├── CODEOWNERS ├── .dockerignore ├── scripts ├── release ├── ci ├── dev-server.sh ├── dev-k8s-only-server.sh ├── entry ├── package-cli ├── build ├── test ├── glide-lock-to-vendor-conf.sh ├── package-image ├── symlink-k8s.sh ├── version ├── dev-agent.sh ├── package ├── validate └── package-tar ├── .gitignore ├── pkg ├── constants.go ├── service │ ├── handlers │ │ ├── healthcheck.go │ │ ├── httperror.go │ │ ├── kube-api-handlers.go │ │ └── v1-kube-api-authn.go │ └── server.go └── api │ └── v1 │ └── types │ ├── v1-authn-request.go │ └── v1-authn-response.go ├── .github ├── renovate.json └── workflows │ ├── renovate-vault.yml │ ├── ci.yml │ └── release.yml ├── .golangci.json ├── Makefile ├── package └── Dockerfile ├── Dockerfile.dapper ├── README.md ├── main.go ├── LICENSE ├── go.mod └── go.sum /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @rancher/collie 2 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | ./bin 2 | ./.dapper 3 | ./.cache 4 | ./dist 5 | -------------------------------------------------------------------------------- /scripts/release: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | exec $(dirname $0)/ci 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.dapper 2 | /.cache 3 | /bin 4 | /dist 5 | *.swp 6 | /kube-api-auth 7 | /trash.lock 8 | /.idea 9 | -------------------------------------------------------------------------------- /scripts/ci: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd $(dirname $0) 5 | 6 | ./build 7 | ./test 8 | ./validate 9 | ./package 10 | -------------------------------------------------------------------------------- /scripts/dev-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd $(dirname $0)/../bin 5 | 6 | echo Running 7 | go run -tags k3s ../cli/main.go --debug server --disable-agent 8 | -------------------------------------------------------------------------------- /scripts/dev-k8s-only-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd $(dirname $0)/../bin 5 | 6 | echo Running 7 | go run -tags k3s ../cli/main.go --debug server --disable-controllers --disable-agent 8 | -------------------------------------------------------------------------------- /scripts/entry: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | mkdir -p bin dist 5 | if [ -e ./scripts/$1 ]; then 6 | ./scripts/"$@" 7 | else 8 | exec "$@" 9 | fi 10 | 11 | chown -R $DAPPER_UID:$DAPPER_GID . 12 | -------------------------------------------------------------------------------- /pkg/constants.go: -------------------------------------------------------------------------------- 1 | package kubeapiauth 2 | 3 | const ( 4 | DefaultK8sAPIVersion = "authentication.k8s.io/v1beta1" 5 | DefaultAuthnKind = "TokenReview" 6 | DefaultNamespace = "cattle-system" 7 | DefaultListenHostPort = "127.0.0.1:6440" 8 | ) 9 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "github>rancher/renovate-config#release" 5 | ], 6 | "baseBranchPatterns": [ 7 | "main" 8 | ], 9 | "prHourlyLimit": 2 10 | } 11 | -------------------------------------------------------------------------------- /scripts/package-cli: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | source $(dirname $0)/version 5 | 6 | cd $(dirname $0)/../image 7 | ./build 8 | 9 | cp ../bin/kube-api-auth-full ../bin/kube-api-auth 10 | echo -n "_sqmagic_" >> ../bin/kube-api-auth 11 | cat main.squashfs >> ../bin/kube-api-auth 12 | -------------------------------------------------------------------------------- /scripts/build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | source $(dirname $0)/version 5 | 6 | cd $(dirname $0)/.. 7 | 8 | mkdir -p bin 9 | [ "$(uname)" != "Darwin" ] && LINKFLAGS="-extldflags -static -s" 10 | CGO_ENABLED=0 go build -ldflags "-X main.VERSION=$VERSION $LINKFLAGS" -o bin/kube-api-auth 11 | -------------------------------------------------------------------------------- /.golangci.json: -------------------------------------------------------------------------------- 1 | { 2 | "formatters": { 3 | "enable": [ 4 | "gofmt" 5 | ] 6 | }, 7 | "linters": { 8 | "default": "none", 9 | "enable": [ 10 | "govet", 11 | "ineffassign", 12 | "staticcheck", 13 | "unused" 14 | ] 15 | }, 16 | "version": "2" 17 | } 18 | -------------------------------------------------------------------------------- /pkg/service/handlers/healthcheck.go: -------------------------------------------------------------------------------- 1 | package handlers 2 | 3 | import ( 4 | "net/http" 5 | 6 | log "github.com/sirupsen/logrus" 7 | ) 8 | 9 | func HealthcheckHandler() http.HandlerFunc { 10 | return healthcheck 11 | } 12 | 13 | func healthcheck(_ http.ResponseWriter, _ *http.Request) { 14 | log.Info("healthcheck") 15 | } 16 | -------------------------------------------------------------------------------- /pkg/api/v1/types/v1-authn-request.go: -------------------------------------------------------------------------------- 1 | package types 2 | 3 | type V1AuthnRequestSpec struct { 4 | Token string `json:"token"` 5 | } 6 | 7 | type V1AuthnRequest struct { 8 | APIVersion string `json:"apiVersion"` 9 | Kind string `json:"kind"` 10 | Spec V1AuthnRequestSpec `json:"spec"` 11 | } 12 | -------------------------------------------------------------------------------- /scripts/test: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd $(dirname $0)/.. 5 | 6 | echo Running tests 7 | 8 | PACKAGES=". $(find -name '*.go' | xargs -I{} dirname {} | cut -f2 -d/ | sort -u | grep -Ev '(^\.$|.git|vendor|bin)' | sed -e 's!^!./!' -e 's!$!/...!')" 9 | 10 | [ "${ARCH}" == "amd64" ] && RACE=-race 11 | go test ${RACE} -cover -tags=test ${PACKAGES} 12 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | TARGETS := $(shell ls scripts) 2 | 3 | .dapper: 4 | @echo Downloading dapper 5 | @curl -sL https://releases.rancher.com/dapper/latest/dapper-`uname -s`-`uname -m` > .dapper.tmp 6 | @@chmod +x .dapper.tmp 7 | @./.dapper.tmp -v 8 | @mv .dapper.tmp .dapper 9 | 10 | $(TARGETS): .dapper 11 | ./.dapper $@ 12 | 13 | .DEFAULT_GOAL := ci 14 | 15 | .PHONY: $(TARGETS) 16 | -------------------------------------------------------------------------------- /scripts/glide-lock-to-vendor-conf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | > /etc/passwd && \ 6 | echo "$user:x:1000:" >> /etc/group && \ 7 | mkdir /home/$user && \ 8 | chown -R $user:$user /home/$user 9 | 10 | COPY kube-api-auth /usr/bin/ 11 | 12 | USER $user 13 | 14 | CMD ["kube-api-auth", "serve"] 15 | -------------------------------------------------------------------------------- /scripts/package-image: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | source $(dirname $0)/version 5 | 6 | cd $(dirname $0)/../package 7 | 8 | TAG=${TAG:-${VERSION}${SUFFIX}} 9 | REPO=${REPO:-rancher} 10 | 11 | cp ../bin/kube-api-auth ./kube-api-auth 12 | 13 | IMAGE=${REPO}/kube-api-auth:${TAG} 14 | docker build -t ${IMAGE} . 15 | mkdir -p ../dist 16 | echo ${IMAGE} > ../dist/images 17 | echo Built ${IMAGE} 18 | -------------------------------------------------------------------------------- /scripts/symlink-k8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ ! -d $1/staging/src/k8s.io ]; then 4 | echo Kubernetes source not found at $1 5 | exit 1 6 | fi 7 | 8 | cd $(dirname $0)/../vendor/k8s.io 9 | for i in $1/staging/src/k8s.io/*; do 10 | rm -rf $(basename $i) 11 | ln -s $i . 12 | done 13 | rm -rf kubernetes 14 | mkdir -p kubernetes 15 | cd kubernetes 16 | ln -s $1/{cmd,pkg,plugin,third_party} . 17 | -------------------------------------------------------------------------------- /pkg/service/handlers/httperror.go: -------------------------------------------------------------------------------- 1 | package handlers 2 | 3 | import ( 4 | "net/http" 5 | 6 | log "github.com/sirupsen/logrus" 7 | ) 8 | 9 | // ReturnHTTPError handles sending out CatalogError response 10 | func ReturnHTTPError(w http.ResponseWriter, _ *http.Request, httpStatus int, errorMessage string) { 11 | log.Error(errorMessage) 12 | w.Header().Set("Content-Type", "application/json") 13 | w.WriteHeader(httpStatus) 14 | } 15 | -------------------------------------------------------------------------------- /scripts/version: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -n "$(git status --porcelain --untracked-files=no)" ]; then 4 | DIRTY="-dirty" 5 | fi 6 | 7 | COMMIT="$(git rev-parse --short HEAD)" 8 | GIT_TAG="$(git tag -l --contains HEAD | head -n 1)" 9 | 10 | if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then 11 | VERSION=$GIT_TAG 12 | else 13 | VERSION="${COMMIT}${DIRTY}" 14 | fi 15 | 16 | if [ -z "$ARCH" ]; then 17 | ARCH=amd64 18 | fi 19 | -------------------------------------------------------------------------------- /scripts/dev-agent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd $(dirname $0)/../bin 5 | 6 | # Prime sudo 7 | sudo echo Compiling CLI 8 | go build -tags k3s -o kube-api-auth-agent ../cli/main.go 9 | 10 | echo Building image and agent 11 | ../image/build 12 | 13 | echo Running 14 | exec sudo ENTER_ROOT=../image/main.squashfs ./kube-api-auth-agent --debug agent -s https://localhost:7443 -t $(<${HOME}/.rancher/kube-api-auth/server/node-token) 15 | -------------------------------------------------------------------------------- /scripts/package: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | source $(dirname $0)/version 5 | 6 | ARCH=${ARCH:-"amd64"} 7 | SUFFIX="" 8 | [ "${ARCH}" != "amd64" ] && SUFFIX="_${ARCH}" 9 | 10 | cd $(dirname $0)/../package 11 | 12 | TAG=${TAG:-${VERSION}${SUFFIX}} 13 | REPO=${REPO:-rancher} 14 | 15 | if echo $TAG | grep -q dirty; then 16 | TAG=dev 17 | fi 18 | 19 | cp ../bin/kube-api-auth . 20 | 21 | IMAGE=${REPO}/kube-api-auth:${TAG} 22 | docker build -t ${IMAGE} . 23 | echo ${IMAGE} > ../dist/images 24 | echo Built ${IMAGE} 25 | -------------------------------------------------------------------------------- /scripts/validate: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd $(dirname $0)/.. 5 | 6 | echo Running validation 7 | 8 | echo Tidying up modules 9 | go mod tidy 10 | 11 | echo Verifying modules 12 | go mod verify 13 | 14 | if [ -n "$(git status --porcelain --untracked-files=no)" ]; then 15 | echo "Encountered dirty repo!" 16 | exit 1 17 | fi 18 | 19 | PACKAGES="$(go list ./...)" 20 | echo Running: go fmt 21 | test -z "$(go fmt ${PACKAGES} | tee /dev/stderr)" 22 | 23 | if ! command -v golangci-lint; then 24 | echo "Skipping validation on ARCHs other than linux amd64" 25 | exit 26 | fi 27 | 28 | echo Running: golangci-lint 29 | golangci-lint run -v 30 | -------------------------------------------------------------------------------- /Dockerfile.dapper: -------------------------------------------------------------------------------- 1 | FROM registry.suse.com/bci/golang:1.23 2 | 3 | ARG DAPPER_HOST_ARCH 4 | ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH} 5 | 6 | RUN zypper -n install git docker vim less file curl wget 7 | 8 | RUN if [[ "${ARCH}" == "amd64" ]]; then \ 9 | curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.61.0; \ 10 | fi 11 | 12 | ENV DAPPER_ENV REPO TAG 13 | ENV DAPPER_SOURCE /go/src/github.com/rancher/kube-api-auth 14 | ENV DAPPER_OUTPUT ./bin ./dist 15 | ENV DAPPER_DOCKER_SOCKET true 16 | ENV HOME ${DAPPER_SOURCE} 17 | WORKDIR ${DAPPER_SOURCE} 18 | 19 | ENTRYPOINT ["./scripts/entry"] 20 | CMD ["ci"] 21 | -------------------------------------------------------------------------------- /scripts/package-tar: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname $0)/.. 4 | 5 | . ./scripts/version 6 | 7 | mkdir -p dist/artifacts 8 | 9 | tar cvzf dist/artifacts/kube-api-auth-${VERSION}-linux-amd64.tar.gz -h bin/kube-api-auth --xform='s!^bin!kube-api-auth-'${VERSION}'-linux-amd64!' 10 | # tar cvzf dist/artifacts/kube-api-auth-${VERSION}-darwin.tar.gz bin/kube-api-auth-darwin --xform='s!.*!kube-api-auth-'${VERSION}'-darwin/kube-api-auth!' 11 | 12 | # W=kube-api-auth-${VERSION}-windows 13 | # mkdir -p $W 14 | # trap "rm -rf $W" EXIT 15 | 16 | # cp -f bin/kube-api-auth-windows $W/kube-api-auth.exe 17 | # zip dist/artifacts/kube-api-auth-${VERSION}-windows.zip $W/kube-api-auth.exe 18 | -------------------------------------------------------------------------------- /pkg/api/v1/types/v1-authn-response.go: -------------------------------------------------------------------------------- 1 | package types 2 | 3 | type V1AuthnResponseUser struct { 4 | UserName string `json:"username,omitempty"` 5 | UID string `json:"uid,omitempty"` 6 | Groups []string `json:"groups,omitempty"` 7 | Extra map[string]string `json:"extra,omitempty"` 8 | } 9 | 10 | type V1AuthnResponseStatus struct { 11 | Authenticated bool `json:"authenticated"` 12 | User *V1AuthnResponseUser `json:"user,omitempty"` 13 | } 14 | 15 | type V1AuthnResponse struct { 16 | APIVersion string `json:"apiVersion"` 17 | Kind string `json:"kind"` 18 | Status V1AuthnResponseStatus `json:"status"` 19 | } 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # kube-api-auth 2 | 3 | A microservice for user authentication in kubernetes clusters. 4 | 5 | ## Building 6 | 7 | `make` 8 | 9 | ## Running 10 | 11 | `./bin/kube-api-auth` 12 | 13 | ## Contact 14 | 15 | For bugs, questions, comments, corrections, suggestions, etc., open an issue in rancher/rancher with a title starting with `[kube-api-auth]`. 16 | 17 | Or just [click here](//github.com/rancher/rancher/issues/new?title=%5Bkube-api-auth%5D%20) to create a new issue. 18 | 19 | ## License 20 | 21 | Copyright (c) 2019 [Rancher Labs, Inc.](http://rancher.com) 22 | 23 | Licensed under the Apache License, Version 2.0 (the "License"); 24 | you may not use this file except in compliance with the License. 25 | You may obtain a copy of the License at 26 | 27 | [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0) 28 | 29 | Unless required by applicable law or agreed to in writing, software 30 | distributed under the License is distributed on an "AS IS" BASIS, 31 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 32 | See the License for the specific language governing permissions and 33 | limitations under the License. 34 | -------------------------------------------------------------------------------- /pkg/service/handlers/kube-api-handlers.go: -------------------------------------------------------------------------------- 1 | package handlers 2 | 3 | import ( 4 | clusterv3 "github.com/rancher/rancher/pkg/generated/norman/cluster.cattle.io/v3" 5 | corev1 "github.com/rancher/rancher/pkg/generated/norman/core/v1" 6 | ) 7 | 8 | type KubeAPIHandlers struct { 9 | namespace string 10 | clusterAuthTokens clusterv3.ClusterAuthTokenInterface 11 | clusterAuthTokensLister clusterv3.ClusterAuthTokenLister 12 | clusterUserAttribute clusterv3.ClusterUserAttributeInterface 13 | clusterUserAttributeLister clusterv3.ClusterUserAttributeLister 14 | configMapLister corev1.ConfigMapLister 15 | secrets corev1.SecretInterface 16 | secretLister corev1.SecretLister 17 | } 18 | 19 | func NewKubeAPIHandlers(namespace string, clusterAPI clusterv3.Interface, coreAPI corev1.Interface) *KubeAPIHandlers { 20 | return &KubeAPIHandlers{ 21 | namespace: namespace, 22 | clusterAuthTokens: clusterAPI.ClusterAuthTokens(namespace), 23 | clusterAuthTokensLister: clusterAPI.ClusterAuthTokens(namespace).Controller().Lister(), 24 | clusterUserAttribute: clusterAPI.ClusterUserAttributes(namespace), 25 | clusterUserAttributeLister: clusterAPI.ClusterUserAttributes(namespace).Controller().Lister(), 26 | configMapLister: coreAPI.ConfigMaps(namespace).Controller().Lister(), 27 | secrets: coreAPI.Secrets(namespace), 28 | secretLister: coreAPI.Secrets(namespace).Controller().Lister(), 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /pkg/service/server.go: -------------------------------------------------------------------------------- 1 | package service 2 | 3 | import ( 4 | "context" 5 | "net/http" 6 | "time" 7 | 8 | "github.com/gorilla/mux" 9 | "github.com/rancher/kube-api-auth/pkg/service/handlers" 10 | "github.com/rancher/norman/pkg/kwrapper/k8s" 11 | clusterv3 "github.com/rancher/rancher/pkg/generated/norman/cluster.cattle.io/v3" 12 | corev1 "github.com/rancher/rancher/pkg/generated/norman/core/v1" 13 | "github.com/rancher/rancher/pkg/wrangler" 14 | log "github.com/sirupsen/logrus" 15 | ) 16 | 17 | func Serve(listen, namespace, kubeConfig string) error { 18 | log.Info("Starting Rancher Kube-API-Auth service on ", listen) 19 | 20 | ctx := context.Background() 21 | 22 | _, clientConfig, err := k8s.GetConfig(ctx, "auto", kubeConfig) 23 | if err != nil { 24 | return err 25 | } 26 | 27 | restConfig, err := clientConfig.ClientConfig() 28 | if err != nil { 29 | return err 30 | } 31 | 32 | wranglerCtx, err := wrangler.NewContext(ctx, clientConfig, restConfig) 33 | if err != nil { 34 | return err 35 | } 36 | clusterAPI := clusterv3.NewFromControllerFactory(wranglerCtx.ControllerFactory) 37 | coreAPI := corev1.NewFromControllerFactory(wranglerCtx.ControllerFactory) 38 | 39 | // API framework routes 40 | kubeAPIHandlers := handlers.NewKubeAPIHandlers(namespace, clusterAPI, coreAPI) 41 | router := RouteContext(kubeAPIHandlers) 42 | 43 | go func() { 44 | for { 45 | if err := wranglerCtx.ControllerFactory.Start(ctx, 5); err != nil { 46 | log.Error(err) 47 | time.Sleep(2 * time.Second) 48 | } else { 49 | break 50 | } 51 | } 52 | }() 53 | 54 | return http.ListenAndServe(listen, router) 55 | } 56 | 57 | func RouteContext(kubeAPIHandlers *handlers.KubeAPIHandlers) *mux.Router { 58 | router := mux.NewRouter().StrictSlash(true) 59 | // Healthcheck endpoint 60 | router.Methods("GET").Path("/healthcheck").Handler(handlers.HealthcheckHandler()) 61 | // V1 Authenticate endpoint 62 | router.Methods("POST").Path("/v1/authenticate").Handler(kubeAPIHandlers.V1AuthenticateHandler()) 63 | 64 | return router 65 | } 66 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | 6 | kubeapiauth "github.com/rancher/kube-api-auth/pkg" 7 | "github.com/rancher/kube-api-auth/pkg/service" 8 | log "github.com/sirupsen/logrus" 9 | "github.com/urfave/cli" 10 | ) 11 | 12 | var VERSION = "v0.0.0-dev" 13 | 14 | var appConfig = struct { 15 | Listen string 16 | Namespace string 17 | Kubeconfig string 18 | }{} 19 | 20 | func main() { 21 | textFormatter := &log.TextFormatter{ 22 | FullTimestamp: true, 23 | } 24 | log.SetFormatter(textFormatter) 25 | 26 | app := cli.NewApp() 27 | app.Name = "kube-api-auth" 28 | app.Usage = "Rancher Kubernetes API auth service" 29 | app.Author = "Rancher Labs, Inc." 30 | app.Version = VERSION 31 | 32 | app.Flags = []cli.Flag{ 33 | cli.BoolFlag{ 34 | Name: "debug", 35 | Usage: "Set true to get debug logs", 36 | }, 37 | cli.StringFlag{ 38 | Name: "kubeconfig", 39 | EnvVar: "KUBECONFIG", 40 | Usage: "Kube config for accessing k8s cluster", 41 | Destination: &appConfig.Kubeconfig, 42 | }, 43 | cli.StringFlag{ 44 | Name: "namespace", 45 | Value: kubeapiauth.DefaultNamespace, 46 | Usage: "Namespace of secrets", 47 | Destination: &appConfig.Namespace, 48 | }, 49 | } 50 | 51 | app.Commands = []cli.Command{ 52 | { 53 | Name: "create", 54 | Action: createToken, 55 | }, 56 | { 57 | Name: "serve", 58 | Action: startService, 59 | Flags: []cli.Flag{ 60 | cli.StringFlag{ 61 | Name: "listen, l", 62 | Value: kubeapiauth.DefaultListenHostPort, 63 | Usage: "host:port to listen on (TCP)", 64 | Destination: &appConfig.Listen, 65 | }, 66 | }, 67 | }, 68 | } 69 | app.Before = appBefore 70 | 71 | if err := app.Run(os.Args); err != nil { 72 | log.Fatal(err) 73 | } 74 | } 75 | 76 | func appBefore(c *cli.Context) error { 77 | if c.GlobalBool("debug") { 78 | log.SetLevel(log.DebugLevel) 79 | } 80 | log.Debug("Debug enabled!") 81 | return nil 82 | } 83 | 84 | func createToken(_ *cli.Context) error { 85 | log.Info("Not yet implemented") 86 | return nil 87 | } 88 | 89 | func startService(_ *cli.Context) error { 90 | return service.Serve(appConfig.Listen, appConfig.Namespace, appConfig.Kubeconfig) 91 | } 92 | -------------------------------------------------------------------------------- /.github/workflows/renovate-vault.yml: -------------------------------------------------------------------------------- 1 | name: Renovate 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | logLevel: 6 | description: "Override default log level" 7 | required: false 8 | default: info 9 | type: choice 10 | options: 11 | - info 12 | - debug 13 | overrideSchedule: 14 | description: "Override all schedules" 15 | required: false 16 | default: "false" 17 | type: choice 18 | options: 19 | - "false" 20 | - "true" 21 | configMigration: 22 | description: "Toggle PRs for config migration" 23 | required: false 24 | default: "true" 25 | type: choice 26 | options: 27 | - "false" 28 | - "true" 29 | renovateConfig: 30 | description: "Define a custom renovate config file" 31 | required: false 32 | default: ".github/renovate.json" 33 | type: string 34 | minimumReleaseAge: 35 | description: "Override minimumReleaseAge for a one-time run (e.g., '0 days' to disable delay)" 36 | required: false 37 | default: "null" 38 | type: string 39 | extendsPreset: 40 | description: "Override renovate extends preset (default: 'github>rancher/renovate-config#release')." 41 | required: false 42 | default: "github>rancher/renovate-config#release" 43 | type: string 44 | 45 | schedule: 46 | - cron: '30 4,6 * * 1-5' 47 | 48 | permissions: 49 | contents: read 50 | id-token: write 51 | 52 | jobs: 53 | call-workflow: 54 | uses: rancher/renovate-config/.github/workflows/renovate-vault.yml@release 55 | with: 56 | configMigration: ${{ inputs.configMigration || 'true' }} 57 | logLevel: ${{ inputs.logLevel || 'info' }} 58 | overrideSchedule: ${{ github.event.inputs.overrideSchedule == 'true' && '{''schedule'':null}' || '' }} 59 | renovateConfig: ${{ inputs.renovateConfig || '.github/renovate.json' }} 60 | minimumReleaseAge: ${{ inputs.minimumReleaseAge || 'null' }} 61 | extendsPreset: ${{ inputs.extendsPreset || 'github>rancher/renovate-config#release' }} 62 | secrets: 63 | override-token: "${{ secrets.RENOVATE_FORK_GH_TOKEN || '' }}" 64 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI Build and Check 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | pull_request: 8 | 9 | env: 10 | GOLANG_CI_LINT_VERSION: v2.7.1 11 | IMAGE: rancher/kube-api-auth 12 | 13 | permissions: 14 | contents: read 15 | security-events: write # upload Trivy Sarif results 16 | 17 | jobs: 18 | linter: 19 | runs-on: ubuntu-latest 20 | steps: 21 | - name: Get Sources 22 | uses: actions/checkout@v3 23 | 24 | - name: Set up Go 25 | uses: actions/setup-go@v5 26 | with: 27 | go-version-file: 'go.mod' 28 | cache: false 29 | 30 | - name: Install golangci-lint 31 | uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 32 | with: 33 | version: ${{ env.GOLANG_CI_LINT_VERSION }} 34 | install-only: true 35 | 36 | - name: Validate the sources 37 | run: | 38 | ./scripts/validate 39 | 40 | - name: Test 41 | run: ./scripts/test 42 | 43 | build: 44 | runs-on: ubuntu-latest 45 | needs: 46 | - linter 47 | strategy: 48 | fail-fast: false 49 | matrix: 50 | os: 51 | - linux 52 | arch: 53 | - amd64 54 | - arm64 55 | steps: 56 | - name: Prepare Matrix Instance 57 | run: | 58 | echo "GOOS=${{ matrix.os }}" 59 | echo "GOOS=${{ matrix.os }}" >> $GITHUB_ENV 60 | echo "GOARCH=${{ matrix.arch }}" 61 | echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV 62 | echo "ARCH=${{ matrix.arch }}" 63 | echo "ARCH=${{ matrix.arch }}" >> $GITHUB_ENV 64 | 65 | - name: Get Sources 66 | uses: actions/checkout@v3 67 | 68 | - name: Determine Tag 69 | id: get-TAG 70 | run: | 71 | export TAG=$(git describe --always) 72 | echo "TAG=$TAG" 73 | echo "TAG=$TAG" >> "$GITHUB_ENV" 74 | 75 | - name: Set up Go 76 | uses: actions/setup-go@v5 77 | with: 78 | go-version-file: 'go.mod' 79 | cache: false 80 | 81 | - name: Build 82 | run: | 83 | ./scripts/build 84 | echo Stage binary for packaging step 85 | cp -rv ./bin/* ./package/ 86 | 87 | - name: Package up into container image 88 | uses: docker/build-push-action@v5 89 | with: 90 | context: package 91 | push: false 92 | tags: ${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }} 93 | file: package/Dockerfile 94 | 95 | - name: Scan for security vulnerabilities using Trivy 96 | uses: aquasecurity/trivy-action@0.18.0 97 | with: 98 | image-ref: ${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }} 99 | ignore-unfixed: true 100 | vuln-type: 'os,library' 101 | severity: 'CRITICAL,HIGH' 102 | format: 'sarif' 103 | output: 'trivy-results.sarif' 104 | 105 | - name: Upload Trivy scan results to GitHub Security tab 106 | uses: github/codeql-action/upload-sarif@v3 107 | if: always() 108 | with: 109 | sarif_file: 'trivy-results.sarif' 110 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: CI Build And Publish Release 2 | 3 | on: 4 | release: 5 | types: 6 | - published 7 | 8 | permissions: 9 | contents: read 10 | 11 | env: 12 | IMAGE: rancher/kube-api-auth 13 | 14 | jobs: 15 | push: 16 | permissions: 17 | contents: read 18 | id-token: write # this is important, it's how we authenticate with Vault 19 | runs-on: ubuntu-latest 20 | strategy: 21 | fail-fast: false 22 | matrix: 23 | os: 24 | - linux 25 | arch: 26 | - amd64 27 | - arm64 28 | steps: 29 | - name: Prepare Matrix Instance 30 | run: | 31 | echo "PLATFORM_PAIR=${{ matrix.os }}-${{ matrix.arch }}" 32 | echo "PLATFORM_PAIR=${{ matrix.os }}-${{ matrix.arch }}" >> $GITHUB_ENV 33 | echo "GOOS=${{ matrix.os }}" 34 | echo "GOOS=${{ matrix.os }}" >> $GITHUB_ENV 35 | echo "GOARCH=${{ matrix.arch }}" 36 | echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV 37 | echo "ARCH=${{ matrix.arch }}" 38 | echo "ARCH=${{ matrix.arch }}" >> $GITHUB_ENV 39 | 40 | - name: Retrieve Docker Hub Credentials From Vault 41 | uses: rancher-eio/read-vault-secrets@main 42 | with: 43 | secrets: | 44 | secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKERHUB_USERNAME ; 45 | secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKERHUB_PASSWORD 46 | 47 | - name: Login to Docker Hub 48 | uses: docker/login-action@v3 49 | with: 50 | username: ${{ env.DOCKERHUB_USERNAME }} 51 | password: ${{ env.DOCKERHUB_PASSWORD }} 52 | 53 | - name: Get Sources 54 | uses: actions/checkout@v4 55 | 56 | - name: Docker Meta Data Setup 57 | id: meta 58 | uses: docker/metadata-action@v5 59 | with: 60 | images: ${{ env.IMAGE }} 61 | 62 | - name: Set up QEMU 63 | uses: docker/setup-qemu-action@v3 64 | 65 | - name: Set up Docker Buildx 66 | uses: docker/setup-buildx-action@v3 67 | 68 | - name: Set up Go 69 | uses: actions/setup-go@v5 70 | with: 71 | go-version-file: 'go.mod' 72 | cache: false 73 | 74 | - name: Build and stage 75 | run: | 76 | ./scripts/build 77 | # Stage binary for packaging step 78 | cp -r ./bin/* ./package/ 79 | 80 | - name: Build image and push by digest 81 | id: build 82 | uses: docker/build-push-action@v5 83 | with: 84 | context: package 85 | file: package/Dockerfile 86 | platforms: ${{ matrix.os }}/${{ matrix.arch }} 87 | labels: ${{ steps.meta.outputs.labels }} 88 | outputs: type=image,name=${{ env.IMAGE }},push-by-digest=true,name-canonical=true,push=true 89 | 90 | - name: Export digest 91 | run: | 92 | mkdir -p /tmp/digests 93 | digest="${{ steps.build.outputs.digest }}" 94 | touch "/tmp/digests/${digest#sha256:}" 95 | 96 | - name: Upload digest 97 | uses: actions/upload-artifact@v4 98 | with: 99 | name: digests-${{ env.PLATFORM_PAIR }} 100 | path: /tmp/digests/* 101 | if-no-files-found: error 102 | retention-days: 1 103 | 104 | merge: 105 | permissions: 106 | contents: read 107 | id-token: write # this is important, it's how we authenticate with Vault 108 | runs-on: ubuntu-latest 109 | needs: 110 | - push 111 | steps: 112 | - name: Retrieve Docker Hub Credentials From Vault 113 | uses: rancher-eio/read-vault-secrets@main 114 | with: 115 | secrets: | 116 | secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKERHUB_USERNAME ; 117 | secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKERHUB_PASSWORD 118 | 119 | - name: Login to Docker Hub 120 | uses: docker/login-action@v3 121 | with: 122 | username: ${{ env.DOCKERHUB_USERNAME }} 123 | password: ${{ env.DOCKERHUB_PASSWORD }} 124 | 125 | - name: Download digests 126 | uses: actions/download-artifact@v4 127 | with: 128 | path: /tmp/digests 129 | pattern: digests-* 130 | merge-multiple: true 131 | 132 | - name: Set up Docker Buildx 133 | uses: docker/setup-buildx-action@v3 134 | 135 | - name: Docker meta 136 | id: meta 137 | uses: docker/metadata-action@v5 138 | with: 139 | images: ${{ env.IMAGE }} 140 | 141 | - name: Create manifest list and push 142 | working-directory: /tmp/digests 143 | run: | 144 | docker buildx imagetools create \ 145 | $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ 146 | $(printf '${{ env.IMAGE }}@sha256:%s ' *) 147 | 148 | - name: Inspect image 149 | run: | 150 | docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }} 151 | -------------------------------------------------------------------------------- /pkg/service/handlers/v1-kube-api-authn.go: -------------------------------------------------------------------------------- 1 | package handlers 2 | 3 | import ( 4 | "encoding/json" 5 | "errors" 6 | "fmt" 7 | "io" 8 | "net/http" 9 | "strconv" 10 | "strings" 11 | "time" 12 | 13 | kubeapiauth "github.com/rancher/kube-api-auth/pkg" 14 | "github.com/rancher/kube-api-auth/pkg/api/v1/types" 15 | clusterv3 "github.com/rancher/rancher/pkg/apis/cluster.cattle.io/v3" 16 | "github.com/rancher/rancher/pkg/controllers/managementuser/clusterauthtoken/common" 17 | log "github.com/sirupsen/logrus" 18 | apierrors "k8s.io/apimachinery/pkg/api/errors" 19 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 20 | "k8s.io/client-go/util/retry" 21 | ) 22 | 23 | func (h *KubeAPIHandlers) V1AuthenticateHandler() http.HandlerFunc { 24 | return h.v1Authenticate 25 | } 26 | 27 | func (h *KubeAPIHandlers) v1Authenticate(w http.ResponseWriter, r *http.Request) { 28 | response := types.V1AuthnResponse{ 29 | APIVersion: kubeapiauth.DefaultK8sAPIVersion, 30 | Kind: kubeapiauth.DefaultAuthnKind, 31 | Status: types.V1AuthnResponseStatus{ 32 | Authenticated: false, 33 | }, 34 | } 35 | 36 | accessKey, secretKey, err := v1parseBody(r) 37 | if err != nil { 38 | ReturnHTTPError(w, r, http.StatusBadRequest, fmt.Sprintf("%v", err)) 39 | return 40 | } 41 | 42 | log.Debugf("Processing v1Authenticate request for %s", accessKey) 43 | 44 | user, err := h.v1getAndVerifyUser(accessKey, secretKey) 45 | if err != nil { 46 | ReturnHTTPError(w, r, http.StatusUnauthorized, fmt.Sprintf("%v", err)) 47 | return 48 | } 49 | 50 | response.Status.Authenticated = true 51 | response.Status.User = user 52 | 53 | responseJSON, err := json.Marshal(response) 54 | if err != nil { 55 | ReturnHTTPError(w, r, http.StatusServiceUnavailable, fmt.Sprintf("%v", err)) 56 | return 57 | } 58 | if _, err := w.Write(responseJSON); err != nil { 59 | ReturnHTTPError(w, r, http.StatusServiceUnavailable, fmt.Sprintf("%v", err)) 60 | return 61 | } 62 | } 63 | 64 | func v1parseBody(r *http.Request) (string, string, error) { 65 | bytes, err := io.ReadAll(r.Body) 66 | if err != nil { 67 | return "", "", err 68 | } 69 | 70 | authnReq, err := v1getBodyAuthnRequest(bytes) 71 | if err != nil { 72 | return "", "", err 73 | } 74 | 75 | tokenParts := strings.SplitN(authnReq.Spec.Token, ":", 2) 76 | if len(tokenParts) != 2 { 77 | return "", "", fmt.Errorf("found %d parts of token", len(tokenParts)) 78 | } 79 | 80 | accessKey := tokenParts[0] 81 | secretKey := tokenParts[1] 82 | 83 | return accessKey, secretKey, nil 84 | } 85 | 86 | func v1getBodyAuthnRequest(bytes []byte) (*types.V1AuthnRequest, error) { 87 | authnReq := new(types.V1AuthnRequest) 88 | if err := json.Unmarshal(bytes, authnReq); err != nil { 89 | return nil, err 90 | } 91 | 92 | if authnReq.Kind != kubeapiauth.DefaultAuthnKind { 93 | return nil, errors.New("authentication request kind is not TokenReview") 94 | } 95 | 96 | if authnReq.Spec.Token == "" { 97 | return nil, errors.New("authentication request is missing Token") 98 | } 99 | 100 | return authnReq, nil 101 | } 102 | 103 | func (h *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*types.V1AuthnResponseUser, error) { 104 | 105 | var clusterUserAttribute *clusterv3.ClusterUserAttribute 106 | var clusterAuthToken *clusterv3.ClusterAuthToken 107 | 108 | err := retry.RetryOnConflict(retry.DefaultRetry, func() error { 109 | clusterAuthTokenLocal, err := h.clusterAuthTokensLister.Get(h.namespace, accessKey) 110 | if err != nil { 111 | return err 112 | } 113 | clusterAuthToken = clusterAuthTokenLocal 114 | if !clusterAuthTokenLocal.Enabled { 115 | return fmt.Errorf("token is not enabled") 116 | } 117 | 118 | clusterUserAttributeLocal, err := h.clusterUserAttributeLister.Get(h.namespace, clusterAuthTokenLocal.UserName) 119 | if err != nil { 120 | return err 121 | } 122 | 123 | clusterUserAttribute = clusterUserAttributeLocal 124 | if !clusterUserAttributeLocal.Enabled { 125 | return fmt.Errorf("user is not enabled") 126 | } 127 | 128 | // An is-not-found error is ok. Likely a not-yet-migrated cluster auth token. 129 | // Everything else is reported. 130 | clusterAuthTokenSecret, err := h.secretLister.Get(h.namespace, common.ClusterAuthTokenSecretName(accessKey)) 131 | if err != nil && !apierrors.IsNotFound(err) { 132 | return err 133 | } 134 | 135 | err, migrate := common.VerifyClusterAuthToken(secretKey, clusterAuthTokenLocal, clusterAuthTokenSecret) 136 | if err != nil { 137 | return err 138 | } 139 | 140 | // Migrate an un-migrated cluster auth token. This is done by creating 141 | // or writing over the secret to store the hash, and then removing the 142 | // hash from the cluster auth token. The token controller performs the 143 | // same actions. 144 | if migrate { 145 | // go linting notes: this section of code intentionally reads/writes a deprecated resource field 146 | clusterAuthTokenSecret := common.NewClusterAuthTokenSecretForName(h.namespace, clusterAuthTokenLocal.Name, clusterAuthTokenLocal.SecretKeyHash) // nolint:staticcheck 147 | 148 | // Create missing secret, or ... 149 | clusterAuthTokenSecret, err = h.secrets.Create(clusterAuthTokenSecret) 150 | if err != nil && apierrors.IsAlreadyExists(err) { 151 | // ... Overwrite an existing secret. 152 | _, err = h.secrets.Update(clusterAuthTokenSecret) 153 | log.Errorf("error migrating clusterAuthToken's secret %s: %s", clusterAuthTokenLocal.Name, err) 154 | } 155 | // Update shadow token to complete the migration 156 | if err == nil { 157 | clusterAuthTokenLocal.SecretKeyHash = "" // nolint:staticcheck 158 | _, err = h.clusterAuthTokens.Update(clusterAuthTokenLocal) 159 | log.Errorf("error migrating clusterAuthToken %s: %s", clusterAuthTokenLocal.Name, err) 160 | } 161 | 162 | return err 163 | } 164 | 165 | return nil 166 | }) 167 | 168 | // Note: non-conflict migration errors leave a state behind where the 169 | // migration can be attempted again, either by the next auth request, or 170 | // the upstream token controller. 171 | if err != nil { 172 | return nil, err 173 | } 174 | 175 | now := time.Now() 176 | refreshPeriod := h.getRefreshPeriod() 177 | if refreshPeriod >= 0 && clusterUserAttribute.LastRefresh != "" && !clusterUserAttribute.NeedsRefresh { 178 | refresh, err := time.Parse(time.RFC3339, clusterUserAttribute.LastRefresh) 179 | if err != nil { 180 | return nil, fmt.Errorf("error parsing lastRefresh: %w", err) 181 | } 182 | 183 | if refresh.Add(refreshPeriod).Before(now) { 184 | clusterUserAttribute.NeedsRefresh = true 185 | if _, err := h.clusterUserAttribute.Update(clusterUserAttribute); err != nil { 186 | return nil, fmt.Errorf("error updating clusterUserAttribute %s: %w", clusterUserAttribute.Name, err) 187 | } 188 | } 189 | } 190 | 191 | func() { // Using an anonymous function with an early return here to simplify the logic. 192 | precision := time.Second 193 | now = now.Truncate(precision) 194 | 195 | if clusterAuthToken.LastUsedAt != nil { 196 | if now.Equal(clusterAuthToken.LastUsedAt.Truncate(precision)) { 197 | // Throttle subsecond updates. 198 | return 199 | } 200 | } 201 | 202 | lastUsedAt := metav1.NewTime(now) 203 | clusterAuthToken.LastUsedAt = &lastUsedAt 204 | 205 | if _, err = h.clusterAuthTokens.Update(clusterAuthToken); err != nil { 206 | // Best-effort update. Don't retry or fail the request. 207 | log.Errorf("error updating clusterAuthToken %s: %s", clusterAuthToken.Name, err) 208 | } 209 | }() 210 | 211 | return &types.V1AuthnResponseUser{ 212 | UserName: clusterAuthToken.UserName, 213 | Groups: clusterUserAttribute.Groups, 214 | }, nil 215 | } 216 | 217 | func (h *KubeAPIHandlers) getRefreshPeriod() time.Duration { 218 | const noDefault = time.Duration(-1) 219 | 220 | configMap, err := h.configMapLister.Get(h.namespace, common.AuthProviderRefreshDebounceSettingName) 221 | if err != nil || configMap.Data == nil { 222 | return noDefault 223 | } 224 | 225 | refreshStr := configMap.Data["value"] 226 | if refreshStr == "" { 227 | return noDefault 228 | } 229 | 230 | refreshSeconds, err := strconv.ParseInt(refreshStr, 10, 64) 231 | if err != nil { 232 | return noDefault 233 | } 234 | 235 | return time.Duration(refreshSeconds) * time.Second 236 | } 237 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/rancher/kube-api-auth 2 | 3 | go 1.24.0 4 | 5 | toolchain go1.24.9 6 | 7 | replace ( 8 | github.com/docker/distribution => github.com/docker/distribution v2.8.2+incompatible 9 | github.com/rancher/rancher => github.com/rancher/rancher v0.0.0-20251023101703-73e6898b0472 10 | github.com/rancher/rancher/pkg/apis => github.com/rancher/rancher/pkg/apis v0.0.0-20251023101703-73e6898b0472 11 | github.com/rancher/rancher/pkg/client => github.com/rancher/rancher/pkg/client v0.0.0-20251023101703-73e6898b0472 12 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 13 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 14 | go.opentelemetry.io/otel => go.opentelemetry.io/otel v1.38.0 15 | go.opentelemetry.io/otel/metric => go.opentelemetry.io/otel/metric v1.38.0 16 | go.opentelemetry.io/otel/sdk => go.opentelemetry.io/otel/sdk v1.38.0 17 | go.opentelemetry.io/otel/trace => go.opentelemetry.io/otel/trace v1.38.0 18 | go.opentelemetry.io/proto/otlp => go.opentelemetry.io/proto/otlp v1.8.0 19 | helm.sh/helm/v3 => github.com/rancher/helm/v3 v3.19.0-rancher1 20 | 21 | k8s.io/api => k8s.io/api v0.34.1 22 | k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.34.1 23 | k8s.io/apimachinery => k8s.io/apimachinery v0.34.1 24 | k8s.io/apiserver => k8s.io/apiserver v0.34.1 25 | k8s.io/cli-runtime => k8s.io/cli-runtime v0.34.1 26 | k8s.io/client-go => k8s.io/client-go v0.34.1 27 | k8s.io/cloud-provider => k8s.io/cloud-provider v0.34.1 28 | k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.34.1 29 | k8s.io/code-generator => k8s.io/code-generator v0.34.1 30 | k8s.io/component-base => k8s.io/component-base v0.34.1 31 | k8s.io/component-helpers => k8s.io/component-helpers v0.34.1 32 | k8s.io/controller-manager => k8s.io/controller-manager v0.34.1 33 | k8s.io/cri-api => k8s.io/cri-api v0.34.1 34 | k8s.io/cri-client => k8s.io/cri-client v0.34.1 35 | k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.34.1 36 | k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.34.1 37 | k8s.io/endpointslice => k8s.io/endpointslice v0.34.1 38 | k8s.io/externaljwt => k8s.io/externaljwt v0.34.1 39 | k8s.io/kms => k8s.io/kms v0.34.1 40 | k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.34.1 41 | k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.34.1 42 | k8s.io/kube-proxy => k8s.io/kube-proxy v0.34.1 43 | k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.34.1 44 | k8s.io/kubectl => k8s.io/kubectl v0.34.1 45 | k8s.io/kubelet => k8s.io/kubelet v0.34.1 46 | k8s.io/kubernetes => k8s.io/kubernetes v1.34.1 47 | k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.34.1 48 | k8s.io/metrics => k8s.io/metrics v0.34.1 49 | k8s.io/mount-utils => k8s.io/mount-utils v0.34.1 50 | k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.34.1 51 | k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.34.1 52 | ) 53 | 54 | require ( 55 | github.com/gorilla/mux v1.8.1 56 | github.com/rancher/norman v0.7.1 57 | github.com/rancher/rancher v0.0.0-00010101000000-000000000000 58 | github.com/rancher/rancher/pkg/apis v0.0.0 59 | github.com/sirupsen/logrus v1.9.3 60 | github.com/urfave/cli v1.22.16 61 | k8s.io/apimachinery v0.34.1 62 | k8s.io/client-go v12.0.0+incompatible 63 | ) 64 | 65 | require ( 66 | dario.cat/mergo v1.0.1 // indirect 67 | github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect 68 | github.com/BurntSushi/toml v1.5.0 // indirect 69 | github.com/MakeNowJust/heredoc v1.0.0 // indirect 70 | github.com/Masterminds/goutils v1.1.1 // indirect 71 | github.com/Masterminds/semver v1.5.0 // indirect 72 | github.com/Masterminds/semver/v3 v3.4.0 // indirect 73 | github.com/Masterminds/sprig/v3 v3.3.0 // indirect 74 | github.com/Masterminds/squirrel v1.5.4 // indirect 75 | github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect 76 | github.com/beorn7/perks v1.0.1 // indirect 77 | github.com/blang/semver/v4 v4.0.0 // indirect 78 | github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect 79 | github.com/cespare/xxhash/v2 v2.3.0 // indirect 80 | github.com/chai2010/gettext-go v1.0.2 // indirect 81 | github.com/containerd/containerd v1.7.28 // indirect 82 | github.com/containerd/errdefs v1.0.0 // indirect 83 | github.com/containerd/log v0.1.0 // indirect 84 | github.com/containerd/platforms v0.2.1 // indirect 85 | github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect 86 | github.com/cyphar/filepath-securejoin v0.4.1 // indirect 87 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect 88 | github.com/distribution/reference v0.6.0 // indirect 89 | github.com/emicklei/go-restful/v3 v3.12.2 // indirect 90 | github.com/evanphx/json-patch v5.9.11+incompatible // indirect 91 | github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect 92 | github.com/fatih/color v1.18.0 // indirect 93 | github.com/fxamacker/cbor/v2 v2.9.0 // indirect 94 | github.com/ghodss/yaml v1.0.0 // indirect 95 | github.com/go-errors/errors v1.4.2 // indirect 96 | github.com/go-gorp/gorp/v3 v3.1.0 // indirect 97 | github.com/go-logr/logr v1.4.3 // indirect 98 | github.com/go-openapi/jsonpointer v0.21.0 // indirect 99 | github.com/go-openapi/jsonreference v0.21.0 // indirect 100 | github.com/go-openapi/swag v0.23.0 // indirect 101 | github.com/gobwas/glob v0.2.3 // indirect 102 | github.com/gogo/protobuf v1.3.2 // indirect 103 | github.com/golang/protobuf v1.5.4 // indirect 104 | github.com/google/btree v1.1.3 // indirect 105 | github.com/google/gnostic-models v0.7.0 // indirect 106 | github.com/google/go-cmp v0.7.0 // indirect 107 | github.com/google/uuid v1.6.0 // indirect 108 | github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect 109 | github.com/gosuri/uitable v0.0.4 // indirect 110 | github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect 111 | github.com/hashicorp/errwrap v1.1.0 // indirect 112 | github.com/hashicorp/go-multierror v1.1.1 // indirect 113 | github.com/hashicorp/go-version v1.6.0 // indirect 114 | github.com/huandu/xstrings v1.5.0 // indirect 115 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 116 | github.com/jmoiron/sqlx v1.4.0 // indirect 117 | github.com/josharian/intern v1.0.0 // indirect 118 | github.com/json-iterator/go v1.1.12 // indirect 119 | github.com/klauspost/compress v1.18.0 // indirect 120 | github.com/kubereboot/kured v1.13.1 // indirect 121 | github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect 122 | github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect 123 | github.com/lib/pq v1.10.9 // indirect 124 | github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect 125 | github.com/mailru/easyjson v0.7.7 // indirect 126 | github.com/matryer/moq v0.5.2 // indirect 127 | github.com/mattn/go-colorable v0.1.13 // indirect 128 | github.com/mattn/go-isatty v0.0.20 // indirect 129 | github.com/mattn/go-runewidth v0.0.15 // indirect 130 | github.com/mitchellh/copystructure v1.2.0 // indirect 131 | github.com/mitchellh/go-wordwrap v1.0.1 // indirect 132 | github.com/mitchellh/reflectwalk v1.0.2 // indirect 133 | github.com/moby/spdystream v0.5.0 // indirect 134 | github.com/moby/term v0.5.2 // indirect 135 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 136 | github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect 137 | github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect 138 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 139 | github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect 140 | github.com/opencontainers/go-digest v1.0.0 // indirect 141 | github.com/opencontainers/image-spec v1.1.1 // indirect 142 | github.com/peterbourgon/diskv v2.0.1+incompatible // indirect 143 | github.com/pkg/errors v0.9.1 // indirect 144 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect 145 | github.com/prometheus/client_golang v1.23.2 // indirect 146 | github.com/prometheus/client_model v0.6.2 // indirect 147 | github.com/prometheus/common v0.66.1 // indirect 148 | github.com/prometheus/procfs v0.17.0 // indirect 149 | github.com/rancher/aks-operator v1.13.0-rc.1 // indirect 150 | github.com/rancher/ali-operator v0.0.5 // indirect 151 | github.com/rancher/apiserver v0.7.6 // indirect 152 | github.com/rancher/eks-operator v1.13.0-rc.1 // indirect 153 | github.com/rancher/fleet/pkg/apis v0.14.0-beta.1 // indirect 154 | github.com/rancher/gke-operator v1.13.0-rc.1 // indirect 155 | github.com/rancher/lasso v0.2.5 // indirect 156 | github.com/rancher/remotedialer v0.6.0-rc.1 // indirect 157 | github.com/rancher/rke v1.8.1 // indirect 158 | github.com/rancher/steve v0.7.23 // indirect 159 | github.com/rancher/system-upgrade-controller/pkg/apis v0.0.0-20250930163923-f2c9e60b1078 // indirect 160 | github.com/rancher/wrangler/v3 v3.3.1 // indirect 161 | github.com/rivo/uniseg v0.4.4 // indirect 162 | github.com/rubenv/sql-migrate v1.8.0 // indirect 163 | github.com/russross/blackfriday/v2 v2.1.0 // indirect 164 | github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect 165 | github.com/shopspring/decimal v1.4.0 // indirect 166 | github.com/spf13/cast v1.7.1 // indirect 167 | github.com/spf13/cobra v1.10.1 // indirect 168 | github.com/spf13/pflag v1.0.9 // indirect 169 | github.com/x448/float16 v0.8.4 // indirect 170 | github.com/xlab/treeprint v1.2.0 // indirect 171 | go.opentelemetry.io/otel v1.38.0 // indirect 172 | go.opentelemetry.io/otel/trace v1.38.0 // indirect 173 | go.yaml.in/yaml/v2 v2.4.2 // indirect 174 | go.yaml.in/yaml/v3 v3.0.4 // indirect 175 | golang.org/x/crypto v0.43.0 // indirect 176 | golang.org/x/mod v0.28.0 // indirect 177 | golang.org/x/net v0.46.0 // indirect 178 | golang.org/x/oauth2 v0.32.0 // indirect 179 | golang.org/x/sync v0.17.0 // indirect 180 | golang.org/x/sys v0.37.0 // indirect 181 | golang.org/x/term v0.36.0 // indirect 182 | golang.org/x/text v0.30.0 // indirect 183 | golang.org/x/time v0.13.0 // indirect 184 | golang.org/x/tools v0.37.0 // indirect 185 | google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 // indirect 186 | google.golang.org/grpc v1.75.1 // indirect 187 | google.golang.org/protobuf v1.36.10 // indirect 188 | gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect 189 | gopkg.in/inf.v0 v0.9.1 // indirect 190 | gopkg.in/yaml.v2 v2.4.0 // indirect 191 | gopkg.in/yaml.v3 v3.0.1 // indirect 192 | helm.sh/helm/v3 v3.19.0 // indirect 193 | k8s.io/api v0.34.1 // indirect 194 | k8s.io/apiextensions-apiserver v0.34.1 // indirect 195 | k8s.io/apiserver v0.34.1 // indirect 196 | k8s.io/cli-runtime v0.34.1 // indirect 197 | k8s.io/component-base v0.34.1 // indirect 198 | k8s.io/component-helpers v0.34.1 // indirect 199 | k8s.io/controller-manager v0.0.0 // indirect 200 | k8s.io/helm v2.17.0+incompatible // indirect 201 | k8s.io/klog/v2 v2.130.1 // indirect 202 | k8s.io/kube-aggregator v0.34.1 // indirect 203 | k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect 204 | k8s.io/kubectl v0.34.1 // indirect 205 | k8s.io/kubernetes v1.34.1 // indirect 206 | k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect 207 | oras.land/oras-go/v2 v2.6.0 // indirect 208 | sigs.k8s.io/cli-utils v0.37.2 // indirect 209 | sigs.k8s.io/cluster-api v1.10.6 // indirect 210 | sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect 211 | sigs.k8s.io/kustomize/api v0.20.1 // indirect 212 | sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect 213 | sigs.k8s.io/randfill v1.0.0 // indirect 214 | sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect 215 | sigs.k8s.io/yaml v1.6.0 // indirect 216 | ) 217 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= 2 | dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= 3 | filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= 4 | filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= 5 | github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= 6 | github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= 7 | github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= 8 | github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= 9 | github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= 10 | github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= 11 | github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= 12 | github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= 13 | github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= 14 | github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= 15 | github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= 16 | github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= 17 | github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= 18 | github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= 19 | github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= 20 | github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= 21 | github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= 22 | github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= 23 | github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= 24 | github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= 25 | github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= 26 | github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= 27 | github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= 28 | github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= 29 | github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= 30 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= 31 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= 32 | github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= 33 | github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= 34 | github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= 35 | github.com/bshuster-repo/logrus-logstash-hook v1.0.2 h1:JYRWo+QGnQdedgshosug9hxpPYTB9oJ1ZZD3fY31alU= 36 | github.com/bshuster-repo/logrus-logstash-hook v1.0.2/go.mod h1:HgYntJprnHSPaF9VPPPLP1L5S1vMWxRfa1J+vzDrDTw= 37 | github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= 38 | github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= 39 | github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= 40 | github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 41 | github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= 42 | github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= 43 | github.com/containerd/containerd v1.7.28 h1:Nsgm1AtcmEh4AHAJ4gGlNSaKgXiNccU270Dnf81FQ3c= 44 | github.com/containerd/containerd v1.7.28/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs= 45 | github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= 46 | github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= 47 | github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= 48 | github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= 49 | github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= 50 | github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= 51 | github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= 52 | github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= 53 | github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= 54 | github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= 55 | github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= 56 | github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= 57 | github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= 58 | github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= 59 | github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= 60 | github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= 61 | github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= 62 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 63 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 64 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= 65 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 66 | github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= 67 | github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= 68 | github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN6UX90KJc4HjyM= 69 | github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU= 70 | github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= 71 | github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= 72 | github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= 73 | github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= 74 | github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= 75 | github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= 76 | github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= 77 | github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= 78 | github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= 79 | github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= 80 | github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= 81 | github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= 82 | github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= 83 | github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= 84 | github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= 85 | github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= 86 | github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= 87 | github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= 88 | github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= 89 | github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= 90 | github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= 91 | github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= 92 | github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= 93 | github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= 94 | github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= 95 | github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= 96 | github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= 97 | github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= 98 | github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= 99 | github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= 100 | github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= 101 | github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= 102 | github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= 103 | github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= 104 | github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= 105 | github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= 106 | github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= 107 | github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= 108 | github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= 109 | github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= 110 | github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= 111 | github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= 112 | github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= 113 | github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= 114 | github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= 115 | github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= 116 | github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= 117 | github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= 118 | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= 119 | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= 120 | github.com/golang/mock v1.7.0-rc.1 h1:YojYx61/OLFsiv6Rw1Z96LpldJIy31o+UHmwAUMJ6/U= 121 | github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs= 122 | github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= 123 | github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= 124 | github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= 125 | github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= 126 | github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= 127 | github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= 128 | github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= 129 | github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= 130 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 131 | github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= 132 | github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= 133 | github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 134 | github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 135 | github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= 136 | github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= 137 | github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= 138 | github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= 139 | github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= 140 | github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= 141 | github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= 142 | github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= 143 | github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= 144 | github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= 145 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU= 146 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs= 147 | github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= 148 | github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= 149 | github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= 150 | github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= 151 | github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= 152 | github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= 153 | github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= 154 | github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= 155 | github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= 156 | github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= 157 | github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4= 158 | github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= 159 | github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= 160 | github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= 161 | github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= 162 | github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= 163 | github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= 164 | github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= 165 | github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= 166 | github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= 167 | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= 168 | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= 169 | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= 170 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 171 | github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= 172 | github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= 173 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= 174 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= 175 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 176 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 177 | github.com/kubereboot/kured v1.13.1 h1:mEOtzWRaLNt4ekzHMsuTH1/+6iAuQ3qKg4c7FJc8AXE= 178 | github.com/kubereboot/kured v1.13.1/go.mod h1:clIzvBID0k5PqWwm0K7NbovdRcaD45oEBMg9Qyah1uQ= 179 | github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= 180 | github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= 181 | github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= 182 | github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= 183 | github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= 184 | github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= 185 | github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= 186 | github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= 187 | github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= 188 | github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= 189 | github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= 190 | github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= 191 | github.com/matryer/moq v0.5.2 h1:b2bsanSaO6IdraaIvPBzHnqcrkkQmk1/310HdT2nNQs= 192 | github.com/matryer/moq v0.5.2/go.mod h1:W/k5PLfou4f+bzke9VPXTbfJljxoeR1tLHigsmbshmU= 193 | github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= 194 | github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= 195 | github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= 196 | github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= 197 | github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= 198 | github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= 199 | github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= 200 | github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= 201 | github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= 202 | github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= 203 | github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= 204 | github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= 205 | github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= 206 | github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= 207 | github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= 208 | github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= 209 | github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= 210 | github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= 211 | github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= 212 | github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= 213 | github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= 214 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 215 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 216 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 217 | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= 218 | github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= 219 | github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= 220 | github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= 221 | github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= 222 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= 223 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 224 | github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= 225 | github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= 226 | github.com/onsi/ginkgo/v2 v2.26.0 h1:1J4Wut1IlYZNEAWIV3ALrT9NfiaGW2cDCJQSFQMs/gE= 227 | github.com/onsi/ginkgo/v2 v2.26.0/go.mod h1:qhEywmzWTBUY88kfO0BRvX4py7scov9yR+Az2oavUzw= 228 | github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= 229 | github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= 230 | github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= 231 | github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= 232 | github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= 233 | github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= 234 | github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= 235 | github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= 236 | github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= 237 | github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= 238 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 239 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 240 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 241 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= 242 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 243 | github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= 244 | github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= 245 | github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= 246 | github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= 247 | github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= 248 | github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= 249 | github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs= 250 | github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA= 251 | github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0= 252 | github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw= 253 | github.com/rancher/aks-operator v1.13.0-rc.1 h1:Vy83SjeSm9q7kI18+nkSOR0hyeydDj398KGTo3XEuS4= 254 | github.com/rancher/aks-operator v1.13.0-rc.1/go.mod h1:xu0BJ01Ynzs4wLMDf2V5eaazEf1/kndX0AeqqsTFVfQ= 255 | github.com/rancher/ali-operator v0.0.5 h1:y/Zvf+q1jARqVkIp4iEy/KAs+6UoT7qqWS436kXK3f0= 256 | github.com/rancher/ali-operator v0.0.5/go.mod h1:6JeGpFPkMTdN9xWlGFvXhrTUEsaYlmC5yWiQckSfXUU= 257 | github.com/rancher/apiserver v0.7.6 h1:bLS+pxNfGv5Zq5exxMUZr9z5X8kXOOY27RGmVv2k2rM= 258 | github.com/rancher/apiserver v0.7.6/go.mod h1:Wb+Z8ktNyIuqt9hw30geFBQFJQucWTqgu6trxxMtcyM= 259 | github.com/rancher/eks-operator v1.13.0-rc.1 h1:IbimIq+TuC88RQ3KF1Ez882XFP2nDnihbeqVPXLvuLk= 260 | github.com/rancher/eks-operator v1.13.0-rc.1/go.mod h1:tj6ioCe9v5J1HM0ZXR3/K5InoEjOfjCvSHMuXMj2x4M= 261 | github.com/rancher/fleet/pkg/apis v0.14.0-beta.1 h1:UoWkP6tiVx6xbOU6lG0EQXf3caEyBAYd5c88FFBULSg= 262 | github.com/rancher/fleet/pkg/apis v0.14.0-beta.1/go.mod h1:oc+QHbx4P9guY34dr6UbzCOgt17Q9eSZhlyOs7xSinY= 263 | github.com/rancher/gke-operator v1.13.0-rc.1 h1:VViWerZyc9iMmWTxK5FapRmMnBp8cq3CgqjbM+bvyaQ= 264 | github.com/rancher/gke-operator v1.13.0-rc.1/go.mod h1:xW0iUqGMqUTPLzC4i+UKeydh9N9zYdM0BqC+7wiDfec= 265 | github.com/rancher/helm/v3 v3.19.0-rancher1 h1:5IUv6OTl6VYzKleIkriHzm6sB7L2gUfv6f6kodzLNaA= 266 | github.com/rancher/helm/v3 v3.19.0-rancher1/go.mod h1:Lk/SfzN0w3a3C3o+TdAKrLwJ0wcZ//t1/SDXAvfgDdc= 267 | github.com/rancher/lasso v0.2.5 h1:K++lWDDdfeN98Ixc1kCfUq0/q6tLjoHN++Np6QntXw0= 268 | github.com/rancher/lasso v0.2.5/go.mod h1:71rWfv+KkdSmSxZ9Ly5QYhxAu0nEUcaq9N2ByjcHqAM= 269 | github.com/rancher/norman v0.7.1 h1:OfmYfN4YeJ4qosXTAbOTPgCrb5GE8W6wFWnDxWcuKCo= 270 | github.com/rancher/norman v0.7.1/go.mod h1:vZ5qL+eKodJ7zOMQYdl6jwMrSFrqTKpA+KYSFEKew2M= 271 | github.com/rancher/rancher v0.0.0-20251023101703-73e6898b0472 h1:9y/mfX13alSmW3jh/u89dnMmv6GXEmhgwqCuC1cfagw= 272 | github.com/rancher/rancher v0.0.0-20251023101703-73e6898b0472/go.mod h1:jzUABuDzxEfOoepEMld0JiCypVY+GBAmRFjSSu/fd1g= 273 | github.com/rancher/rancher/pkg/apis v0.0.0-20251023101703-73e6898b0472 h1:8iE2Bd0x5OkVq8jQCB0DvTYNEaBvhtLE50O2E7S5Tqs= 274 | github.com/rancher/rancher/pkg/apis v0.0.0-20251023101703-73e6898b0472/go.mod h1:H+KsnFeYVNUyLBAl1kqyKTM8KjuV1TNWDrZ2HT9ou/4= 275 | github.com/rancher/remotedialer v0.6.0-rc.1 h1:HMwcJjjT4irqM+d++jPcpjoNfhPCaxoHIyPzdpghZhE= 276 | github.com/rancher/remotedialer v0.6.0-rc.1/go.mod h1:CW6Q8F8IESN05/yl48OSwhVi54nDwVQQriV16zAiGkg= 277 | github.com/rancher/rke v1.8.1 h1:rBxE/SPCcpz35Yz0lkKPQ/oSjvESJVhgMnRHoXEk254= 278 | github.com/rancher/rke v1.8.1/go.mod h1:x9N1abruzDFMwTpqq2cnaDYpKCptlNoW8VraNWB6Pc4= 279 | github.com/rancher/steve v0.7.23 h1:oWEV4ts19zJ/T9CSIp7tFheurXtfkgJq4hdv8l+QRsw= 280 | github.com/rancher/steve v0.7.23/go.mod h1:LZxfaAJedq6pQlWfpDcqXZJ6KMZcOJuxMvnWFNu03Vk= 281 | github.com/rancher/system-upgrade-controller/pkg/apis v0.0.0-20250930163923-f2c9e60b1078 h1:1MJSgYkgXhr/Zc5idJkKa10SiBQd0HVtbxVOBoghlzY= 282 | github.com/rancher/system-upgrade-controller/pkg/apis v0.0.0-20250930163923-f2c9e60b1078/go.mod h1:CV2Soy/Skw8/SA9dDJVgpeHxoEdtjYkNpNy6xvvC5kA= 283 | github.com/rancher/wrangler/v3 v3.3.1 h1:YFqRfhxjuLNudUrvWrn+64wUPZ8pnn2KWbTsha75JLg= 284 | github.com/rancher/wrangler/v3 v3.3.1/go.mod h1:0D4kZDaOUkP5W2Zfww/75tQwF9w7kaZgzpZG+4XQDAI= 285 | github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= 286 | github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U= 287 | github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= 288 | github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= 289 | github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM= 290 | github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= 291 | github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= 292 | github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= 293 | github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= 294 | github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= 295 | github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= 296 | github.com/rubenv/sql-migrate v1.8.0 h1:dXnYiJk9k3wetp7GfQbKJcPHjVJL6YK19tKj8t2Ns0o= 297 | github.com/rubenv/sql-migrate v1.8.0/go.mod h1:F2bGFBwCU+pnmbtNYDeKvSuvL6lBVtXDXUUv5t+u1qw= 298 | github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= 299 | github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 300 | github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= 301 | github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= 302 | github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= 303 | github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= 304 | github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= 305 | github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= 306 | github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= 307 | github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= 308 | github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= 309 | github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= 310 | github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= 311 | github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= 312 | github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= 313 | github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY= 314 | github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 315 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 316 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= 317 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= 318 | github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= 319 | github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= 320 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 321 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 322 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 323 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 324 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 325 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= 326 | github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= 327 | github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= 328 | github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= 329 | github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= 330 | github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= 331 | github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= 332 | github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= 333 | github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= 334 | github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= 335 | github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= 336 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 337 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 338 | go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= 339 | go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= 340 | go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w= 341 | go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk= 342 | go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4= 343 | go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g= 344 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= 345 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= 346 | go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= 347 | go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= 348 | go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls= 349 | go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs= 350 | go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8= 351 | go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0/go.mod h1:5KXybFvPGds3QinJWQT7pmXf+TN5YIa7CNYObWRkj50= 352 | go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0= 353 | go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8= 354 | go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU= 355 | go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8= 356 | go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60= 357 | go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM= 358 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 h1:tgJ0uaNS4c98WRNUEx5U3aDlrDOI5Rs+1Vifcw4DJ8U= 359 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0/go.mod h1:U7HYyW0zt/a9x5J1Kjs+r1f/d4ZHnYFclhYY2+YbeoE= 360 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw= 361 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI= 362 | go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU= 363 | go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU= 364 | go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 h1:CHXNXwfKWfzS65yrlB2PVds1IBZcdsX8Vepy9of0iRU= 365 | go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0/go.mod h1:zKU4zUgKiaRxrdovSS2amdM5gOc59slmo/zJwGX+YBg= 366 | go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8= 367 | go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk= 368 | go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 h1:cC2yDI3IQd0Udsux7Qmq8ToKAx1XCilTQECZ0KDZyTw= 369 | go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0/go.mod h1:2PD5Ex6z8CFzDbTdOlwyNIUywRr1DN0ospafJM1wJ+s= 370 | go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk= 371 | go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8= 372 | go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= 373 | go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= 374 | go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= 375 | go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= 376 | go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs= 377 | go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo= 378 | go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= 379 | go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= 380 | go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= 381 | go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= 382 | go.opentelemetry.io/proto/otlp v1.8.0 h1:fRAZQDcAFHySxpJ1TwlA1cJ4tvcrw7nXl9xWWC8N5CE= 383 | go.opentelemetry.io/proto/otlp v1.8.0/go.mod h1:tIeYOeNBU4cvmPqpaji1P+KbB4Oloai8wN4rWzRrFF0= 384 | go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= 385 | go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= 386 | go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= 387 | go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= 388 | go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= 389 | go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= 390 | go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= 391 | go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= 392 | go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= 393 | go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= 394 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 395 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 396 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 397 | golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= 398 | golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= 399 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 400 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 401 | golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= 402 | golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= 403 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 404 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 405 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 406 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 407 | golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= 408 | golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= 409 | golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= 410 | golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= 411 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 412 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 413 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 414 | golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= 415 | golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= 416 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 417 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 418 | golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 419 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 420 | golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 421 | golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 422 | golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 423 | golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 424 | golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= 425 | golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= 426 | golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= 427 | golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= 428 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 429 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 430 | golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= 431 | golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= 432 | golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI= 433 | golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= 434 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 435 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 436 | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 437 | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 438 | golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= 439 | golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= 440 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 441 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 442 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 443 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 444 | google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg= 445 | google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY= 446 | google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE= 447 | google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 h1:CirRxTOwnRWVLKzDNrs0CXAaVozJoR4G9xvdRecrdpk= 448 | google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= 449 | google.golang.org/grpc v1.75.1 h1:/ODCNEuf9VghjgO3rqLcfg8fiOP0nSluljWFlDxELLI= 450 | google.golang.org/grpc v1.75.1/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= 451 | google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= 452 | google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= 453 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 454 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= 455 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= 456 | gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= 457 | gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= 458 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 459 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 460 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= 461 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 462 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 463 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 464 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 465 | k8s.io/api v0.34.1 h1:jC+153630BMdlFukegoEL8E/yT7aLyQkIVuwhmwDgJM= 466 | k8s.io/api v0.34.1/go.mod h1:SB80FxFtXn5/gwzCoN6QCtPD7Vbu5w2n1S0J5gFfTYk= 467 | k8s.io/apiextensions-apiserver v0.34.1 h1:NNPBva8FNAPt1iSVwIE0FsdrVriRXMsaWFMqJbII2CI= 468 | k8s.io/apiextensions-apiserver v0.34.1/go.mod h1:hP9Rld3zF5Ay2Of3BeEpLAToP+l4s5UlxiHfqRaRcMc= 469 | k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4= 470 | k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= 471 | k8s.io/apiserver v0.34.1 h1:U3JBGdgANK3dfFcyknWde1G6X1F4bg7PXuvlqt8lITA= 472 | k8s.io/apiserver v0.34.1/go.mod h1:eOOc9nrVqlBI1AFCvVzsob0OxtPZUCPiUJL45JOTBG0= 473 | k8s.io/cli-runtime v0.34.1 h1:btlgAgTrYd4sk8vJTRG6zVtqBKt9ZMDeQZo2PIzbL7M= 474 | k8s.io/cli-runtime v0.34.1/go.mod h1:aVA65c+f0MZiMUPbseU/M9l1Wo2byeaGwUuQEQVVveE= 475 | k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY= 476 | k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8= 477 | k8s.io/component-base v0.34.1 h1:v7xFgG+ONhytZNFpIz5/kecwD+sUhVE6HU7qQUiRM4A= 478 | k8s.io/component-base v0.34.1/go.mod h1:mknCpLlTSKHzAQJJnnHVKqjxR7gBeHRv0rPXA7gdtQ0= 479 | k8s.io/component-helpers v0.34.1 h1:gWhH3CCdwAx5P3oJqZKb4Lg5FYZTWVbdWtOI8n9U4XY= 480 | k8s.io/component-helpers v0.34.1/go.mod h1:4VgnUH7UA/shuBur+OWoQC0xfb69sy/93ss0ybZqm3c= 481 | k8s.io/controller-manager v0.34.1 h1:c9Cmun/zF740kmdRQWPGga+4MglT5SlrwsCXDS/KtJI= 482 | k8s.io/controller-manager v0.34.1/go.mod h1:fGiJDhi3OSzSAB4f40ZkJLAqMQSag9RM+7m5BRhBO3Q= 483 | k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= 484 | k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= 485 | k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= 486 | k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= 487 | k8s.io/kube-aggregator v0.34.1 h1:WNLV0dVNoFKmuyvdWLd92iDSyD/TSTjqwaPj0U9XAEU= 488 | k8s.io/kube-aggregator v0.34.1/go.mod h1:RU8j+5ERfp0h+gIvWtxRPfsa5nK7rboDm8RST8BJfYQ= 489 | k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= 490 | k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= 491 | k8s.io/kubectl v0.34.1 h1:1qP1oqT5Xc93K+H8J7ecpBjaz511gan89KO9Vbsh/OI= 492 | k8s.io/kubectl v0.34.1/go.mod h1:JRYlhJpGPyk3dEmJ+BuBiOB9/dAvnrALJEiY/C5qa6A= 493 | k8s.io/kubernetes v1.34.1 h1:F3p8dtpv+i8zQoebZeK5zBqM1g9x1aIdnA5vthvcuUk= 494 | k8s.io/kubernetes v1.34.1/go.mod h1:iu+FhII+Oc/1gGWLJcer6wpyih441aNFHl7Pvm8yPto= 495 | k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= 496 | k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= 497 | oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= 498 | oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= 499 | sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg= 500 | sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco= 501 | sigs.k8s.io/cluster-api v1.10.6 h1:0bnLTpT47R8KIvGZ3tTGek0DwMIc8fZi6IxA3Mlqq4g= 502 | sigs.k8s.io/cluster-api v1.10.6/go.mod h1:vymugs3Jm3gxHVMuVqdzgp6BVy/SEqQVyUg/UM7bnT4= 503 | sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= 504 | sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= 505 | sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= 506 | sigs.k8s.io/kustomize/api v0.20.1/go.mod h1:t6hUFxO+Ph0VxIk1sKp1WS0dOjbPCtLJ4p8aADLwqjM= 507 | sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A78= 508 | sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= 509 | sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= 510 | sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= 511 | sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= 512 | sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= 513 | sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= 514 | sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= 515 | --------------------------------------------------------------------------------