├── .gitignore ├── Makefile ├── utils └── utils.go ├── profiles └── k8s-block-echo ├── scripts ├── build ├── setup-aa.sh ├── enforce-aa.sh ├── copy-profiles.sh └── enable-aa.sh ├── test ├── security_v1alpha1_apparmorprofile.yaml └── echo-pod.yaml ├── .goreleaser.yml ├── api └── types │ └── v1alpha1 │ ├── apparmorprofile.go │ ├── register.go │ └── deepcopy.go ├── .github └── workflows │ └── krew-plugin-release.yml ├── go.mod ├── .krew.yaml ├── container └── echo-pod.yaml ├── clientset └── v1alpha1 │ ├── api.go │ └── apparmorprofile.go ├── types ├── apparmor.go └── node.go ├── aa ├── commands │ └── commands.go └── service.go ├── crd └── crd.security.sysdig.com_apparmorprofiles.yaml ├── client ├── ssh.go └── k8s.go ├── main.go ├── README.md ├── LICENSE └── go.sum /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/* 2 | kube-apparmor-manager 3 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: all 2 | 3 | all: build 4 | 5 | build: 6 | @echo "+ $@" 7 | ./scripts/build 8 | -------------------------------------------------------------------------------- /utils/utils.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import "os" 4 | 5 | // HomeDir returns home directory 6 | func HomeDir() string { 7 | if h := os.Getenv("HOME"); h != "" { 8 | return h 9 | } 10 | return os.Getenv("USERPROFILE") // windows 11 | } 12 | -------------------------------------------------------------------------------- /profiles/k8s-block-echo: -------------------------------------------------------------------------------- 1 | profile k8s-apparmor-block-echo flags=(no_attach_disconnected) { 2 | 3 | allow /etc/* r, 4 | allow /tmp/* rw, 5 | # allow only a few commands 6 | allow /bin/echo mrix, 7 | allow /bin/sleep mrix, 8 | allow /bin/cat mrix, 9 | } 10 | -------------------------------------------------------------------------------- /scripts/build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | export GOPATH="$HOME/go" 6 | export PATH="$PATH:$GOPATH/bin" 7 | 8 | go get "golang.org/x/tools/cmd/goimports" 9 | 10 | goimports -w $(find . -type f -name '*.go' -not -path "./vendor/*") || true 11 | 12 | env GO111MODULE=on GOOS=$(uname -s | tr '[:upper:]' '[:lower:]') GOARCH=amd64 go build -a 13 | -------------------------------------------------------------------------------- /test/security_v1alpha1_apparmorprofile.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crd.security.sysdig.com/v1alpha1 2 | kind: AppArmorProfile 3 | metadata: 4 | name: apparmorprofile-sample 5 | spec: 6 | # Add fields here 7 | rules: | 8 | allow /etc/* r, 9 | allow /tmp/* rw, 10 | # allow only a few commands 11 | allow /bin/echo mrix, 12 | allow /bin/sleep mrix, 13 | allow /bin/cat mrix, 14 | enforced: true 15 | -------------------------------------------------------------------------------- /test/echo-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hello-apparmor 5 | annotations: 6 | # Tell Kubernetes to apply the AppArmor profile "apparmorprofile-sample". 7 | container.apparmor.security.beta.kubernetes.io/hello: localhost/apparmorprofile-sample 8 | spec: 9 | containers: 10 | - name: hello 11 | image: busybox 12 | command: [ "sh", "-c", "echo 'Hello AppArmor!' && sleep 1h" ] 13 | -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- 1 | before: 2 | hooks: 3 | - go mod download 4 | builds: 5 | - id: kubectl-aa 6 | main: ./ 7 | binary: kube-apparmor-manager 8 | env: 9 | - CGO_ENABLED=0 10 | goos: 11 | - linux 12 | - darwin 13 | goarch: 14 | - amd64 15 | 16 | archives: 17 | - builds: 18 | - kubectl-aa 19 | name_template: "{{ .ProjectName }}_{{ .Tag }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" 20 | wrap_in_directory: false 21 | format: tar.gz 22 | files: 23 | - LICENSE 24 | -------------------------------------------------------------------------------- /api/types/v1alpha1/apparmorprofile.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 4 | 5 | type AppArmorProfileSpec struct { 6 | Rules string `json:"rules"` 7 | Enforced bool `json:"enforced"` 8 | } 9 | 10 | type AppArmorProfile struct { 11 | metav1.TypeMeta `json:",inline"` 12 | metav1.ObjectMeta `json:"metadata,omitempty"` 13 | 14 | Spec AppArmorProfileSpec `json:"spec"` 15 | } 16 | 17 | type AppArmorProfileList struct { 18 | metav1.TypeMeta `json:",inline"` 19 | metav1.ListMeta `json:"metadata,omitempty"` 20 | 21 | Items []AppArmorProfile `json:"items"` 22 | } 23 | -------------------------------------------------------------------------------- /scripts/setup-aa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | GRUB="/etc/default/grub" 4 | GRUB_BAK="/etc/default/grub.bak" 5 | ENABLED=$(aa-enabled 2>/dev/null) 6 | 7 | if [[ $? -ne 0 || "$ENABLED" == No* ]]; then 8 | echo "AppArmor is disabled" 9 | echo "Install AppArmor" 10 | apt install -y apparmor-profiles apparmor-utils 11 | 12 | echo "Update grub" 13 | cp $GRUB $GRUB_BAK 14 | sed -i -e '/^GRUB_CMDLINE_LINUX_DEFAULT/s/"$/ apparmor=1 security=apparmor"/' $GRUB 15 | cat $GRUB | grep "^GRUB_CMDLINE_LINUX_DEFAULT" 16 | update-grub 17 | 18 | echo "Reboot system" 19 | reboot 20 | exit 0 21 | else 22 | echo "AppArmor is enabled" 23 | exit 0 24 | fi 25 | -------------------------------------------------------------------------------- /.github/workflows/krew-plugin-release.yml: -------------------------------------------------------------------------------- 1 | name: release 2 | on: 3 | push: 4 | tags: 5 | - 'v*.*.*' 6 | jobs: 7 | goreleaser: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout 11 | uses: actions/checkout@master 12 | - name: Setup Go 13 | uses: actions/setup-go@v1 14 | with: 15 | go-version: 1.14 16 | - name: GoReleaser 17 | uses: goreleaser/goreleaser-action@v1 18 | with: 19 | version: latest 20 | args: release --rm-dist 21 | env: 22 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 23 | - name: Update new version in krew-index 24 | uses: rajatjindal/krew-release-bot@v0.0.25 25 | -------------------------------------------------------------------------------- /scripts/enforce-aa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | 4 | PROFILE=${1:-""} 5 | 6 | if [ -z $PROFILE ]; then 7 | echo "profile cannot be emtpy" 8 | exit 1 9 | fi 10 | 11 | SSH_KEY="~/.ssh/id_rsa" 12 | SSH_USER="admin" 13 | AA_PROFILE_DIR="/etc/apparmor.d" 14 | 15 | # get worker nodes IPs 16 | IPs=($(kubectl get nodes -l kubernetes.io/role=node -o json | jq '.items[] | .status.addresses | .[] | select(.type == "ExternalIP") | .address' -r | xargs)) 17 | 18 | for NODE_IP in "${IPs[@]}" 19 | do 20 | echo "***Start enabling AppArmor at IP: $NODE_IP***" 21 | ssh -o ConnectTimeout=10 -i $SSH_KEY "$SSH_USER@$NODE_IP" "sudo aa-enforce /etc/apparmor.d/$PROFILE && sudo systemctl reload apparmor.service" 22 | echo "***End configuring AppArmor at IP: $NODE_IP***" 23 | done 24 | -------------------------------------------------------------------------------- /scripts/copy-profiles.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | 4 | SSH_KEY="~/.ssh/id_rsa" 5 | SSH_USER="admin" 6 | WORK_DIR="/var/lib/aa" 7 | AA_PROFILE_DIR="/etc/apparmor.d" 8 | AA_PROFILES="$PWD/profiles/*" 9 | 10 | # get worker nodes IPs 11 | IPs=($(kubectl get nodes -l kubernetes.io/role=node -o json | jq '.items[] | .status.addresses | .[] | select(.type == "ExternalIP") | .address' -r | xargs)) 12 | 13 | for NODE_IP in "${IPs[@]}" 14 | do 15 | echo "***Start copying AppArmor profile to IP: $NODE_IP***" 16 | for PROFILE in $AA_PROFILES 17 | do 18 | scp -i $SSH_KEY $PROFILE $"$SSH_USER@$NODE_IP:$WORK_DIR/profiles" 19 | done 20 | ssh -i $SSH_KEY "$SSH_USER@$NODE_IP" "sudo cp $WORK_DIR/profiles/* $AA_PROFILE_DIR" 21 | echo "***End copying AppArmor profile to IP: $NODE_IP***" 22 | done 23 | -------------------------------------------------------------------------------- /scripts/enable-aa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | 4 | SSH_KEY="~/.ssh/id_rsa" 5 | SSH_USER="admin" 6 | WORK_DIR="/var/lib/aa" 7 | AA_SCRIPT="setup-aa.sh" 8 | 9 | # get worker nodes IPs 10 | IPs=($(kubectl get nodes -l kubernetes.io/role=node -o json | jq '.items[] | .status.addresses | .[] | select(.type == "ExternalIP") | .address' -r | xargs)) 11 | 12 | for NODE_IP in "${IPs[@]}" 13 | do 14 | echo "***Start enabling AppArmor at IP: $NODE_IP***" 15 | ssh -i $SSH_KEY "$SSH_USER@$NODE_IP" "sudo mkdir -p $WORK_DIR/profiles && sudo chown -R $SSH_USER:$SSH_USER $WORK_DIR" 16 | scp -i $SSH_KEY $AA_SCRIPT "$SSH_USER@$NODE_IP:$WORK_DIR" 17 | ssh -o ConnectTimeout=10 -i $SSH_KEY "$SSH_USER@$NODE_IP" "sudo bash $WORK_DIR/$AA_SCRIPT" 18 | echo "***End configuring AppArmor at IP: $NODE_IP***" 19 | done 20 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/sysdiglabs/kube-apparmor-manager 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/imdario/mergo v0.3.9 // indirect 7 | github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5 8 | github.com/sirupsen/logrus v1.4.2 9 | github.com/spf13/cobra v0.0.5 10 | golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 11 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b // indirect 12 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect 13 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect 14 | golang.org/x/tools v0.0.0-20200519205726-57a9e4404bf7 // indirect 15 | k8s.io/api v0.17.3 16 | k8s.io/apiextensions-apiserver v0.17.3 17 | k8s.io/apimachinery v0.17.3 18 | k8s.io/client-go v0.17.3 19 | k8s.io/klog v1.0.0 20 | k8s.io/utils v0.0.0-20200327001022-6496210b90e8 // indirect 21 | ) 22 | -------------------------------------------------------------------------------- /api/types/v1alpha1/register.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | "k8s.io/apimachinery/pkg/runtime" 6 | "k8s.io/apimachinery/pkg/runtime/schema" 7 | ) 8 | 9 | const ( 10 | Name = "apparmorprofiles.crd.security.sysdig.com" 11 | 12 | GroupName = "crd.security.sysdig.com" 13 | 14 | Kind = "AppArmorProfile" 15 | 16 | ListKind = "AppArmorProfileList" 17 | 18 | Plural = "apparmorprofiles" 19 | 20 | Singular = "apparmorprofile" 21 | 22 | GroupVersion = "v1alpha1" 23 | ) 24 | 25 | var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: GroupVersion} 26 | 27 | var ( 28 | SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) 29 | AddToScheme = SchemeBuilder.AddToScheme 30 | ) 31 | 32 | func addKnownTypes(scheme *runtime.Scheme) error { 33 | scheme.AddKnownTypes(SchemeGroupVersion, 34 | &AppArmorProfile{}, 35 | &AppArmorProfileList{}, 36 | ) 37 | 38 | metav1.AddToGroupVersion(scheme, SchemeGroupVersion) 39 | return nil 40 | } 41 | -------------------------------------------------------------------------------- /.krew.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: krew.googlecontainertools.github.com/v1alpha2 2 | kind: Plugin 3 | metadata: 4 | name: apparmor-manager 5 | spec: 6 | version: {{ .TagName }} 7 | homepage: https://github.com/sysdiglabs/kube-apparmor-manager 8 | platforms: 9 | - selector: 10 | matchLabels: 11 | os: darwin 12 | arch: amd64 13 | {{addURIAndSha "https://github.com/sysdiglabs/kube-apparmor-manager/releases/download/{{ .TagName }}/kube-apparmor-manager_{{ .TagName }}_darwin_amd64.tar.gz" .TagName }} 14 | bin: kube-apparmor-manager 15 | - selector: 16 | matchLabels: 17 | os: linux 18 | arch: amd64 19 | {{addURIAndSha "https://github.com/sysdiglabs/kube-apparmor-manager/releases/download/{{ .TagName }}/kube-apparmor-manager_{{ .TagName }}_linux_amd64.tar.gz" .TagName }} 20 | bin: kube-apparmor-manager 21 | shortDescription: Manage AppArmor profiles for cluster. 22 | description: | 23 | Manage AppArmor profiles through AppArmorProfile CRD and sync across all worker nodes. 24 | -------------------------------------------------------------------------------- /container/echo-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: echo-apparmor 5 | annotations: 6 | # only the last apparmor works 7 | # container.apparmor.security.beta.kubernetes.io/echo: localhost/k8s-apparmor-block-shell 8 | # container.apparmor.security.beta.kubernetes.io/echo: localhost/k8s-apparmor-block-echo 9 | spec: 10 | hostPID: true 11 | containers: 12 | - name: echo 13 | image: busybox 14 | securityContext: 15 | privileged: true 16 | volumeMounts: 17 | - name: etc-initd 18 | mountPath: /host/etc-initd 19 | - name: etc-apparmord 20 | mountPath: /host/etc-apparmord 21 | - name: lib 22 | mountPath: /lib 23 | command: [ "sh", "-c", "echo 'Hello AppArmor!' && sleep 1h" ] 24 | volumes: 25 | - name: etc-initd 26 | hostPath: 27 | path: /etc/init.d 28 | type: Directory 29 | - name: etc-apparmord 30 | hostPath: 31 | path: /etc/apparmor.d 32 | type: Directory 33 | - name: lib 34 | hostPath: 35 | path: /lib 36 | type: Directory 37 | -------------------------------------------------------------------------------- /api/types/v1alpha1/deepcopy.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import "k8s.io/apimachinery/pkg/runtime" 4 | 5 | // DeepCopyInto copies all properties of this object into another object of the 6 | // same type that is provided as a pointer. 7 | func (in *AppArmorProfile) DeepCopyInto(out *AppArmorProfile) { 8 | out.TypeMeta = in.TypeMeta 9 | out.ObjectMeta = in.ObjectMeta 10 | out.Spec = AppArmorProfileSpec{ 11 | Rules: in.Spec.Rules, 12 | Enforced: in.Spec.Enforced, 13 | } 14 | } 15 | 16 | // DeepCopyObject returns a generically typed copy of an object 17 | func (in *AppArmorProfile) DeepCopyObject() runtime.Object { 18 | out := AppArmorProfile{} 19 | in.DeepCopyInto(&out) 20 | 21 | return &out 22 | } 23 | 24 | // DeepCopyObject returns a generically typed copy of an object 25 | func (in *AppArmorProfileList) DeepCopyObject() runtime.Object { 26 | out := AppArmorProfileList{} 27 | out.TypeMeta = in.TypeMeta 28 | out.ListMeta = in.ListMeta 29 | 30 | if in.Items != nil { 31 | out.Items = make([]AppArmorProfile, len(in.Items)) 32 | for i := range in.Items { 33 | in.Items[i].DeepCopyInto(&out.Items[i]) 34 | } 35 | } 36 | 37 | return &out 38 | } 39 | -------------------------------------------------------------------------------- /clientset/v1alpha1/api.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | "github.com/sysdiglabs/kube-apparmor-manager/api/types/v1alpha1" 5 | "k8s.io/apimachinery/pkg/runtime/schema" 6 | "k8s.io/apimachinery/pkg/runtime/serializer" 7 | "k8s.io/client-go/kubernetes/scheme" 8 | "k8s.io/client-go/rest" 9 | ) 10 | 11 | type AppArmorV1Alpha1Interface interface { 12 | AppArmorProfiles(namespace string) AppArmorProfileInterface 13 | } 14 | 15 | type AppArmorV1Alpha1Client struct { 16 | restClient rest.Interface 17 | } 18 | 19 | func NewForConfig(c *rest.Config) (*AppArmorV1Alpha1Client, error) { 20 | config := *c 21 | config.ContentConfig.GroupVersion = &schema.GroupVersion{Group: v1alpha1.GroupName, Version: v1alpha1.GroupVersion} 22 | config.APIPath = "/apis" 23 | //config.NegotiatedSerializer = serializer.DirectCodecFactory{CodecFactory: scheme.Codecs} 24 | config.NegotiatedSerializer = serializer.WithoutConversionCodecFactory{CodecFactory: scheme.Codecs} 25 | config.UserAgent = rest.DefaultKubernetesUserAgent() 26 | 27 | client, err := rest.RESTClientFor(&config) 28 | if err != nil { 29 | return nil, err 30 | } 31 | 32 | return &AppArmorV1Alpha1Client{restClient: client}, nil 33 | } 34 | 35 | func (c *AppArmorV1Alpha1Client) ApparmorProfiles() AppArmorProfileInterface { 36 | return &appArmorProfileClient{ 37 | restClient: c.restClient, 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /types/apparmor.go: -------------------------------------------------------------------------------- 1 | package types 2 | 3 | import ( 4 | "fmt" 5 | "sort" 6 | "strings" 7 | ) 8 | 9 | const ( 10 | enforced = "enforce" 11 | ) 12 | 13 | type AppArmorProfileStatus struct { 14 | Profiles map[string]string `json:"profiles"` 15 | } 16 | 17 | // NewAppArmorStatus return apparmor profile status from workder nodes 18 | func NewAppArmorStatus() *AppArmorProfileStatus { 19 | return &AppArmorProfileStatus{ 20 | Profiles: map[string]string{}, 21 | } 22 | } 23 | 24 | // GetEnforcedProfiles get enforced profile names 25 | func (s *AppArmorProfileStatus) GetEnforcedProfiles() []string { 26 | profiles := []string{} 27 | 28 | for k, v := range s.Profiles { 29 | if v == enforced { 30 | profiles = append(profiles, k) 31 | } 32 | } 33 | 34 | sort.Strings(profiles) 35 | 36 | return profiles 37 | } 38 | 39 | type AppArmorProfile struct { 40 | Name string 41 | Rules string 42 | // Profile contains lines of the profile as following 43 | 44 | /* 45 | capability net_raw, 46 | capability setuid, 47 | capability setgid, 48 | capability dac_override, 49 | network raw, 50 | network packet, 51 | 52 | # for -D 53 | capability sys_module, 54 | @{PROC}/bus/usb/ r, 55 | @{PROC}/bus/usb/** r, 56 | 57 | audit deny @{HOME}/bin/ rw, 58 | audit deny @{HOME}/bin/** mrwkl, 59 | @{HOME}/ r, 60 | @{HOME}/** rw, 61 | 62 | /usr/sbin/tcpdump r, 63 | */ 64 | Enforced bool 65 | } 66 | 67 | func (p AppArmorProfile) String() string { 68 | ret := "" 69 | 70 | ret += fmt.Sprintf("profile %s flags=(attach_disconnected,mediate_deleted) {\n", p.Name) 71 | 72 | lines := strings.Split(p.Rules, "\n") 73 | 74 | for _, line := range lines { 75 | // skip empty line and commented out rule 76 | if line == "" || line[0] == '#' { 77 | continue 78 | } 79 | 80 | last := line[len(line)-1:] 81 | 82 | // append ',' at the end if it doesn't exists 83 | if last != "," { 84 | line += "," 85 | } 86 | ret += fmt.Sprintf("\t%s\n", line) 87 | } 88 | 89 | ret += "}" 90 | return ret 91 | } 92 | -------------------------------------------------------------------------------- /clientset/v1alpha1/apparmorprofile.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | "github.com/sysdiglabs/kube-apparmor-manager/api/types/v1alpha1" 5 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 6 | "k8s.io/apimachinery/pkg/watch" 7 | "k8s.io/client-go/kubernetes/scheme" 8 | "k8s.io/client-go/rest" 9 | ) 10 | 11 | const ( 12 | apparmorProfiles = "apparmorprofiles" 13 | ) 14 | 15 | type AppArmorProfileInterface interface { 16 | List(opts metav1.ListOptions) (*v1alpha1.AppArmorProfileList, error) 17 | Get(name string, options metav1.GetOptions) (*v1alpha1.AppArmorProfile, error) 18 | Create(*v1alpha1.AppArmorProfile) (*v1alpha1.AppArmorProfile, error) 19 | Watch(opts metav1.ListOptions) (watch.Interface, error) 20 | // ... 21 | } 22 | 23 | type appArmorProfileClient struct { 24 | restClient rest.Interface 25 | } 26 | 27 | func (c *appArmorProfileClient) List(opts metav1.ListOptions) (*v1alpha1.AppArmorProfileList, error) { 28 | result := v1alpha1.AppArmorProfileList{} 29 | err := c.restClient. 30 | Get(). 31 | Resource(apparmorProfiles). 32 | VersionedParams(&opts, scheme.ParameterCodec). 33 | Do(). 34 | Into(&result) 35 | 36 | return &result, err 37 | } 38 | 39 | func (c *appArmorProfileClient) Get(name string, opts metav1.GetOptions) (*v1alpha1.AppArmorProfile, error) { 40 | result := v1alpha1.AppArmorProfile{} 41 | err := c.restClient. 42 | Get(). 43 | Resource(apparmorProfiles). 44 | Name(name). 45 | VersionedParams(&opts, scheme.ParameterCodec). 46 | Do(). 47 | Into(&result) 48 | 49 | return &result, err 50 | } 51 | 52 | func (c *appArmorProfileClient) Create(profile *v1alpha1.AppArmorProfile) (*v1alpha1.AppArmorProfile, error) { 53 | result := v1alpha1.AppArmorProfile{} 54 | err := c.restClient. 55 | Post(). 56 | Resource(apparmorProfiles). 57 | Body(profile). 58 | Do(). 59 | Into(&result) 60 | 61 | return &result, err 62 | } 63 | 64 | func (c *appArmorProfileClient) Watch(opts metav1.ListOptions) (watch.Interface, error) { 65 | opts.Watch = true 66 | return c.restClient. 67 | Get(). 68 | Resource(apparmorProfiles). 69 | VersionedParams(&opts, scheme.ParameterCodec). 70 | Watch() 71 | } 72 | -------------------------------------------------------------------------------- /aa/commands/commands.go: -------------------------------------------------------------------------------- 1 | package commands 2 | 3 | import ( 4 | "fmt" 5 | 6 | "github.com/sysdiglabs/kube-apparmor-manager/types" 7 | ) 8 | 9 | var ( 10 | AAEnable = "aa-enabled" 11 | InstallAppArmor = []string{ 12 | `apt update`, 13 | `apt install -y apparmor-profiles apparmor-utils`, 14 | `sed -i -e '/^GRUB_CMDLINE_LINUX_DEFAULT/s/"$/ apparmor=1 security=apparmor"/' /etc/default/grub`, 15 | `update-grub`, 16 | `reboot`, 17 | } 18 | 19 | CreateAppArmorProfileTemplate = []string{ 20 | `echo '%s' > /tmp/%s`, 21 | `mv /tmp/%s /etc/apparmor.d/%s`, 22 | } 23 | 24 | EnforceAppArmorProfileTemplate = []string{ 25 | `aa-enforce /etc/apparmor.d/%s`, 26 | } 27 | 28 | AppArmorStatus = "apparmor_status --json" 29 | 30 | DisableAppArmorProfileTempalte = []string{ 31 | `aa-disable /etc/apparmor.d/%s`, 32 | } 33 | 34 | ComplainAppArmorProfileTempalte = []string{ 35 | `aa-complain /etc/apparmor.d/%s`, 36 | } 37 | ) 38 | 39 | // CreateProfileCommands returns a list of commands to create AppArmor profiles on worker nodes 40 | func CreateProfileCommands(profile types.AppArmorProfile) []string { 41 | commands := make([]string, 2) 42 | 43 | commands[0] = fmt.Sprintf(CreateAppArmorProfileTemplate[0], profile, profile.Name) 44 | 45 | commands[1] = fmt.Sprintf(CreateAppArmorProfileTemplate[1], profile.Name, profile.Name) 46 | 47 | //commands[4] = CreateAppArmorProfileTemplate[4] 48 | 49 | return commands 50 | } 51 | 52 | // EnforceProfileCommands returns a list of commands to enforce profile on worker nodes 53 | func EnforceProfileCommands(profile types.AppArmorProfile) []string { 54 | commands := make([]string, 1) 55 | 56 | commands[0] = fmt.Sprintf(EnforceAppArmorProfileTemplate[0], profile.Name) 57 | 58 | return commands 59 | } 60 | 61 | // DisableProfileCommands returns a list of commands to disable profile on worker nodes 62 | func DisableProfileCommands(profile types.AppArmorProfile) []string { 63 | commands := make([]string, 1) 64 | 65 | commands[0] = fmt.Sprintf(DisableAppArmorProfileTempalte[0], profile.Name) 66 | 67 | return commands 68 | } 69 | 70 | func ComplainProfileCommands(profile types.AppArmorProfile) []string { 71 | commands := make([]string, 1) 72 | 73 | commands[0] = fmt.Sprintf(ComplainAppArmorProfileTempalte[0], profile.Name) 74 | 75 | return commands 76 | } 77 | -------------------------------------------------------------------------------- /crd/crd.security.sysdig.com_apparmorprofiles.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | controller-gen.kubebuilder.io/version: v0.2.5 8 | creationTimestamp: null 9 | name: apparmorprofiles.crd.security.sysdig.com 10 | spec: 11 | group: crd.security.sysdig.com 12 | names: 13 | kind: AppArmorProfile 14 | listKind: AppArmorProfileList 15 | plural: apparmorprofiles 16 | singular: apparmorprofile 17 | scope: Cluster 18 | validation: 19 | openAPIV3Schema: 20 | description: AppArmorProfile is the Schema for the AppArmorprofiles API 21 | properties: 22 | apiVersion: 23 | description: 'APIVersion defines the versioned schema of this representation 24 | of an object. Servers should convert recognized schemas to the latest 25 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 26 | type: string 27 | kind: 28 | description: 'Kind is a string value representing the REST resource this 29 | object represents. Servers may infer this from the endpoint the client 30 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 31 | type: string 32 | metadata: 33 | type: object 34 | spec: 35 | description: AppArmorProfileSpec defines the desired state of AppArmorProfile 36 | properties: 37 | enforced: 38 | type: boolean 39 | description: Determin whether the AppArmor profile is enforced 40 | rules: 41 | description: AppArmor profile rules 42 | type: string 43 | required: 44 | - rules 45 | - enforced 46 | type: object 47 | status: 48 | description: AppArmorProfileStatus defines the observed state of AppArmorProfile 49 | type: object 50 | type: object 51 | version: v1alpha1 52 | versions: 53 | - name: v1alpha1 54 | served: true 55 | storage: true 56 | status: 57 | acceptedNames: 58 | kind: "" 59 | plural: "" 60 | conditions: [] 61 | storedVersions: [] 62 | -------------------------------------------------------------------------------- /types/node.go: -------------------------------------------------------------------------------- 1 | package types 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | 8 | "github.com/olekukonko/tablewriter" 9 | ) 10 | 11 | const ( 12 | RoleLabel = "kubernetes.io/role" 13 | Worker = "node" 14 | Master = "master" 15 | ) 16 | 17 | type NodeList []*Node 18 | 19 | type Node struct { 20 | NodeName string 21 | ExternalIP string 22 | InternalIP string 23 | Role string 24 | AppArmorEnabled bool 25 | AppArmorStatus *AppArmorProfileStatus 26 | } 27 | 28 | // NewNode returns a new node object 29 | func NewNode() *Node { 30 | return &Node{ 31 | AppArmorStatus: NewAppArmorStatus(), 32 | } 33 | } 34 | 35 | func (nl NodeList) String() string { 36 | ret := "" 37 | 38 | ret += strings.Join([]string{"Node Name", "Internal IP", "External IP", "Role", "AppArmor Enabled"}, "\t") 39 | ret += "\n" 40 | 41 | for _, n := range nl { 42 | ret += strings.Join([]string{n.NodeName, n.InternalIP, n.ExternalIP, n.Role, fmt.Sprintf("%t", n.AppArmorEnabled)}, "\t") 43 | ret += "\n" 44 | } 45 | 46 | return ret 47 | } 48 | 49 | func (nl NodeList) GetEnforcedProfiles() string { 50 | ret := "" 51 | 52 | ret += strings.Join([]string{"Node Name", "Role", "Enforced Profiles"}, "\t") 53 | ret += "\n" 54 | 55 | for _, n := range nl { 56 | ret += strings.Join([]string{n.NodeName, n.Role, strings.Join(n.AppArmorStatus.GetEnforcedProfiles(), ",")}, "\t") 57 | ret += "\n" 58 | } 59 | 60 | return ret 61 | } 62 | 63 | // IsMaster checks whether a node is master node 64 | func (n *Node) IsMaster() bool { 65 | return n.Role == Master 66 | } 67 | 68 | // PrintEnforcementStatus prints enforced AppArmor profile on worker nodes 69 | func (nl NodeList) PrintEnforcementStatus() { 70 | table := tablewriter.NewWriter(os.Stdout) 71 | table.SetHeader([]string{"Node Name", "Role", "Enforced Profiles"}) 72 | 73 | data := [][]string{} 74 | 75 | for _, n := range nl { 76 | data = append(data, []string{n.NodeName, n.Role, strings.Join(n.AppArmorStatus.GetEnforcedProfiles(), ",")}) 77 | } 78 | 79 | table.AppendBulk(data) 80 | table.Render() 81 | } 82 | 83 | // PrintEnabledStatus prints AppArmor enabled status on worker nodes 84 | func (nl NodeList) PrintEnabledStatus() { 85 | table := tablewriter.NewWriter(os.Stdout) 86 | table.SetHeader([]string{"Node Name", "Internal IP", "External IP", "Role", "AppArmor Enabled"}) 87 | 88 | data := [][]string{} 89 | 90 | for _, n := range nl { 91 | data = append(data, []string{n.NodeName, n.InternalIP, n.ExternalIP, n.Role, fmt.Sprintf("%t", n.AppArmorEnabled)}) 92 | } 93 | 94 | table.AppendBulk(data) 95 | table.Render() 96 | } 97 | -------------------------------------------------------------------------------- /client/ssh.go: -------------------------------------------------------------------------------- 1 | package client 2 | 3 | import ( 4 | "bytes" 5 | "fmt" 6 | "io/ioutil" 7 | "strings" 8 | 9 | "golang.org/x/crypto/ssh" 10 | ) 11 | 12 | type SSHClient struct { 13 | config *ssh.ClientConfig 14 | client *ssh.Client 15 | } 16 | 17 | // NewSSHClientConfig returns client configuration for SSH client 18 | func NewSSHClientConfig(user, keyFile, passworkPhrase string) (*SSHClient, error) { 19 | publicKeyMenthod, err := publicKey(keyFile, passworkPhrase) 20 | 21 | if err != nil { 22 | return nil, err 23 | } 24 | 25 | sshConfig := &ssh.ClientConfig{ 26 | User: user, 27 | Auth: []ssh.AuthMethod{ 28 | publicKeyMenthod, 29 | }, 30 | HostKeyCallback: ssh.InsecureIgnoreHostKey(), 31 | } 32 | 33 | return &SSHClient{ 34 | config: sshConfig, 35 | }, nil 36 | } 37 | 38 | // Connect connects to a node 39 | func (c *SSHClient) Connect(host, port string) error { 40 | client, err := ssh.Dial("tcp", fmt.Sprintf("%s:%s", host, port), c.config) 41 | 42 | if err != nil { 43 | return err 44 | } 45 | 46 | c.client = client 47 | 48 | return nil 49 | } 50 | 51 | // Close close the client connection 52 | func (c *SSHClient) Close() error { 53 | if c.client != nil { 54 | return c.client.Close() 55 | } 56 | 57 | return nil 58 | } 59 | 60 | // ExecuteBatch execute bach commands 61 | func (c *SSHClient) ExecuteBatch(commands []string, prependSudo bool) error { 62 | fmt.Printf("**** Host: %s ****\n", c.client.RemoteAddr().String()) 63 | for _, cmd := range commands { 64 | fmt.Printf("** Execute command: %s **\n", cmd) 65 | stdout, stderr, err := c.ExecuteOne(cmd, prependSudo) 66 | 67 | if err != nil { 68 | return err 69 | } 70 | 71 | if len(stdout) > 0 { 72 | fmt.Println(stdout) 73 | } 74 | 75 | if len(stderr) > 0 { 76 | fmt.Printf("Error: %s\n", stderr) 77 | } 78 | fmt.Println() 79 | } 80 | 81 | return nil 82 | } 83 | 84 | // ExecuteOne executes one command 85 | func (c *SSHClient) ExecuteOne(cmd string, prependSudo bool) (stdout, stderr string, err error) { 86 | sess, err := c.client.NewSession() 87 | 88 | if err != nil { 89 | return "", "", err 90 | } 91 | 92 | defer sess.Close() 93 | 94 | var stdoutBuf, stderrBuf bytes.Buffer 95 | sess.Stdout = &stdoutBuf 96 | sess.Stderr = &stderrBuf 97 | 98 | if prependSudo { 99 | cmd = "sudo " + cmd 100 | } 101 | 102 | _ = sess.Run(cmd) 103 | 104 | return strings.TrimSuffix(stdoutBuf.String(), "\n"), strings.TrimSuffix(stderrBuf.String(), "\n"), nil 105 | 106 | } 107 | 108 | func publicKey(keyPath, passwordPhrase string) (ssh.AuthMethod, error) { 109 | key, err := ioutil.ReadFile(keyPath) 110 | if err != nil { 111 | return nil, err 112 | } 113 | 114 | var signer ssh.Signer 115 | 116 | if passwordPhrase == "" { 117 | signer, err = ssh.ParsePrivateKey(key) 118 | } else { 119 | signer, err = ssh.ParsePrivateKeyWithPassphrase(key, []byte(passwordPhrase)) 120 | } 121 | 122 | if err != nil { 123 | return nil, err 124 | } 125 | return ssh.PublicKeys(signer), nil 126 | } 127 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "path/filepath" 7 | 8 | "github.com/spf13/cobra" 9 | 10 | log "github.com/sirupsen/logrus" 11 | "github.com/sysdiglabs/kube-apparmor-manager/aa" 12 | _ "k8s.io/client-go/plugin/pkg/client/auth" 13 | ) 14 | 15 | func main() { 16 | appArmor, err := aa.NewAppArmor() 17 | 18 | if err != nil { 19 | panic(err) 20 | } 21 | 22 | var logLevel string 23 | var useInternalIP bool 24 | 25 | log.SetFormatter(&log.TextFormatter{ 26 | FullTimestamp: true, 27 | }) 28 | 29 | binaryArg := getBinary(os.Args[0]) 30 | 31 | extBinaryArg := binaryArg 32 | 33 | if extBinaryArg == kubectlBinary { 34 | extBinaryArg = fmt.Sprintf("kubectl %s", kubectlBinary) 35 | } 36 | 37 | var rootCmd = &cobra.Command{ 38 | Use: binaryArg, 39 | Short: fmt.Sprintf("%s manages AppArmor service and profiles enforcement on worker nodes", extBinaryArg), 40 | Long: fmt.Sprintf("%s manages AppArmor service and profiles enforcement on worker nodes through syncing with AppArmorProfile CRD in Kubernetes cluster", extBinaryArg), 41 | PersistentPreRun: func(cmd *cobra.Command, args []string) { 42 | lvl, err := log.ParseLevel(logLevel) 43 | if err != nil { 44 | log.Fatal(err) 45 | } 46 | 47 | log.SetLevel(lvl) 48 | appArmor.UseInternalIP(useInternalIP) 49 | }, 50 | } 51 | 52 | rootCmd.PersistentFlags().StringVar(&logLevel, "level", "info", "Log level") 53 | rootCmd.PersistentFlags().BoolVarP(&useInternalIP, "internal-ip", "i", false, "Use internal ip to sync") 54 | 55 | var initCmd = &cobra.Command{ 56 | Use: "init", 57 | Short: "Install CRD in the cluster and AppArmor services on worker nodes", 58 | Long: "Install CRD in the Kubernetes cluster database and AppArmor services on worker nodes", 59 | Run: func(cmd *cobra.Command, args []string) { 60 | err := appArmor.InstallCRD() 61 | if err != nil { 62 | log.Fatalf("failed to install CRD: %v", err) 63 | } 64 | 65 | err = appArmor.InstallAppArmor() 66 | if err != nil { 67 | log.Fatalf("failed to install AppArmor service: %v", err) 68 | } 69 | }, 70 | } 71 | 72 | var syncCmd = &cobra.Command{ 73 | Use: "sync", 74 | Short: "Synchronize the AppArmor profiles from the Kubernetes database (etcd) to worker nodes", 75 | Long: "Synchronize the AppArmor profiles from the Kubernetes database (etcd) to worker nodes", 76 | Run: func(cmd *cobra.Command, args []string) { 77 | err := appArmor.Sync() 78 | if err != nil { 79 | log.Fatalf("sync error: %v", err) 80 | } 81 | }, 82 | } 83 | 84 | var enforcedCmd = &cobra.Command{ 85 | Use: "enforced", 86 | Short: "Check AppArmor profile enforcement status on worker nodes", 87 | Long: "Check AppArmor profile enforcement status on worker nodes", 88 | Run: func(cmd *cobra.Command, args []string) { 89 | list, err := appArmor.AppArmorStatus() 90 | if err != nil { 91 | log.Fatalf("check enforcement status error: %v", err) 92 | } 93 | 94 | list.PrintEnforcementStatus() 95 | }, 96 | } 97 | 98 | var enabledCmd = &cobra.Command{ 99 | Use: "enabled", 100 | Short: "Check AppArmor status on worker nodes", 101 | Long: "Check AppArmor status on worker nodes", 102 | Run: func(cmd *cobra.Command, args []string) { 103 | list, err := appArmor.AppArmorEnabled() 104 | if err != nil { 105 | log.Fatalf("check enabled status error: %v", err) 106 | } 107 | 108 | list.PrintEnabledStatus() 109 | }, 110 | } 111 | 112 | rootCmd.AddCommand(initCmd) 113 | rootCmd.AddCommand(syncCmd) 114 | rootCmd.AddCommand(enforcedCmd) 115 | rootCmd.AddCommand(enabledCmd) 116 | 117 | rootCmd.Execute() 118 | } 119 | 120 | const ( 121 | defaultBinary = "kube-apparmor-manager" 122 | 123 | kubectlBinary = "apparmor-manager" 124 | ) 125 | 126 | func getBinary(arg string) string { 127 | _, binary := filepath.Split(arg) 128 | 129 | if binary == defaultBinary { 130 | return binary 131 | } 132 | 133 | return kubectlBinary 134 | } 135 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # kube-apparmor-manager 2 | Manage AppArmor profiles for Kubernetes cluster 3 | 4 | ## Behind the Scenes 5 | - `AppArmorProfile` CRD is created and `AppArmorProfile` objects are stored in etcd. 6 | - Actual AppArmor profiles will be created(updated) across all worker nodes through synchronizing with `AppArmorProfile` objects. 7 | 8 | ### AppArmorProfile Object Explained 9 | ``` 10 | apiVersion: crd.security.sysdig.com/v1alpha1 11 | kind: AppArmorProfile 12 | metadata: 13 | name: apparmorprofile-sample 14 | spec: 15 | rules: | 16 | # This is the default deny mode of AppArmor profile. 17 | # List the allow rules here separated by new line character. 18 | 19 | # allow few read/write activities 20 | allow /etc/* r, 21 | allow /tmp/* rw, 22 | 23 | # allow few commands execution 24 | allow /bin/echo mrix, 25 | allow /bin/sleep mrix, 26 | allow /bin/cat mrix, 27 | enforced: true # set profile to enforcement mode if true (complain mode if false) 28 | ``` 29 | 30 | ## Install as a Krew Plugin 31 | 32 | Follow the [instructions](https://github.com/kubernetes-sigs/krew#installation) to install `krew`. Then run the following command: 33 | 34 | ``` 35 | kubectl krew install apparmor-manager 36 | ``` 37 | 38 | The plugin will be available as `kubectl apparmor-manager`. 39 | 40 | ## Configure Environment 41 | - `SSH_USERNAME`: SSH username to access worker nodes (default: admin) 42 | - `SSH_PERM_FILE`: SSH private key to access worker ndoes (default: $HOME/.ssh/id_rsa) 43 | - `SSH_PASSPHRASE`: SSH passphrase (only applicable if the private key is passphrase protected) 44 | 45 | ## Usage 46 | ``` 47 | Usage: 48 | kube-apparmor-manager [command] 49 | 50 | Available Commands: 51 | enabled Check AppArmor status on worker nodes 52 | enforced Check AppArmor profile enforcement status on worker nodes 53 | help Help about any command 54 | init Install CRD in the cluster and AppArmor services on worker nodes 55 | sync Synchronize the AppArmor profiles from the Kubernetes database (etcd) to worker nodes 56 | ``` 57 | 58 | ## Example Output 59 | 60 | ### AppArmor enabled status 61 | ``` 62 | $ ./kube-apparmor-manager enabled 63 | +-------------------------------+---------------+----------------+--------+------------------+ 64 | | NODE NAME | INTERNAL IP | EXTERNAL IP | ROLE | APPARMOR ENABLED | 65 | +-------------------------------+---------------+----------------+--------+------------------+ 66 | | ip-172-20-45-132.ec2.internal | 172.20.45.132 | 54.91.xxx.xx | master | false | 67 | | ip-172-20-54-2.ec2.internal | 172.20.54.2 | 54.82.xx.xx | node | true | 68 | | ip-172-20-58-7.ec2.internal | 172.20.58.7 | 18.212.xxx.xxx | node | true | 69 | +-------------------------------+---------------+----------------+--------+------------------+ 70 | ``` 71 | 72 | ### AppArmor enforced profiles 73 | ``` 74 | ./kube-apparmor-manager enforced 75 | +-------------------------------+--------+------------------------------------------------------+ 76 | | NODE NAME | ROLE | ENFORCED PROFILES | 77 | +-------------------------------+--------+------------------------------------------------------+ 78 | | ip-172-20-45-132.ec2.internal | master | | 79 | | ip-172-20-54-2.ec2.internal | node | /usr/sbin/ntpd,apparmorprofile-sample,docker-default | 80 | | ip-172-20-58-7.ec2.internal | node | /usr/sbin/ntpd,apparmorprofile-sample,docker-default | 81 | +-------------------------------+--------+------------------------------------------------------+ 82 | ``` 83 | 84 | ### Sync 85 | 86 | When ever there is change to `AppArmorProfile` object, run `sync` to synchronize across all the worker nodes. 87 | ``` 88 | $ ./kube-apparmor-manager sync 89 | **** Host: 54.82.xx.xx:22 **** 90 | ** Execute command: echo 'profile apparmorprofile-sample flags=(attach_disconnected) { 91 | allow /etc/* r, 92 | allow /tmp/* rw, 93 | allow /bin/echo mrix, 94 | allow /bin/sleep mrix, 95 | allow /bin/cat mrix, 96 | }' > /tmp/apparmorprofile-sample ** 97 | 98 | ** Execute command: mv /tmp/apparmorprofile-sample /etc/apparmor.d/apparmorprofile-sample ** 99 | 100 | **** Host: 54.82.xx.xx:22 **** 101 | ** Execute command: aa-enforce /etc/apparmor.d/apparmorprofile-sample ** 102 | Setting /etc/apparmor.d/apparmorprofile-sample to enforce mode. 103 | 104 | **** Host: 18.212.xxx.xxx:22 **** 105 | ** Execute command: echo 'profile apparmorprofile-sample flags=(attach_disconnected) { 106 | allow /etc/* r, 107 | allow /tmp/* rw, 108 | allow /bin/echo mrix, 109 | allow /bin/sleep mrix, 110 | allow /bin/cat mrix, 111 | }' > /tmp/apparmorprofile-sample ** 112 | 113 | ** Execute command: mv /tmp/apparmorprofile-sample /etc/apparmor.d/apparmorprofile-sample ** 114 | 115 | **** Host: 18.212.xxx.xxx:22 **** 116 | ** Execute command: aa-enforce /etc/apparmor.d/apparmorprofile-sample ** 117 | Setting /etc/apparmor.d/apparmorprofile-sample to enforce mode. 118 | ``` 119 | -------------------------------------------------------------------------------- /client/k8s.go: -------------------------------------------------------------------------------- 1 | package client 2 | 3 | import ( 4 | "flag" 5 | "path/filepath" 6 | "strings" 7 | "time" 8 | 9 | apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" 10 | "k8s.io/apimachinery/pkg/util/wait" 11 | "k8s.io/klog" 12 | 13 | "github.com/sysdiglabs/kube-apparmor-manager/api/types/v1alpha1" 14 | aaClientset "github.com/sysdiglabs/kube-apparmor-manager/clientset/v1alpha1" 15 | "github.com/sysdiglabs/kube-apparmor-manager/types" 16 | "github.com/sysdiglabs/kube-apparmor-manager/utils" 17 | corev1 "k8s.io/api/core/v1" 18 | extClientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" 19 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 20 | "k8s.io/client-go/kubernetes" 21 | "k8s.io/client-go/kubernetes/scheme" 22 | "k8s.io/client-go/tools/clientcmd" 23 | ) 24 | 25 | type K8sClient struct { 26 | cs *kubernetes.Clientset 27 | aaclient *aaClientset.AppArmorV1Alpha1Client 28 | extclient *extClientset.Clientset 29 | } 30 | 31 | // NewK8sClient return s Kubernetes client that contains the following 32 | // - cs: general k8s client 33 | // - aaclient: specific client to manage AppArmorProfile CRD object 34 | // - extclient: extension client to manage CRD 35 | func NewK8sClient() (*K8sClient, error) { 36 | var kubeconfig *string 37 | if home := utils.HomeDir(); home != "" { 38 | kubeconfig = flag.String("kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file") 39 | } else { 40 | kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file") 41 | } 42 | flag.Parse() 43 | 44 | v1alpha1.AddToScheme(scheme.Scheme) 45 | 46 | // use the current context in kubeconfig 47 | config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig) 48 | if err != nil { 49 | return nil, err 50 | } 51 | // creates the clientset 52 | clientset, err := kubernetes.NewForConfig(config) 53 | if err != nil { 54 | return nil, err 55 | } 56 | 57 | aaClientset, err := aaClientset.NewForConfig(config) 58 | if err != nil { 59 | return nil, err 60 | } 61 | 62 | extClient, err := extClientset.NewForConfig(config) 63 | 64 | if err != nil { 65 | return nil, err 66 | } 67 | 68 | return &K8sClient{ 69 | clientset, 70 | aaClientset, 71 | extClient, 72 | }, nil 73 | } 74 | 75 | // InstallCRD installs AppArmorProfile CRD 76 | func (c *K8sClient) InstallCRD() error { 77 | klog.Infof("Creating a CRD: %s\n", v1alpha1.Name) 78 | 79 | crd := &apiextensions.CustomResourceDefinition{ 80 | ObjectMeta: metav1.ObjectMeta{ 81 | Name: v1alpha1.Name, 82 | }, 83 | Spec: apiextensions.CustomResourceDefinitionSpec{ 84 | Group: v1alpha1.GroupName, 85 | Versions: []apiextensions.CustomResourceDefinitionVersion{ 86 | {Name: v1alpha1.GroupVersion, Served: true, Storage: true}, 87 | }, 88 | Scope: apiextensions.ClusterScoped, 89 | Names: apiextensions.CustomResourceDefinitionNames{ 90 | Plural: v1alpha1.Plural, 91 | Kind: v1alpha1.Kind, 92 | ListKind: v1alpha1.ListKind, 93 | ShortNames: []string{"aap"}, 94 | }, 95 | }, 96 | } 97 | 98 | _, err := c.extclient.ApiextensionsV1beta1().CustomResourceDefinitions().Create(crd) 99 | 100 | if err != nil { 101 | if strings.Contains(err.Error(), "already exists") { 102 | return nil 103 | } 104 | return err 105 | } 106 | 107 | klog.Infoln("The CRD created. Need to wait whether it is confirmed.") 108 | 109 | return c.waitForCRD() 110 | } 111 | 112 | // RemoveCRD removes AppArmorProfile CRD 113 | func (c *K8sClient) RemoveCRD() error { 114 | c.extclient.ApiextensionsV1beta1().RESTClient().Delete().Name(v1alpha1.Name) 115 | return nil 116 | } 117 | 118 | func (c *K8sClient) waitForCRD() error { 119 | klog.Infof("Waiting for a CRD to be created: %s\n", v1alpha1.Name) 120 | 121 | err := wait.Poll(1*time.Second, 30*time.Second, func() (bool, error) { 122 | // get CRDs by name 123 | crd, err := c.extclient.ApiextensionsV1beta1().CustomResourceDefinitions().Get(v1alpha1.Name, metav1.GetOptions{}) 124 | if err != nil { 125 | panic(err) 126 | } 127 | 128 | for _, condition := range crd.Status.Conditions { 129 | if condition.Type == apiextensions.Established && condition.Status == apiextensions.ConditionTrue { 130 | // CRD successfully created. 131 | klog.Infoln("Confirmed that the CRD successfully created.") 132 | return true, err 133 | } else if condition.Type == apiextensions.NamesAccepted && condition.Status == apiextensions.ConditionFalse { 134 | klog.Fatalf("Name conflict while wait for CRD creation: %s, %v\n", condition.Reason, err) 135 | } 136 | } 137 | 138 | return false, err 139 | }) 140 | if err != nil { 141 | return err 142 | } 143 | 144 | return nil 145 | } 146 | 147 | // GetNodes returns node list 148 | func (c *K8sClient) GetNodes() (types.NodeList, error) { 149 | nodeList := types.NodeList{} 150 | 151 | list, err := c.cs.CoreV1().Nodes().List(metav1.ListOptions{}) 152 | 153 | if err != nil { 154 | return nil, err 155 | } 156 | 157 | for _, node := range list.Items { 158 | nodeReady := false 159 | for _, condition := range node.Status.Conditions { 160 | if condition.Type == corev1.NodeReady && condition.Status == corev1.ConditionTrue { 161 | nodeReady = true 162 | break 163 | } 164 | } 165 | 166 | if nodeReady { 167 | n := types.NewNode() 168 | role := node.Labels[types.RoleLabel] 169 | n.Role = role 170 | n.NodeName = node.Name 171 | 172 | for _, addr := range node.Status.Addresses { 173 | switch addr.Type { 174 | case corev1.NodeExternalIP: 175 | n.ExternalIP = addr.Address 176 | case corev1.NodeInternalIP: 177 | n.InternalIP = addr.Address 178 | default: 179 | } 180 | } 181 | 182 | nodeList = append(nodeList, n) 183 | } 184 | } 185 | 186 | return nodeList, nil 187 | } 188 | 189 | // GetAppArmorProfiles returns apparmor profiles from etcd 190 | func (c *K8sClient) GetAppArmorProfiles() ([]types.AppArmorProfile, error) { 191 | profileList := []types.AppArmorProfile{} 192 | list, err := c.aaclient.ApparmorProfiles().List(metav1.ListOptions{}) 193 | 194 | if err != nil { 195 | return profileList, err 196 | } 197 | 198 | for _, p := range list.Items { 199 | var profile types.AppArmorProfile 200 | profile.Name = p.Name 201 | profile.Rules = p.Spec.Rules 202 | profile.Enforced = p.Spec.Enforced 203 | profileList = append(profileList, profile) 204 | } 205 | 206 | return profileList, nil 207 | } 208 | -------------------------------------------------------------------------------- /aa/service.go: -------------------------------------------------------------------------------- 1 | package aa 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "os" 7 | "strings" 8 | 9 | "k8s.io/klog" 10 | 11 | "github.com/sysdiglabs/kube-apparmor-manager/aa/commands" 12 | "github.com/sysdiglabs/kube-apparmor-manager/client" 13 | "github.com/sysdiglabs/kube-apparmor-manager/types" 14 | "github.com/sysdiglabs/kube-apparmor-manager/utils" 15 | ) 16 | 17 | const ( 18 | envSSHUsername = "SSH_USERNAME" 19 | envSSHPERMFile = "SSH_PERM_FILE" 20 | envSSHPassPhrase = "SSH_PASSPHRASE" 21 | 22 | SSH_PORT = "22" 23 | ) 24 | 25 | type AppArmor struct { 26 | k8sClient *client.K8sClient 27 | sshClient *client.SSHClient 28 | useInternalIP bool 29 | } 30 | 31 | // NewAppArmor returns a new AppArmor object 32 | func NewAppArmor() (*AppArmor, error) { 33 | k8s, err := client.NewK8sClient() 34 | 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | username := os.Getenv(envSSHUsername) 40 | 41 | if username == "" { 42 | username = "admin" 43 | } 44 | 45 | sshPermFile := os.Getenv(envSSHPERMFile) 46 | 47 | if sshPermFile == "" { 48 | sshPermFile = fmt.Sprintf("%s/.ssh/id_rsa", utils.HomeDir()) 49 | } 50 | 51 | sshPassPhrase := os.Getenv(envSSHPassPhrase) 52 | 53 | ssh, err := client.NewSSHClientConfig(username, sshPermFile, sshPassPhrase) 54 | 55 | if err != nil { 56 | return nil, fmt.Errorf("error configuring SSH client, make sure you setup the credentials correctly") 57 | } 58 | return &AppArmor{ 59 | k8sClient: k8s, 60 | sshClient: ssh, 61 | useInternalIP: false, 62 | }, nil 63 | } 64 | 65 | func (aa *AppArmor) UseInternalIP(useInternalIP bool) { 66 | aa.useInternalIP = useInternalIP 67 | } 68 | 69 | // InstallCRD installs CRD in Kubernetes 70 | func (aa *AppArmor) InstallCRD() error { 71 | return aa.k8sClient.InstallCRD() 72 | } 73 | 74 | // InstallAppArmor installs AppArmor service on worker nodes 75 | func (aa *AppArmor) InstallAppArmor() error { 76 | nodes, err := aa.k8sClient.GetNodes() 77 | 78 | if err != nil { 79 | return err 80 | } 81 | 82 | for _, node := range nodes { 83 | err = aa.install(node) 84 | 85 | if err != nil { 86 | return err 87 | } 88 | } 89 | return nil 90 | } 91 | 92 | func (aa *AppArmor) install(node *types.Node) error { 93 | if node.IsMaster() { 94 | return nil 95 | } 96 | 97 | var err error 98 | if aa.useInternalIP { 99 | err = aa.sshClient.Connect(node.InternalIP, SSH_PORT) 100 | } else { 101 | err = aa.sshClient.Connect(node.ExternalIP, SSH_PORT) 102 | } 103 | 104 | if err != nil { 105 | return err 106 | } 107 | 108 | defer aa.sshClient.Close() 109 | 110 | if aa.enabledInConnection(node) { 111 | if aa.useInternalIP { 112 | klog.Infof("AppArmor was enabled on node: %s (internal IP: %s)", node.NodeName, node.InternalIP) 113 | } else { 114 | klog.Infof("AppArmor was enabled on node: %s (external IP: %s)", node.NodeName, node.ExternalIP) 115 | } 116 | return nil 117 | } 118 | 119 | err = aa.sshClient.ExecuteBatch(commands.InstallAppArmor, true) 120 | 121 | if err != nil { 122 | return err 123 | } 124 | 125 | return nil 126 | } 127 | 128 | // Sync syncs AppArmor profiles from etcd to worker nodes 129 | func (aa *AppArmor) Sync() error { 130 | nodes, err := aa.k8sClient.GetNodes() 131 | 132 | if err != nil { 133 | return err 134 | } 135 | 136 | profiles, err := aa.k8sClient.GetAppArmorProfiles() 137 | 138 | if err != nil { 139 | return err 140 | } 141 | 142 | for _, node := range nodes { 143 | for _, profile := range profiles { 144 | err := aa.syncProfile(node, profile) 145 | if err != nil { 146 | return err 147 | } 148 | } 149 | } 150 | 151 | return nil 152 | } 153 | 154 | func (aa *AppArmor) syncProfile(node *types.Node, profile types.AppArmorProfile) error { 155 | if node.IsMaster() { 156 | return nil 157 | } 158 | 159 | var err error 160 | if aa.useInternalIP { 161 | err = aa.sshClient.Connect(node.InternalIP, SSH_PORT) 162 | } else { 163 | err = aa.sshClient.Connect(node.ExternalIP, SSH_PORT) 164 | } 165 | 166 | if err != nil { 167 | return err 168 | } 169 | 170 | defer aa.sshClient.Close() 171 | 172 | if !aa.enabledInConnection(node) { 173 | if aa.useInternalIP { 174 | klog.Infof("AppArmor was not enabled on node: %s (internal IP: %s), no sync happen.", node.NodeName, node.InternalIP) 175 | } else { 176 | klog.Infof("AppArmor was not enabled on node: %s (external IP: %s), no sync happen.", node.NodeName, node.ExternalIP) 177 | } 178 | return nil 179 | } 180 | 181 | err = aa.sshClient.ExecuteBatch(commands.CreateProfileCommands(profile), true) 182 | 183 | if err != nil { 184 | return err 185 | } 186 | 187 | if profile.Enforced { 188 | err = aa.sshClient.ExecuteBatch(commands.EnforceProfileCommands(profile), true) 189 | } else { 190 | // turn it into complain mode 191 | err = aa.sshClient.ExecuteBatch(commands.ComplainProfileCommands(profile), true) 192 | } 193 | 194 | if err != nil { 195 | return err 196 | } 197 | 198 | return nil 199 | } 200 | 201 | // AppArmorEnabled get AppArmor enabled status on worker nodes 202 | func (aa *AppArmor) AppArmorEnabled() (types.NodeList, error) { 203 | nodes, err := aa.k8sClient.GetNodes() 204 | 205 | if err != nil { 206 | return nil, err 207 | } 208 | 209 | for _, node := range nodes { 210 | _, err := aa.enabled(node) 211 | if err != nil { 212 | return nodes, err 213 | } 214 | } 215 | 216 | return nodes, nil 217 | } 218 | 219 | func (aa *AppArmor) enabled(node *types.Node) (bool, error) { 220 | if node.IsMaster() { 221 | return false, nil 222 | } 223 | 224 | var err error 225 | if aa.useInternalIP { 226 | err = aa.sshClient.Connect(node.InternalIP, SSH_PORT) 227 | } else { 228 | err = aa.sshClient.Connect(node.ExternalIP, SSH_PORT) 229 | } 230 | if err != nil { 231 | return false, err 232 | } 233 | 234 | defer aa.sshClient.Close() 235 | 236 | return aa.enabledInConnection(node), nil 237 | } 238 | 239 | func (aa *AppArmor) enabledInConnection(node *types.Node) bool { 240 | stdout, stderr, err := aa.sshClient.ExecuteOne(commands.AAEnable, true) 241 | 242 | if err != nil { 243 | return false 244 | } 245 | 246 | if len(stderr) > 0 { 247 | return false 248 | } 249 | 250 | if strings.ToLower(stdout) == "yes" { 251 | node.AppArmorEnabled = true 252 | return true 253 | } 254 | 255 | return false 256 | } 257 | 258 | // AppArmorStatus gets AppArmor enforced profiles on worker nodes 259 | func (aa *AppArmor) AppArmorStatus() (types.NodeList, error) { 260 | nodes, err := aa.k8sClient.GetNodes() 261 | 262 | if err != nil { 263 | return nodes, err 264 | } 265 | 266 | for _, node := range nodes { 267 | err := aa.status(node) 268 | 269 | if err != nil { 270 | return nodes, err 271 | } 272 | } 273 | 274 | return nodes, nil 275 | } 276 | 277 | func (aa *AppArmor) status(node *types.Node) error { 278 | if node.IsMaster() { 279 | return nil 280 | } 281 | 282 | var err error 283 | if aa.useInternalIP { 284 | err = aa.sshClient.Connect(node.InternalIP, SSH_PORT) 285 | } else { 286 | err = aa.sshClient.Connect(node.ExternalIP, SSH_PORT) 287 | } 288 | if err != nil { 289 | return err 290 | } 291 | 292 | defer aa.sshClient.Close() 293 | 294 | if !aa.enabledInConnection(node) { 295 | return nil 296 | } 297 | 298 | stdout, stderr, err := aa.sshClient.ExecuteOne(commands.AppArmorStatus, true) 299 | 300 | if err != nil { 301 | return err 302 | } 303 | 304 | if len(stderr) > 0 { 305 | return fmt.Errorf(stderr) 306 | } 307 | 308 | status := types.NewAppArmorStatus() 309 | 310 | err = json.Unmarshal([]byte(stdout), status) 311 | 312 | if err != nil { 313 | return err 314 | } 315 | 316 | node.AppArmorStatus = status 317 | 318 | return nil 319 | } 320 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 2 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 3 | cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo= 4 | cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= 5 | github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= 6 | github.com/Azure/go-autorest/autorest v0.9.0 h1:MRvx8gncNaXJqOoLmhNjUAKh33JJF8LyxPhomEtOsjs= 7 | github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= 8 | github.com/Azure/go-autorest/autorest/adal v0.5.0 h1:q2gDruN08/guU9vAjuPWff0+QIrpH6ediguzdAzXAUU= 9 | github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= 10 | github.com/Azure/go-autorest/autorest/date v0.1.0 h1:YGrhWfrgtFs84+h0o46rJrlmsZtyZRg470CqAXTZaGM= 11 | github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= 12 | github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= 13 | github.com/Azure/go-autorest/autorest/mocks v0.2.0 h1:Ww5g4zThfD/6cLb4z6xxgeyDa7QDkizMkJKe0ysZXp0= 14 | github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= 15 | github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY= 16 | github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= 17 | github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VYyQflFE619k= 18 | github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= 19 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 20 | github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= 21 | github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= 22 | github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= 23 | github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= 24 | github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= 25 | github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= 26 | github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= 27 | github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= 28 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= 29 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= 30 | github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= 31 | github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= 32 | github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= 33 | github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= 34 | github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= 35 | github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= 36 | github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= 37 | github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= 38 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= 39 | github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= 40 | github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= 41 | github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= 42 | github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= 43 | github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= 44 | github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= 45 | github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= 46 | github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= 47 | github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= 48 | github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= 49 | github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= 50 | github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= 51 | github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 52 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 53 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 54 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 55 | github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= 56 | github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= 57 | github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= 58 | github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= 59 | github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= 60 | github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= 61 | github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= 62 | github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= 63 | github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= 64 | github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= 65 | github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= 66 | github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= 67 | github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= 68 | github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= 69 | github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= 70 | github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= 71 | github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= 72 | github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= 73 | github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= 74 | github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= 75 | github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= 76 | github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= 77 | github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= 78 | github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= 79 | github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= 80 | github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= 81 | github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= 82 | github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= 83 | github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= 84 | github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= 85 | github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= 86 | github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= 87 | github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= 88 | github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= 89 | github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= 90 | github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= 91 | github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= 92 | github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= 93 | github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= 94 | github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= 95 | github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= 96 | github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= 97 | github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= 98 | github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk= 99 | github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= 100 | github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= 101 | github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= 102 | github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= 103 | github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= 104 | github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= 105 | github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= 106 | github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= 107 | github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= 108 | github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= 109 | github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= 110 | github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= 111 | github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= 112 | github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= 113 | github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= 114 | github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= 115 | github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= 116 | github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= 117 | github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= 118 | github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= 119 | github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= 120 | github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= 121 | github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= 122 | github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= 123 | github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= 124 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= 125 | github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 126 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 127 | github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 128 | github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 129 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 130 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 131 | github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= 132 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 133 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 134 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 135 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= 136 | github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= 137 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 138 | github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= 139 | github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= 140 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 141 | github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= 142 | github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 143 | github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 144 | github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 145 | github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= 146 | github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d h1:7XGaL1e6bYS1yIonGp9761ExpPPV1ui0SAC59Yube9k= 147 | github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= 148 | github.com/gophercloud/gophercloud v0.1.0 h1:P/nh25+rzXouhytV2pUHBb65fnds26Ghl8/391+sT5o= 149 | github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= 150 | github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= 151 | github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= 152 | github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= 153 | github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= 154 | github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= 155 | github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= 156 | github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 157 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 158 | github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= 159 | github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= 160 | github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= 161 | github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= 162 | github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= 163 | github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= 164 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= 165 | github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= 166 | github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= 167 | github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= 168 | github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 169 | github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= 170 | github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 171 | github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= 172 | github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= 173 | github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= 174 | github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= 175 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 176 | github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= 177 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= 178 | github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= 179 | github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= 180 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 181 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 182 | github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= 183 | github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= 184 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 185 | github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= 186 | github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 187 | github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 188 | github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 189 | github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 190 | github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 191 | github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= 192 | github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= 193 | github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= 194 | github.com/mattn/go-runewidth v0.0.2 h1:UnlwIPBGaTZfPQ6T1IGzPI0EkYAQmT9fAEJ/poFC63o= 195 | github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= 196 | github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= 197 | github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= 198 | github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= 199 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 200 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 201 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 202 | github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 203 | github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 204 | github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= 205 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 206 | github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 207 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 208 | github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= 209 | github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= 210 | github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5 h1:58+kh9C6jJVXYjt8IE48G2eWl6BjwU5Gj0gqY84fy78= 211 | github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= 212 | github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 213 | github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 214 | github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 215 | github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= 216 | github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= 217 | github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= 218 | github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= 219 | github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= 220 | github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 221 | github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 222 | github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 223 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 224 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 225 | github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= 226 | github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= 227 | github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= 228 | github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= 229 | github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 230 | github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= 231 | github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= 232 | github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= 233 | github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= 234 | github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= 235 | github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= 236 | github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= 237 | github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= 238 | github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= 239 | github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= 240 | github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= 241 | github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= 242 | github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= 243 | github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= 244 | github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= 245 | github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s= 246 | github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= 247 | github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= 248 | github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 249 | github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 250 | github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 251 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= 252 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 253 | github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= 254 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 255 | github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 256 | github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= 257 | github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 258 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 259 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 260 | github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= 261 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 262 | github.com/sysdiglabs/kube-apparmor-manager v0.0.0-20200401172949-7f5459f3a5ce h1:OdOabewPUFOWlgFLHmjSfeLchzu7x+jtxDHzfifm1xU= 263 | github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= 264 | github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= 265 | github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= 266 | github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= 267 | github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= 268 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= 269 | github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= 270 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 271 | go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= 272 | go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= 273 | go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= 274 | go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= 275 | go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= 276 | go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= 277 | go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= 278 | go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= 279 | go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= 280 | golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 281 | golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 282 | golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 283 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 284 | golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 285 | golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 286 | golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 287 | golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 288 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 289 | golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= 290 | golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 291 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 292 | golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 293 | golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= 294 | golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= 295 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 296 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= 297 | golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 298 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 299 | golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= 300 | golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ= 301 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 302 | golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 303 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 304 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 305 | golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 306 | golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 307 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 308 | golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 309 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 310 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 311 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 312 | golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 313 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 314 | golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 315 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 316 | golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 317 | golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 318 | golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI= 319 | golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 320 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8= 321 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 322 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= 323 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 324 | golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 325 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= 326 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 327 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 328 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 329 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 330 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 331 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 332 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 333 | golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 334 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 335 | golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 336 | golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 337 | golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 338 | golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 339 | golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 340 | golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 341 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 342 | golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 343 | golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 344 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 345 | golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 346 | golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 347 | golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg= 348 | golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 349 | golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 350 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 351 | golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 352 | golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= 353 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 354 | golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 355 | golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 356 | golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 357 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= 358 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 359 | golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 360 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 361 | golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 362 | golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 363 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 364 | golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 365 | golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 366 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= 367 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 368 | golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 369 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138 h1:H3uGjxCR/6Ds0Mjgyp7LMK81+LvmbvWWEnJhzk1Pi9E= 370 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 371 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 372 | golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 373 | golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 374 | golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 h1:bw9doJza/SFBEweII/rHQh338oozWyiFsBRHtrflcws= 375 | golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 376 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 377 | golang.org/x/tools v0.0.0-20200331202046-9d5940d49312 h1:2PHG+Ia3gK1K2kjxZnSylizb//eyaMG8gDFbOG7wLV8= 378 | golang.org/x/tools v0.0.0-20200331202046-9d5940d49312/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 379 | golang.org/x/tools v0.0.0-20200401192744-099440627f01 h1:ysQJ/fU6laLOZJseIeOqXl6Mo+lw5z6b7QHnmUKjW+k= 380 | golang.org/x/tools v0.0.0-20200401192744-099440627f01/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 381 | golang.org/x/tools v0.0.0-20200403190813-44a64ad78b9b h1:AFZdJUT7jJYXQEC29hYH/WZkoV7+KhwxQGmdZ19yYoY= 382 | golang.org/x/tools v0.0.0-20200403190813-44a64ad78b9b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 383 | golang.org/x/tools v0.0.0-20200519205726-57a9e4404bf7 h1:nm4zDh9WvH4jiuUpMY5RUsvOwrtTVVAsUaCdLW71hfY= 384 | golang.org/x/tools v0.0.0-20200519205726-57a9e4404bf7/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 385 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 386 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 387 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= 388 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 389 | gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= 390 | gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= 391 | gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= 392 | google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= 393 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= 394 | google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= 395 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 396 | google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c= 397 | google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 398 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= 399 | google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 400 | google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 401 | google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 402 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= 403 | google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= 404 | gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= 405 | gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= 406 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 407 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= 408 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 409 | gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= 410 | gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= 411 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 412 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 413 | gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= 414 | gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= 415 | gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= 416 | gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= 417 | gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= 418 | gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 419 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 420 | gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 421 | gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= 422 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 423 | gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= 424 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 425 | honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 426 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 427 | k8s.io/api v0.17.3 h1:XAm3PZp3wnEdzekNkcmj/9Y1zdmQYJ1I4GKSBBZ8aG0= 428 | k8s.io/api v0.17.3/go.mod h1:YZ0OTkuw7ipbe305fMpIdf3GLXZKRigjtZaV5gzC2J0= 429 | k8s.io/apiextensions-apiserver v0.17.3 h1:WDZWkPcbgvchEdDd7ysL21GGPx3UKZQLDZXEkevT6n4= 430 | k8s.io/apiextensions-apiserver v0.17.3/go.mod h1:CJbCyMfkKftAd/X/V6OTHYhVn7zXnDdnkUjS1h0GTeY= 431 | k8s.io/apimachinery v0.17.3 h1:f+uZV6rm4/tHE7xXgLyToprg6xWairaClGVkm2t8omg= 432 | k8s.io/apimachinery v0.17.3/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g= 433 | k8s.io/apiserver v0.17.3/go.mod h1:iJtsPpu1ZpEnHaNawpSV0nYTGBhhX2dUlnn7/QS7QiY= 434 | k8s.io/client-go v0.17.3 h1:deUna1Ksx05XeESH6XGCyONNFfiQmDdqeqUvicvP6nU= 435 | k8s.io/client-go v0.17.3/go.mod h1:cLXlTMtWHkuK4tD360KpWz2gG2KtdWEr/OT02i3emRQ= 436 | k8s.io/code-generator v0.17.3/go.mod h1:l8BLVwASXQZTo2xamW5mQNFCe1XPiAesVq7Y1t7PiQQ= 437 | k8s.io/component-base v0.17.3/go.mod h1:GeQf4BrgelWm64PXkIXiPh/XS0hnO42d9gx9BtbZRp8= 438 | k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= 439 | k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= 440 | k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= 441 | k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= 442 | k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= 443 | k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= 444 | k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= 445 | k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= 446 | k8s.io/utils v0.0.0-20200327001022-6496210b90e8 h1:6JFbaLjRyBz8K2Jvt+pcT+N3vvwMZfg8MfVENwe9aag= 447 | k8s.io/utils v0.0.0-20200327001022-6496210b90e8/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= 448 | modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= 449 | modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= 450 | modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= 451 | modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= 452 | modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= 453 | sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e h1:4Z09Hglb792X0kfOBBJUPFEyvVfQWrYT/l8h5EKA6JQ= 454 | sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= 455 | sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= 456 | sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= 457 | sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= 458 | --------------------------------------------------------------------------------