec: { 8 | default: true, 9 | sink: { 10 | smtp: { 11 | credentials: {name: "default-smtp"}, 12 | server: {name: "default-smtp"}, 13 | }, 14 | } 15 | } 16 | }; 17 | 18 | const fooPolicy: EmailPolicy = { 19 | metadata: {name: "foo", namespace: "default"}, 20 | spec: { 21 | podSelector: {matchLabels: {"foo": "bar"}}, 22 | sink: { 23 | smtp: { 24 | credentials: {name: "default-smtp"}, 25 | server: {name: "default-smtp"}, 26 | }, 27 | } 28 | } 29 | }; 30 | 31 | const barPolicy: EmailPolicy = { 32 | metadata: {name: "bar", namespace: "default"}, 33 | spec: { 34 | podSelector: {matchLabels: {"bar": "123", "baz": "321"}}, 35 | sink: { 36 | smtp: { 37 | credentials: {name: "default-smtp"}, 38 | server: {name: "default-smtp"}, 39 | }, 40 | } 41 | } 42 | }; 43 | 44 | let store: PolicyStore; 45 | 46 | beforeEach(() => { 47 | store = new PolicyStore(); 48 | 49 | [defaultPolicy, fooPolicy, barPolicy].forEach(store.store.bind(store)); 50 | }); 51 | 52 | test("policies can be inserted and retrieved", async () => { 53 | await expect(store.get("default", "default")).resolves.toBe(defaultPolicy); 54 | await expect(store.get("default", "foo")).resolves.toBe(fooPolicy); 55 | await expect(store.get("default", "bar")).resolves.toBe(barPolicy); 56 | }); 57 | 58 | test("can select policy based on namespace selector with single selected label", () => { 59 | const labels = {"foo": "bar", "bar": "baz"}; 60 | const match = store.match("default", labels); 61 | 62 | expect(match).toHaveLength(1); 63 | expect(match[0]).toBe(fooPolicy); 64 | }); 65 | 66 | 67 | test("can select policy based on namespace selector outside of namespace", () => { 68 | const labels = {"foo": "bar", "bar": "baz"}; 69 | const match = store.match("other", labels); 70 | 71 | expect(match).toHaveLength(1); 72 | expect(match[0]).toBe(defaultPolicy); 73 | }); 74 | 75 | test("can select policy based on namespace selector with multiple selected label", () => { 76 | const labels = {"bar": "123", "baz": "321"}; 77 | const match = store.match("default", labels); 78 | 79 | expect(match).toHaveLength(1); 80 | expect(match[0]).toBe(barPolicy); 81 | }); 82 | }); 83 | -------------------------------------------------------------------------------- /tsconfig.base.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "module": "commonjs", 4 | "declaration": true, 5 | "sourceMap": true, 6 | "noImplicitAny": true, 7 | "experimentalDecorators": true, 8 | "emitDecoratorMetadata": true, 9 | "strictNullChecks": true, 10 | "target": "es6", 11 | "outDir": "dist", 12 | "lib": ["es6", "dom"] 13 | }, 14 | "target": "es6" 15 | } -------------------------------------------------------------------------------- /tsconfig.build.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "include": [ 4 | "src/**/*" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "include": [ 4 | "src/**/*", 5 | "tests/**/*", 6 | "tests_compile/**/*" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /tsconfig.test.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "compilerOptions": { 4 | "outDir": "tests_compile_out" 5 | }, 6 | "include": [ 7 | "tests_compile/**/*" 8 | ] 9 | } 10 | --------------------------------------------------------------------------------