From e85c7c24957d6c0abcd4f6ff7a093d1ae16ed7cd Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Mon, 4 Nov 2024 13:36:16 -0500 Subject: [PATCH 01/17] enforce conditional updates on AutoUpdate* + rename typos (#48240) * enforce conditaional updates on AutoUpdate* + rename typos * fix tests --- api/types/autoupdate/rollout.go | 6 +++--- lib/services/autoupdates.go | 6 +++--- lib/services/local/autoupdate.go | 6 +++--- lib/services/local/autoupdate_test.go | 10 ++++++++-- tool/tctl/common/edit_command_test.go | 4 ++-- 5 files changed, 19 insertions(+), 13 deletions(-) diff --git a/api/types/autoupdate/rollout.go b/api/types/autoupdate/rollout.go index 814d71313d3ed..d935244af31b3 100644 --- a/api/types/autoupdate/rollout.go +++ b/api/types/autoupdate/rollout.go @@ -26,7 +26,7 @@ import ( // NewAutoUpdateAgentRollout creates a new auto update version resource. func NewAutoUpdateAgentRollout(spec *autoupdate.AutoUpdateAgentRolloutSpec) (*autoupdate.AutoUpdateAgentRollout, error) { - version := &autoupdate.AutoUpdateAgentRollout{ + rollout := &autoupdate.AutoUpdateAgentRollout{ Kind: types.KindAutoUpdateAgentRollout, Version: types.V1, Metadata: &headerv1.Metadata{ @@ -34,11 +34,11 @@ func NewAutoUpdateAgentRollout(spec *autoupdate.AutoUpdateAgentRolloutSpec) (*au }, Spec: spec, } - if err := ValidateAutoUpdateAgentRollout(version); err != nil { + if err := ValidateAutoUpdateAgentRollout(rollout); err != nil { return nil, trace.Wrap(err) } - return version, nil + return rollout, nil } // ValidateAutoUpdateAgentRollout checks that required parameters are set diff --git a/lib/services/autoupdates.go b/lib/services/autoupdates.go index 72d51b4ac2338..f57d384df2dde 100644 --- a/lib/services/autoupdates.go +++ b/lib/services/autoupdates.go @@ -65,13 +65,13 @@ type AutoUpdateService interface { DeleteAutoUpdateVersion(ctx context.Context) error // CreateAutoUpdateAgentRollout creates the AutoUpdateAgentRollout singleton resource. - CreateAutoUpdateAgentRollout(ctx context.Context, plan *autoupdate.AutoUpdateAgentRollout) (*autoupdate.AutoUpdateAgentRollout, error) + CreateAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdate.AutoUpdateAgentRollout) (*autoupdate.AutoUpdateAgentRollout, error) // UpdateAutoUpdateAgentRollout updates the AutoUpdateAgentRollout singleton resource. - UpdateAutoUpdateAgentRollout(ctx context.Context, plan *autoupdate.AutoUpdateAgentRollout) (*autoupdate.AutoUpdateAgentRollout, error) + UpdateAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdate.AutoUpdateAgentRollout) (*autoupdate.AutoUpdateAgentRollout, error) // UpsertAutoUpdateAgentRollout sets the AutoUpdateAgentRollout singleton resource. - UpsertAutoUpdateAgentRollout(ctx context.Context, plan *autoupdate.AutoUpdateAgentRollout) (*autoupdate.AutoUpdateAgentRollout, error) + UpsertAutoUpdateAgentRollout(ctx context.Context, rollout *autoupdate.AutoUpdateAgentRollout) (*autoupdate.AutoUpdateAgentRollout, error) // DeleteAutoUpdateAgentRollout deletes the AutoUpdateAgentRollout singleton resource. DeleteAutoUpdateAgentRollout(ctx context.Context) error diff --git a/lib/services/local/autoupdate.go b/lib/services/local/autoupdate.go index 879e5348d1d4e..93a5142ca81a1 100644 --- a/lib/services/local/autoupdate.go +++ b/lib/services/local/autoupdate.go @@ -113,7 +113,7 @@ func (s *AutoUpdateService) UpdateAutoUpdateConfig( ctx context.Context, c *autoupdate.AutoUpdateConfig, ) (*autoupdate.AutoUpdateConfig, error) { - config, err := s.config.UpdateResource(ctx, c) + config, err := s.config.ConditionalUpdateResource(ctx, c) return config, trace.Wrap(err) } @@ -151,7 +151,7 @@ func (s *AutoUpdateService) UpdateAutoUpdateVersion( ctx context.Context, v *autoupdate.AutoUpdateVersion, ) (*autoupdate.AutoUpdateVersion, error) { - version, err := s.version.UpdateResource(ctx, v) + version, err := s.version.ConditionalUpdateResource(ctx, v) return version, trace.Wrap(err) } @@ -189,7 +189,7 @@ func (s *AutoUpdateService) UpdateAutoUpdateAgentRollout( ctx context.Context, v *autoupdate.AutoUpdateAgentRollout, ) (*autoupdate.AutoUpdateAgentRollout, error) { - rollout, err := s.rollout.UpdateResource(ctx, v) + rollout, err := s.rollout.ConditionalUpdateResource(ctx, v) return rollout, trace.Wrap(err) } diff --git a/lib/services/local/autoupdate_test.go b/lib/services/local/autoupdate_test.go index ae858d65cc47c..a992322472975 100644 --- a/lib/services/local/autoupdate_test.go +++ b/lib/services/local/autoupdate_test.go @@ -93,8 +93,11 @@ func TestAutoUpdateServiceConfigCRUD(t *testing.T) { var notFoundError *trace.NotFoundError require.ErrorAs(t, err, ¬FoundError) + // If we try to conditionally update a missing resource, we receive + // a CompareFailed instead of a NotFound. + var revisionMismatchError *trace.CompareFailedError _, err = service.UpdateAutoUpdateConfig(ctx, config) - require.ErrorAs(t, err, ¬FoundError) + require.ErrorAs(t, err, &revisionMismatchError) } // TestAutoUpdateServiceVersionCRUD verifies get/create/update/upsert/delete methods of the backend service @@ -155,8 +158,11 @@ func TestAutoUpdateServiceVersionCRUD(t *testing.T) { var notFoundError *trace.NotFoundError require.ErrorAs(t, err, ¬FoundError) + // If we try to conditionally update a missing resource, we receive + // a CompareFailed instead of a NotFound. + var revisionMismatchError *trace.CompareFailedError _, err = service.UpdateAutoUpdateVersion(ctx, version) - require.ErrorAs(t, err, ¬FoundError) + require.ErrorAs(t, err, &revisionMismatchError) } // TestAutoUpdateServiceInvalidNameCreate verifies that configuration and version diff --git a/tool/tctl/common/edit_command_test.go b/tool/tctl/common/edit_command_test.go index c0ffbf342a485..7d3ddc98eabab 100644 --- a/tool/tctl/common/edit_command_test.go +++ b/tool/tctl/common/edit_command_test.go @@ -574,7 +574,7 @@ func testEditAutoUpdateConfig(t *testing.T, clt *authclient.Client) { require.NoError(t, err) serviceClient := autoupdatev1pb.NewAutoUpdateServiceClient(clt.GetConnection()) - _, err = serviceClient.CreateAutoUpdateConfig(ctx, &autoupdatev1pb.CreateAutoUpdateConfigRequest{Config: initial}) + initial, err = serviceClient.CreateAutoUpdateConfig(ctx, &autoupdatev1pb.CreateAutoUpdateConfigRequest{Config: initial}) require.NoError(t, err, "creating initial autoupdate config") editor := func(name string) error { @@ -616,7 +616,7 @@ func testEditAutoUpdateVersion(t *testing.T, clt *authclient.Client) { require.NoError(t, err) serviceClient := autoupdatev1pb.NewAutoUpdateServiceClient(clt.GetConnection()) - _, err = serviceClient.CreateAutoUpdateVersion(ctx, &autoupdatev1pb.CreateAutoUpdateVersionRequest{Version: initial}) + initial, err = serviceClient.CreateAutoUpdateVersion(ctx, &autoupdatev1pb.CreateAutoUpdateVersionRequest{Version: initial}) require.NoError(t, err, "creating initial autoupdate version") editor := func(name string) error { From 475ba1dda0103d8c25ebd7fa30ceab827963a5e4 Mon Sep 17 00:00:00 2001 From: Gabriel Corado Date: Mon, 4 Nov 2024 15:51:56 -0300 Subject: [PATCH 02/17] Fix `tsh play` `--skip-idle-time` not working correctly (#47304) * fix(player): use skip idle flag and adjust max value * test(player): increase timeout * refactor(player): use time.Duration instead of float64 for timings * refactor(player): store duration values in nanoseconds --- lib/client/api.go | 6 ++-- lib/player/player.go | 68 +++++++++++++++++++++------------------ lib/player/player_test.go | 31 +++++++++++++++++- 3 files changed, 69 insertions(+), 36 deletions(-) diff --git a/lib/client/api.go b/lib/client/api.go index d8a35dc95feee..3bde83684ff4f 100644 --- a/lib/client/api.go +++ b/lib/client/api.go @@ -2330,13 +2330,11 @@ func playSession(ctx context.Context, sessionID string, speed float64, streamer } playing = !playing case keyLeft, keyDown: - current := time.Duration(player.LastPlayed() * int64(time.Millisecond)) - player.SetPos(max(current-skipDuration, 0)) // rewind + player.SetPos(max(player.LastPlayed()-skipDuration, 0)) // rewind term.Clear() term.SetCursorPos(1, 1) case keyRight, keyUp: - current := time.Duration(player.LastPlayed() * int64(time.Millisecond)) - player.SetPos(current + skipDuration) // advance forward + player.SetPos(player.LastPlayed() + skipDuration) // advance forward } } }() diff --git a/lib/player/player.go b/lib/player/player.go index e36b980d98b4b..7604c34fdb457 100644 --- a/lib/player/player.go +++ b/lib/player/player.go @@ -63,7 +63,7 @@ type Player struct { advanceTo atomic.Int64 emit chan events.AuditEvent - wake chan int64 + wake chan time.Duration done chan struct{} // playPause holds a channel to be closed when @@ -82,7 +82,12 @@ type Player struct { translator sessionPrintTranslator } -const normalPlayback = math.MinInt64 +const ( + normalPlayback = time.Duration(0) + // MaxIdleTime defines the max idle time when skipping idle + // periods on the recording. + MaxIdleTime = 500 * time.Millisecond +) // Streamer is the underlying streamer that provides // access to recorded session events. @@ -135,18 +140,19 @@ func New(cfg *Config) (*Player, error) { ) p := &Player{ - clock: clk, - log: log, - sessionID: cfg.SessionID, - streamer: cfg.Streamer, - emit: make(chan events.AuditEvent, 1024), - playPause: make(chan chan struct{}, 1), - wake: make(chan int64), - done: make(chan struct{}), + clock: clk, + log: log, + sessionID: cfg.SessionID, + streamer: cfg.Streamer, + emit: make(chan events.AuditEvent, 1024), + playPause: make(chan chan struct{}, 1), + wake: make(chan time.Duration), + done: make(chan struct{}), + skipIdleTime: cfg.SkipIdleTime, } p.speed.Store(float64(defaultPlaybackSpeed)) - p.advanceTo.Store(normalPlayback) + p.advanceTo.Store(int64(normalPlayback)) // start in a paused state p.playPause <- make(chan struct{}) @@ -184,7 +190,7 @@ func (p *Player) stream() { defer cancel() eventsC, errC := p.streamer.StreamSessionEvents(ctx, p.sessionID, 0) - lastDelay := int64(0) + var lastDelay time.Duration for { select { case <-p.done: @@ -216,7 +222,7 @@ func (p *Player) stream() { currentDelay := getDelay(evt) if currentDelay > 0 && currentDelay >= lastDelay { - switch adv := p.advanceTo.Load(); { + switch adv := time.Duration(p.advanceTo.Load()); { case adv >= currentDelay: // no timing delay necessary, we are fast forwarding break @@ -224,12 +230,12 @@ func (p *Player) stream() { // any negative value other than normalPlayback means // we rewind (by restarting the stream and seeking forward // to the rewind point) - p.advanceTo.Store(adv * -1) + p.advanceTo.Store(int64(adv) * -1) go p.stream() return default: if adv != normalPlayback { - p.advanceTo.Store(normalPlayback) + p.advanceTo.Store(int64(normalPlayback)) // we're catching back up to real time, so the delay // is calculated not from the last event but from the @@ -257,7 +263,7 @@ func (p *Player) stream() { // // TODO: consider a select with a timeout to detect blocked readers? p.emit <- evt - p.lastPlayed.Store(currentDelay) + p.lastPlayed.Store(int64(currentDelay)) } } } @@ -309,14 +315,14 @@ func (p *Player) SetPos(d time.Duration) error { if d == 0 { d = 1 * time.Millisecond } - if d.Milliseconds() < p.lastPlayed.Load() { + if d < time.Duration(p.lastPlayed.Load()) { d = -1 * d } - p.advanceTo.Store(d.Milliseconds()) + p.advanceTo.Store(int64(d)) // try to wake up the player if it's waiting to emit an event select { - case p.wake <- d.Milliseconds(): + case p.wake <- d: default: } @@ -333,18 +339,18 @@ func (p *Player) SetPos(d time.Duration) error { // // A nil return value indicates that the delay has elapsed and that // the next even can be emitted. -func (p *Player) applyDelay(lastDelay, currentDelay int64) error { +func (p *Player) applyDelay(lastDelay, currentDelay time.Duration) error { loop: for { // TODO(zmb3): changing play speed during a long sleep // will not apply until after the sleep completes speed := p.speed.Load().(float64) - scaled := float64(currentDelay-lastDelay) / speed + scaled := time.Duration(float64(currentDelay-lastDelay) / speed) if p.skipIdleTime { - scaled = min(scaled, 500.0*float64(time.Millisecond)) + scaled = min(scaled, MaxIdleTime) } - timer := p.clock.NewTimer(time.Duration(scaled) * time.Millisecond) + timer := p.clock.NewTimer(scaled) defer timer.Stop() start := time.Now() @@ -358,7 +364,7 @@ loop: case newPos == interruptForPause: // the user paused playback while we were waiting to emit the next event: // 1) figure out much of the sleep we completed - dur := float64(time.Since(start).Milliseconds()) * speed + dur := time.Duration(float64(time.Since(start)) * speed) // 2) wait here until the user resumes playback if err := p.waitWhilePaused(); errors.Is(err, errSeekWhilePaused) { @@ -370,7 +376,7 @@ loop: // now that we're playing again, update our delay to account // for the portion that was already satisfied and apply the // remaining delay - lastDelay += int64(dur) + lastDelay += dur timer.Stop() continue loop case newPos > currentDelay: @@ -455,8 +461,8 @@ func (p *Player) waitWhilePaused() error { // LastPlayed returns the time of the last played event, // expressed as milliseconds since the start of the session. -func (p *Player) LastPlayed() int64 { - return p.lastPlayed.Load() +func (p *Player) LastPlayed() time.Duration { + return time.Duration(p.lastPlayed.Load()) } // translateEvent translates events if applicable and return if they should be @@ -491,13 +497,13 @@ var databaseTranslators = map[string]newSessionPrintTranslatorFunc{ // player. var SupportedDatabaseProtocols = maps.Keys(databaseTranslators) -func getDelay(e events.AuditEvent) int64 { +func getDelay(e events.AuditEvent) time.Duration { switch x := e.(type) { case *events.DesktopRecording: - return x.DelayMilliseconds + return time.Duration(x.DelayMilliseconds) * time.Millisecond case *events.SessionPrint: - return x.DelayMilliseconds + return time.Duration(x.DelayMilliseconds) * time.Millisecond default: - return int64(0) + return time.Duration(0) } } diff --git a/lib/player/player_test.go b/lib/player/player_test.go index 836b58a506f89..83fac3bb32d97 100644 --- a/lib/player/player_test.go +++ b/lib/player/player_test.go @@ -26,6 +26,7 @@ import ( "time" "github.com/jonboulle/clockwork" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" apievents "github.com/gravitational/teleport/api/types/events" @@ -169,7 +170,7 @@ func TestClose(t *testing.T) { _, ok := <-p.C() require.False(t, ok, "player channel should have been closed") require.NoError(t, p.Err()) - require.Equal(t, int64(1000), p.LastPlayed()) + require.Equal(t, time.Second, p.LastPlayed()) } func TestSeekForward(t *testing.T) { @@ -321,6 +322,34 @@ func TestUseDatabaseTranslator(t *testing.T) { }) } +func TestSkipIdlePeriods(t *testing.T) { + eventCount := 3 + delayMilliseconds := 60000 + clk := clockwork.NewFakeClock() + p, err := player.New(&player.Config{ + Clock: clk, + SessionID: "test-session", + SkipIdleTime: true, + Streamer: &simpleStreamer{count: int64(eventCount), delay: int64(delayMilliseconds)}, + }) + require.NoError(t, err) + require.NoError(t, p.Play()) + + for i := range eventCount { + // Consume events in an eventually loop to avoid firing the clock + // events before the timer is set. + require.EventuallyWithT(t, func(t *assert.CollectT) { + clk.Advance(player.MaxIdleTime) + select { + case evt := <-p.C(): + assert.Equal(t, int64(i), evt.GetIndex()) + default: + assert.Fail(t, "expected to receive event after short period, but got nothing") + } + }, 3*time.Second, 100*time.Millisecond) + } +} + // simpleStreamer streams a fake session that contains // count events, emitted at a particular interval type simpleStreamer struct { From 9c8d93e617146f8f1496fa8dab1fad3974824503 Mon Sep 17 00:00:00 2001 From: Nic Klaassen Date: Mon, 4 Nov 2024 11:11:20 -0800 Subject: [PATCH 03/17] fix: prevent tctl edit overwriting static file config (#48329) --- tool/tctl/common/edit_command.go | 13 ++++++----- tool/tctl/common/resource_command.go | 33 ++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/tool/tctl/common/edit_command.go b/tool/tctl/common/edit_command.go index 9317db74ce419..5c3b2f9efbdf4 100644 --- a/tool/tctl/common/edit_command.go +++ b/tool/tctl/common/edit_command.go @@ -44,10 +44,11 @@ import ( // EditCommand implements the `tctl edit` command for modifying // Teleport resources. type EditCommand struct { - app *kingpin.Application - cmd *kingpin.CmdClause - config *servicecfg.Config - ref services.Ref + app *kingpin.Application + cmd *kingpin.CmdClause + config *servicecfg.Config + ref services.Ref + confirm bool // Editor is used by tests to inject the editing mechanism // so that different scenarios can be asserted. @@ -61,9 +62,10 @@ func (e *EditCommand) Initialize(app *kingpin.Application, config *servicecfg.Co e.cmd.Arg("resource type/resource name", `Resource to update Type of a resource [for example: rc] Resource name to update - + Example: $ tctl edit rc/remote`).SetValue(&e.ref) + e.cmd.Flag("confirm", "Confirm an unsafe or temporary resource update").Hidden().BoolVar(&e.confirm) } func (e *EditCommand) TryRun(ctx context.Context, cmd string, client *authclient.Client) (bool, error) { @@ -115,6 +117,7 @@ func (e *EditCommand) editResource(ctx context.Context, client *authclient.Clien filename: f.Name(), force: true, withSecrets: true, + confirm: e.confirm, } rc.Initialize(e.app, e.config) diff --git a/tool/tctl/common/resource_command.go b/tool/tctl/common/resource_command.go index 32a07121b63ca..ed011d771786d 100644 --- a/tool/tctl/common/resource_command.go +++ b/tool/tctl/common/resource_command.go @@ -717,6 +717,14 @@ func (rc *ResourceCommand) updateAuthPreference(ctx context.Context, client *aut return trace.Wrap(err) } + storedAuthPref, err := client.GetAuthPreference(ctx) + if err != nil { + return trace.Wrap(err) + } + if err := checkUpdateResourceWithOrigin(storedAuthPref, "cluster auth preference", rc.confirm); err != nil { + return trace.Wrap(err) + } + if _, err := client.UpdateAuthPreference(ctx, newAuthPref); err != nil { return trace.Wrap(err) } @@ -753,6 +761,14 @@ func (rc *ResourceCommand) updateClusterNetworkingConfig(ctx context.Context, cl return trace.Wrap(err) } + storedNetConfig, err := client.GetClusterNetworkingConfig(ctx) + if err != nil { + return trace.Wrap(err) + } + if err := checkUpdateResourceWithOrigin(storedNetConfig, "cluster networking configuration", rc.confirm); err != nil { + return trace.Wrap(err) + } + if _, err := client.UpdateClusterNetworkingConfig(ctx, newNetConfig); err != nil { return trace.Wrap(err) } @@ -811,6 +827,14 @@ func (rc *ResourceCommand) updateSessionRecordingConfig(ctx context.Context, cli return trace.Wrap(err) } + storedRecConfig, err := client.GetSessionRecordingConfig(ctx) + if err != nil { + return trace.Wrap(err) + } + if err := checkUpdateResourceWithOrigin(storedRecConfig, "session recording configuration", rc.confirm); err != nil { + return trace.Wrap(err) + } + if _, err := client.UpdateSessionRecordingConfig(ctx, newRecConfig); err != nil { return trace.Wrap(err) } @@ -3246,10 +3270,15 @@ func checkCreateResourceWithOrigin(storedRes types.ResourceWithOrigin, resDesc s if exists := (storedRes.Origin() != types.OriginDefaults); exists && !force { return trace.AlreadyExists("non-default %s already exists", resDesc) } - if managedByStatic := (storedRes.Origin() == types.OriginConfigFile); managedByStatic && !confirm { + return checkUpdateResourceWithOrigin(storedRes, resDesc, confirm) +} + +func checkUpdateResourceWithOrigin(storedRes types.ResourceWithOrigin, resDesc string, confirm bool) error { + managedByStatic := storedRes.Origin() == types.OriginConfigFile + if managedByStatic && !confirm { return trace.BadParameter(`The %s resource is managed by static configuration. We recommend removing configuration from teleport.yaml, restarting the servers and trying this command again. -If you would still like to proceed, re-run the command with both --force and --confirm flags.`, resDesc) +If you would still like to proceed, re-run the command with the --confirm flag.`, resDesc) } return nil } From 6db7542075033c71eb3f25db656f7f16b93af16f Mon Sep 17 00:00:00 2001 From: Alan Parra Date: Mon, 4 Nov 2024 17:16:34 -0300 Subject: [PATCH 04/17] chore: Bump go root dependencies (#48394) * chore: Bump Azure modules * chore: Bump ClickHouse modules * chore: Bump assorted dependencies (patch versions) * chore: Bump assorted dependencies (minor versions) * chore: Bump github.com/mailgun/mailgun-go/v4 to v4.18.1 * Address mailgun deprecations * chore: Bump github.com/xanzy/go-gitlab to v0.112.0 * Tidy other modules * Address misc lint warnings --- go.mod | 62 ++++----- go.sum | 181 ++++++++++++++------------- integrations/access/email/mailers.go | 4 +- integrations/event-handler/go.mod | 22 ++-- integrations/event-handler/go.sum | 62 +++++---- integrations/terraform/go.mod | 34 ++--- integrations/terraform/go.sum | 101 +++++++-------- lib/tbot/service_ssh_multiplexer.go | 1 + lib/teleagent/agent.go | 1 + 9 files changed, 243 insertions(+), 225 deletions(-) diff --git a/go.mod b/go.mod index 79ca4dce42525..246bc1db26c1a 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,8 @@ require ( cloud.google.com/go/spanner v1.68.0 cloud.google.com/go/storage v1.43.0 connectrpc.com/connect v1.17.0 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.2.0 @@ -29,8 +29,8 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.1 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 - github.com/ClickHouse/ch-go v0.62.0 - github.com/ClickHouse/clickhouse-go/v2 v2.29.0 + github.com/ClickHouse/ch-go v0.63.1 + github.com/ClickHouse/clickhouse-go/v2 v2.30.0 github.com/DanielTitkov/go-adaptive-cards v0.2.2 github.com/HdrHistogram/hdrhistogram-go v1.1.2 github.com/Masterminds/sprig/v3 v3.3.0 @@ -38,7 +38,7 @@ require ( github.com/ThalesIgnite/crypto11 v1.2.5 github.com/alecthomas/kingpin/v2 v2.4.0 // replaced github.com/alicebob/miniredis/v2 v2.33.0 - github.com/andybalholm/brotli v1.1.0 + github.com/andybalholm/brotli v1.1.1 github.com/aquasecurity/libbpfgo v0.5.1-libbpf-1.2 github.com/armon/go-radix v1.0.0 github.com/aws/aws-sdk-go v1.55.5 @@ -77,11 +77,11 @@ require ( github.com/beevik/etree v1.4.1 github.com/buildkite/bintest/v3 v3.3.0 github.com/charmbracelet/bubbles v0.20.0 - github.com/charmbracelet/bubbletea v1.1.0 + github.com/charmbracelet/bubbletea v1.1.2 github.com/charmbracelet/lipgloss v1.0.0 github.com/coreos/go-oidc v2.2.1+incompatible // replaced github.com/coreos/go-semver v0.3.1 - github.com/creack/pty v1.1.23 + github.com/creack/pty v1.1.24 github.com/crewjam/saml v0.4.14 github.com/datastax/go-cassandra-native-protocol v0.0.0-20220706104457-5e8aad05cf90 github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 @@ -89,10 +89,10 @@ require ( github.com/dustin/go-humanize v1.0.1 github.com/elastic/go-elasticsearch/v8 v8.15.0 github.com/elimity-com/scim v0.0.0-20240320110924-172bf2aee9c8 - github.com/envoyproxy/go-control-plane v0.13.0 + github.com/envoyproxy/go-control-plane v0.13.1 github.com/evanphx/json-patch v5.9.0+incompatible - github.com/fatih/color v1.17.0 - github.com/fsnotify/fsnotify v1.7.0 + github.com/fatih/color v1.18.0 + github.com/fsnotify/fsnotify v1.8.0 github.com/fsouza/fake-gcs-server v1.49.3 github.com/fxamacker/cbor/v2 v2.7.0 github.com/ghodss/yaml v1.0.0 @@ -108,7 +108,7 @@ require ( github.com/gocql/gocql v1.7.0 github.com/gofrs/flock v0.12.1 github.com/gogo/protobuf v1.3.2 // replaced - github.com/golang-jwt/jwt/v4 v4.5.0 + github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/btree v1.1.3 github.com/google/go-attestation v0.5.1 github.com/google/go-cmp v0.6.0 @@ -128,13 +128,13 @@ require ( github.com/gravitational/trace v1.4.0 github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 - github.com/guptarohit/asciigraph v0.7.2 + github.com/guptarohit/asciigraph v0.7.3 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/icza/mjpeg v0.0.0-20230330134156-38318e5ab8f4 github.com/jackc/pgconn v1.14.3 github.com/jackc/pgerrcode v0.0.0-20240316143900-6e2875d9b438 github.com/jackc/pgproto3/v2 v2.3.3 - github.com/jackc/pgtype v1.14.3 + github.com/jackc/pgtype v1.14.4 github.com/jackc/pgx/v4 v4.18.3 github.com/jackc/pgx/v5 v5.7.1 github.com/jcmturner/gokrb5/v8 v8.4.4 @@ -145,8 +145,8 @@ require ( github.com/julienschmidt/httprouter v1.3.0 // replaced github.com/keys-pub/go-libfido2 v1.5.3-0.20220306005615-8ab03fb1ec27 // replaced github.com/lib/pq v1.10.9 - github.com/mailgun/mailgun-go/v4 v4.16.0 - github.com/mattn/go-sqlite3 v1.14.23 + github.com/mailgun/mailgun-go/v4 v4.18.1 + github.com/mattn/go-sqlite3 v1.14.24 github.com/mdlayher/netlink v1.7.2 github.com/microsoft/go-mssqldb v1.7.2 // replaced github.com/miekg/pkcs11 v1.1.1 @@ -159,29 +159,29 @@ require ( github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 github.com/pelletier/go-toml v1.9.5 - github.com/pkg/sftp v1.13.6 + github.com/pkg/sftp v1.13.7 github.com/pquerna/otp v1.4.0 - github.com/prometheus/client_golang v1.20.4 + github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.55.0 - github.com/quic-go/quic-go v0.47.0 - github.com/redis/go-redis/v9 v9.5.1 // replaced + github.com/quic-go/quic-go v0.48.1 + github.com/redis/go-redis/v9 v9.6.1 // replaced github.com/russellhaering/gosaml2 v0.9.1 github.com/russellhaering/goxmldsig v1.4.0 - github.com/schollz/progressbar/v3 v3.16.0 + github.com/schollz/progressbar/v3 v3.17.0 github.com/scim2/filter-parser/v2 v2.2.0 - github.com/shirou/gopsutil/v4 v4.24.9 - github.com/sigstore/cosign/v2 v2.4.0 - github.com/sigstore/sigstore v1.8.9 + github.com/shirou/gopsutil/v4 v4.24.10 + github.com/sigstore/cosign/v2 v2.4.1 + github.com/sigstore/sigstore v1.8.10 github.com/sijms/go-ora/v2 v2.8.22 github.com/sirupsen/logrus v1.9.3 - github.com/snowflakedb/gosnowflake v1.11.1 + github.com/snowflakedb/gosnowflake v1.12.0 github.com/spf13/cobra v1.8.1 github.com/spiffe/go-spiffe/v2 v2.3.0 github.com/stretchr/testify v1.9.0 github.com/ucarion/urlpath v0.0.0-20200424170820-7ccc79b76bbb github.com/vulcand/predicate v1.2.0 // replaced - github.com/xanzy/go-gitlab v0.109.0 + github.com/xanzy/go-gitlab v0.112.0 go.etcd.io/etcd/api/v3 v3.5.16 go.etcd.io/etcd/client/v3 v3.5.16 go.mongodb.org/mongo-driver v1.14.0 @@ -251,7 +251,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c // indirect @@ -308,7 +308,7 @@ require ( github.com/di-wu/parser v0.3.0 // indirect github.com/di-wu/xsd-datetime v1.0.0 // indirect github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect - github.com/dmarkham/enumer v1.5.9 // indirect + github.com/dmarkham/enumer v1.5.10 // indirect github.com/docker/cli v27.1.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v27.3.0+incompatible // indirect @@ -316,7 +316,7 @@ require ( github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/dvsekhvalnov/jose2go v1.6.0 // indirect - github.com/ebitengine/purego v0.8.0 // indirect + github.com/ebitengine/purego v0.8.1 // indirect github.com/elastic/elastic-transport-go/v8 v8.6.0 // indirect github.com/emicklei/go-restful/v3 v3.11.3 // indirect github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect @@ -333,7 +333,7 @@ require ( github.com/go-faster/city v1.0.1 // indirect github.com/go-faster/errors v0.7.1 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-ole/go-ole v1.2.6 // indirect @@ -382,7 +382,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/imdario/mergo v0.3.16 // indirect @@ -405,7 +405,7 @@ require ( github.com/josharian/native v1.1.0 // indirect github.com/joshlf/testutil v0.0.0-20170608050642-b5d8aa79d93d // indirect github.com/kelseyhightower/envconfig v1.4.0 // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/compress v1.17.11 // indirect github.com/klauspost/cpuid/v2 v2.2.8 // indirect github.com/kr/fs v0.1.0 // indirect github.com/kr/pretty v0.3.1 // indirect diff --git a/go.sum b/go.sum index 0e22627e3bb4e..acb7fc749f668 100644 --- a/go.sum +++ b/go.sum @@ -647,17 +647,19 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg= github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= -github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw= -github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs= +github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0 h1:kcnfY4vljxXliXDBrA9K9lwF8IoEZ4Up6Eg9kWTIm28= +github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0/go.mod h1:tlqp9mUGbsP+0z3Q+c0Q5MgSdq/OMwQhm5bffR3Q3ss= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.0/go.mod h1:tZoQYdDZNOiIjdSn0dVWVfl0NEPGOJqVLzSrcFk4Is0= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0/go.mod h1:NBanQUfSWiWn3QEpWDTCU0IjBECKOYvl2R8xdRtMtiM= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= @@ -720,17 +722,19 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0/go.mod h1:BDJ5qMFKx9DugEg3+uQSDCdbYPr5s9vBTrL9P8TpqOU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/ClickHouse/ch-go v0.62.0 h1:eXH0hytXeCEEZHgMvOX9IiW7wqBb4w1MJMp9rArbkrc= -github.com/ClickHouse/ch-go v0.62.0/go.mod h1:uzso52/PD9+gZj7tL6XAo8/EYDrx7CIwNF4c6PnO6S0= -github.com/ClickHouse/clickhouse-go/v2 v2.29.0 h1:Dj1w59RssRyLgGHXtYaWU0eIM1pJsu9nGPi/btmvAqw= -github.com/ClickHouse/clickhouse-go/v2 v2.29.0/go.mod h1:bLookq6qZJ4Ush/6tOAnJGh1Sf3Sa/nQoMn71p7ZCUE= +github.com/ClickHouse/ch-go v0.63.1 h1:s2JyZvWLTCSAGdtjMBBmAgQQHMco6pawLJMOXi0FODM= +github.com/ClickHouse/ch-go v0.63.1/go.mod h1:I1kJJCL3WJcBMGe1m+HVK0+nREaG+JOYYBWjrDrF3R0= +github.com/ClickHouse/clickhouse-go/v2 v2.30.0 h1:AG4D/hW39qa58+JHQIFOSnxyL46H6h2lrmGGk17dhFo= +github.com/ClickHouse/clickhouse-go/v2 v2.30.0/go.mod h1:i9ZQAojcayW3RsdCb3YR+n+wC2h65eJsZCscZ1Z1wyo= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/DanielTitkov/go-adaptive-cards v0.2.2 h1:tBFExyvsbCcrBJEvPaV3FW4gcAkwQjXFKiKEBrE7Yuw= @@ -810,11 +814,11 @@ github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 h1:uvdUDbHQHO github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUiji6lZrA= github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0= -github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28= -github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= +github.com/aliyun/credentials-go v1.3.2 h1:L4WppI9rctC8PdlMgyTkF8bBsy9pyKQEzBD1bHMRl+g= +github.com/aliyun/credentials-go v1.3.2/go.mod h1:tlpz4uys4Rn7Ik4/piGRrTbXy2uLKvePgQJJduE+Y5c= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= -github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= +github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA= +github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= @@ -972,12 +976,12 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembj github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/buildkite/agent/v3 v3.76.2 h1:SweFq3e0N20RikWsVeOXzTjfr0AoOskxm9c0bcNyI0E= -github.com/buildkite/agent/v3 v3.76.2/go.mod h1:9ffbmJD7d7C/nOcElj6Qm+uIj1QoYh3NNvka4rkKkss= +github.com/buildkite/agent/v3 v3.81.0 h1:JVfkng2XnsXesFXwiFwLJFkuzVu4zvoJCvedfoIXD6E= +github.com/buildkite/agent/v3 v3.81.0/go.mod h1:edJeyycODRxaFvpT22rDGwaQ5oa4eB8GjtbjgX5VpFw= github.com/buildkite/bintest/v3 v3.3.0 h1:RTWcSaJRlOT6t/K311ejPf+0J3LE/QEODzVG3vlLnWo= github.com/buildkite/bintest/v3 v3.3.0/go.mod h1:btqpTsVODiJcb0NMdkkmtMQ6xoFc2W/nY5yy+3I0zcs= -github.com/buildkite/go-pipeline v0.10.0 h1:EDffu+LfMY2k5u+iEdo6Jn3obGKsrL5wicc1O/yFeRs= -github.com/buildkite/go-pipeline v0.10.0/go.mod h1:eMH1kiav5VeiTiu0Mk2/M7nZhKyFeL4iGj7Y7rj4f3w= +github.com/buildkite/go-pipeline v0.13.1 h1:Y9p8pQIwPtauVwNrcmTDH6+XK7jE1nLuvWVaK8oymA8= +github.com/buildkite/go-pipeline v0.13.1/go.mod h1:2HHqlSFTYgHFhzedJu0LhLs9n5c9XkYnHiQFVN5HE4U= github.com/buildkite/interpolate v0.1.3 h1:OFEhqji1rNTRg0u9DsSodg63sjJQEb1uWbENq9fUOBM= github.com/buildkite/interpolate v0.1.3/go.mod h1:UNVe6A+UfiBNKbhAySrBbZFZFxQ+DXr9nWen6WVt/A8= github.com/buildkite/roko v1.2.0 h1:hbNURz//dQqNl6Eo9awjQOVOZwSDJ8VEbBDxSfT9rGQ= @@ -1001,8 +1005,8 @@ github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNS github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/charmbracelet/bubbles v0.20.0 h1:jSZu6qD8cRQ6k9OMfR1WlM+ruM8fkPWkHvQWD9LIutE= github.com/charmbracelet/bubbles v0.20.0/go.mod h1:39slydyswPy+uVOHZ5x/GjwVAFkCsV8IIVy+4MhzwwU= -github.com/charmbracelet/bubbletea v1.1.0 h1:FjAl9eAL3HBCHenhz/ZPjkKdScmaS5SK69JAK2YJK9c= -github.com/charmbracelet/bubbletea v1.1.0/go.mod h1:9Ogk0HrdbHolIKHdjfFpyXJmiCzGwy+FesYkZr7hYU4= +github.com/charmbracelet/bubbletea v1.1.2 h1:naQXF2laRxyLyil/i7fxdpiz1/k06IKquhm4vBfHsIc= +github.com/charmbracelet/bubbletea v1.1.2/go.mod h1:9HIU/hBV24qKjlehyj8z1r/tR9TYTQEag+cWZnuXo8E= github.com/charmbracelet/lipgloss v1.0.0 h1:O7VkGDvqEdGi93X+DeqsQ7PKHDgtQfF8j8/O2qFMQNg= github.com/charmbracelet/lipgloss v1.0.0/go.mod h1:U5fy9Z+C38obMs+T+tJqst9VGzlOYGj4ri9reL3qUlo= github.com/charmbracelet/x/ansi v0.4.2 h1:0JM6Aj/g/KC154/gOP4vfxun0ff6itogDYk41kof+qk= @@ -1073,8 +1077,8 @@ github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0= -github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= +github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= +github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo= github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= @@ -1107,8 +1111,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/dmarkham/enumer v1.5.9 h1:NM/1ma/AUNieHZg74w67GkHFBNB15muOt3sj486QVZk= -github.com/dmarkham/enumer v1.5.9/go.mod h1:e4VILe2b1nYK3JKJpRmNdl5xbDQvELc6tQ8b+GsGk6E= +github.com/dmarkham/enumer v1.5.10 h1:ygL0L6quiTiH1jpp68DyvsWaea6MaZLZrTTkIS++R0M= +github.com/dmarkham/enumer v1.5.10/go.mod h1:e4VILe2b1nYK3JKJpRmNdl5xbDQvELc6tQ8b+GsGk6E= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2oNn0GkeZE= @@ -1133,8 +1137,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/dvsekhvalnov/jose2go v1.6.0 h1:Y9gnSnP4qEI0+/uQkHvFXeD2PLPJeXEL+ySMEA2EjTY= github.com/dvsekhvalnov/jose2go v1.6.0/go.mod h1:QsHjhyTlD/lAVqn/NSbVZmSCGeDehTB/mPZadG+mhXU= -github.com/ebitengine/purego v0.8.0 h1:JbqvnEzRvPpxhCJzJJ2y0RbiZ8nyjccVUrSM3q+GvvE= -github.com/ebitengine/purego v0.8.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= +github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE= +github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/elastic/elastic-transport-go/v8 v8.6.0 h1:Y2S/FBjx1LlCv5m6pWAF2kDJAHoSjSRSJCApolgfthA= github.com/elastic/elastic-transport-go/v8 v8.6.0/go.mod h1:YLHer5cj0csTzNFXoNQ8qhtGY1GTvSqPnKWKaqQE3Hk= github.com/elastic/go-elasticsearch/v8 v8.15.0 h1:IZyJhe7t7WI3NEFdcHnf6IJXqpRf+8S8QWLtZYYyBYk= @@ -1156,8 +1160,8 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= -github.com/envoyproxy/go-control-plane v0.13.0 h1:HzkeUz1Knt+3bK+8LG1bxOO/jzWZmdxpwC51i202les= -github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= +github.com/envoyproxy/go-control-plane v0.13.1 h1:vPfJZCkob6yTMEgS+0TwfTUfbHjfy/6vOJ8hUWX/uXE= +github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= @@ -1172,16 +1176,10 @@ github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= -github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 h1:0JZ+dUmQeA8IIVUMzysrX4/AKuQwWhV2dYQuPZdvdSQ= -github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64= -github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A= -github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg= -github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 h1:E2s37DuLxFhQDg5gKsWoLBOB0n+ZW8s599zru8FJ2/Y= -github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -1195,8 +1193,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fsouza/fake-gcs-server v1.49.3 h1:RPt94uYjWb+t19dlZg4PVRJFCvqf7px0YZDvIiUfjcU= github.com/fsouza/fake-gcs-server v1.49.3/go.mod h1:WsE7OZKNd5WXgiry01oJO6mDvljOr+YLPR3VQtM2sDY= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= @@ -1233,8 +1231,8 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= @@ -1317,8 +1315,8 @@ github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeH github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= @@ -1551,8 +1549,8 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjw github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c h1:6rhixN/i8ZofjG1Y75iExal34USq5p+wiN1tpie8IrU= github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c/go.mod h1:NMPJylDgVpX0MLRlPy15sqSwOFv/U1GZ2m21JhFfek0= -github.com/guptarohit/asciigraph v0.7.2 h1:pBBJYbMl4j7zS4AwmrfAs6tA0VQOEQC933aG72dlrFA= -github.com/guptarohit/asciigraph v0.7.2/go.mod h1:dYl5wwK4gNsnFf9Zp+l06rFiDZ5YtXM6x7SRWZ3KGag= +github.com/guptarohit/asciigraph v0.7.3 h1:p05XDDn7cBTWiBqWb30mrwxd6oU0claAjqeytllnsPY= +github.com/guptarohit/asciigraph v0.7.3/go.mod h1:dYl5wwK4gNsnFf9Zp+l06rFiDZ5YtXM6x7SRWZ3KGag= github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8= github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -1577,8 +1575,8 @@ github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3ly github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= @@ -1603,6 +1601,8 @@ github.com/icza/mjpeg v0.0.0-20230330134156-38318e5ab8f4 h1:NUuR3iigoVwstgE2Ahn1 github.com/icza/mjpeg v0.0.0-20230330134156-38318e5ab8f4/go.mod h1:4x2PXnxyG6DTZMYpoV0JgU0y1eZvAfxW/YALnA8E2B0= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/in-toto/attestation v1.1.0 h1:oRWzfmZPDSctChD0VaQV7MJrywKOzyNrtpENQFq//2Q= +github.com/in-toto/attestation v1.1.0/go.mod h1:DB59ytd3z7cIHgXxwpSX2SABrU6WJUKg/grpdgHVgVs= github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -1647,8 +1647,8 @@ github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCM github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= github.com/jackc/pgtype v1.14.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= -github.com/jackc/pgtype v1.14.3 h1:h6W9cPuHsRWQFTWUZMAKMgG5jSwQI0Zurzdvlx3Plus= -github.com/jackc/pgtype v1.14.3/go.mod h1:aKeozOde08iifGosdJpz9MBZonJOUJxqNpPBcMJTlVA= +github.com/jackc/pgtype v1.14.4 h1:fKuNiCumbKTAIxQwXfB/nsrnkEI6bPJrrSiMKgbJ2j8= +github.com/jackc/pgtype v1.14.4/go.mod h1:aKeozOde08iifGosdJpz9MBZonJOUJxqNpPBcMJTlVA= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= @@ -1715,13 +1715,15 @@ github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM= github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= @@ -1769,8 +1771,8 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailgun/errors v0.3.0 h1:g8R8lodkwqk5WIVMAClyUqt0PSd5JTVgobB+H7C2sLs= github.com/mailgun/errors v0.3.0/go.mod h1:+ltknP+jhv3gZ1StKY6ugoQECcPxDCaSdmYesqTZcLQ= -github.com/mailgun/mailgun-go/v4 v4.16.0 h1:pKu0KXSmejK2/sN4r/fLHD4igEFTuTnKQKPFOysenUw= -github.com/mailgun/mailgun-go/v4 v4.16.0/go.mod h1:YzMgA0+Fjp6p5Gfju0THVjmQMUtUbadMwfdIaTu4UIg= +github.com/mailgun/mailgun-go/v4 v4.18.1 h1:ShNH/wzj7albTF/6le011FF+DGMd3azcSKL4iO9AgeI= +github.com/mailgun/mailgun-go/v4 v4.18.1/go.mod h1:+d4FCswFAukgYc1XtKK2IxOYaVxjVm8AN2z/5TBiT8M= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU= @@ -1795,8 +1797,8 @@ github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6T github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/mattn/go-sqlite3 v1.14.23 h1:gbShiuAP1W5j9UOksQ06aiiqPMxYecovVGwmTxWtuw0= -github.com/mattn/go-sqlite3 v1.14.23/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= +github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= @@ -1848,8 +1850,8 @@ github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJ github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/montanaflynn/stats v0.7.0 h1:r3y12KyNxj/Sb/iOE46ws+3mS1+MZca1wlHQFPsY/JU= github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI= -github.com/mozillazg/docker-credential-acr-helper v0.3.0/go.mod h1:cZlu3tof523ujmLuiNUb6JsjtHcNA70u1jitrrdnuyA= +github.com/mozillazg/docker-credential-acr-helper v0.4.0 h1:Uoh3Z9CcpEDnLiozDx+D7oDgRq7X+R296vAqAumnOcw= +github.com/mozillazg/docker-credential-acr-helper v0.4.0/go.mod h1:2kiicb3OlPytmlNC9XGkLvVC+f0qTiJw3f/mhmeeQBg= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mreiferson/go-httpclient v0.0.0-20201222173833-5e475fde3a4d/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mtibben/percent v0.2.1 h1:5gssi8Nqo8QU/r2pynCm+hBQHpkB/uNK7BJCFogWdzs= @@ -1879,8 +1881,8 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/okta/okta-sdk-golang/v2 v2.20.0 h1:EDKM+uOPfihOMNwgHMdno+NAsIfyXkVnoFAYVPay0YU= github.com/okta/okta-sdk-golang/v2 v2.20.0/go.mod h1:FMy5hN5G8Rd/VoS0XrfyPPhIfOVo78ZK7lvwiQRS2+U= -github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM= -github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60= +github.com/oleiade/reflections v1.1.0 h1:D+I/UsXQB4esMathlt0kkZRJZdUDmhv5zGi/HOwYTWo= +github.com/oleiade/reflections v1.1.0/go.mod h1:mCxx0QseeVCHs5Um5HhJeCKVC7AwS8kO67tky4rdisA= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -1898,8 +1900,8 @@ github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9 github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/open-policy-agent/opa v0.67.0 h1:FOdsO9yNhfmrh+72oVK7ImWmzruG+VSpfbr5IBqEWVs= -github.com/open-policy-agent/opa v0.67.0/go.mod h1:aqKlHc8E2VAAylYE9x09zJYr/fYzGX+JKne89UGqFzk= +github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= +github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -1953,8 +1955,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo= -github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= +github.com/pkg/sftp v1.13.7 h1:uv+I3nNJvlKZIQGSr8JVQLNHFU9YhhNpvC14Y6KgmSM= +github.com/pkg/sftp v1.13.7/go.mod h1:KMKI0t3T6hfA+lTR/ssZdunHo+uwq7ghoN09/FSu3DY= github.com/pkg/xattr v0.4.10 h1:Qe0mtiNFHQZ296vRgUjRCoPHPqH7VdTOrZx3g0T+pGA= github.com/pkg/xattr v0.4.10/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= @@ -1973,8 +1975,8 @@ github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -1993,8 +1995,8 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk= github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c= -github.com/quic-go/quic-go v0.47.0 h1:yXs3v7r2bm1wmPTYNLKAAJTHMYkPEsfYJmTazXrCZ7Y= -github.com/quic-go/quic-go v0.47.0/go.mod h1:3bCapYsJvXGZcipOHuu7plYtaV6tnF+z7wIFsU0WK9E= +github.com/quic-go/quic-go v0.48.1 h1:y/8xmfWI9qmGTc+lBr4jKRUWLGSlSigv847ULJ4hYXA= +github.com/quic-go/quic-go v0.48.1/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= @@ -2040,8 +2042,8 @@ github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= -github.com/schollz/progressbar/v3 v3.16.0 h1:+MbBim/cE9DqDb8UXRfLJ6RZdyDkXG1BDy/sWc5s0Mc= -github.com/schollz/progressbar/v3 v3.16.0/go.mod h1:lLiKjKJ9/yzc9Q8jk+sVLfxWxgXKsktvUf6TO+4Y2nw= +github.com/schollz/progressbar/v3 v3.17.0 h1:Fv+vG6O6jnJwdjCelvfyYO7sF2jaUGQVmdH4CxcZdsQ= +github.com/schollz/progressbar/v3 v3.17.0/go.mod h1:5H4fLgifX+KeQCsEJnZTOepgZLe1jFF1lpPXb68IJTA= github.com/scim2/filter-parser/v2 v2.2.0 h1:QGadEcsmypxg8gYChRSM2j1edLyE/2j72j+hdmI4BJM= github.com/scim2/filter-parser/v2 v2.2.0/go.mod h1:jWnkDToqX/Y0ugz0P5VvpVEUKcWcyHHj+X+je9ce5JA= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= @@ -2059,8 +2061,8 @@ github.com/shabbyrobe/gocovmerge v0.0.0-20230507112040-c3350d9342df h1:S77Pf5fIG github.com/shabbyrobe/gocovmerge v0.0.0-20230507112040-c3350d9342df/go.mod h1:dcuzJZ83w/SqN9k4eQqwKYMgmKWzg/KzJAURBhRL1tc= github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= -github.com/shirou/gopsutil/v4 v4.24.9 h1:KIV+/HaHD5ka5f570RZq+2SaeFsb/pq+fp2DGNWYoOI= -github.com/shirou/gopsutil/v4 v4.24.9/go.mod h1:3fkaHNeYsUFCGZ8+9vZVWtbyM1k2eRnlL+bWO8Bxa/Q= +github.com/shirou/gopsutil/v4 v4.24.10 h1:7VOzPtfw/5YDU+jLEoBwXwxJbQetULywoSV4RYY7HkM= +github.com/shirou/gopsutil/v4 v4.24.10/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= @@ -2069,18 +2071,18 @@ github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 h1:xT+JlYxNGqyT+XcU8 github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw= github.com/siddontang/go-log v0.0.0-20180807004314-8d05993dda07 h1:oI+RNwuC9jF2g2lP0u0cVEEZrc/AYBCuFdvwrLWM/6Q= github.com/siddontang/go-log v0.0.0-20180807004314-8d05993dda07/go.mod h1:yFdBgwXP24JziuRl2NMUahT7nGLNOKi1SIiFxMttVD4= -github.com/sigstore/cosign/v2 v2.4.0 h1:2NdidNgClg+oXr/fDIr37E/BE6j00gqgUhSiBK2kjSQ= -github.com/sigstore/cosign/v2 v2.4.0/go.mod h1:j+fH1DCUkcn92qp6ezDj4JbGMri6eG1nLJC+hs64rvc= -github.com/sigstore/fulcio v1.5.1 h1:Iasy1zfNjaq8BV4S8o6pXspLDU28PQC2z07GmOu9zpM= -github.com/sigstore/fulcio v1.5.1/go.mod h1:W1A/UHrTopy1IBZPMtHmxg7GPYAu+vt5dRXM3W6yjPo= +github.com/sigstore/cosign/v2 v2.4.1 h1:b8UXEfJFks3hmTwyxrRNrn6racpmccUycBHxDMkEPvU= +github.com/sigstore/cosign/v2 v2.4.1/go.mod h1:GvzjBeUKigI+XYnsoVQDmMAsMMc6engxztRSuxE+x9I= +github.com/sigstore/fulcio v1.6.3 h1:Mvm/bP6ELHgazqZehL8TANS1maAkRoM23CRAdkM4xQI= +github.com/sigstore/fulcio v1.6.3/go.mod h1:5SDgLn7BOUVLKe1DwOEX3wkWFu5qEmhUlWm+SFf0GH8= github.com/sigstore/protobuf-specs v0.3.2 h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWwQvORuRQo= github.com/sigstore/protobuf-specs v0.3.2/go.mod h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= -github.com/sigstore/sigstore v1.8.9 h1:NiUZIVWywgYuVTxXmRoTT4O4QAGiTEKup4N1wdxFadk= -github.com/sigstore/sigstore v1.8.9/go.mod h1:d9ZAbNDs8JJfxJrYmulaTazU3Pwr8uLL9+mii4BNR3w= -github.com/sigstore/sigstore-go v0.5.1 h1:5IhKvtjlQBeLnjKkzMELNG4tIBf+xXQkDzhLV77+/8Y= -github.com/sigstore/sigstore-go v0.5.1/go.mod h1:TuOfV7THHqiDaUHuJ5+QN23RP/YoKmsbwJpY+aaYPN0= +github.com/sigstore/sigstore v1.8.10 h1:r4t+TYzJlG9JdFxMy+um9GZhZ2N1hBTyTex0AHEZxFs= +github.com/sigstore/sigstore v1.8.10/go.mod h1:BekjqxS5ZtHNJC4u3Q3Stvfx2eyisbW/lUZzmPU2u4A= +github.com/sigstore/sigstore-go v0.6.1 h1:tGkkv1oDIER+QYU5MrjqlttQOVDWfSkmYwMqkJhB/cg= +github.com/sigstore/sigstore-go v0.6.1/go.mod h1:Xe5GHmUeACRFbomUWzVkf/xYCn8xVifb9DgqJrV2dIw= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 h1:2zHmUvaYCwV6LVeTo+OAkTm8ykOGzA9uFlAjwDPAUWM= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8/go.mod h1:OEhheBplZinUsm7W9BupafztVZV3ldkAxEHbpAeC0Pk= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 h1:RKk4Z+qMaLORUdT7zntwMqKiYAej1VQlCswg0S7xNSY= @@ -2103,8 +2105,8 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= -github.com/snowflakedb/gosnowflake v1.11.1 h1:E91s8vBOSroaSTLsyjO4QPkEuzGmZcCxEFQLg214mvk= -github.com/snowflakedb/gosnowflake v1.11.1/go.mod h1:WFe+8mpsapDaQjHX6BqJBKtfQCGlGD3lHKeDsKfpx2A= +github.com/snowflakedb/gosnowflake v1.12.0 h1:Saez8egtn5xAoVMBxFaMu9MYfAG9SS9dpAEXD1/ECIo= +github.com/snowflakedb/gosnowflake v1.12.0/go.mod h1:wHfYmZi3zvtWItojesAhWWXBN7+niex2R1h/S7QCZYg= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -2156,8 +2158,8 @@ github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gt github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= -github.com/theupdateframework/go-tuf/v2 v2.0.0 h1:rD8d9RotYBprZVgC+9oyTZ5MmawepnTSTqoDuxjWgbs= -github.com/theupdateframework/go-tuf/v2 v2.0.0/go.mod h1:baB22nBHeHBCeuGZcIlctNq4P61PcOdyARlplg5xmLA= +github.com/theupdateframework/go-tuf/v2 v2.0.1 h1:11p9tXpq10KQEujxjcIjDSivMKCMLguls7erXHZnxJQ= +github.com/theupdateframework/go-tuf/v2 v2.0.1/go.mod h1:baB22nBHeHBCeuGZcIlctNq4P61PcOdyARlplg5xmLA= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= @@ -2179,8 +2181,8 @@ github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d h1:q80YK github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d/go.mod h1:vLdXKydr/OJssAXmjY0XBgLXUfivBMrNRIBljgtqCnw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= -github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= +github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= @@ -2200,6 +2202,8 @@ github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8 github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= +github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU= +github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E= github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA= @@ -2293,8 +2297,8 @@ go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeX go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= -go.step.sm/crypto v0.51.1 h1:ktUg/2hetEMiBAqgz502ktZDGoDoGrcHFg3XpkmkvvA= -go.step.sm/crypto v0.51.1/go.mod h1:PdrhttNU/tG9/YsVd4fdlysBN+UV503p0o2irFZQlAw= +go.step.sm/crypto v0.51.2 h1:5EiCGIMg7IvQTGmJrwRosbXeprtT80OhoS/PJarg60o= +go.step.sm/crypto v0.51.2/go.mod h1:QK7czLjN2k+uqVp5CHXxJbhc70kVRSP+0CQF3zsR5M0= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -2341,7 +2345,6 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= diff --git a/integrations/access/email/mailers.go b/integrations/access/email/mailers.go index 17864322fbc4b..60d5b4592449f 100644 --- a/integrations/access/email/mailers.go +++ b/integrations/access/email/mailers.go @@ -200,7 +200,7 @@ func (m *MailgunMailer) CheckHealth(ctx context.Context) error { ctx, cancel := context.WithTimeout(ctx, mailgunHTTPTimeout) defer cancel() - msg := m.mailgun.NewMessage(m.sender, "Health Check", "Testing Mailgun API connection...", m.fallbackRecipients...) + msg := mailgun.NewMessage(m.sender, "Health Check", "Testing Mailgun API connection...", m.fallbackRecipients...) msg.SetRequireTLS(true) msg.EnableTestMode() // Test message submission without delivering to recipients. _, _, err := m.mailgun.Send(ctx, msg) @@ -212,7 +212,7 @@ func (m *MailgunMailer) Send(ctx context.Context, id, recipient, body, reference subject := fmt.Sprintf("%v Role Request %v", m.clusterName, id) refHeader := fmt.Sprintf("<%v>", references) - msg := m.mailgun.NewMessage(m.sender, subject, body, recipient) + msg := mailgun.NewMessage(m.sender, subject, body, recipient) msg.SetRequireTLS(true) if references != "" { diff --git a/integrations/event-handler/go.mod b/integrations/event-handler/go.mod index f14e229940c78..e21be08740428 100644 --- a/integrations/event-handler/go.mod +++ b/integrations/event-handler/go.mod @@ -33,8 +33,8 @@ require ( connectrpc.com/connect v1.17.0 // indirect dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect @@ -49,7 +49,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect @@ -129,15 +129,15 @@ require ( github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect - github.com/fatih/color v1.17.0 // indirect + github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect - github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -152,7 +152,7 @@ require ( github.com/gobwas/ws v1.4.0 // indirect github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/golang-jwt/jwt/v4 v4.5.1 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -198,7 +198,7 @@ require ( github.com/julienschmidt/httprouter v1.3.0 // indirect github.com/kelseyhightower/envconfig v1.4.0 // indirect github.com/keys-pub/go-libfido2 v1.5.3-0.20220306005615-8ab03fb1ec27 // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/compress v1.17.11 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect @@ -211,7 +211,7 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/mattn/go-sqlite3 v1.14.23 // indirect + github.com/mattn/go-sqlite3 v1.14.24 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -235,7 +235,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect github.com/pquerna/otp v1.4.0 // indirect - github.com/prometheus/client_golang v1.20.4 // indirect + github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect @@ -258,7 +258,7 @@ require ( github.com/vulcand/predicate v1.2.0 // indirect github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/xanzy/go-gitlab v0.109.0 // indirect + github.com/xanzy/go-gitlab v0.112.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect diff --git a/integrations/event-handler/go.sum b/integrations/event-handler/go.sum index ad546e4f5a319..77a9519422e16 100644 --- a/integrations/event-handler/go.sum +++ b/integrations/event-handler/go.sum @@ -623,10 +623,12 @@ gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zum git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1 h1:H3g2mkmu105ON0c/Gqx3Bm+bzoIijLom8LmV9Gjn7X0= @@ -661,11 +663,13 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscripti github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0/go.mod h1:qskvSQeW+cxEE2bcKYyKimB1/KiQ9xpJ99bcHY0BX6c= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= @@ -859,8 +863,8 @@ github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0= -github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= +github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= +github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo= github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= @@ -871,6 +875,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/di-wu/parser v0.2.2/go.mod h1:SLp58pW6WamdmznrVRrw2NTyn4wAvT9rrEFynKX7nYo= github.com/di-wu/parser v0.3.0 h1:NMOvy5ifswgt4gsdhySVcKOQtvjC43cHZIfViWctqQY= github.com/di-wu/parser v0.3.0/go.mod h1:SLp58pW6WamdmznrVRrw2NTyn4wAvT9rrEFynKX7nYo= @@ -927,8 +933,8 @@ github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -937,8 +943,8 @@ github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7Dlme github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= @@ -957,8 +963,8 @@ github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= @@ -1001,8 +1007,8 @@ github.com/gobwas/ws v1.4.0/go.mod h1:G3gNqMNtPppf5XUz7O4shetPpcZ1VJ7zt18dlUeakr github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -1177,6 +1183,8 @@ github.com/gravitational/predicate v1.3.1 h1:f1uGg2FF6z5wZbcafYpLZJ1gl+82I0MlSd0 github.com/gravitational/predicate v1.3.1/go.mod h1:H5e9dUW7zb/cuKkkhfnyT9SsI/WHWJ8Ra011La16DTY= github.com/gravitational/protobuf v1.3.2-teleport.1 h1:h5mh+UOKPurqDxn1hRVcr1WzSkmBi+D9qkXpaXA9PFM= github.com/gravitational/protobuf v1.3.2-teleport.1/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/gravitational/redis/v9 v9.6.1-teleport.1 h1:gPirfPKArN2nPhTKR3h9fnEg5YuYU933+CjlDJMo4H0= +github.com/gravitational/redis/v9 v9.6.1-teleport.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/gravitational/roundtrip v1.0.2 h1:eOCY0NEKKaB0ksJmvhO6lPMFz1pIIef+vyPBTBROQ5c= github.com/gravitational/roundtrip v1.0.2/go.mod h1:fuI1booM2hLRA/B/m5MRAPOU6mBZNYcNycono2UuTw0= github.com/gravitational/spdystream v0.0.0-20230512133543-4e46862ca9bf h1:aXnqDSit8L1qhI0+QdbJh+MTUFKXG7qbkZXnfr7L96A= @@ -1259,12 +1267,14 @@ github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= @@ -1307,8 +1317,8 @@ github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6T github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/mattn/go-sqlite3 v1.14.23 h1:gbShiuAP1W5j9UOksQ06aiiqPMxYecovVGwmTxWtuw0= -github.com/mattn/go-sqlite3 v1.14.23/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= +github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= @@ -1397,8 +1407,8 @@ github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -1415,8 +1425,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/quic-go/quic-go v0.47.0 h1:yXs3v7r2bm1wmPTYNLKAAJTHMYkPEsfYJmTazXrCZ7Y= -github.com/quic-go/quic-go v0.47.0/go.mod h1:3bCapYsJvXGZcipOHuu7plYtaV6tnF+z7wIFsU0WK9E= +github.com/quic-go/quic-go v0.48.1 h1:y/8xmfWI9qmGTc+lBr4jKRUWLGSlSigv847ULJ4hYXA= +github.com/quic-go/quic-go v0.48.1/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= @@ -1493,8 +1503,8 @@ github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d h1:q80YK github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d/go.mod h1:vLdXKydr/OJssAXmjY0XBgLXUfivBMrNRIBljgtqCnw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= -github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= +github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.1.2 h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY= diff --git a/integrations/terraform/go.mod b/integrations/terraform/go.mod index f82bb503a45fa..d140d2b20e4de 100644 --- a/integrations/terraform/go.mod +++ b/integrations/terraform/go.mod @@ -41,8 +41,8 @@ require ( connectrpc.com/connect v1.17.0 // indirect dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect @@ -57,7 +57,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -141,23 +141,23 @@ require ( github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/dustin/go-humanize v1.0.1 // indirect - github.com/ebitengine/purego v0.8.0 // indirect + github.com/ebitengine/purego v0.8.1 // indirect github.com/elimity-com/scim v0.0.0-20240320110924-172bf2aee9c8 // indirect github.com/emicklei/go-restful/v3 v3.11.3 // indirect - github.com/envoyproxy/go-control-plane v0.13.0 // indirect + github.com/envoyproxy/go-control-plane v0.13.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect - github.com/fatih/color v1.17.0 // indirect + github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect - github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect @@ -173,7 +173,7 @@ require ( github.com/gobwas/pool v0.2.1 // indirect github.com/gobwas/ws v1.4.0 // indirect github.com/gofrs/flock v0.12.1 // indirect - github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/golang-jwt/jwt/v4 v4.5.1 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -240,7 +240,7 @@ require ( github.com/julienschmidt/httprouter v1.3.0 // indirect github.com/kelseyhightower/envconfig v1.4.0 // indirect github.com/keys-pub/go-libfido2 v1.5.3-0.20220306005615-8ab03fb1ec27 // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/compress v1.17.11 // indirect github.com/kr/fs v0.1.0 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect @@ -255,7 +255,7 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/mattn/go-sqlite3 v1.14.23 // indirect + github.com/mattn/go-sqlite3 v1.14.24 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -282,27 +282,27 @@ require ( github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pkg/sftp v1.13.6 // indirect + github.com/pkg/sftp v1.13.7 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/posener/complete v1.2.3 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect github.com/pquerna/otp v1.4.0 // indirect - github.com/prometheus/client_golang v1.20.4 // indirect + github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect - github.com/quic-go/quic-go v0.47.0 // indirect + github.com/quic-go/quic-go v0.48.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/rubenv/sql-migrate v1.7.0 // indirect github.com/russellhaering/gosaml2 v0.9.1 // indirect github.com/russellhaering/goxmldsig v1.4.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/schollz/progressbar/v3 v3.16.0 // indirect + github.com/schollz/progressbar/v3 v3.17.0 // indirect github.com/scim2/filter-parser/v2 v2.2.0 // indirect - github.com/shirou/gopsutil/v4 v4.24.9 // indirect + github.com/shirou/gopsutil/v4 v4.24.10 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sijms/go-ora/v2 v2.8.22 // indirect github.com/spf13/cast v1.7.0 // indirect @@ -319,7 +319,7 @@ require ( github.com/vulcand/predicate v1.2.0 // indirect github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/xanzy/go-gitlab v0.109.0 // indirect + github.com/xanzy/go-gitlab v0.112.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect diff --git a/integrations/terraform/go.sum b/integrations/terraform/go.sum index 32807d9fc4546..898202b177cfd 100644 --- a/integrations/terraform/go.sum +++ b/integrations/terraform/go.sum @@ -636,10 +636,12 @@ gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zum git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1 h1:H3g2mkmu105ON0c/Gqx3Bm+bzoIijLom8LmV9Gjn7X0= @@ -678,16 +680,18 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/ClickHouse/ch-go v0.62.0 h1:eXH0hytXeCEEZHgMvOX9IiW7wqBb4w1MJMp9rArbkrc= -github.com/ClickHouse/ch-go v0.62.0/go.mod h1:uzso52/PD9+gZj7tL6XAo8/EYDrx7CIwNF4c6PnO6S0= -github.com/ClickHouse/clickhouse-go/v2 v2.29.0 h1:Dj1w59RssRyLgGHXtYaWU0eIM1pJsu9nGPi/btmvAqw= -github.com/ClickHouse/clickhouse-go/v2 v2.29.0/go.mod h1:bLookq6qZJ4Ush/6tOAnJGh1Sf3Sa/nQoMn71p7ZCUE= +github.com/ClickHouse/ch-go v0.63.1 h1:s2JyZvWLTCSAGdtjMBBmAgQQHMco6pawLJMOXi0FODM= +github.com/ClickHouse/ch-go v0.63.1/go.mod h1:I1kJJCL3WJcBMGe1m+HVK0+nREaG+JOYYBWjrDrF3R0= +github.com/ClickHouse/clickhouse-go/v2 v2.30.0 h1:AG4D/hW39qa58+JHQIFOSnxyL46H6h2lrmGGk17dhFo= +github.com/ClickHouse/clickhouse-go/v2 v2.30.0/go.mod h1:i9ZQAojcayW3RsdCb3YR+n+wC2h65eJsZCscZ1Z1wyo= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/DanielTitkov/go-adaptive-cards v0.2.2 h1:tBFExyvsbCcrBJEvPaV3FW4gcAkwQjXFKiKEBrE7Yuw= @@ -745,8 +749,8 @@ github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302/go.mod h1:SGn github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUiji6lZrA= github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= -github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= +github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA= +github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA= github.com/andybalholm/crlf v0.0.0-20171020200849-670099aa064f/go.mod h1:k8feO4+kXDxro6ErPXBRTJ/ro2mf0SsFG8s7doP9kJE= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -947,8 +951,8 @@ github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0= -github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= +github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= +github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo= github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= @@ -972,8 +976,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/dmarkham/enumer v1.5.9 h1:NM/1ma/AUNieHZg74w67GkHFBNB15muOt3sj486QVZk= -github.com/dmarkham/enumer v1.5.9/go.mod h1:e4VILe2b1nYK3JKJpRmNdl5xbDQvELc6tQ8b+GsGk6E= +github.com/dmarkham/enumer v1.5.10 h1:ygL0L6quiTiH1jpp68DyvsWaea6MaZLZrTTkIS++R0M= +github.com/dmarkham/enumer v1.5.10/go.mod h1:e4VILe2b1nYK3JKJpRmNdl5xbDQvELc6tQ8b+GsGk6E= github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2oNn0GkeZE= github.com/docker/cli v27.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= @@ -994,8 +998,8 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/ebitengine/purego v0.8.0 h1:JbqvnEzRvPpxhCJzJJ2y0RbiZ8nyjccVUrSM3q+GvvE= -github.com/ebitengine/purego v0.8.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= +github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE= +github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/elastic/elastic-transport-go/v8 v8.6.0 h1:Y2S/FBjx1LlCv5m6pWAF2kDJAHoSjSRSJCApolgfthA= github.com/elastic/elastic-transport-go/v8 v8.6.0/go.mod h1:YLHer5cj0csTzNFXoNQ8qhtGY1GTvSqPnKWKaqQE3Hk= github.com/elastic/go-elasticsearch/v8 v8.15.0 h1:IZyJhe7t7WI3NEFdcHnf6IJXqpRf+8S8QWLtZYYyBYk= @@ -1018,8 +1022,8 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= -github.com/envoyproxy/go-control-plane v0.13.0 h1:HzkeUz1Knt+3bK+8LG1bxOO/jzWZmdxpwC51i202les= -github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= +github.com/envoyproxy/go-control-plane v0.13.1 h1:vPfJZCkob6yTMEgS+0TwfTUfbHjfy/6vOJ8hUWX/uXE= +github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= @@ -1034,8 +1038,8 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwC github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= @@ -1045,8 +1049,8 @@ github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7Dlme github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= @@ -1083,8 +1087,8 @@ github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= @@ -1137,8 +1141,8 @@ github.com/gocql/gocql v1.7.0 h1:O+7U7/1gSN7QTEAaMEsJc1Oq2QHXvCWoF3DFK9HDHus= github.com/gocql/gocql v1.7.0/go.mod h1:vnlvXyFZeLBF0Wy+RS8hrOdbn0UWsWtdg07XJnFxZ+4= github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= @@ -1452,8 +1456,8 @@ github.com/jackc/pgproto3/v2 v2.3.3 h1:1HLSx5H+tXR9pW3in3zaztoEwQYRC9SQaYUHjTSUO github.com/jackc/pgproto3/v2 v2.3.3/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgtype v1.14.3 h1:h6W9cPuHsRWQFTWUZMAKMgG5jSwQI0Zurzdvlx3Plus= -github.com/jackc/pgtype v1.14.3/go.mod h1:aKeozOde08iifGosdJpz9MBZonJOUJxqNpPBcMJTlVA= +github.com/jackc/pgtype v1.14.4 h1:fKuNiCumbKTAIxQwXfB/nsrnkEI6bPJrrSiMKgbJ2j8= +github.com/jackc/pgtype v1.14.4/go.mod h1:aKeozOde08iifGosdJpz9MBZonJOUJxqNpPBcMJTlVA= github.com/jackc/pgx/v4 v4.18.3 h1:dE2/TrEsGX3RBprb3qryqSV9Y60iZN1C6i8IrmW9/BA= github.com/jackc/pgx/v4 v4.18.3/go.mod h1:Ey4Oru5tH5sB6tV7hDmfWFahwF15Eb7DNXlRKx2CkVw= github.com/jackc/pgx/v5 v5.7.1 h1:x7SYsPBYDkHDksogeSmZZ5xzThcTgRz++I5E+ePFUcs= @@ -1512,13 +1516,15 @@ github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= @@ -1574,8 +1580,8 @@ github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6T github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/mattn/go-sqlite3 v1.14.23 h1:gbShiuAP1W5j9UOksQ06aiiqPMxYecovVGwmTxWtuw0= -github.com/mattn/go-sqlite3 v1.14.23/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= +github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= @@ -1694,8 +1700,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo= -github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= +github.com/pkg/sftp v1.13.7 h1:uv+I3nNJvlKZIQGSr8JVQLNHFU9YhhNpvC14Y6KgmSM= +github.com/pkg/sftp v1.13.7/go.mod h1:KMKI0t3T6hfA+lTR/ssZdunHo+uwq7ghoN09/FSu3DY= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -1715,8 +1721,8 @@ github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -1733,8 +1739,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/quic-go/quic-go v0.47.0 h1:yXs3v7r2bm1wmPTYNLKAAJTHMYkPEsfYJmTazXrCZ7Y= -github.com/quic-go/quic-go v0.47.0/go.mod h1:3bCapYsJvXGZcipOHuu7plYtaV6tnF+z7wIFsU0WK9E= +github.com/quic-go/quic-go v0.48.1 h1:y/8xmfWI9qmGTc+lBr4jKRUWLGSlSigv847ULJ4hYXA= +github.com/quic-go/quic-go v0.48.1/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= @@ -1759,8 +1765,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= -github.com/schollz/progressbar/v3 v3.16.0 h1:+MbBim/cE9DqDb8UXRfLJ6RZdyDkXG1BDy/sWc5s0Mc= -github.com/schollz/progressbar/v3 v3.16.0/go.mod h1:lLiKjKJ9/yzc9Q8jk+sVLfxWxgXKsktvUf6TO+4Y2nw= +github.com/schollz/progressbar/v3 v3.17.0 h1:Fv+vG6O6jnJwdjCelvfyYO7sF2jaUGQVmdH4CxcZdsQ= +github.com/schollz/progressbar/v3 v3.17.0/go.mod h1:5H4fLgifX+KeQCsEJnZTOepgZLe1jFF1lpPXb68IJTA= github.com/scim2/filter-parser/v2 v2.2.0 h1:QGadEcsmypxg8gYChRSM2j1edLyE/2j72j+hdmI4BJM= github.com/scim2/filter-parser/v2 v2.2.0/go.mod h1:jWnkDToqX/Y0ugz0P5VvpVEUKcWcyHHj+X+je9ce5JA= github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= @@ -1773,8 +1779,8 @@ github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNX github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= -github.com/shirou/gopsutil/v4 v4.24.9 h1:KIV+/HaHD5ka5f570RZq+2SaeFsb/pq+fp2DGNWYoOI= -github.com/shirou/gopsutil/v4 v4.24.9/go.mod h1:3fkaHNeYsUFCGZ8+9vZVWtbyM1k2eRnlL+bWO8Bxa/Q= +github.com/shirou/gopsutil/v4 v4.24.10 h1:7VOzPtfw/5YDU+jLEoBwXwxJbQetULywoSV4RYY7HkM= +github.com/shirou/gopsutil/v4 v4.24.10/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 h1:xT+JlYxNGqyT+XcU8iUrN18JYed2TvG9yN5ULG2jATM= @@ -1846,8 +1852,8 @@ github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d h1:q80YK github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d/go.mod h1:vLdXKydr/OJssAXmjY0XBgLXUfivBMrNRIBljgtqCnw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= -github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= +github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= @@ -1989,7 +1995,6 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= @@ -2115,7 +2120,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= @@ -2284,7 +2288,6 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXR golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= diff --git a/lib/tbot/service_ssh_multiplexer.go b/lib/tbot/service_ssh_multiplexer.go index 1817ec0582252..18e529157c253 100644 --- a/lib/tbot/service_ssh_multiplexer.go +++ b/lib/tbot/service_ssh_multiplexer.go @@ -519,6 +519,7 @@ func (s *SSHMultiplexerService) Run(ctx context.Context) (err error) { s.agentMu.Unlock() s.log.DebugContext(egCtx, "Serving agent connection") + //nolint:staticcheck // SA4023. ServeAgent always returns a non-nil error. This is fine. err := agent.ServeAgent(currentAgent, conn) if err != nil && !utils.IsOKNetworkError(err) { s.log.WarnContext( diff --git a/lib/teleagent/agent.go b/lib/teleagent/agent.go index 3c06a2465cdc1..cd0c75bf7dedb 100644 --- a/lib/teleagent/agent.go +++ b/lib/teleagent/agent.go @@ -143,6 +143,7 @@ func (a *AgentServer) Serve() error { // separate goroutine. go func() { defer instance.Close() + //nolint:staticcheck // SA4023. ServeAgent always returns a non-nil error. This is fine. if err := agent.ServeAgent(instance, conn); err != nil { if !errors.Is(err, io.EOF) { log.Error(err) From 323e56e363efdfeb0c623c0a263c4835e9da9966 Mon Sep 17 00:00:00 2001 From: Stephen Levine Date: Mon, 4 Nov 2024 16:49:25 -0500 Subject: [PATCH 05/17] [teleport-update] Add support for reloading the agent & reverting symlinks on failed reload (#47929) * wip * cleanup * comments * test wip * test link revert * tests * cleanup * cleanup more * comments * comments * errors * comments * linting * fix bugs * fix typo * cleanup * cleanup * fix revert * lint * feedback * fix * fix test * clarify comment * use afterfunc --- lib/autoupdate/agent/installer.go | 136 +++++++++++++++---- lib/autoupdate/agent/installer_test.go | 172 +++++++++++++++++++++--- lib/autoupdate/agent/process.go | 179 +++++++++++++++++++++++++ lib/autoupdate/agent/process_test.go | 71 ++++++++++ lib/autoupdate/agent/updater.go | 157 ++++++++++++++++------ lib/autoupdate/agent/updater_test.go | 98 +++++++++++++- lib/utils/unpack.go | 45 ++++--- tool/teleport-update/main.go | 4 +- 8 files changed, 752 insertions(+), 110 deletions(-) create mode 100644 lib/autoupdate/agent/process.go create mode 100644 lib/autoupdate/agent/process_test.go diff --git a/lib/autoupdate/agent/installer.go b/lib/autoupdate/agent/installer.go index 4da41e8e55509..96e72c0a5cfa3 100644 --- a/lib/autoupdate/agent/installer.go +++ b/lib/autoupdate/agent/installer.go @@ -31,6 +31,7 @@ import ( "os" "path/filepath" "runtime" + "syscall" "text/template" "time" @@ -50,13 +51,13 @@ var ( // See utils.Extract for more details on how this list is parsed. // Paths must use tarball-style / separators (not filepath). tgzExtractPaths = []utils.ExtractPath{ - {Src: "teleport/examples/systemd/teleport.service", Dst: "etc/systemd/teleport.service"}, - {Src: "teleport/examples", Skip: true}, - {Src: "teleport/install", Skip: true}, - {Src: "teleport/README.md", Dst: "share/README.md"}, - {Src: "teleport/CHANGELOG.md", Dst: "share/CHANGELOG.md"}, - {Src: "teleport/VERSION", Dst: "share/VERSION"}, - {Src: "teleport", Dst: "bin"}, + {Src: "teleport/examples/systemd/teleport.service", Dst: "etc/systemd/teleport.service", DirMode: 0755}, + {Src: "teleport/examples", Skip: true, DirMode: 0755}, + {Src: "teleport/install", Skip: true, DirMode: 0755}, + {Src: "teleport/README.md", Dst: "share/README.md", DirMode: 0755}, + {Src: "teleport/CHANGELOG.md", Dst: "share/CHANGELOG.md", DirMode: 0755}, + {Src: "teleport/VERSION", Dst: "share/VERSION", DirMode: 0755}, + {Src: "teleport", Dst: "bin", DirMode: 0755}, } // servicePath contains the path to the Teleport SystemD service within the version directory. @@ -82,11 +83,9 @@ type LocalInstaller struct { ReservedFreeInstallDisk uint64 } -// ErrLinked is returned when a linked version cannot be removed. -var ErrLinked = errors.New("linked version cannot be removed") - // Remove a Teleport version directory from InstallDir. // This function is idempotent. +// See Installer interface for additional specs. func (li *LocalInstaller) Remove(ctx context.Context, version string) error { // os.RemoveAll is dangerous because it can remove an entire directory tree. // We must validate the version to ensure that we remove only a single path @@ -102,7 +101,7 @@ func (li *LocalInstaller) Remove(ctx context.Context, version string) error { return trace.Errorf("failed to determine if linked: %w", err) } if linked { - return trace.Wrap(ErrLinked) + return trace.Errorf("refusing to remove: %w", ErrLinked) } // invalidate checksum first, to protect against partially-removed @@ -119,7 +118,8 @@ func (li *LocalInstaller) Remove(ctx context.Context, version string) error { // Install a Teleport version directory in InstallDir. // This function is idempotent. -func (li *LocalInstaller) Install(ctx context.Context, version, template string, flags InstallFlags) error { +// See Installer interface for additional specs. +func (li *LocalInstaller) Install(ctx context.Context, version, template string, flags InstallFlags) (err error) { versionDir, err := li.versionDir(version) if err != nil { return trace.Wrap(err) @@ -175,11 +175,17 @@ func (li *LocalInstaller) Install(ctx context.Context, version, template string, if err != nil { return trace.Errorf("failed to download teleport: %w", err) } - // Seek to the start of the tgz file after writing if _, err := f.Seek(0, io.SeekStart); err != nil { return trace.Errorf("failed seek to start of download: %w", err) } + + // If interrupted, close the file immediately to stop extracting. + ctx, cancel := context.WithCancel(ctx) + defer cancel() + context.AfterFunc(ctx, func() { + _ = f.Close() // safe to close file multiple times + }) // Check integrity before decompression if !bytes.Equal(newSum, pathSum) { return trace.Errorf("mismatched checksum, download possibly corrupt") @@ -193,6 +199,17 @@ func (li *LocalInstaller) Install(ctx context.Context, version, template string, if _, err := f.Seek(0, io.SeekStart); err != nil { return trace.Errorf("failed seek to start: %w", err) } + + // If there's an error after we start extracting, delete the version dir. + defer func() { + if err != nil { + if err := os.RemoveAll(versionDir); err != nil { + li.Log.WarnContext(ctx, "Failed to cleanup broken version extraction.", "error", err, "dir", versionDir) + } + } + }() + + // Extract tgz into version directory. if err := li.extract(ctx, versionDir, f, n); err != nil { return trace.Errorf("failed to extract teleport: %w", err) } @@ -374,51 +391,118 @@ func (li *LocalInstaller) List(ctx context.Context) (versions []string, err erro return versions, nil } -// Link the specified version into the system LinkBinDir. -func (li *LocalInstaller) Link(ctx context.Context, version string) error { +// Link the specified version into the system LinkBinDir and LinkServiceDir. +// The revert function restores the previous linking. +// See Installer interface for additional specs. +func (li *LocalInstaller) Link(ctx context.Context, version string) (revert func(context.Context) bool, err error) { + // setup revert function + type symlink struct { + old, new string + } + var revertLinks []symlink + revert = func(ctx context.Context) bool { + // This function is safe to call repeatedly. + // Returns true only when all symlinks are successfully reverted. + var keep []symlink + for _, l := range revertLinks { + err := renameio.Symlink(l.old, l.new) + if err != nil { + keep = append(keep, l) + li.Log.ErrorContext(ctx, "Failed to revert symlink", "old", l.old, "new", l.new, "err", err) + } + } + revertLinks = keep + return len(revertLinks) == 0 + } + // revert immediately on error, so caller can ignore revert arg + defer func() { + if err != nil { + revert(ctx) + } + }() + versionDir, err := li.versionDir(version) if err != nil { - return trace.Wrap(err) + return revert, trace.Wrap(err) } // ensure target directories exist before trying to create links err = os.MkdirAll(li.LinkBinDir, 0755) if err != nil { - return trace.Wrap(err) + return revert, trace.Wrap(err) } err = os.MkdirAll(li.LinkServiceDir, 0755) if err != nil { - return trace.Wrap(err) + return revert, trace.Wrap(err) } // create binary links + binDir := filepath.Join(versionDir, "bin") entries, err := os.ReadDir(binDir) if err != nil { - return trace.Errorf("failed to find Teleport binary directory: %w", err) + return revert, trace.Errorf("failed to find Teleport binary directory: %w", err) } var linked int for _, entry := range entries { if entry.IsDir() { continue } - err := renameio.Symlink(filepath.Join(binDir, entry.Name()), filepath.Join(li.LinkBinDir, entry.Name())) + oldname := filepath.Join(binDir, entry.Name()) + newname := filepath.Join(li.LinkBinDir, entry.Name()) + orig, err := tryLink(oldname, newname) if err != nil { - return trace.Wrap(err) + return revert, trace.Errorf("failed to create symlink for %s: %w", filepath.Base(oldname), err) + } + if orig != "" { + revertLinks = append(revertLinks, symlink{ + old: orig, + new: newname, + }) } linked++ } if linked == 0 { - return trace.Errorf("no binaries available to link") + return revert, trace.Errorf("no binaries available to link") } // create systemd service link - service := filepath.Join(versionDir, servicePath) - err = renameio.Symlink(service, filepath.Join(li.LinkServiceDir, filepath.Base(servicePath))) + + oldname := filepath.Join(versionDir, servicePath) + newname := filepath.Join(li.LinkServiceDir, filepath.Base(servicePath)) + orig, err := tryLink(oldname, newname) if err != nil { - return trace.Wrap(err) + return revert, trace.Errorf("failed to create symlink for %s: %w", filepath.Base(oldname), err) } - return nil + if orig != "" { + revertLinks = append(revertLinks, symlink{ + old: orig, + new: newname, + }) + } + return revert, nil +} + +// tryLink attempts to create a symlink, atomically replacing an existing link if already present. +// If a non-symlink file or directory exists in newname already, tryLink errors. +func tryLink(oldname, newname string) (orig string, err error) { + orig, err = os.Readlink(newname) + if errors.Is(err, os.ErrInvalid) || + errors.Is(err, syscall.EINVAL) { // workaround missing ErrInvalid wrapper + // important: do not attempt to replace a non-linked install of Teleport + return orig, trace.Errorf("refusing to replace file at %s", newname) + } + if err != nil && !errors.Is(err, os.ErrNotExist) { + return orig, trace.Wrap(err) + } + if orig == oldname { + return "", nil + } + err = renameio.Symlink(oldname, newname) + if err != nil { + return orig, trace.Wrap(err) + } + return orig, nil } // versionDir returns the storage directory for a Teleport version. diff --git a/lib/autoupdate/agent/installer_test.go b/lib/autoupdate/agent/installer_test.go index 2602704208855..d4f58f782dc62 100644 --- a/lib/autoupdate/agent/installer_test.go +++ b/lib/autoupdate/agent/installer_test.go @@ -196,16 +196,18 @@ func TestLocalInstaller_Link(t *testing.T) { const version = "new-version" tests := []struct { - name string - dirs []string - files []string + name string + installDirs []string + installFiles []string + existingLinks []string + existingFiles []string - links []string - errMatch string + resultLinks []string + errMatch string }{ { - name: "present", - dirs: []string{ + name: "present with new links", + installDirs: []string{ "bin", "bin/somedir", "etc", @@ -213,7 +215,7 @@ func TestLocalInstaller_Link(t *testing.T) { "etc/systemd/somedir", "somedir", }, - files: []string{ + installFiles: []string{ "bin/teleport", "bin/tsh", "bin/tbot", @@ -221,7 +223,7 @@ func TestLocalInstaller_Link(t *testing.T) { "README", }, - links: []string{ + resultLinks: []string{ "bin/teleport", "bin/tsh", "bin/tbot", @@ -229,15 +231,102 @@ func TestLocalInstaller_Link(t *testing.T) { }, }, { - name: "no links", - files: []string{"README"}, - dirs: []string{"bin"}, + name: "present with existing links", + installDirs: []string{ + "bin", + "bin/somedir", + "etc", + "etc/systemd", + "etc/systemd/somedir", + "somedir", + }, + installFiles: []string{ + "bin/teleport", + "bin/tsh", + "bin/tbot", + servicePath, + "README", + }, + existingLinks: []string{ + "bin/teleport", + "bin/tsh", + "bin/tbot", + "lib/systemd/system/teleport.service", + }, + + resultLinks: []string{ + "bin/teleport", + "bin/tsh", + "bin/tbot", + "lib/systemd/system/teleport.service", + }, + }, + { + name: "conflicting systemd files", + installDirs: []string{ + "bin", + "bin/somedir", + "etc", + "etc/systemd", + "etc/systemd/somedir", + "somedir", + }, + installFiles: []string{ + "bin/teleport", + "bin/tsh", + "bin/tbot", + servicePath, + "README", + }, + existingLinks: []string{ + "bin/teleport", + "bin/tsh", + "bin/tbot", + }, + existingFiles: []string{ + "lib/systemd/system/teleport.service", + }, + + errMatch: "refusing", + }, + { + name: "conflicting bin files", + installDirs: []string{ + "bin", + "bin/somedir", + "etc", + "etc/systemd", + "etc/systemd/somedir", + "somedir", + }, + installFiles: []string{ + "bin/teleport", + "bin/tsh", + "bin/tbot", + servicePath, + "README", + }, + existingLinks: []string{ + "bin/teleport", + "bin/tbot", + "lib/systemd/system/teleport.service", + }, + existingFiles: []string{ + "bin/tsh", + }, + + errMatch: "refusing", + }, + { + name: "no links", + installFiles: []string{"README"}, + installDirs: []string{"bin"}, errMatch: "no binaries", }, { - name: "no bin directory", - files: []string{"README"}, + name: "no bin directory", + installFiles: []string{"README"}, errMatch: "binary directory", }, @@ -251,16 +340,30 @@ func TestLocalInstaller_Link(t *testing.T) { err := os.MkdirAll(versionDir, 0o755) require.NoError(t, err) - for _, d := range tt.dirs { + // setup files in version directory + for _, d := range tt.installDirs { err := os.Mkdir(filepath.Join(versionDir, d), os.ModePerm) require.NoError(t, err) } - for _, n := range tt.files { + for _, n := range tt.installFiles { err := os.WriteFile(filepath.Join(versionDir, n), []byte(filepath.Base(n)), os.ModePerm) require.NoError(t, err) } + // setup files in system links directory linkDir := t.TempDir() + for _, n := range tt.existingLinks { + err := os.MkdirAll(filepath.Dir(filepath.Join(linkDir, n)), os.ModePerm) + require.NoError(t, err) + err = os.Symlink(filepath.Base(n)+".old", filepath.Join(linkDir, n)) + require.NoError(t, err) + } + for _, n := range tt.existingFiles { + err := os.MkdirAll(filepath.Dir(filepath.Join(linkDir, n)), os.ModePerm) + require.NoError(t, err) + err = os.WriteFile(filepath.Join(linkDir, n), []byte(filepath.Base(n)), os.ModePerm) + require.NoError(t, err) + } installer := &LocalInstaller{ InstallDir: versionsDir, @@ -269,19 +372,50 @@ func TestLocalInstaller_Link(t *testing.T) { Log: slog.Default(), } ctx := context.Background() - err = installer.Link(ctx, version) + revert, err := installer.Link(ctx, version) if tt.errMatch != "" { require.Error(t, err) assert.Contains(t, err.Error(), tt.errMatch) + + // verify automatic revert + for _, link := range tt.existingLinks { + v, err := os.Readlink(filepath.Join(linkDir, link)) + require.NoError(t, err) + require.Equal(t, filepath.Base(link)+".old", v) + } + for _, n := range tt.existingFiles { + v, err := os.ReadFile(filepath.Join(linkDir, n)) + require.NoError(t, err) + require.Equal(t, filepath.Base(n), string(v)) + } + + // ensure revert still succeeds + ok := revert(ctx) + require.True(t, ok) return } require.NoError(t, err) - for _, link := range tt.links { + // verify links + for _, link := range tt.resultLinks { v, err := os.ReadFile(filepath.Join(linkDir, link)) require.NoError(t, err) require.Equal(t, filepath.Base(link), string(v)) } + + // verify manual revert + ok := revert(ctx) + require.True(t, ok) + for _, link := range tt.existingLinks { + v, err := os.Readlink(filepath.Join(linkDir, link)) + require.NoError(t, err) + require.Equal(t, filepath.Base(link)+".old", v) + } + for _, n := range tt.existingFiles { + v, err := os.ReadFile(filepath.Join(linkDir, n)) + require.NoError(t, err) + require.Equal(t, filepath.Base(n), string(v)) + } }) } } @@ -397,7 +531,7 @@ func TestLocalInstaller_Remove(t *testing.T) { ctx := context.Background() if tt.linkedVersion != "" { - err = installer.Link(ctx, tt.linkedVersion) + _, err = installer.Link(ctx, tt.linkedVersion) require.NoError(t, err) } err = installer.Remove(ctx, tt.removeVersion) diff --git a/lib/autoupdate/agent/process.go b/lib/autoupdate/agent/process.go new file mode 100644 index 0000000000000..eba70aa56a690 --- /dev/null +++ b/lib/autoupdate/agent/process.go @@ -0,0 +1,179 @@ +/* + * Teleport + * Copyright (C) 2024 Gravitational, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package agent + +import ( + "bytes" + "context" + "errors" + "log/slog" + "os" + "os/exec" + + "github.com/gravitational/trace" +) + +// SystemdService manages a Teleport systemd service. +type SystemdService struct { + // ServiceName specifies the systemd service name. + ServiceName string + // Log contains a logger. + Log *slog.Logger +} + +// Reload a systemd service. +// Attempts a graceful reload before a hard restart. +// See Process interface for more details. +func (s SystemdService) Reload(ctx context.Context) error { + if err := s.checkSystem(ctx); err != nil { + return trace.Wrap(err) + } + // Command error codes < 0 indicate that we are unable to run the command. + // Errors from s.systemctl are logged along with stderr and stdout (debug only). + + // If the service is not running, return ErrNotNeeded. + // Note systemctl reload returns an error if the unit is not active, and + // try-reload-or-restart is too recent of an addition for centos7. + code := s.systemctl(ctx, slog.LevelDebug, "is-active", "--quiet", s.ServiceName) + switch { + case code < 0: + return trace.Errorf("unable to determine if systemd service is active") + case code > 0: + s.Log.WarnContext(ctx, "Teleport systemd service not running.") + return trace.Wrap(ErrNotNeeded) + } + // Attempt graceful reload of running service. + code = s.systemctl(ctx, slog.LevelError, "reload", s.ServiceName) + switch { + case code < 0: + return trace.Errorf("unable to attempt reload of Teleport systemd service") + case code > 0: + // Graceful reload fails, try hard restart. + code = s.systemctl(ctx, slog.LevelError, "try-restart", s.ServiceName) + if code != 0 { + return trace.Errorf("hard restart of Teleport systemd service failed") + } + s.Log.WarnContext(ctx, "Teleport ungracefully restarted. Connections potentially dropped.") + default: + s.Log.InfoContext(ctx, "Teleport gracefully reloaded.") + } + + // TODO(sclevine): Ensure restart was successful and verify healthcheck. + + return nil +} + +// Sync systemd service configuration by running systemctl daemon-reload. +// See Process interface for more details. +func (s SystemdService) Sync(ctx context.Context) error { + if err := s.checkSystem(ctx); err != nil { + return trace.Wrap(err) + } + code := s.systemctl(ctx, slog.LevelError, "daemon-reload") + if code != 0 { + return trace.Errorf("unable to reload systemd configuration") + } + return nil +} + +// checkSystem returns an error if the system is not compatible with this process manager. +func (s SystemdService) checkSystem(ctx context.Context) error { + _, err := os.Stat("/run/systemd/system") + if errors.Is(err, os.ErrNotExist) { + s.Log.ErrorContext(ctx, "This system does not support systemd, which is required by the updater.") + return trace.Wrap(ErrNotSupported) + } + return trace.Wrap(err) +} + +// systemctl returns a systemctl subcommand, converting the output to logs. +// Output sent to stdout is logged at debug level. +// Output sent to stderr is logged at the level specified by errLevel. +func (s SystemdService) systemctl(ctx context.Context, errLevel slog.Level, args ...string) int { + cmd := exec.CommandContext(ctx, "systemctl", args...) + stderr := &lineLogger{ctx: ctx, log: s.Log, level: errLevel} + stdout := &lineLogger{ctx: ctx, log: s.Log, level: slog.LevelDebug} + cmd.Stderr = stderr + cmd.Stdout = stdout + err := cmd.Run() + stderr.Flush() + stdout.Flush() + code := cmd.ProcessState.ExitCode() + + // Treat out-of-range exit code (255) as an error executing the command. + // This allows callers to treat codes that are more likely OS-related as execution errors + // instead of intentionally returned error codes. + if code == 255 { + code = -1 + } + if err != nil { + s.Log.Log(ctx, errLevel, "Failed to run systemctl.", + "args", args, + "code", code, + "error", err) + } + return code +} + +// lineLogger logs each line written to it. +type lineLogger struct { + ctx context.Context + log *slog.Logger + level slog.Level + + last bytes.Buffer +} + +func (w *lineLogger) Write(p []byte) (n int, err error) { + lines := bytes.Split(p, []byte("\n")) + // Finish writing line + if len(lines) > 0 { + n, err = w.last.Write(lines[0]) + lines = lines[1:] + } + // Quit if no newline + if len(lines) == 0 || err != nil { + return n, trace.Wrap(err) + } + + // Newline found, log line + w.log.Log(w.ctx, w.level, w.last.String()) //nolint:sloglint // msg cannot be constant + n += 1 + w.last.Reset() + + // Log lines that are already newline-terminated + for _, line := range lines[:len(lines)-1] { + w.log.Log(w.ctx, w.level, string(line)) //nolint:sloglint // msg cannot be constant + n += len(line) + 1 + } + + // Store remaining line non-newline-terminated line. + n2, err := w.last.Write(lines[len(lines)-1]) + n += n2 + return n, trace.Wrap(err) +} + +// Flush logs any trailing bytes that were never terminated with a newline. +func (w *lineLogger) Flush() { + if w.last.Len() == 0 { + return + } + w.log.Log(w.ctx, w.level, w.last.String()) //nolint:sloglint // msg cannot be constant + w.last.Reset() +} diff --git a/lib/autoupdate/agent/process_test.go b/lib/autoupdate/agent/process_test.go new file mode 100644 index 0000000000000..5ffa70dd0091e --- /dev/null +++ b/lib/autoupdate/agent/process_test.go @@ -0,0 +1,71 @@ +/* + * Teleport + * Copyright (C) 2024 Gravitational, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package agent + +import ( + "bytes" + "context" + "log/slog" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestLineLogger(t *testing.T) { + t.Parallel() + + out := &bytes.Buffer{} + ll := lineLogger{ + ctx: context.Background(), + log: slog.New(slog.NewTextHandler(out, + &slog.HandlerOptions{ReplaceAttr: msgOnly}, + )), + } + + for _, e := range []struct { + v string + n int + }{ + {v: "", n: 0}, + {v: "a", n: 1}, + {v: "b\n", n: 2}, + {v: "c\nd", n: 3}, + {v: "e\nf\ng", n: 5}, + {v: "h", n: 1}, + {v: "", n: 0}, + {v: "\n", n: 1}, + {v: "i\n", n: 2}, + {v: "j", n: 1}, + } { + n, err := ll.Write([]byte(e.v)) + require.NoError(t, err) + require.Equal(t, e.n, n) + } + require.Equal(t, "msg=ab\nmsg=c\nmsg=de\nmsg=f\nmsg=gh\nmsg=i\n", out.String()) + ll.Flush() + require.Equal(t, "msg=ab\nmsg=c\nmsg=de\nmsg=f\nmsg=gh\nmsg=i\nmsg=j\n", out.String()) +} + +func msgOnly(_ []string, a slog.Attr) slog.Attr { + switch a.Key { + case "time", "level": + return slog.Attr{} + } + return slog.Attr{Key: a.Key, Value: a.Value} +} diff --git a/lib/autoupdate/agent/updater.go b/lib/autoupdate/agent/updater.go index 7071f16e42d15..b82c3c6d419cb 100644 --- a/lib/autoupdate/agent/updater.go +++ b/lib/autoupdate/agent/updater.go @@ -135,6 +135,10 @@ func NewLocalUpdater(cfg LocalUpdaterConfig) (*Updater, error) { ReservedFreeTmpDisk: reservedFreeDisk, ReservedFreeInstallDisk: reservedFreeDisk, }, + Process: &SystemdService{ + ServiceName: "teleport.service", + Log: cfg.Log, + }, }, nil } @@ -166,26 +170,58 @@ type Updater struct { ConfigPath string // Installer manages installations of the Teleport agent. Installer Installer + // Process manages a running instance of Teleport. + Process Process } // Installer provides an API for installing Teleport agents. type Installer interface { // Install the Teleport agent at version from the download template. - // This function must be idempotent. + // Install must be idempotent. Install(ctx context.Context, version, template string, flags InstallFlags) error - // Link the Teleport agent at version into the system location. - // This function must be idempotent. - Link(ctx context.Context, version string) error + // Link the Teleport agent at the specified version into the system location. + // The revert function must restore the previous linking, returning false on any failure. + // Link must be idempotent. + // Link's revert function must be idempotent. + Link(ctx context.Context, version string) (revert func(context.Context) bool, err error) // List the installed versions of Teleport. List(ctx context.Context) (versions []string, err error) // Remove the Teleport agent at version. - // This function must be idempotent. + // Must return ErrLinked if unable to remove due to being linked. + // Remove must be idempotent. Remove(ctx context.Context, version string) error } +var ( + // ErrLinked is returned when a linked version cannot be operated on. + ErrLinked = errors.New("version is linked") + // ErrNotNeeded is returned when the operation is not needed. + ErrNotNeeded = errors.New("not needed") + // ErrNotSupported is returned when the operation is not supported on the platform. + ErrNotSupported = errors.New("not supported on this platform") +) + +// Process provides an API for interacting with a running Teleport process. +type Process interface { + // Reload must reload the Teleport process as gracefully as possible. + // If the process is not healthy after reloading, Reload must return an error. + // If the process did not require reloading, Reload must return ErrNotNeeded. + // E.g., if the process is not enabled, or it was already reloaded after the last Sync. + // If the type implementing Process does not support the system process manager, + // Reload must return ErrNotSupported. + Reload(ctx context.Context) error + // Sync must validate and synchronize process configuration. + // After the linked Teleport installation is changed, failure to call Sync without + // error before Reload may result in undefined behavior. + // If the type implementing Process does not support the system process manager, + // Sync must return ErrNotSupported. + Sync(ctx context.Context) error +} + // InstallFlags sets flags for the Teleport installation type InstallFlags int +// TODO(sclevine): add flags for need_restart and selinux config const ( // FlagEnterprise installs enterprise Teleport FlagEnterprise InstallFlags = 1 << iota @@ -215,30 +251,20 @@ type OverrideConfig struct { // This function is idempotent. func (u *Updater) Enable(ctx context.Context, override OverrideConfig) error { // Read configuration from update.yaml and override any new values passed as flags. - cfg, err := u.readConfig(u.ConfigPath) + cfg, err := readConfig(u.ConfigPath) if err != nil { return trace.Errorf("failed to read %s: %w", updateConfigName, err) } - if override.Proxy != "" { - cfg.Spec.Proxy = override.Proxy - } - if override.Group != "" { - cfg.Spec.Group = override.Group - } - if override.URLTemplate != "" { - cfg.Spec.URLTemplate = override.URLTemplate - } - cfg.Spec.Enabled = true - if err := validateUpdatesSpec(&cfg.Spec); err != nil { + if err := validateConfigSpec(&cfg.Spec, override); err != nil { return trace.Wrap(err) } // Lookup target version from the proxy. + addr, err := libutils.ParseAddr(cfg.Spec.Proxy) if err != nil { return trace.Errorf("failed to parse proxy server address: %w", err) } - desiredVersion := override.ForceVersion var flags InstallFlags if desiredVersion == "" { @@ -278,7 +304,9 @@ func (u *Updater) Enable(ctx context.Context, override OverrideConfig) error { u.Log.WarnContext(ctx, "Failed to remove backup version of Teleport before new install.", "error", err) } } - // If the active version and target don't match, kick off upgrade. + + // Install the desired version (or validate existing installation) + template := cfg.Spec.URLTemplate if template == "" { template = cdnURITemplate @@ -287,14 +315,55 @@ func (u *Updater) Enable(ctx context.Context, override OverrideConfig) error { if err != nil { return trace.Errorf("failed to install: %w", err) } - err = u.Installer.Link(ctx, desiredVersion) + revert, err := u.Installer.Link(ctx, desiredVersion) if err != nil { return trace.Errorf("failed to link: %w", err) } + + // If we fail to revert after this point, the next update/enable will + // fix the link to restore the active version. + + // Sync process configuration after linking. + + if err := u.Process.Sync(ctx); err != nil { + if errors.Is(err, context.Canceled) { + return trace.Errorf("sync canceled") + } + // If sync fails, we may have left the host in a bad state, so we revert linking and re-Sync. + u.Log.ErrorContext(ctx, "Reverting symlinks due to invalid configuration.") + if ok := revert(ctx); !ok { + u.Log.ErrorContext(ctx, "Failed to revert Teleport symlinks. Installation likely broken.") + } else if err := u.Process.Sync(ctx); err != nil { + u.Log.ErrorContext(ctx, "Failed to sync configuration after failed restart.", "error", err) + } + u.Log.WarnContext(ctx, "Teleport updater encountered a configuration error and successfully reverted the installation.") + + return trace.Errorf("failed to validate configuration for new version %q of Teleport: %w", desiredVersion, err) + } + + // Restart Teleport if necessary. + if cfg.Status.ActiveVersion != desiredVersion { + u.Log.InfoContext(ctx, "Target version successfully installed.", "version", desiredVersion) + if err := u.Process.Reload(ctx); err != nil && !errors.Is(err, ErrNotNeeded) { + if errors.Is(err, context.Canceled) { + return trace.Errorf("reload canceled") + } + // If reloading Teleport at the new version fails, revert, resync, and reload. + u.Log.ErrorContext(ctx, "Reverting symlinks due to failed restart.") + if ok := revert(ctx); !ok { + u.Log.ErrorContext(ctx, "Failed to revert Teleport symlinks to older version. Installation likely broken.") + } else if err := u.Process.Sync(ctx); err != nil { + u.Log.ErrorContext(ctx, "Invalid configuration found after reverting Teleport to older version. Installation likely broken.", "error", err) + } else if err := u.Process.Reload(ctx); err != nil && !errors.Is(err, ErrNotNeeded) { + u.Log.ErrorContext(ctx, "Failed to revert Teleport to older version. Installation likely broken.", "error", err) + } + u.Log.WarnContext(ctx, "Teleport updater encountered a configuration error and successfully reverted the installation.") + + return trace.Errorf("failed to start new version %q of Teleport: %w", desiredVersion, err) + } cfg.Status.BackupVersion = cfg.Status.ActiveVersion cfg.Status.ActiveVersion = desiredVersion - u.Log.InfoContext(ctx, "Target version successfully installed.", "version", desiredVersion) } else { u.Log.InfoContext(ctx, "Target version successfully validated.", "version", desiredVersion) } @@ -302,6 +371,8 @@ func (u *Updater) Enable(ctx context.Context, override OverrideConfig) error { u.Log.InfoContext(ctx, "Backup version set.", "version", v) } + // Check if manual cleanup might be needed. + versions, err := u.Installer.List(ctx) if err != nil { return trace.Errorf("failed to list installed versions: %w", err) @@ -311,29 +382,19 @@ func (u *Updater) Enable(ctx context.Context, override OverrideConfig) error { } // Always write the configuration file if enable succeeds. - if err := u.writeConfig(u.ConfigPath, cfg); err != nil { + + cfg.Spec.Enabled = true + if err := writeConfig(u.ConfigPath, cfg); err != nil { return trace.Errorf("failed to write %s: %w", updateConfigName, err) } u.Log.InfoContext(ctx, "Configuration updated.") return nil } -func validateUpdatesSpec(spec *UpdateSpec) error { - if spec.URLTemplate != "" && - !strings.HasPrefix(strings.ToLower(spec.URLTemplate), "https://") { - return trace.Errorf("Teleport download URL must use TLS (https://)") - } - - if spec.Proxy == "" { - return trace.Errorf("Teleport proxy URL must be specified with --proxy or present in %s", updateConfigName) - } - return nil -} - // Disable disables agent auto-updates. // This function is idempotent. func (u *Updater) Disable(ctx context.Context) error { - cfg, err := u.readConfig(u.ConfigPath) + cfg, err := readConfig(u.ConfigPath) if err != nil { return trace.Errorf("failed to read %s: %w", updateConfigName, err) } @@ -342,14 +403,14 @@ func (u *Updater) Disable(ctx context.Context) error { return nil } cfg.Spec.Enabled = false - if err := u.writeConfig(u.ConfigPath, cfg); err != nil { + if err := writeConfig(u.ConfigPath, cfg); err != nil { return trace.Errorf("failed to write %s: %w", updateConfigName, err) } return nil } // readConfig reads UpdateConfig from a file. -func (*Updater) readConfig(path string) (*UpdateConfig, error) { +func readConfig(path string) (*UpdateConfig, error) { f, err := os.Open(path) if errors.Is(err, fs.ErrNotExist) { return &UpdateConfig{ @@ -375,7 +436,7 @@ func (*Updater) readConfig(path string) (*UpdateConfig, error) { } // writeConfig writes UpdateConfig to a file atomically, ensuring the file cannot be corrupted. -func (*Updater) writeConfig(filename string, cfg *UpdateConfig) error { +func writeConfig(filename string, cfg *UpdateConfig) error { opts := []renameio.Option{ renameio.WithPermissions(0755), renameio.WithExistingPermissions(), @@ -391,3 +452,23 @@ func (*Updater) writeConfig(filename string, cfg *UpdateConfig) error { } return trace.Wrap(t.CloseAtomicallyReplace()) } + +func validateConfigSpec(spec *UpdateSpec, override OverrideConfig) error { + if override.Proxy != "" { + spec.Proxy = override.Proxy + } + if override.Group != "" { + spec.Group = override.Group + } + if override.URLTemplate != "" { + spec.URLTemplate = override.URLTemplate + } + if spec.URLTemplate != "" && + !strings.HasPrefix(strings.ToLower(spec.URLTemplate), "https://") { + return trace.Errorf("Teleport download URL must use TLS (https://)") + } + if spec.Proxy == "" { + return trace.Errorf("Teleport proxy URL must be specified with --proxy or present in %s", updateConfigName) + } + return nil +} diff --git a/lib/autoupdate/agent/updater_test.go b/lib/autoupdate/agent/updater_test.go index e817851fed1f7..8cefd3a59e3e7 100644 --- a/lib/autoupdate/agent/updater_test.go +++ b/lib/autoupdate/agent/updater_test.go @@ -132,11 +132,16 @@ func TestUpdater_Enable(t *testing.T) { userCfg OverrideConfig installErr error flags InstallFlags + syncErr error + reloadErr error removedVersion string installedVersion string installedTemplate string requestGroup string + syncCalls int + reloadCalls int + revertCalls int errMatch string }{ { @@ -152,9 +157,12 @@ func TestUpdater_Enable(t *testing.T) { ActiveVersion: "old-version", }, }, + installedVersion: "16.3.0", installedTemplate: "https://example.com", requestGroup: "group", + syncCalls: 1, + reloadCalls: 1, }, { name: "config from user", @@ -174,8 +182,11 @@ func TestUpdater_Enable(t *testing.T) { URLTemplate: "https://example.com/new", ForceVersion: "new-version", }, + installedVersion: "new-version", installedTemplate: "https://example.com/new", + syncCalls: 1, + reloadCalls: 1, }, { name: "already enabled", @@ -189,8 +200,11 @@ func TestUpdater_Enable(t *testing.T) { ActiveVersion: "old-version", }, }, + installedVersion: "16.3.0", installedTemplate: cdnURITemplate, + syncCalls: 1, + reloadCalls: 1, }, { name: "insecure URL", @@ -201,6 +215,7 @@ func TestUpdater_Enable(t *testing.T) { URLTemplate: "http://example.com", }, }, + errMatch: "URL must use TLS", }, { @@ -213,7 +228,8 @@ func TestUpdater_Enable(t *testing.T) { }, }, installErr: errors.New("install error"), - errMatch: "install error", + + errMatch: "install error", }, { name: "version already installed", @@ -224,8 +240,11 @@ func TestUpdater_Enable(t *testing.T) { ActiveVersion: "16.3.0", }, }, + installedVersion: "16.3.0", installedTemplate: cdnURITemplate, + syncCalls: 1, + reloadCalls: 0, }, { name: "backup version removed on install", @@ -237,9 +256,12 @@ func TestUpdater_Enable(t *testing.T) { BackupVersion: "backup-version", }, }, + installedVersion: "16.3.0", installedTemplate: cdnURITemplate, removedVersion: "backup-version", + syncCalls: 1, + reloadCalls: 1, }, { name: "backup version kept for validation", @@ -251,26 +273,56 @@ func TestUpdater_Enable(t *testing.T) { BackupVersion: "backup-version", }, }, + installedVersion: "16.3.0", installedTemplate: cdnURITemplate, removedVersion: "", + syncCalls: 1, + reloadCalls: 0, }, { - name: "config does not exist", + name: "config does not exist", + installedVersion: "16.3.0", installedTemplate: cdnURITemplate, + syncCalls: 1, + reloadCalls: 1, }, { name: "FIPS and Enterprise flags", flags: FlagEnterprise | FlagFIPS, installedVersion: "16.3.0", installedTemplate: cdnURITemplate, + syncCalls: 1, + reloadCalls: 1, }, { name: "invalid metadata", cfg: &UpdateConfig{}, errMatch: "invalid", }, + { + name: "sync fails", + syncErr: errors.New("sync error"), + + installedVersion: "16.3.0", + installedTemplate: cdnURITemplate, + syncCalls: 2, + reloadCalls: 0, + revertCalls: 1, + errMatch: "sync error", + }, + { + name: "reload fails", + reloadErr: errors.New("reload error"), + + installedVersion: "16.3.0", + installedTemplate: cdnURITemplate, + syncCalls: 2, + reloadCalls: 2, + revertCalls: 1, + errMatch: "reload error", + }, } for _, tt := range tests { @@ -320,6 +372,7 @@ func TestUpdater_Enable(t *testing.T) { linkedVersion string removedVersion string installedFlags InstallFlags + revertCalls int ) updater.Installer = &testInstaller{ FuncInstall: func(_ context.Context, version, template string, flags InstallFlags) error { @@ -328,9 +381,12 @@ func TestUpdater_Enable(t *testing.T) { installedFlags = flags return tt.installErr }, - FuncLink: func(_ context.Context, version string) error { + FuncLink: func(_ context.Context, version string) (revert func(context.Context) bool, err error) { linkedVersion = version - return nil + return func(_ context.Context) bool { + revertCalls++ + return true + }, nil }, FuncList: func(_ context.Context) (versions []string, err error) { return []string{"old"}, nil @@ -340,6 +396,20 @@ func TestUpdater_Enable(t *testing.T) { return nil }, } + var ( + syncCalls int + reloadCalls int + ) + updater.Process = &testProcess{ + FuncSync: func(_ context.Context) error { + syncCalls++ + return tt.syncErr + }, + FuncReload: func(_ context.Context) error { + reloadCalls++ + return tt.reloadErr + }, + } ctx := context.Background() err = updater.Enable(ctx, tt.userCfg) @@ -355,6 +425,9 @@ func TestUpdater_Enable(t *testing.T) { require.Equal(t, tt.removedVersion, removedVersion) require.Equal(t, tt.flags, installedFlags) require.Equal(t, tt.requestGroup, requestedGroup) + require.Equal(t, tt.syncCalls, syncCalls) + require.Equal(t, tt.reloadCalls, reloadCalls) + require.Equal(t, tt.revertCalls, revertCalls) data, err := os.ReadFile(cfgPath) require.NoError(t, err) @@ -377,7 +450,7 @@ func blankTestAddr(s []byte) []byte { type testInstaller struct { FuncInstall func(ctx context.Context, version, template string, flags InstallFlags) error FuncRemove func(ctx context.Context, version string) error - FuncLink func(ctx context.Context, version string) error + FuncLink func(ctx context.Context, version string) (revert func(context.Context) bool, err error) FuncList func(ctx context.Context) (versions []string, err error) } @@ -389,10 +462,23 @@ func (ti *testInstaller) Remove(ctx context.Context, version string) error { return ti.FuncRemove(ctx, version) } -func (ti *testInstaller) Link(ctx context.Context, version string) error { +func (ti *testInstaller) Link(ctx context.Context, version string) (revert func(context.Context) bool, err error) { return ti.FuncLink(ctx, version) } func (ti *testInstaller) List(ctx context.Context) (versions []string, err error) { return ti.FuncList(ctx) } + +type testProcess struct { + FuncReload func(ctx context.Context) error + FuncSync func(ctx context.Context) error +} + +func (tp *testProcess) Reload(ctx context.Context) error { + return tp.FuncReload(ctx) +} + +func (tp *testProcess) Sync(ctx context.Context) error { + return tp.FuncSync(ctx) +} diff --git a/lib/utils/unpack.go b/lib/utils/unpack.go index 78b111daf8992..14b213f08a173 100644 --- a/lib/utils/unpack.go +++ b/lib/utils/unpack.go @@ -50,7 +50,8 @@ func Extract(r io.Reader, dir string, paths ...ExtractPath) error { } else if err != nil { return trace.Wrap(err) } - if ok := filterHeader(header, paths); !ok { + dirMode, ok := filterHeader(header, paths) + if !ok { continue } err = sanitizeTarPath(header, dir) @@ -58,7 +59,7 @@ func Extract(r io.Reader, dir string, paths ...ExtractPath) error { return trace.Wrap(err) } - if err := extractFile(tarball, header, dir); err != nil { + if err := extractFile(tarball, header, dir, dirMode); err != nil { return trace.Wrap(err) } } @@ -74,11 +75,15 @@ type ExtractPath struct { Src, Dst string // Skip extracting the Src path and ignore Dst. Skip bool + // DirMode is the file mode for implicit parent directories in Dst. + DirMode os.FileMode } // filterHeader modifies the tar header by filtering it through the ExtractPaths. // filterHeader returns false if the tar header should be skipped. -func filterHeader(hdr *tar.Header, paths []ExtractPath) (include bool) { +// If no paths are provided, filterHeader assumes the header should be included, and sets +// the mode for implicit parent directories to teleport.DirMaskSharedGroup. +func filterHeader(hdr *tar.Header, paths []ExtractPath) (dirMode os.FileMode, include bool) { name := path.Clean(hdr.Name) for _, p := range paths { src := path.Clean(p.Src) @@ -98,14 +103,14 @@ func filterHeader(hdr *tar.Header, paths []ExtractPath) (include bool) { dst += "/" // tar directory headers end in / } hdr.Name = dst - return !p.Skip + return p.DirMode, !p.Skip default: // If name is a file, then // if src is an exact match to the file name, assume src is a file and write directly to dst, // otherwise, assume src is a directory prefix, and replace that prefix with dst. if src == name { hdr.Name = path.Clean(p.Dst) - return !p.Skip + return p.DirMode, !p.Skip } if src != "/" { src += "/" // ensure HasPrefix does not match partial names @@ -114,26 +119,26 @@ func filterHeader(hdr *tar.Header, paths []ExtractPath) (include bool) { continue } hdr.Name = path.Join(p.Dst, strings.TrimPrefix(name, src)) - return !p.Skip + return p.DirMode, !p.Skip } } - return len(paths) == 0 + return teleport.DirMaskSharedGroup, len(paths) == 0 } // extractFile extracts a single file or directory from tarball into dir. // Uses header to determine the type of item to create // Based on https://github.com/mholt/archiver -func extractFile(tarball *tar.Reader, header *tar.Header, dir string) error { +func extractFile(tarball *tar.Reader, header *tar.Header, dir string, dirMode os.FileMode) error { switch header.Typeflag { case tar.TypeDir: - return withDir(filepath.Join(dir, header.Name), nil) + return withDir(filepath.Join(dir, header.Name), dirMode, nil) case tar.TypeBlock, tar.TypeChar, tar.TypeReg, tar.TypeFifo: - return writeFile(filepath.Join(dir, header.Name), tarball, header.FileInfo().Mode()) + return writeFile(filepath.Join(dir, header.Name), tarball, header.FileInfo().Mode(), dirMode) case tar.TypeLink: - return writeHardLink(filepath.Join(dir, header.Name), filepath.Join(dir, header.Linkname)) + return writeHardLink(filepath.Join(dir, header.Name), filepath.Join(dir, header.Linkname), dirMode) case tar.TypeSymlink: - return writeSymbolicLink(filepath.Join(dir, header.Name), header.Linkname) + return writeSymbolicLink(filepath.Join(dir, header.Name), header.Linkname, dirMode) default: log.Warnf("Unsupported type flag %v for %v.", header.Typeflag, header.Name) } @@ -168,8 +173,8 @@ func sanitizeTarPath(header *tar.Header, dir string) error { return nil } -func writeFile(path string, r io.Reader, mode os.FileMode) error { - err := withDir(path, func() error { +func writeFile(path string, r io.Reader, mode, dirMode os.FileMode) error { + err := withDir(path, dirMode, func() error { // Create file only if it does not exist to prevent overwriting existing // files (like session recordings). out, err := os.OpenFile(path, os.O_CREATE|os.O_EXCL|os.O_WRONLY, mode) @@ -182,24 +187,24 @@ func writeFile(path string, r io.Reader, mode os.FileMode) error { return trace.Wrap(err) } -func writeSymbolicLink(path string, target string) error { - err := withDir(path, func() error { +func writeSymbolicLink(path, target string, dirMode os.FileMode) error { + err := withDir(path, dirMode, func() error { err := os.Symlink(target, path) return trace.ConvertSystemError(err) }) return trace.Wrap(err) } -func writeHardLink(path string, target string) error { - err := withDir(path, func() error { +func writeHardLink(path, target string, dirMode os.FileMode) error { + err := withDir(path, dirMode, func() error { err := os.Link(target, path) return trace.ConvertSystemError(err) }) return trace.Wrap(err) } -func withDir(path string, fn func() error) error { - err := os.MkdirAll(filepath.Dir(path), teleport.DirMaskSharedGroup) +func withDir(path string, mode os.FileMode, fn func() error) error { + err := os.MkdirAll(filepath.Dir(path), mode) if err != nil { return trace.ConvertSystemError(err) } diff --git a/tool/teleport-update/main.go b/tool/teleport-update/main.go index 300da6736471a..2adce83a1877c 100644 --- a/tool/teleport-update/main.go +++ b/tool/teleport-update/main.go @@ -61,6 +61,8 @@ const ( versionsDirName = "versions" // lockFileName specifies the name of the file inside versionsDirName containing the flock lock preventing concurrent updater execution. lockFileName = ".lock" + // defaultLinkDir is the default location where Teleport binaries and services are linked. + defaultLinkDir = "/usr/local" ) var plog = logutils.NewPackageLogger(teleport.ComponentKey, teleport.ComponentUpdater) @@ -98,7 +100,7 @@ func Run(args []string) error { app.Flag("log-format", "Controls the format of output logs. Can be `json` or `text`. Defaults to `text`."). Default(libutils.LogFormatText).EnumVar(&ccfg.LogFormat, libutils.LogFormatJSON, libutils.LogFormatText) app.Flag("link-dir", "Directory to create system symlinks to binaries and services."). - Default(filepath.Join("usr", "local")).Hidden().StringVar(&ccfg.LinkDir) + Default(defaultLinkDir).Hidden().StringVar(&ccfg.LinkDir) app.HelpFlag.Short('h') From b0a9be40d66fd7b353c6cadeaf5eb28bca4a59ff Mon Sep 17 00:00:00 2001 From: Alan Parra Date: Mon, 4 Nov 2024 18:53:28 -0300 Subject: [PATCH 06/17] chore: Bump (more) go root dependencies (#48405) --- go.mod | 4 ++-- go.sum | 8 ++++---- integrations/event-handler/go.mod | 4 ++-- integrations/event-handler/go.sum | 8 ++++---- integrations/terraform/go.mod | 4 ++-- integrations/terraform/go.sum | 8 ++++---- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 246bc1db26c1a..4541399d2bd9c 100644 --- a/go.mod +++ b/go.mod @@ -219,7 +219,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 - helm.sh/helm/v3 v3.16.1 + helm.sh/helm/v3 v3.16.2 k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 @@ -230,7 +230,7 @@ require ( k8s.io/klog/v2 v2.130.1 k8s.io/kubectl v0.31.1 k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 - sigs.k8s.io/controller-runtime v0.19.0 + sigs.k8s.io/controller-runtime v0.19.1 sigs.k8s.io/controller-tools v0.16.3 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 diff --git a/go.sum b/go.sum index acb7fc749f668..e1626f33fbcba 100644 --- a/go.sum +++ b/go.sum @@ -3121,8 +3121,8 @@ gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ= gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY= -helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c= -helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps= +helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= +helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -3199,8 +3199,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= -sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= +sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/controller-tools v0.16.3 h1:z48C5/d4jCVQQvtiSBL5MYyZ3EO2eFIOXrIKMgHVhFY= sigs.k8s.io/controller-tools v0.16.3/go.mod h1:AEj6k+w1kYpLZv2einOH3mj52ips4W/6FUjnB5tkJGs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/integrations/event-handler/go.mod b/integrations/event-handler/go.mod index e21be08740428..6d4d6214d6455 100644 --- a/integrations/event-handler/go.mod +++ b/integrations/event-handler/go.mod @@ -300,7 +300,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - helm.sh/helm/v3 v3.16.1 // indirect + helm.sh/helm/v3 v3.16.2 // indirect k8s.io/api v0.31.1 // indirect k8s.io/apiextensions-apiserver v0.31.1 // indirect k8s.io/apimachinery v0.31.1 // indirect @@ -314,7 +314,7 @@ require ( k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect mvdan.cc/sh/v3 v3.7.0 // indirect oras.land/oras-go v1.2.5 // indirect - sigs.k8s.io/controller-runtime v0.19.0 // indirect + sigs.k8s.io/controller-runtime v0.19.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.17.2 // indirect sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect diff --git a/integrations/event-handler/go.sum b/integrations/event-handler/go.sum index 77a9519422e16..1d3412e92b549 100644 --- a/integrations/event-handler/go.sum +++ b/integrations/event-handler/go.sum @@ -2311,8 +2311,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c= -helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps= +helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= +helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2385,8 +2385,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= -sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= +sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= diff --git a/integrations/terraform/go.mod b/integrations/terraform/go.mod index d140d2b20e4de..005dd12da3370 100644 --- a/integrations/terraform/go.mod +++ b/integrations/terraform/go.mod @@ -369,7 +369,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - helm.sh/helm/v3 v3.16.1 // indirect + helm.sh/helm/v3 v3.16.2 // indirect k8s.io/api v0.31.1 // indirect k8s.io/apiextensions-apiserver v0.31.1 // indirect k8s.io/apimachinery v0.31.1 // indirect @@ -383,7 +383,7 @@ require ( k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect mvdan.cc/sh/v3 v3.7.0 // indirect oras.land/oras-go v1.2.5 // indirect - sigs.k8s.io/controller-runtime v0.19.0 // indirect + sigs.k8s.io/controller-runtime v0.19.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.17.2 // indirect sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect diff --git a/integrations/terraform/go.sum b/integrations/terraform/go.sum index 898202b177cfd..0d72dfd232e37 100644 --- a/integrations/terraform/go.sum +++ b/integrations/terraform/go.sum @@ -2729,8 +2729,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c= -helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps= +helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= +helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2803,8 +2803,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= -sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= +sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= From 5d7eb656126aa204c93f974436afb9547d5b0a7e Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Mon, 4 Nov 2024 17:07:23 -0500 Subject: [PATCH 07/17] Improve 'Please run' messages in the CI (#48365) * Improve 'Please run error' * add missing file * fix script * Apply suggestions from code review Co-authored-by: Alan Parra * address alan's feedback * Update Makefile Co-authored-by: Alan Parra * Update build.assets/please-run.sh Co-authored-by: Alan Parra --------- Co-authored-by: Alan Parra --- Makefile | 17 +++++---------- build.assets/please-run.sh | 40 ++++++++++++++++++++++++++++++++++ integrations/operator/Makefile | 3 +++ 3 files changed, 49 insertions(+), 11 deletions(-) create mode 100755 build.assets/please-run.sh diff --git a/Makefile b/Makefile index cf8a84ff571a9..fa991d2cc0cf1 100644 --- a/Makefile +++ b/Makefile @@ -1543,8 +1543,7 @@ derive: .PHONY: derive-up-to-date derive-up-to-date: must-start-clean/host derive @if ! git diff --quiet; then \ - echo 'Please run make derive.'; \ - git diff; \ + ./build.assets/please-run.sh "derived functions" "make derive"; \ exit 1; \ fi @@ -1579,15 +1578,14 @@ endif .PHONY: protos-up-to-date/host protos-up-to-date/host: must-start-clean/host grpc/host @if ! git diff --quiet; then \ - echo 'Please run make grpc.'; \ - git diff; \ + ./build.assets/please-run.sh "protos gRPC" "make grpc"; \ exit 1; \ fi .PHONY: must-start-clean/host must-start-clean/host: @if ! git diff --quiet; then \ - echo 'This must be run from a repo with no unstaged commits.'; \ + @echo 'This must be run from a repo with no unstaged commits.'; \ git diff; \ exit 1; \ fi @@ -1597,14 +1595,12 @@ must-start-clean/host: crds-up-to-date: must-start-clean/host $(MAKE) -C integrations/operator manifests @if ! git diff --quiet; then \ - echo 'Please run make -C integrations/operator manifests.'; \ - git diff; \ + ./build.assets/please-run.sh "operator CRD manifests" "make -C integrations/operator crd"; \ exit 1; \ fi $(MAKE) -C integrations/operator crd-docs @if ! git diff --quiet; then \ - echo 'Please run make -C integrations/operator crd-docs.'; \ - git diff; \ + ./build.assets/please-run.sh "operator CRD docs" "make -C integrations/operator crd"; \ exit 1; \ fi @@ -1613,8 +1609,7 @@ crds-up-to-date: must-start-clean/host terraform-resources-up-to-date: must-start-clean/host $(MAKE) -C integrations/terraform docs @if ! git diff --quiet; then \ - echo 'Please run make -C integrations/terraform docs.'; \ - git diff; \ + ./build.assets/please-run.sh "TF provider docs" "make -C integrations/terraform docs"; \ exit 1; \ fi diff --git a/build.assets/please-run.sh b/build.assets/please-run.sh new file mode 100755 index 0000000000000..236684efbb2b1 --- /dev/null +++ b/build.assets/please-run.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +# This script is a helper that tells developers what generated content is out of date +# and which command to run. +# When running on GitHub actions, the script will also create an error in the PR and +# collapse the diff to improve readability. + +set -eu + +# only echoes the string if we are in GitHub Actions +echo_gha() { + [ -n "${GITHUB_ACTIONS+x}" ] && echo "$@" +} + +main() { + if [ $# -ne 2 ]; then + echo "Usage: $0 " >&2 + exit 1 + fi + + KIND="$1" + GENERATE_COMMAND="$2" + + TITLE="$KIND are out-of-date" + MESSAGE="Please run the command \`$GENERATE_COMMAND\`" + + # Create a GitHub error + echo_gha "::error file=Makefile,title=$TITLE::$MESSAGE" + + echo "=============" + echo "$TITLE" + echo "$MESSAGE" + echo "=============" + + echo_gha "::group::Diff output" + git diff || true + echo_gha "::endgroup::" +} + +main "$@" \ No newline at end of file diff --git a/integrations/operator/Makefile b/integrations/operator/Makefile index d57f12e166a26..4073de70029df 100644 --- a/integrations/operator/Makefile +++ b/integrations/operator/Makefile @@ -72,6 +72,9 @@ help: ## Display this help. ##@ Development +.PHONY: crd ## Single command to generate anything CRD-related (manifests and docs) +crd: crdgen crd-docs + .PHONY: crdgen crdgen: ## Generate CRDs make -C crdgen From 809344c493e1c93084b10566918db46b8a9da262 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 4 Nov 2024 18:25:24 -0600 Subject: [PATCH 08/17] Add owner property to TrustedDevices type (#48408) This adds the owner property to our TrustedDevices type to support adding owner to our device trust table in `e` Adding as optional for now to not break `e` and will change after the `e` changes are in. --- web/packages/teleport/src/DeviceTrust/types.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/web/packages/teleport/src/DeviceTrust/types.ts b/web/packages/teleport/src/DeviceTrust/types.ts index f857fdde0a665..95d7b34de532a 100644 --- a/web/packages/teleport/src/DeviceTrust/types.ts +++ b/web/packages/teleport/src/DeviceTrust/types.ts @@ -23,6 +23,7 @@ export type TrustedDevice = { assetTag: string; osType: TrustedDeviceOSType; enrollStatus: string; + owner?: string; }; export type TrustedDeviceOSType = 'Windows' | 'Linux' | 'macOS'; From daf2bad647ffa91c21dde7d895f9e7b4b852590d Mon Sep 17 00:00:00 2001 From: Marco Dinis Date: Tue, 5 Nov 2024 08:14:34 +0000 Subject: [PATCH 09/17] Fix discover reporting for static matchers (#48156) Discovery Service now reports the status of the auto enrollment flows when the matchers come from a DiscoveryConfig resource. For static matchers, those in `teleport.yaml/discovery_service..` there's no status to write to. --- lib/srv/discovery/status.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/srv/discovery/status.go b/lib/srv/discovery/status.go index a3ff7bf8559ff..321619bb02636 100644 --- a/lib/srv/discovery/status.go +++ b/lib/srv/discovery/status.go @@ -44,6 +44,12 @@ import ( // - AWS Sync (TAG) status // - AWS EC2 Auto Discover status func (s *Server) updateDiscoveryConfigStatus(discoveryConfigName string) { + // Static configurations (ie those in `teleport.yaml/discovery_config..matchers`) do not have a DiscoveryConfig resource. + // Those are discarded because there's no Status to update. + if discoveryConfigName == "" { + return + } + discoveryConfigStatus := discoveryconfig.Status{ State: discoveryconfigv1.DiscoveryConfigState_DISCOVERY_CONFIG_STATE_SYNCING.String(), LastSyncTime: s.clock.Now(), From deba1e861d5bd8ac1e4eb585848df15cff92e083 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Cie=C5=9Blak?= Date: Tue, 5 Nov 2024 10:39:01 +0100 Subject: [PATCH 10/17] Connect: Replace legacy useStore hook with useStoreSelector in WorkspacesService (#48353) * Add useWorkspaceServiceState hook * Do trivial replacements of WorkspacesService.useState * Replace useState with useStoreSelector and actually select some state * Refactor useWorkspaceContext to use useStoreSelector * Remove WorkspaceContextProvider from connectMyComputerContext tests Workspace context is not used by connect my computer context. * Remove useState from WorkspacesService --- .../useAccessRequestCheckout.ts | 3 +- .../connectMyComputerContext.test.tsx | 30 ++++----- .../src/ui/Documents/workspaceContext.tsx | 37 ++++++++--- .../teleterm/src/ui/Search/SearchBar.tsx | 11 ++-- .../teleterm/src/ui/Search/SearchContext.tsx | 3 +- .../ui/Search/pickers/useDisplayResults.ts | 3 +- .../ShareFeedback/ShareFeedback.test.tsx | 61 +++++++++---------- .../ShareFeedback/useShareFeedback.ts | 12 ++-- .../useAccessRequestCheckoutButton.ts | 4 +- .../useActiveDocumentClusterBreadcrumbs.ts | 7 ++- .../teleterm/src/ui/TabHost/TabHost.test.tsx | 41 ++++++++++--- .../teleterm/src/ui/TabHost/TabHost.tsx | 12 +++- .../src/ui/TopBar/AdditionalActions.tsx | 3 +- .../src/ui/TopBar/Clusters/useClusters.ts | 3 +- .../src/ui/TopBar/Identity/useIdentity.ts | 3 +- .../teleterm/src/ui/hooks/useLoggedInUser.ts | 13 +++- .../teleterm/src/ui/hooks/useStoreSelector.ts | 12 ++++ .../workspacesService/workspacesService.ts | 22 +++++-- 18 files changed, 184 insertions(+), 96 deletions(-) diff --git a/web/packages/teleterm/src/ui/AccessRequestCheckout/useAccessRequestCheckout.ts b/web/packages/teleterm/src/ui/AccessRequestCheckout/useAccessRequestCheckout.ts index 4d70ada109b16..bbf092b32d565 100644 --- a/web/packages/teleterm/src/ui/AccessRequestCheckout/useAccessRequestCheckout.ts +++ b/web/packages/teleterm/src/ui/AccessRequestCheckout/useAccessRequestCheckout.ts @@ -33,6 +33,7 @@ import { useSpecifiableFields } from 'shared/components/AccessRequests/NewReques import { CreateRequest } from 'shared/components/AccessRequests/Shared/types'; import { useAppContext } from 'teleterm/ui/appContextProvider'; +import { useWorkspaceServiceState } from 'teleterm/ui/services/workspacesService'; import { PendingAccessRequest, extractResourceRequestProperties, @@ -54,7 +55,7 @@ import { makeUiAccessRequest } from '../DocumentAccessRequests/useAccessRequests export default function useAccessRequestCheckout() { const ctx = useAppContext(); - ctx.workspacesService.useState(); + useWorkspaceServiceState(); ctx.clustersService.useState(); const clusterUri = ctx.workspacesService?.getActiveWorkspace()?.localClusterUri; diff --git a/web/packages/teleterm/src/ui/ConnectMyComputer/connectMyComputerContext.test.tsx b/web/packages/teleterm/src/ui/ConnectMyComputer/connectMyComputerContext.test.tsx index 9bfe8e87e19c1..47f5e9efb4c69 100644 --- a/web/packages/teleterm/src/ui/ConnectMyComputer/connectMyComputerContext.test.tsx +++ b/web/packages/teleterm/src/ui/ConnectMyComputer/connectMyComputerContext.test.tsx @@ -18,13 +18,11 @@ import { EventEmitter } from 'node:events'; -import React from 'react'; import { act, renderHook, waitFor } from '@testing-library/react'; import { makeErrorAttempt } from 'shared/hooks/useAsync'; import { MockAppContextProvider } from 'teleterm/ui/fixtures/MockAppContextProvider'; import { MockAppContext } from 'teleterm/ui/fixtures/mocks'; -import { WorkspaceContextProvider } from 'teleterm/ui/Documents'; import { AgentProcessState } from 'teleterm/mainProcess/types'; import * as resourcesContext from 'teleterm/ui/DocumentCluster/resourcesContext'; import { @@ -90,13 +88,11 @@ function renderUseConnectMyComputerContextHook( return renderHook(() => useConnectMyComputerContext(), { wrapper: ({ children }) => ( - - - - {children} - - - + + + {children} + + ), }); @@ -322,15 +318,13 @@ describe('canUse', () => { const { result } = renderHook(() => useConnectMyComputerContext(), { wrapper: ({ children }) => ( - - - - {children} - - - + + + {children} + + ), }); diff --git a/web/packages/teleterm/src/ui/Documents/workspaceContext.tsx b/web/packages/teleterm/src/ui/Documents/workspaceContext.tsx index f3e89ee30c022..949ef3e96cefc 100644 --- a/web/packages/teleterm/src/ui/Documents/workspaceContext.tsx +++ b/web/packages/teleterm/src/ui/Documents/workspaceContext.tsx @@ -16,21 +16,27 @@ * along with this program. If not, see . */ -import React, { PropsWithChildren } from 'react'; +import { + FC, + PropsWithChildren, + useCallback, + useContext, + createContext, +} from 'react'; import { DocumentsService } from 'teleterm/ui/services/workspacesService'; import { AccessRequestsService } from 'teleterm/ui/services/workspacesService/accessRequestsService'; -import { useAppContext } from 'teleterm/ui/appContextProvider'; import { ClusterUri, RootClusterUri } from 'teleterm/ui/uri'; +import { useStoreSelector } from 'teleterm/ui/hooks/useStoreSelector'; -const WorkspaceContext = React.createContext<{ +const WorkspaceContext = createContext<{ rootClusterUri: RootClusterUri; localClusterUri: ClusterUri; documentsService: DocumentsService; accessRequestsService: AccessRequestsService; }>(null); -export const WorkspaceContextProvider: React.FC< +export const WorkspaceContextProvider: FC< PropsWithChildren<{ value: { rootClusterUri: RootClusterUri; @@ -40,12 +46,29 @@ export const WorkspaceContextProvider: React.FC< }; }> > = props => { + // Re-render the context provider whenever the state of the relevant workspace changes. The + // context provider cannot re-render only when its props change. + // For example, if a new document gets added, none of the props are going to change, but the + // callsite that uses useWorkspaceContext might want to get re-rendered in this case, as + // technically documentsService returned from useWorkspaceContext might return new state. + useStoreSelector( + 'workspacesService', + useCallback( + state => state.workspaces[props.value.rootClusterUri], + [props.value.rootClusterUri] + ) + ); return ; }; export const useWorkspaceContext = () => { - const ctx = useAppContext(); - ctx.workspacesService.useState(); + const context = useContext(WorkspaceContext); - return React.useContext(WorkspaceContext); + if (!context) { + throw new Error( + 'useWorkspaceContext must be used within a WorkspaceContextProvider' + ); + } + + return context; }; diff --git a/web/packages/teleterm/src/ui/Search/SearchBar.tsx b/web/packages/teleterm/src/ui/Search/SearchBar.tsx index 87f5c36264651..a25ef17f75aa6 100644 --- a/web/packages/teleterm/src/ui/Search/SearchBar.tsx +++ b/web/packages/teleterm/src/ui/Search/SearchBar.tsx @@ -16,7 +16,7 @@ * along with this program. If not, see . */ -import React, { useRef, useEffect } from 'react'; +import React, { useRef, useEffect, useCallback } from 'react'; import styled from 'styled-components'; import { Box, Flex } from 'design'; @@ -31,14 +31,17 @@ import { } from 'teleterm/ui/services/keyboardShortcuts'; import { useAppContext } from '../appContextProvider'; +import { useStoreSelector } from '../hooks/useStoreSelector'; const OPEN_SEARCH_BAR_SHORTCUT_ACTION: KeyboardShortcutAction = 'openSearchBar'; export function SearchBarConnected() { - const { workspacesService } = useAppContext(); - workspacesService.useState(); + const rootClusterUri = useStoreSelector( + 'workspacesService', + useCallback(state => state.rootClusterUri, []) + ); - if (!workspacesService.getRootClusterUri()) { + if (!rootClusterUri) { return null; } diff --git a/web/packages/teleterm/src/ui/Search/SearchContext.tsx b/web/packages/teleterm/src/ui/Search/SearchContext.tsx index 86682321d3ef8..49bdea9fe1df2 100644 --- a/web/packages/teleterm/src/ui/Search/SearchContext.tsx +++ b/web/packages/teleterm/src/ui/Search/SearchContext.tsx @@ -33,6 +33,7 @@ import { useAppContext } from 'teleterm/ui/appContextProvider'; import { Document, DocumentClusterQueryParams, + useWorkspaceServiceState, } from 'teleterm/ui/services/workspacesService'; import { actionPicker, SearchPicker } from './pickers/pickers'; @@ -130,7 +131,7 @@ export const SearchContextProvider: FC = props => { ); } - appContext.workspacesService.useState(); + useWorkspaceServiceState(); const activeDocument = appContext.workspacesService .getActiveWorkspaceDocumentService() ?.getActive(); diff --git a/web/packages/teleterm/src/ui/Search/pickers/useDisplayResults.ts b/web/packages/teleterm/src/ui/Search/pickers/useDisplayResults.ts index 84a53651f75e1..8e98ad977f6ec 100644 --- a/web/packages/teleterm/src/ui/Search/pickers/useDisplayResults.ts +++ b/web/packages/teleterm/src/ui/Search/pickers/useDisplayResults.ts @@ -25,13 +25,14 @@ import { DisplayResults, } from 'teleterm/ui/Search/searchResult'; import { useAppContext } from 'teleterm/ui/appContextProvider'; +import { useWorkspaceServiceState } from 'teleterm/ui/services/workspacesService'; export function useDisplayResults(args: { filters: SearchFilter[]; inputValue: string; }): DisplayResults { const { workspacesService } = useAppContext(); - workspacesService.useState(); + useWorkspaceServiceState(); const localClusterUri = workspacesService.getActiveWorkspace()?.localClusterUri; diff --git a/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/ShareFeedback.test.tsx b/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/ShareFeedback.test.tsx index 460126b2d0869..6e88d8c1ebba0 100644 --- a/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/ShareFeedback.test.tsx +++ b/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/ShareFeedback.test.tsx @@ -16,14 +16,17 @@ * along with this program. If not, see . */ -import React from 'react'; import { screen } from '@testing-library/react'; import { fireEvent, render } from 'design/utils/testing'; import { MockAppContextProvider } from 'teleterm/ui/fixtures/MockAppContextProvider'; import { MockAppContext } from 'teleterm/ui/fixtures/mocks'; import { IAppContext } from 'teleterm/ui/types'; -import { Cluster } from 'teleterm/services/tshd/types'; + +import { + makeLoggedInUser, + makeRootCluster, +} from 'teleterm/services/tshd/testHelpers'; import { ShareFeedback } from './ShareFeedback'; @@ -41,48 +44,42 @@ function renderOpenedShareFeedback(appContext: IAppContext) { test('email field is not prefilled with the username if is not an email', () => { const appContext = new MockAppContext(); const clusterUri = '/clusters/localhost'; - jest - .spyOn(appContext.clustersService, 'findCluster') - .mockImplementation(() => { - return { - loggedInUser: { name: 'alice' }, - } as Cluster; - }); - - jest - .spyOn(appContext.workspacesService, 'getRootClusterUri') - .mockReturnValue(clusterUri); + appContext.workspacesService.setState(draft => { + draft.rootClusterUri = clusterUri; + }); + appContext.clustersService.setState(draft => { + draft.clusters.set( + clusterUri, + makeRootCluster({ + uri: clusterUri, + loggedInUser: makeLoggedInUser({ name: 'alice' }), + }) + ); + }); renderOpenedShareFeedback(appContext); - expect(appContext.clustersService.findCluster).toHaveBeenCalledWith( - clusterUri - ); expect(screen.getByLabelText('Email Address')).toHaveValue(''); }); test('email field is prefilled with the username if it looks like an email', () => { const appContext = new MockAppContext(); const clusterUri = '/clusters/production'; - jest - .spyOn(appContext.clustersService, 'findCluster') - .mockImplementation(() => { - return { - loggedInUser: { - name: 'bob@prod.com', - }, - } as Cluster; - }); - - jest - .spyOn(appContext.workspacesService, 'getRootClusterUri') - .mockReturnValue(clusterUri); + appContext.workspacesService.setState(draft => { + draft.rootClusterUri = clusterUri; + }); + appContext.clustersService.setState(draft => { + draft.clusters.set( + clusterUri, + makeRootCluster({ + uri: clusterUri, + loggedInUser: makeLoggedInUser({ name: 'bob@prod.com' }), + }) + ); + }); renderOpenedShareFeedback(appContext); - expect(appContext.clustersService.findCluster).toHaveBeenCalledWith( - clusterUri - ); expect(screen.getByLabelText('Email Address')).toHaveValue('bob@prod.com'); }); diff --git a/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/useShareFeedback.ts b/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/useShareFeedback.ts index 2c3d695fc1b22..a180c47b2fa41 100644 --- a/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/useShareFeedback.ts +++ b/web/packages/teleterm/src/ui/StatusBar/ShareFeedback/useShareFeedback.ts @@ -16,13 +16,14 @@ * along with this program. If not, see . */ -import { useState } from 'react'; +import { useCallback, useState } from 'react'; import { makeEmptyAttempt, useAsync } from 'shared/hooks/useAsync'; import { staticConfig } from 'teleterm/staticConfig'; import { useAppContext } from 'teleterm/ui/appContextProvider'; +import { useStoreSelector } from 'teleterm/ui/hooks/useStoreSelector'; import { ShareFeedbackFormValues } from './types'; @@ -30,7 +31,10 @@ export const FEEDBACK_TOO_LONG_ERROR = 'FEEDBACK_TOO_LONG_ERROR'; export function useShareFeedback() { const ctx = useAppContext(); - ctx.workspacesService.useState(); + const rootClusterUri = useStoreSelector( + 'workspacesService', + useCallback(state => state.rootClusterUri, []) + ); ctx.clustersService.useState(); const [isShareFeedbackOpened, setIsShareFeedbackOpened] = useState(false); @@ -74,9 +78,7 @@ export function useShareFeedback() { } function getEmailFromUserName(): string { - const cluster = ctx.clustersService.findCluster( - ctx.workspacesService.getRootClusterUri() - ); + const cluster = ctx.clustersService.findCluster(rootClusterUri); const userName = cluster?.loggedInUser?.name; if (/^\S+@\S+$/.test(userName)) { return userName; diff --git a/web/packages/teleterm/src/ui/StatusBar/useAccessRequestCheckoutButton.ts b/web/packages/teleterm/src/ui/StatusBar/useAccessRequestCheckoutButton.ts index 093ea470db3f7..486ee85c57856 100644 --- a/web/packages/teleterm/src/ui/StatusBar/useAccessRequestCheckoutButton.ts +++ b/web/packages/teleterm/src/ui/StatusBar/useAccessRequestCheckoutButton.ts @@ -16,11 +16,13 @@ * along with this program. If not, see . */ +import { useWorkspaceServiceState } from 'teleterm/ui/services/workspacesService'; + import { useAppContext } from '../appContextProvider'; export function useAccessRequestsButton() { const ctx = useAppContext(); - ctx.workspacesService.useState(); + useWorkspaceServiceState(); const workspaceAccessRequest = ctx.workspacesService.getActiveWorkspaceAccessRequestsService(); diff --git a/web/packages/teleterm/src/ui/StatusBar/useActiveDocumentClusterBreadcrumbs.ts b/web/packages/teleterm/src/ui/StatusBar/useActiveDocumentClusterBreadcrumbs.ts index c9650be3d94c5..bd785cf51d72a 100644 --- a/web/packages/teleterm/src/ui/StatusBar/useActiveDocumentClusterBreadcrumbs.ts +++ b/web/packages/teleterm/src/ui/StatusBar/useActiveDocumentClusterBreadcrumbs.ts @@ -17,12 +17,15 @@ */ import { useAppContext } from 'teleterm/ui/appContextProvider'; -import { getResourceUri } from 'teleterm/ui/services/workspacesService'; +import { + getResourceUri, + useWorkspaceServiceState, +} from 'teleterm/ui/services/workspacesService'; import { routing } from 'teleterm/ui/uri'; export function useActiveDocumentClusterBreadcrumbs(): string { const ctx = useAppContext(); - ctx.workspacesService.useState(); + useWorkspaceServiceState(); ctx.clustersService.useState(); const activeDocument = ctx.workspacesService diff --git a/web/packages/teleterm/src/ui/TabHost/TabHost.test.tsx b/web/packages/teleterm/src/ui/TabHost/TabHost.test.tsx index 3e3a6a392a69d..7410532aff073 100644 --- a/web/packages/teleterm/src/ui/TabHost/TabHost.test.tsx +++ b/web/packages/teleterm/src/ui/TabHost/TabHost.test.tsx @@ -18,7 +18,7 @@ import 'jest-canvas-mock'; import { createRef } from 'react'; -import { fireEvent, render, screen } from 'design/utils/testing'; +import { fireEvent, render, screen, act } from 'design/utils/testing'; import { TabHost } from 'teleterm/ui/TabHost/TabHost'; import { MockAppContextProvider } from 'teleterm/ui/fixtures/MockAppContextProvider'; @@ -26,7 +26,11 @@ import { Document } from 'teleterm/ui/services/workspacesService'; import { TabContextMenuOptions } from 'teleterm/mainProcess/types'; import { makeDocumentCluster } from 'teleterm/ui/services/workspacesService/documentsService/testHelpers'; import { MockAppContext } from 'teleterm/ui/fixtures/mocks'; -import { makeRootCluster } from 'teleterm/services/tshd/testHelpers'; +import { + makeRootCluster, + rootClusterUri, +} from 'teleterm/services/tshd/testHelpers'; +import { routing } from 'teleterm/ui/uri'; function getMockDocuments(): Document[] { return [ @@ -43,8 +47,6 @@ function getMockDocuments(): Document[] { ]; } -const rootClusterUri = '/clusters/test_uri'; - async function getTestSetup({ documents }: { documents: Document[] }) { const appContext = new MockAppContext(); jest.spyOn(appContext.mainProcessClient, 'openTabContextMenu'); @@ -64,7 +66,10 @@ async function getTestSetup({ documents }: { documents: Document[] }) { documents, location: documents[0]?.uri, localClusterUri: rootClusterUri, - accessRequests: undefined, + accessRequests: { + isBarCollapsed: true, + pending: { kind: 'resource', resources: new Map() }, + }, }; }); @@ -137,16 +142,24 @@ test('open context menu', async () => { const options: TabContextMenuOptions = openTabContextMenu.mock.calls[0][0]; expect(options.document).toEqual(document); - options.onClose(); + act(() => { + options.onClose(); + }); expect(close).toHaveBeenCalledWith(document.uri); - options.onCloseOthers(); + act(() => { + options.onCloseOthers(); + }); expect(closeOthers).toHaveBeenCalledWith(document.uri); - options.onCloseToRight(); + act(() => { + options.onCloseToRight(); + }); expect(closeToRight).toHaveBeenCalledWith(document.uri); - options.onDuplicatePty(); + act(() => { + options.onDuplicatePty(); + }); expect(duplicatePtyAndActivate).toHaveBeenCalledWith(document.uri); }); @@ -155,7 +168,15 @@ test('open new tab', async () => { documents: [getMockDocuments()[0]], }); const { add, open } = docsService; - const mockedClusterDocument = makeDocumentCluster(); + // Use a URI of a cluster that's not in ClustersService so that DocumentCluster doesn't render + // UnifiedResources for it. UnifiedResources requires a lot of mocks to be set up. + const nonExistentClusterUri = routing.getClusterUri({ + ...routing.parseClusterUri(rootClusterUri).params, + leafClusterId: 'nonexistent-leaf', + }); + const mockedClusterDocument = makeDocumentCluster({ + clusterUri: nonExistentClusterUri, + }); docsService.createClusterDocument = () => mockedClusterDocument; const $newTabButton = screen.getByTitle('New Tab', { exact: false }); diff --git a/web/packages/teleterm/src/ui/TabHost/TabHost.tsx b/web/packages/teleterm/src/ui/TabHost/TabHost.tsx index 8e59d1ef01668..504c53583e143 100644 --- a/web/packages/teleterm/src/ui/TabHost/TabHost.tsx +++ b/web/packages/teleterm/src/ui/TabHost/TabHost.tsx @@ -16,11 +16,12 @@ * along with this program. If not, see . */ -import React from 'react'; +import React, { useCallback } from 'react'; import styled from 'styled-components'; import { Flex } from 'design'; import { useAppContext } from 'teleterm/ui/appContextProvider'; +import { useWorkspaceServiceState } from 'teleterm/ui/services/workspacesService'; import * as types from 'teleterm/ui/services/workspacesService/documentsService/types'; import { canDocChangeShell } from 'teleterm/ui/services/workspacesService/documentsService/types'; import { Tabs } from 'teleterm/ui/Tabs'; @@ -29,6 +30,8 @@ import { IAppContext } from 'teleterm/ui/types'; import { useKeyboardShortcutFormatters } from 'teleterm/ui/services/keyboardShortcuts'; import { Shell } from 'teleterm/mainProcess/shell'; +import { useStoreSelector } from '../hooks/useStoreSelector'; + import { useTabShortcuts } from './useTabShortcuts'; import { useNewTabOpener } from './useNewTabOpener'; import { ClusterConnectPanel } from './ClusterConnectPanel/ClusterConnectPanel'; @@ -37,8 +40,10 @@ export function TabHostContainer(props: { topBarContainerRef: React.MutableRefObject; }) { const ctx = useAppContext(); - ctx.workspacesService.useState(); - const isRootClusterSelected = !!ctx.workspacesService.getRootClusterUri(); + const isRootClusterSelected = useStoreSelector( + 'workspacesService', + useCallback(state => !!state.rootClusterUri, []) + ); if (isRootClusterSelected) { return ; @@ -53,6 +58,7 @@ export function TabHost({ ctx: IAppContext; topBarContainerRef: React.MutableRefObject; }) { + useWorkspaceServiceState(); const documentsService = ctx.workspacesService.getActiveWorkspaceDocumentService(); const activeDocument = documentsService?.getActive(); diff --git a/web/packages/teleterm/src/ui/TopBar/AdditionalActions.tsx b/web/packages/teleterm/src/ui/TopBar/AdditionalActions.tsx index 493c7f2828cfe..17f59846bc01a 100644 --- a/web/packages/teleterm/src/ui/TopBar/AdditionalActions.tsx +++ b/web/packages/teleterm/src/ui/TopBar/AdditionalActions.tsx @@ -32,6 +32,7 @@ import { KeyboardShortcutAction } from 'teleterm/services/config'; import { useKeyboardShortcutFormatters } from 'teleterm/ui/services/keyboardShortcuts'; import { ListItem } from 'teleterm/ui/components/ListItem'; import { useNewTabOpener } from 'teleterm/ui/TabHost'; +import { useWorkspaceServiceState } from 'teleterm/ui/services/workspacesService'; type MenuItem = { title: string; @@ -48,7 +49,7 @@ type MenuItemConditionallyDisabled = { isDisabled: true; disabledText: string }; function useMenuItems(): MenuItem[] { const ctx = useAppContext(); const { workspacesService, mainProcessClient, notificationsService } = ctx; - workspacesService.useState(); + useWorkspaceServiceState(); ctx.clustersService.useState(); const documentsService = workspacesService.getActiveWorkspaceDocumentService(); diff --git a/web/packages/teleterm/src/ui/TopBar/Clusters/useClusters.ts b/web/packages/teleterm/src/ui/TopBar/Clusters/useClusters.ts index a51ddcb05bf1f..fb40c0aff790e 100644 --- a/web/packages/teleterm/src/ui/TopBar/Clusters/useClusters.ts +++ b/web/packages/teleterm/src/ui/TopBar/Clusters/useClusters.ts @@ -17,13 +17,14 @@ */ import { useAppContext } from 'teleterm/ui/appContextProvider'; +import { useWorkspaceServiceState } from 'teleterm/ui/services/workspacesService'; import { ClusterUri } from 'teleterm/ui/uri'; export function useClusters() { const { workspacesService, clustersService, commandLauncher } = useAppContext(); - workspacesService.useState(); + useWorkspaceServiceState(); clustersService.useState(); function findLeaves(clusterUri: string) { diff --git a/web/packages/teleterm/src/ui/TopBar/Identity/useIdentity.ts b/web/packages/teleterm/src/ui/TopBar/Identity/useIdentity.ts index 2df389a4205a9..581061db169aa 100644 --- a/web/packages/teleterm/src/ui/TopBar/Identity/useIdentity.ts +++ b/web/packages/teleterm/src/ui/TopBar/Identity/useIdentity.ts @@ -19,12 +19,13 @@ import { useAppContext } from 'teleterm/ui/appContextProvider'; import { Cluster, LoggedInUser } from 'teleterm/services/tshd/types'; import { RootClusterUri } from 'teleterm/ui/uri'; +import { useWorkspaceServiceState } from 'teleterm/ui/services/workspacesService'; export function useIdentity() { const ctx = useAppContext(); ctx.clustersService.useState(); - ctx.workspacesService.useState(); + useWorkspaceServiceState(); async function changeRootCluster(clusterUri: RootClusterUri): Promise { await ctx.workspacesService.setActiveWorkspace(clusterUri); diff --git a/web/packages/teleterm/src/ui/hooks/useLoggedInUser.ts b/web/packages/teleterm/src/ui/hooks/useLoggedInUser.ts index 42bc74a989bb6..42ee066e6b702 100644 --- a/web/packages/teleterm/src/ui/hooks/useLoggedInUser.ts +++ b/web/packages/teleterm/src/ui/hooks/useLoggedInUser.ts @@ -16,10 +16,14 @@ * along with this program. If not, see . */ +import { useCallback } from 'react'; + import { useAppContext } from 'teleterm/ui/appContextProvider'; import { useWorkspaceContext } from 'teleterm/ui/Documents'; import { LoggedInUser } from 'teleterm/services/tshd/types'; +import { useStoreSelector } from './useStoreSelector'; + /** * useLoggedInUser returns the user logged into the root cluster of the active workspace. The return * value changes depending on the active workspace. @@ -30,11 +34,14 @@ import { LoggedInUser } from 'teleterm/services/tshd/types'; * It might return undefined if there's no active workspace. */ export function useLoggedInUser(): LoggedInUser | undefined { - const { clustersService, workspacesService } = useAppContext(); + const { clustersService } = useAppContext(); clustersService.useState(); - workspacesService.useState(); - const clusterUri = workspacesService.getRootClusterUri(); + const clusterUri = useStoreSelector( + 'workspacesService', + useCallback(store => store.rootClusterUri, []) + ); + if (!clusterUri) { return; } diff --git a/web/packages/teleterm/src/ui/hooks/useStoreSelector.ts b/web/packages/teleterm/src/ui/hooks/useStoreSelector.ts index f0f2f07cbece2..16c1f133c5520 100644 --- a/web/packages/teleterm/src/ui/hooks/useStoreSelector.ts +++ b/web/packages/teleterm/src/ui/hooks/useStoreSelector.ts @@ -70,3 +70,15 @@ export const useStoreSelector = < type ImmutableStoreKeys = { [K in keyof T]: T[K] extends ImmutableStore ? K : never; }[keyof T]; + +/** + * identitySelector returns the whole state of the given store. + * + * Useful during refactorings of legacy code which depends on the useStore which triggers a + * re-render on any change to the store. + * + * Should be used sparingly. It's often a better idea to make the selector as narrow as possible. + */ +export function identitySelector(state: Value): Value { + return state; +} diff --git a/web/packages/teleterm/src/ui/services/workspacesService/workspacesService.ts b/web/packages/teleterm/src/ui/services/workspacesService/workspacesService.ts index d4288ac72dff5..d2899b02df939 100644 --- a/web/packages/teleterm/src/ui/services/workspacesService/workspacesService.ts +++ b/web/packages/teleterm/src/ui/services/workspacesService/workspacesService.ts @@ -17,7 +17,6 @@ */ import { z } from 'zod'; -import { useStore } from 'shared/libs/stores'; import { arrayObjectIsEqual } from 'shared/utils/highbar'; import { @@ -44,6 +43,11 @@ import { routing, } from 'teleterm/ui/uri'; +import { + identitySelector, + useStoreSelector, +} from 'teleterm/ui/hooks/useStoreSelector'; + import { AccessRequestsService, getEmptyPendingAccessRequest, @@ -220,10 +224,6 @@ export class WorkspacesService extends ImmutableStore { ); } - useState() { - return useStore(this); - } - setState(nextState: (draftState: WorkspacesState) => WorkspacesState | void) { super.setState(nextState); this.persistState(); @@ -616,3 +616,15 @@ const unifiedResourcePreferencesSchema = z type UnifiedResourcePreferencesSchemaAsRequired = Required< z.infer >; + +/** + * useWorkspaceServiceState is a replacement for the legacy useStore hook. Many components within + * teleterm depend on the behavior of useStore which re-renders the component on any change within + * the store. Most of the time, those components don't even use the state returned by useStore. + * + * @deprecated Prefer useStoreSelector with a selector that picks only what the callsite is going + * to use. useWorkspaceServiceState re-renders the component on any change within any workspace. + */ +export const useWorkspaceServiceState = () => { + return useStoreSelector('workspacesService', identitySelector); +}; From d35c8ea0aaad974538206b245b397493b273a207 Mon Sep 17 00:00:00 2001 From: Bartosz Leper Date: Tue, 5 Nov 2024 12:36:26 +0100 Subject: [PATCH 11/17] Allow TtyPlayer.stop to be called while still connecting (#48372) --- web/packages/teleport/src/lib/term/ttyPlayer.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/web/packages/teleport/src/lib/term/ttyPlayer.js b/web/packages/teleport/src/lib/term/ttyPlayer.js index b231e83c1c7ce..87153d6ade295 100644 --- a/web/packages/teleport/src/lib/term/ttyPlayer.js +++ b/web/packages/teleport/src/lib/term/ttyPlayer.js @@ -243,6 +243,10 @@ export default class TtyPlayer extends Tty { this.cancelTimeUpdate(); this._setPlayerStatus(StatusEnum.PAUSED); + if (this.webSocket.readyState !== WebSocket.OPEN) { + return; + } + const buffer = new ArrayBuffer(4); const dv = new DataView(buffer); dv.setUint8(0, messageTypePlayPause); From c9a7fce1c80572cca4da634c49a030c1b0ec9986 Mon Sep 17 00:00:00 2001 From: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Date: Tue, 5 Nov 2024 09:00:13 -0500 Subject: [PATCH 12/17] Prevent overwriting existing host_uuid file (#48012) In some circumstances, multiple Teleport processes may be trying to write the host_uuid file in the same data directory simultaneously. The last of the writers would win, and any process using a host UUID that did not match what ended up on disk could get into a perpertual state of being unable to connect to the cluster. To avoid the raciness, the host_uuid file writing process is no longer a blind upsert. Instead, special care is taken to ensure that there can only be a single writer, and that any subsequent updates to the file are aborted and the first value written is used instead. --- lib/service/service.go | 15 +-- lib/service/service_test.go | 3 +- lib/srv/regular/sshserver.go | 3 +- .../connectmycomputer/connectmycomputer.go | 7 +- .../connectmycomputer_test.go | 4 +- lib/utils/hostid/hostid.go | 61 ++++++++++ lib/utils/hostid/hostid_test.go | 113 ++++++++++++++++++ lib/utils/hostid/hostid_unix.go | 105 ++++++++++++++++ lib/utils/hostid/hostid_windows.go | 30 +++++ lib/utils/utils.go | 72 ----------- lib/utils/utils_test.go | 50 -------- tool/tctl/common/admin_action_test.go | 3 +- tool/tctl/common/tctl.go | 7 +- tool/teleport/testenv/test_server.go | 3 +- 14 files changed, 335 insertions(+), 141 deletions(-) create mode 100644 lib/utils/hostid/hostid.go create mode 100644 lib/utils/hostid/hostid_test.go create mode 100644 lib/utils/hostid/hostid_unix.go create mode 100644 lib/utils/hostid/hostid_windows.go diff --git a/lib/service/service.go b/lib/service/service.go index 91a3d7f04d0e1..043ab34e4fdff 100644 --- a/lib/service/service.go +++ b/lib/service/service.go @@ -164,6 +164,7 @@ import ( "github.com/gravitational/teleport/lib/utils" awsutils "github.com/gravitational/teleport/lib/utils/aws" "github.com/gravitational/teleport/lib/utils/cert" + "github.com/gravitational/teleport/lib/utils/hostid" logutils "github.com/gravitational/teleport/lib/utils/log" vc "github.com/gravitational/teleport/lib/versioncontrol" "github.com/gravitational/teleport/lib/versioncontrol/endpoint" @@ -2934,7 +2935,7 @@ func (process *TeleportProcess) initSSH() error { storagePresence := local.NewPresenceService(process.storage.BackendStorage) // read the host UUID: - serverID, err := utils.ReadOrMakeHostUUID(cfg.DataDir) + serverID, err := hostid.ReadOrCreateFile(cfg.DataDir) if err != nil { return trace.Wrap(err) } @@ -4439,7 +4440,7 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error { } // read the host UUID: - serverID, err := utils.ReadOrMakeHostUUID(cfg.DataDir) + serverID, err := hostid.ReadOrCreateFile(cfg.DataDir) if err != nil { return trace.Wrap(err) } @@ -6498,7 +6499,7 @@ func readOrGenerateHostID(ctx context.Context, cfg *servicecfg.Config, kubeBacke if err := persistHostIDToStorages(ctx, cfg, kubeBackend); err != nil { return trace.Wrap(err) } - } else if kubeBackend != nil && utils.HostUUIDExistsLocally(cfg.DataDir) { + } else if kubeBackend != nil && hostid.ExistsLocally(cfg.DataDir) { // This case is used when loading a Teleport pre-11 agent with storage attached. // In this case, we have to copy the "host_uuid" from the agent to the secret // in case storage is removed later. @@ -6537,14 +6538,14 @@ func readHostIDFromStorages(ctx context.Context, dataDir string, kubeBackend kub } // Even if running in Kubernetes fallback to local storage if `host_uuid` was // not found in secret. - hostID, err := utils.ReadHostUUID(dataDir) + hostID, err := hostid.ReadFile(dataDir) return hostID, trace.Wrap(err) } // persistHostIDToStorages writes the cfg.HostUUID to local data and to // Kubernetes Secret if this process is running on a Kubernetes Cluster. func persistHostIDToStorages(ctx context.Context, cfg *servicecfg.Config, kubeBackend kubernetesBackend) error { - if err := utils.WriteHostUUID(cfg.DataDir, cfg.HostUUID); err != nil { + if err := hostid.WriteFile(cfg.DataDir, cfg.HostUUID); err != nil { if errors.Is(err, fs.ErrPermission) { cfg.Logger.ErrorContext(ctx, "Teleport does not have permission to write to the data directory. Ensure that you are running as a user with appropriate permissions.", "data_dir", cfg.DataDir) } @@ -6563,7 +6564,7 @@ func persistHostIDToStorages(ctx context.Context, cfg *servicecfg.Config, kubeBa // loadHostIDFromKubeSecret reads the host_uuid from the Kubernetes secret with // the expected key: `/host_uuid`. func loadHostIDFromKubeSecret(ctx context.Context, kubeBackend kubernetesBackend) (string, error) { - item, err := kubeBackend.Get(ctx, backend.NewKey(utils.HostUUIDFile)) + item, err := kubeBackend.Get(ctx, backend.NewKey(hostid.FileName)) if err != nil { return "", trace.Wrap(err) } @@ -6576,7 +6577,7 @@ func writeHostIDToKubeSecret(ctx context.Context, kubeBackend kubernetesBackend, _, err := kubeBackend.Put( ctx, backend.Item{ - Key: backend.NewKey(utils.HostUUIDFile), + Key: backend.NewKey(hostid.FileName), Value: []byte(id), }, ) diff --git a/lib/service/service_test.go b/lib/service/service_test.go index 40fcc672a2157..b15e11ec5f28c 100644 --- a/lib/service/service_test.go +++ b/lib/service/service_test.go @@ -69,6 +69,7 @@ import ( "github.com/gravitational/teleport/lib/services" "github.com/gravitational/teleport/lib/services/local" "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" ) func TestMain(m *testing.M) { @@ -1167,7 +1168,7 @@ func Test_readOrGenerateHostID(t *testing.T) { dataDir := t.TempDir() // write host_uuid file to temp dir. if len(tt.args.hostIDContent) > 0 { - err := utils.WriteHostUUID(dataDir, tt.args.hostIDContent) + err := hostid.WriteFile(dataDir, tt.args.hostIDContent) require.NoError(t, err) } diff --git a/lib/srv/regular/sshserver.go b/lib/srv/regular/sshserver.go index 5719a56060509..beade253ab3d2 100644 --- a/lib/srv/regular/sshserver.go +++ b/lib/srv/regular/sshserver.go @@ -71,6 +71,7 @@ import ( "github.com/gravitational/teleport/lib/sshutils/x11" "github.com/gravitational/teleport/lib/teleagent" "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" ) var log = logrus.WithFields(logrus.Fields{ @@ -724,7 +725,7 @@ func New( options ...ServerOption, ) (*Server, error) { // read the host UUID: - uuid, err := utils.ReadOrMakeHostUUID(dataDir) + uuid, err := hostid.ReadOrCreateFile(dataDir) if err != nil { return nil, trace.Wrap(err) } diff --git a/lib/teleterm/services/connectmycomputer/connectmycomputer.go b/lib/teleterm/services/connectmycomputer/connectmycomputer.go index 1cc0f8914a052..26ecc8aafe8d9 100644 --- a/lib/teleterm/services/connectmycomputer/connectmycomputer.go +++ b/lib/teleterm/services/connectmycomputer/connectmycomputer.go @@ -41,6 +41,7 @@ import ( "github.com/gravitational/teleport/lib/defaults" "github.com/gravitational/teleport/lib/teleterm/clusters" "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" ) type RoleSetup struct { @@ -395,7 +396,7 @@ func (n *NodeJoinWait) getNodeNameFromHostUUIDFile(ctx context.Context, cluster // the file is empty. // // Here we need to be able to distinguish between both of those two cases. - out, err := utils.ReadPath(utils.GetHostUUIDPath(dataDir)) + out, err := utils.ReadPath(hostid.GetPath(dataDir)) if err != nil { if trace.IsNotFound(err) { continue @@ -536,7 +537,7 @@ type NodeDelete struct { // Run grabs the host UUID of an agent from a disk and deletes the node with that name. func (n *NodeDelete) Run(ctx context.Context, presence Presence, cluster *clusters.Cluster) error { - hostUUID, err := utils.ReadHostUUID(getAgentDataDir(n.cfg.AgentsDir, cluster.ProfileName)) + hostUUID, err := hostid.ReadFile(getAgentDataDir(n.cfg.AgentsDir, cluster.ProfileName)) if trace.IsNotFound(err) { return nil } @@ -585,7 +586,7 @@ type NodeName struct { // Get returns the host UUID of the agent from a disk. func (n *NodeName) Get(cluster *clusters.Cluster) (string, error) { - hostUUID, err := utils.ReadHostUUID(getAgentDataDir(n.cfg.AgentsDir, cluster.ProfileName)) + hostUUID, err := hostid.ReadFile(getAgentDataDir(n.cfg.AgentsDir, cluster.ProfileName)) return hostUUID, trace.Wrap(err) } diff --git a/lib/teleterm/services/connectmycomputer/connectmycomputer_test.go b/lib/teleterm/services/connectmycomputer/connectmycomputer_test.go index 9a0af0b749edf..e7b453b94b2bc 100644 --- a/lib/teleterm/services/connectmycomputer/connectmycomputer_test.go +++ b/lib/teleterm/services/connectmycomputer/connectmycomputer_test.go @@ -35,7 +35,7 @@ import ( "github.com/gravitational/teleport/lib/defaults" "github.com/gravitational/teleport/lib/teleterm/api/uri" "github.com/gravitational/teleport/lib/teleterm/clusters" - "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" ) func TestRoleSetupRun_WithNonLocalUser(t *testing.T) { @@ -472,7 +472,7 @@ func mustMakeHostUUIDFile(t *testing.T, agentsDir string, profileName string) st err = os.MkdirAll(dataDir, agentsDirStat.Mode()) require.NoError(t, err) - hostUUID, err := utils.ReadOrMakeHostUUID(dataDir) + hostUUID, err := hostid.ReadOrCreateFile(dataDir) require.NoError(t, err) return hostUUID diff --git a/lib/utils/hostid/hostid.go b/lib/utils/hostid/hostid.go new file mode 100644 index 0000000000000..094e4cf9547ae --- /dev/null +++ b/lib/utils/hostid/hostid.go @@ -0,0 +1,61 @@ +// Teleport +// Copyright (C) 2024 Gravitational, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package hostid + +import ( + "errors" + "io/fs" + "path/filepath" + "strings" + + "github.com/gravitational/trace" + + "github.com/gravitational/teleport/lib/utils" +) + +const ( + // FileName is the file name where the host UUID file is stored + FileName = "host_uuid" +) + +// GetPath returns the path to the host UUID file given the data directory. +func GetPath(dataDir string) string { + return filepath.Join(dataDir, FileName) +} + +// ExistsLocally checks if dataDir/host_uuid file exists in local storage. +func ExistsLocally(dataDir string) bool { + _, err := ReadFile(dataDir) + return err == nil +} + +// ReadFile reads host UUID from the file in the data dir +func ReadFile(dataDir string) (string, error) { + out, err := utils.ReadPath(GetPath(dataDir)) + if err != nil { + if errors.Is(err, fs.ErrPermission) { + //do not convert to system error as this loses the ability to compare that it is a permission error + return "", trace.Wrap(err) + } + return "", trace.ConvertSystemError(err) + } + id := strings.TrimSpace(string(out)) + if id == "" { + return "", trace.NotFound("host uuid is empty") + } + return id, nil +} diff --git a/lib/utils/hostid/hostid_test.go b/lib/utils/hostid/hostid_test.go new file mode 100644 index 0000000000000..3a4a97552ac8b --- /dev/null +++ b/lib/utils/hostid/hostid_test.go @@ -0,0 +1,113 @@ +//go:build !windows + +// Teleport +// Copyright (C) 2024 Gravitational, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package hostid_test + +import ( + "fmt" + "os" + "path/filepath" + "slices" + "strings" + "testing" + + "github.com/google/uuid" + "github.com/stretchr/testify/require" + "golang.org/x/sync/errgroup" + + "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" +) + +func TestMain(m *testing.M) { + utils.InitLoggerForTests() + os.Exit(m.Run()) +} + +func TestReadOrCreate(t *testing.T) { + t.Parallel() + + dir := t.TempDir() + + var wg errgroup.Group + concurrency := 10 + ids := make([]string, concurrency) + barrier := make(chan struct{}) + + for i := 0; i < concurrency; i++ { + wg.Go(func() error { + <-barrier + id, err := hostid.ReadOrCreateFile(dir) + ids[i] = id + return err + }) + } + + close(barrier) + + require.NoError(t, wg.Wait()) + require.Equal(t, slices.Repeat([]string{ids[0]}, concurrency), ids) +} + +func TestIdempotence(t *testing.T) { + t.Parallel() + + // call twice, get same result + dir := t.TempDir() + id, err := hostid.ReadOrCreateFile(dir) + require.Len(t, id, 36) + require.NoError(t, err) + uuidCopy, err := hostid.ReadOrCreateFile(dir) + require.NoError(t, err) + require.Equal(t, id, uuidCopy) +} + +func TestBadLocation(t *testing.T) { + t.Parallel() + + // call with a read-only dir, make sure to get an error + id, err := hostid.ReadOrCreateFile("/bad-location") + require.Empty(t, id) + require.Error(t, err) + require.Regexp(t, "^.*no such file or directory.*$", err.Error()) +} + +func TestIgnoreWhitespace(t *testing.T) { + t.Parallel() + + // newlines are getting ignored + dir := t.TempDir() + id := fmt.Sprintf("%s\n", uuid.NewString()) + err := os.WriteFile(filepath.Join(dir, hostid.FileName), []byte(id), 0666) + require.NoError(t, err) + out, err := hostid.ReadFile(dir) + require.NoError(t, err) + require.Equal(t, strings.TrimSpace(id), out) +} + +func TestRegenerateEmpty(t *testing.T) { + t.Parallel() + + // empty UUID in file is regenerated + dir := t.TempDir() + err := os.WriteFile(filepath.Join(dir, hostid.FileName), nil, 0666) + require.NoError(t, err) + out, err := hostid.ReadOrCreateFile(dir) + require.NoError(t, err) + require.Len(t, out, 36) +} diff --git a/lib/utils/hostid/hostid_unix.go b/lib/utils/hostid/hostid_unix.go new file mode 100644 index 0000000000000..027a08de614ef --- /dev/null +++ b/lib/utils/hostid/hostid_unix.go @@ -0,0 +1,105 @@ +//go:build !windows + +// Teleport +// Copyright (C) 2024 Gravitational, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package hostid + +import ( + "errors" + "io/fs" + "time" + + "github.com/google/renameio/v2" + "github.com/google/uuid" + "github.com/gravitational/trace" + + "github.com/gravitational/teleport/lib/utils" +) + +// WriteFile writes host UUID into a file +func WriteFile(dataDir string, id string) error { + err := renameio.WriteFile(GetPath(dataDir), []byte(id), 0o400) + if err != nil { + if errors.Is(err, fs.ErrPermission) { + //do not convert to system error as this loses the ability to compare that it is a permission error + return trace.Wrap(err) + } + return trace.ConvertSystemError(err) + } + return nil +} + +// ReadOrCreateFile looks for a hostid file in the data dir. If present, +// returns the UUID from it, otherwise generates one +func ReadOrCreateFile(dataDir string) (string, error) { + hostUUIDFileLock := GetPath(dataDir) + ".lock" + const iterationLimit = 3 + + for i := 0; i < iterationLimit; i++ { + if read, err := ReadFile(dataDir); err == nil { + return read, nil + } else if !trace.IsNotFound(err) { + return "", trace.Wrap(err) + } + + // Checking error instead of the usual uuid.New() in case uuid generation + // fails due to not enough randomness. It's been known to happen happen when + // Teleport starts very early in the node initialization cycle and /dev/urandom + // isn't ready yet. + rawID, err := uuid.NewRandom() + if err != nil { + return "", trace.BadParameter("" + + "Teleport failed to generate host UUID. " + + "This may happen if randomness source is not fully initialized when the node is starting up. " + + "Please try restarting Teleport again.") + } + + writeFile := func(potentialID string) (string, error) { + unlock, err := utils.FSTryWriteLock(hostUUIDFileLock) + if err != nil { + return "", trace.Wrap(err) + } + defer unlock() + + if read, err := ReadFile(dataDir); err == nil { + return read, nil + } else if !trace.IsNotFound(err) { + return "", trace.Wrap(err) + } + + if err := WriteFile(dataDir, potentialID); err != nil { + return "", trace.Wrap(err) + } + + return potentialID, nil + } + + id, err := writeFile(rawID.String()) + if err != nil { + if errors.Is(err, utils.ErrUnsuccessfulLockTry) { + time.Sleep(10 * time.Millisecond) + continue + } + + return "", trace.Wrap(err) + } + + return id, nil + } + + return "", trace.LimitExceeded("failed to obtain host uuid") +} diff --git a/lib/utils/hostid/hostid_windows.go b/lib/utils/hostid/hostid_windows.go new file mode 100644 index 0000000000000..ab2a5a55e56d7 --- /dev/null +++ b/lib/utils/hostid/hostid_windows.go @@ -0,0 +1,30 @@ +// Teleport +// Copyright (C) 2024 Gravitational, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package hostid + +import "github.com/gravitational/trace" + +// WriteFile writes host UUID into a file +func WriteFile(dataDir string, id string) error { + return trace.NotImplemented("host id writing is not supported on windows") +} + +// ReadOrCreateFile looks for a hostid file in the data dir. If present, +// returns the UUID from it, otherwise generates one +func ReadOrCreateFile(dataDir string) (string, error) { + return "", trace.NotImplemented("host id writing is not supported on windows") +} diff --git a/lib/utils/utils.go b/lib/utils/utils.go index b1931e2ae8cf4..5da5b39d05685 100644 --- a/lib/utils/utils.go +++ b/lib/utils/utils.go @@ -37,7 +37,6 @@ import ( "time" "unicode" - "github.com/google/uuid" "github.com/gravitational/trace" log "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/validation" @@ -468,75 +467,6 @@ func GetFreeTCPPorts(n int, offset ...int) (PortList, error) { return PortList{ports: list}, nil } -// GetHostUUIDPath returns the path to the host UUID file given the data directory. -func GetHostUUIDPath(dataDir string) string { - return filepath.Join(dataDir, HostUUIDFile) -} - -// HostUUIDExistsLocally checks if dataDir/host_uuid file exists in local storage. -func HostUUIDExistsLocally(dataDir string) bool { - _, err := ReadHostUUID(dataDir) - return err == nil -} - -// ReadHostUUID reads host UUID from the file in the data dir -func ReadHostUUID(dataDir string) (string, error) { - out, err := ReadPath(GetHostUUIDPath(dataDir)) - if err != nil { - if errors.Is(err, fs.ErrPermission) { - //do not convert to system error as this loses the ability to compare that it is a permission error - return "", err - } - return "", trace.ConvertSystemError(err) - } - id := strings.TrimSpace(string(out)) - if id == "" { - return "", trace.NotFound("host uuid is empty") - } - return id, nil -} - -// WriteHostUUID writes host UUID into a file -func WriteHostUUID(dataDir string, id string) error { - err := os.WriteFile(GetHostUUIDPath(dataDir), []byte(id), os.ModeExclusive|0400) - if err != nil { - if errors.Is(err, fs.ErrPermission) { - //do not convert to system error as this loses the ability to compare that it is a permission error - return err - } - return trace.ConvertSystemError(err) - } - return nil -} - -// ReadOrMakeHostUUID looks for a hostid file in the data dir. If present, -// returns the UUID from it, otherwise generates one -func ReadOrMakeHostUUID(dataDir string) (string, error) { - id, err := ReadHostUUID(dataDir) - if err == nil { - return id, nil - } - if !trace.IsNotFound(err) { - return "", trace.Wrap(err) - } - // Checking error instead of the usual uuid.New() in case uuid generation - // fails due to not enough randomness. It's been known to happen happen when - // Teleport starts very early in the node initialization cycle and /dev/urandom - // isn't ready yet. - rawID, err := uuid.NewRandom() - if err != nil { - return "", trace.BadParameter("" + - "Teleport failed to generate host UUID. " + - "This may happen if randomness source is not fully initialized when the node is starting up. " + - "Please try restarting Teleport again.") - } - id = rawID.String() - if err = WriteHostUUID(dataDir, id); err != nil { - return "", trace.Wrap(err) - } - return id, nil -} - // StringSliceSubset returns true if b is a subset of a. func StringSliceSubset(a []string, b []string) error { aset := make(map[string]bool) @@ -712,8 +642,6 @@ const ( // CertExtensionAuthority specifies teleport authority's name // that signed this domain CertExtensionAuthority = "x-teleport-authority" - // HostUUIDFile is the file name where the host UUID file is stored - HostUUIDFile = "host_uuid" // CertTeleportClusterName is a name of the teleport cluster CertTeleportClusterName = "x-teleport-cluster-name" // CertTeleportUserCertificate is the certificate of the authenticated in user. diff --git a/lib/utils/utils_test.go b/lib/utils/utils_test.go index 1ff85e1ff8d31..cf636c4a65f8a 100644 --- a/lib/utils/utils_test.go +++ b/lib/utils/utils_test.go @@ -20,14 +20,12 @@ package utils import ( "bytes" - "fmt" "os" "path/filepath" "strings" "testing" "time" - "github.com/google/uuid" "github.com/gravitational/trace" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -42,54 +40,6 @@ func TestMain(m *testing.M) { os.Exit(m.Run()) } -func TestHostUUIDIdempotent(t *testing.T) { - t.Parallel() - - // call twice, get same result - dir := t.TempDir() - id, err := ReadOrMakeHostUUID(dir) - require.Len(t, id, 36) - require.NoError(t, err) - uuidCopy, err := ReadOrMakeHostUUID(dir) - require.NoError(t, err) - require.Equal(t, id, uuidCopy) -} - -func TestHostUUIDBadLocation(t *testing.T) { - t.Parallel() - - // call with a read-only dir, make sure to get an error - id, err := ReadOrMakeHostUUID("/bad-location") - require.Empty(t, id) - require.Error(t, err) - require.Regexp(t, "^.*no such file or directory.*$", err.Error()) -} - -func TestHostUUIDIgnoreWhitespace(t *testing.T) { - t.Parallel() - - // newlines are getting ignored - dir := t.TempDir() - id := fmt.Sprintf("%s\n", uuid.NewString()) - err := os.WriteFile(filepath.Join(dir, HostUUIDFile), []byte(id), 0666) - require.NoError(t, err) - out, err := ReadHostUUID(dir) - require.NoError(t, err) - require.Equal(t, strings.TrimSpace(id), out) -} - -func TestHostUUIDRegenerateEmpty(t *testing.T) { - t.Parallel() - - // empty UUID in file is regenerated - dir := t.TempDir() - err := os.WriteFile(filepath.Join(dir, HostUUIDFile), nil, 0666) - require.NoError(t, err) - out, err := ReadOrMakeHostUUID(dir) - require.NoError(t, err) - require.Len(t, out, 36) -} - func TestSelfSignedCert(t *testing.T) { t.Parallel() diff --git a/tool/tctl/common/admin_action_test.go b/tool/tctl/common/admin_action_test.go index 95fa7c61458c7..4abd383775930 100644 --- a/tool/tctl/common/admin_action_test.go +++ b/tool/tctl/common/admin_action_test.go @@ -56,6 +56,7 @@ import ( "github.com/gravitational/teleport/lib/services" "github.com/gravitational/teleport/lib/tlsca" "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" tctl "github.com/gravitational/teleport/tool/tctl/common" testserver "github.com/gravitational/teleport/tool/teleport/testenv" tsh "github.com/gravitational/teleport/tool/tsh/common" @@ -1076,7 +1077,7 @@ func newAdminActionTestSuite(t *testing.T) *adminActionTestSuite { }) require.NoError(t, err) - hostUUID, err := utils.ReadHostUUID(process.Config.DataDir) + hostUUID, err := hostid.ReadFile(process.Config.DataDir) require.NoError(t, err) localAdmin, err := storage.ReadLocalIdentity( filepath.Join(process.Config.DataDir, teleport.ComponentProcess), diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go index 51ff5f8687f75..5af22702f8b17 100644 --- a/tool/tctl/common/tctl.go +++ b/tool/tctl/common/tctl.go @@ -55,6 +55,7 @@ import ( "github.com/gravitational/teleport/lib/reversetunnelclient" "github.com/gravitational/teleport/lib/service/servicecfg" "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" "github.com/gravitational/teleport/lib/utils/signal" "github.com/gravitational/teleport/tool/common" ) @@ -432,16 +433,16 @@ func ApplyConfig(ccf *GlobalCLIFlags, cfg *servicecfg.Config) (*authclient.Confi authConfig := new(authclient.Config) // read the host UUID only in case the identity was not provided, // because it will be used for reading local auth server identity - cfg.HostUUID, err = utils.ReadHostUUID(cfg.DataDir) + cfg.HostUUID, err = hostid.ReadFile(cfg.DataDir) if err != nil { if errors.Is(err, fs.ErrNotExist) { return nil, trace.Wrap(err, "Could not load Teleport host UUID file at %s. "+ "Please make sure that a Teleport Auth Service instance is running on this host prior to using tctl or provide credentials by logging in with tsh first.", - filepath.Join(cfg.DataDir, utils.HostUUIDFile)) + filepath.Join(cfg.DataDir, hostid.FileName)) } else if errors.Is(err, fs.ErrPermission) { return nil, trace.Wrap(err, "Teleport does not have permission to read Teleport host UUID file at %s. "+ "Ensure that you are running as a user with appropriate permissions or provide credentials by logging in with tsh first.", - filepath.Join(cfg.DataDir, utils.HostUUIDFile)) + filepath.Join(cfg.DataDir, hostid.FileName)) } return nil, trace.Wrap(err) } diff --git a/tool/teleport/testenv/test_server.go b/tool/teleport/testenv/test_server.go index a1d692565ef3f..5d4607223c292 100644 --- a/tool/teleport/testenv/test_server.go +++ b/tool/teleport/testenv/test_server.go @@ -62,6 +62,7 @@ import ( "github.com/gravitational/teleport/lib/sshutils" "github.com/gravitational/teleport/lib/tlsca" "github.com/gravitational/teleport/lib/utils" + "github.com/gravitational/teleport/lib/utils/hostid" "github.com/gravitational/teleport/tool/teleport/common" ) @@ -703,7 +704,7 @@ func MakeDefaultAuthClient(t *testing.T, process *service.TeleportProcess) *auth t.Helper() cfg := process.Config - hostUUID, err := utils.ReadHostUUID(process.Config.DataDir) + hostUUID, err := hostid.ReadFile(process.Config.DataDir) require.NoError(t, err) identity, err := storage.ReadLocalIdentity( From 16a6116a22a806c31e0f8ef83779c620fd9e2c54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Cie=C5=9Blak?= Date: Tue, 5 Nov 2024 15:07:10 +0100 Subject: [PATCH 13/17] Connect: Fix fetching access requests when leaf cluster is selected (#48433) * Always fetch access requests from root cluster * Replace deprecated imports --- .../useAccessRequests.tsx | 26 ++++++++----------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/web/packages/teleterm/src/ui/DocumentAccessRequests/useAccessRequests.tsx b/web/packages/teleterm/src/ui/DocumentAccessRequests/useAccessRequests.tsx index aa895d2b044d0..240625c22797c 100644 --- a/web/packages/teleterm/src/ui/DocumentAccessRequests/useAccessRequests.tsx +++ b/web/packages/teleterm/src/ui/DocumentAccessRequests/useAccessRequests.tsx @@ -28,13 +28,11 @@ import { import { RequestFlags } from 'shared/components/AccessRequests/ReviewRequests'; import { Timestamp } from 'gen-proto-ts/google/protobuf/timestamp_pb'; +import { LoggedInUser } from 'gen-proto-ts/teleport/lib/teleterm/v1/cluster_pb'; +import { AccessRequest as TshdAccessRequest } from 'gen-proto-ts/teleport/lib/teleterm/v1/access_request_pb'; import * as types from 'teleterm/ui/services/workspacesService'; -import { - AssumedRequest, - LoggedInUser, - AccessRequest as TshdAccessRequest, -} from 'teleterm/services/tshd/types'; +import { AssumedRequest } from 'teleterm/services/tshd/types'; import { useAppContext } from 'teleterm/ui/appContextProvider'; import { retryWithRelogin } from 'teleterm/ui/utils'; @@ -45,11 +43,7 @@ export default function useAccessRequests(doc: types.DocumentAccessRequests) { const ctx = useAppContext(); ctx.clustersService.useState(); - const { - localClusterUri: clusterUri, - rootClusterUri, - documentsService, - } = useWorkspaceContext(); + const { rootClusterUri, documentsService } = useWorkspaceContext(); const assumed = ctx.clustersService.getAssumedRequests(rootClusterUri); const loggedInUser = useWorkspaceLoggedInUser(); @@ -74,12 +68,14 @@ export default function useAccessRequests(doc: types.DocumentAccessRequests) { const getRequests = async () => { try { - const response = await retryWithRelogin(ctx, clusterUri, async () => { - const { response } = await ctx.tshd.getAccessRequests({ clusterUri }); + const response = await retryWithRelogin(ctx, rootClusterUri, async () => { + const { response } = await ctx.tshd.getAccessRequests({ + clusterUri: rootClusterUri, + }); return response.requests; }); setAttempt({ status: 'success' }); - // transform tshd access request to the webui access request and add flags + // Transform tshd access request to the webui access request and add flags. const requests = response.map(r => makeUiAccessRequest(r)); setAccessRequests(requests); } catch (err) { @@ -91,11 +87,11 @@ export default function useAccessRequests(doc: types.DocumentAccessRequests) { }; useEffect(() => { - // only fetch when visitng RequestList + // Only fetch when visiting RequestList. if (doc.state === 'browsing') { getRequests(); } - }, [doc.state, clusterUri]); + }, [doc.state]); useEffect(() => { // if assumed object changes, we update which roles have been assumed in the table From 83b1d2310a28ef72a20f853fc5c57091cc06162e Mon Sep 17 00:00:00 2001 From: Erik Tate Date: Tue, 5 Nov 2024 11:12:19 -0500 Subject: [PATCH 14/17] adding missing GID value when fetching Hostuser (#48245) --- integration/hostuser_test.go | 22 ++++++++++++++++++++++ lib/srv/usermgmt.go | 1 + 2 files changed, 23 insertions(+) diff --git a/integration/hostuser_test.go b/integration/hostuser_test.go index 242908525cdf3..2f7a741e513f5 100644 --- a/integration/hostuser_test.go +++ b/integration/hostuser_test.go @@ -583,6 +583,28 @@ func TestRootHostUsers(t *testing.T) { require.NoError(t, err) require.False(t, hasExpirations) }) + + t.Run("Test migrate unmanaged user", func(t *testing.T) { + t.Cleanup(func() { cleanupUsersAndGroups([]string{testuser}, []string{types.TeleportKeepGroup}) }) + + users := srv.NewHostUsers(context.Background(), presence, "host_uuid") + _, err := host.UserAdd(testuser, nil, host.UserOpts{}) + require.NoError(t, err) + + closer, err := users.UpsertUser(testuser, services.HostUsersInfo{Mode: services.HostUserModeKeep, Groups: []string{types.TeleportKeepGroup}}) + require.NoError(t, err) + require.Nil(t, closer) + + u, err := user.Lookup(testuser) + require.NoError(t, err) + + gids, err := u.GroupIds() + require.NoError(t, err) + + keepGroup, err := user.LookupGroup(types.TeleportKeepGroup) + require.NoError(t, err) + require.Contains(t, gids, keepGroup.Gid) + }) } type hostUsersBackendWithExp struct { diff --git a/lib/srv/usermgmt.go b/lib/srv/usermgmt.go index 77dec5c37d0fd..c73e1db41390e 100644 --- a/lib/srv/usermgmt.go +++ b/lib/srv/usermgmt.go @@ -689,6 +689,7 @@ func (u *HostUserManagement) getHostUser(username string) (*HostUser, error) { return &HostUser{ Name: username, UID: usr.Uid, + GID: usr.Gid, Home: usr.HomeDir, Groups: groups, }, trace.NewAggregate(groupErrs...) From eaf198254a54235d69b11b7159d2ae394cbc2f43 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 5 Nov 2024 12:24:48 -0500 Subject: [PATCH 15/17] docs: include aws oidc in integration list (#48432) * docs: include aws oidc in integration list * docs: update verbiage on aws oidc link Co-authored-by: Paul Gottschling --------- Co-authored-by: Paul Gottschling --- docs/pages/admin-guides/management/guides/guides.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/pages/admin-guides/management/guides/guides.mdx b/docs/pages/admin-guides/management/guides/guides.mdx index bc817ac0bae83..db09c71368850 100644 --- a/docs/pages/admin-guides/management/guides/guides.mdx +++ b/docs/pages/admin-guides/management/guides/guides.mdx @@ -8,6 +8,8 @@ You can integrate Teleport with third-party tools in order to complete various tasks in your cluster. These guides describe Teleport integrations that are not documented elsewhere: + - [AWS OIDC Integration with Teleport](awsoidc-integration.mdx). How + to set up the AWS OIDC integration to allow Teleport to interact with AWS. - [EC2 tags as Teleport agent labels](ec2-tags.mdx). How to set up Teleport agent labels based on EC2 tags. - [GCP tags and labels as Teleport agent labels](gcp-tags.mdx). How From a85119baf22b75b6b285f40654523a38b925e5d6 Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Tue, 5 Nov 2024 12:31:25 -0500 Subject: [PATCH 16/17] Make conditional vs unconditional updates clearer (#48359) * Make conditional vs unconditional updates clearer * address edoardo's feedback --- lib/services/local/access_monitoring_rules.go | 2 +- lib/services/local/databaseobject.go | 2 +- lib/services/local/databaseobjectimportrule.go | 2 +- lib/services/local/generic/generic_wrapper.go | 10 ++++++++-- lib/services/local/generic/generic_wrapper_test.go | 4 ++-- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/services/local/access_monitoring_rules.go b/lib/services/local/access_monitoring_rules.go index 7ab5f196f976f..60200a835afea 100644 --- a/lib/services/local/access_monitoring_rules.go +++ b/lib/services/local/access_monitoring_rules.go @@ -85,7 +85,7 @@ func (s *AccessMonitoringRulesService) CreateAccessMonitoringRule(ctx context.Co // UpdateAccessMonitoringRule updates an existing AccessMonitoringRule resource. func (s *AccessMonitoringRulesService) UpdateAccessMonitoringRule(ctx context.Context, amr *accessmonitoringrulesv1.AccessMonitoringRule) (*accessmonitoringrulesv1.AccessMonitoringRule, error) { - updated, err := s.svc.UpdateResource(ctx, amr) + updated, err := s.svc.UnconditionalUpdateResource(ctx, amr) return updated, trace.Wrap(err) } diff --git a/lib/services/local/databaseobject.go b/lib/services/local/databaseobject.go index 4d422ef6d9351..ab5d874e5f388 100644 --- a/lib/services/local/databaseobject.go +++ b/lib/services/local/databaseobject.go @@ -45,7 +45,7 @@ func (s *DatabaseObjectService) UpsertDatabaseObject(ctx context.Context, object } func (s *DatabaseObjectService) UpdateDatabaseObject(ctx context.Context, object *dbobjectv1.DatabaseObject) (*dbobjectv1.DatabaseObject, error) { - out, err := s.service.UpdateResource(ctx, object) + out, err := s.service.UnconditionalUpdateResource(ctx, object) return out, trace.Wrap(err) } diff --git a/lib/services/local/databaseobjectimportrule.go b/lib/services/local/databaseobjectimportrule.go index 87fdafdfae87c..8ab3c1f310929 100644 --- a/lib/services/local/databaseobjectimportrule.go +++ b/lib/services/local/databaseobjectimportrule.go @@ -43,7 +43,7 @@ func (s *databaseObjectImportRuleService) UpsertDatabaseObjectImportRule(ctx con } func (s *databaseObjectImportRuleService) UpdateDatabaseObjectImportRule(ctx context.Context, rule *databaseobjectimportrulev1.DatabaseObjectImportRule) (*databaseobjectimportrulev1.DatabaseObjectImportRule, error) { - out, err := s.service.UpdateResource(ctx, rule) + out, err := s.service.UnconditionalUpdateResource(ctx, rule) return out, trace.Wrap(err) } diff --git a/lib/services/local/generic/generic_wrapper.go b/lib/services/local/generic/generic_wrapper.go index 4bb3a1673b427..076b05caace3f 100644 --- a/lib/services/local/generic/generic_wrapper.go +++ b/lib/services/local/generic/generic_wrapper.go @@ -125,14 +125,20 @@ func (s ServiceWrapper[T]) UpsertResource(ctx context.Context, resource T) (T, e return adapter.resource, trace.Wrap(err) } -// UpdateResource updates an existing resource. -func (s ServiceWrapper[T]) UpdateResource(ctx context.Context, resource T) (T, error) { +// UnconditionalUpdateResource updates an existing resource without checking the provided resource revision. +// Because UnconditionalUpdateResource can blindly overwrite an existing item, ConditionalUpdateResource should +// be preferred. +// See https://github.com/gravitational/teleport/blob/master/rfd/0153-resource-guidelines.md#update-1 for more details +// about the Update operation. +func (s ServiceWrapper[T]) UnconditionalUpdateResource(ctx context.Context, resource T) (T, error) { adapter, err := s.service.UpdateResource(ctx, newResourceMetadataAdapter(resource)) return adapter.resource, trace.Wrap(err) } // ConditionalUpdateResource updates an existing resource if the provided // resource and the existing resource have matching revisions. +// See https://github.com/gravitational/teleport/blob/master/rfd/0126-backend-migrations.md#optimistic-locking for more +// details about the conditional update. func (s ServiceWrapper[T]) ConditionalUpdateResource(ctx context.Context, resource T) (T, error) { adapter, err := s.service.ConditionalUpdateResource(ctx, newResourceMetadataAdapter(resource)) return adapter.resource, trace.Wrap(err) diff --git a/lib/services/local/generic/generic_wrapper_test.go b/lib/services/local/generic/generic_wrapper_test.go index 197bbdb5ecd77..672bb2a88dee8 100644 --- a/lib/services/local/generic/generic_wrapper_test.go +++ b/lib/services/local/generic/generic_wrapper_test.go @@ -180,7 +180,7 @@ func TestGenericWrapperCRUD(t *testing.T) { // Update a resource. r1.Metadata.Labels = map[string]string{"newlabel": "newvalue"} - r1, err = service.UpdateResource(ctx, r1) + r1, err = service.UnconditionalUpdateResource(ctx, r1) require.NoError(t, err) r, err = service.GetResource(ctx, r1.GetMetadata().GetName()) require.NoError(t, err) @@ -198,7 +198,7 @@ func TestGenericWrapperCRUD(t *testing.T) { // Update a resource that doesn't exist. doesNotExist := newTestResource153("doesnotexist") - _, err = service.UpdateResource(ctx, doesNotExist) + _, err = service.UnconditionalUpdateResource(ctx, doesNotExist) require.True(t, trace.IsNotFound(err)) // Delete a resource. From ecd5500166d014e6b8c2fc0527f865f455c9f016 Mon Sep 17 00:00:00 2001 From: Tiago Silva Date: Tue, 5 Nov 2024 17:39:36 +0000 Subject: [PATCH 17/17] support plugin audit events in web ui (#48450) --- .../src/Audit/EventList/EventTypeCell.tsx | 3 +++ .../teleport/src/services/audit/makeEvent.ts | 21 +++++++++++++++++++ .../teleport/src/services/audit/types.ts | 15 +++++++++++++ 3 files changed, 39 insertions(+) diff --git a/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx b/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx index cb5c377d3f6d9..d403cb036f23d 100644 --- a/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx +++ b/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx @@ -280,6 +280,9 @@ const EventIconMap: Record = { [eventCodes.USER_TASK_UPDATE]: Icons.Info, [eventCodes.USER_TASK_DELETE]: Icons.Info, [eventCodes.SFTP_SUMMARY]: Icons.FolderPlus, + [eventCodes.PLUGIN_CREATE]: Icons.Info, + [eventCodes.PLUGIN_UPDATE]: Icons.Info, + [eventCodes.PLUGIN_DELETE]: Icons.Info, [eventCodes.UNKNOWN]: Icons.Question, }; diff --git a/web/packages/teleport/src/services/audit/makeEvent.ts b/web/packages/teleport/src/services/audit/makeEvent.ts index 121fca0660ce2..85b47786849ff 100644 --- a/web/packages/teleport/src/services/audit/makeEvent.ts +++ b/web/packages/teleport/src/services/audit/makeEvent.ts @@ -1834,6 +1834,27 @@ export const formatters: Formatters = { return `User [${user}] completed a file transfer on [${server_hostname}]`; }, }, + [eventCodes.PLUGIN_CREATE]: { + type: 'plugin.create', + desc: 'Plugin Created', + format: ({ user, name, plugin_type }) => { + return `User [${user}] created a plugin [${name}] of type [${plugin_type}]`; + }, + }, + [eventCodes.PLUGIN_UPDATE]: { + type: 'plugin.update', + desc: 'Plugin Updated', + format: ({ user, name, plugin_type }) => { + return `User [${user}] updated a plugin [${name}] of type [${plugin_type}]`; + }, + }, + [eventCodes.PLUGIN_DELETE]: { + type: 'plugin.delete', + desc: 'Plugin Deleted', + format: ({ user, name }) => { + return `User [${user}] deleted a plugin [${name}]`; + }, + }, [eventCodes.UNKNOWN]: { type: 'unknown', desc: 'Unknown Event', diff --git a/web/packages/teleport/src/services/audit/types.ts b/web/packages/teleport/src/services/audit/types.ts index 7bc36eaa7a449..fbcbf635b2bd9 100644 --- a/web/packages/teleport/src/services/audit/types.ts +++ b/web/packages/teleport/src/services/audit/types.ts @@ -300,6 +300,9 @@ export const eventCodes = { USER_TASK_CREATE: 'UT001I', USER_TASK_UPDATE: 'UT002I', USER_TASK_DELETE: 'UT003I', + PLUGIN_CREATE: 'PG001I', + PLUGIN_UPDATE: 'PG002I', + PLUGIN_DELETE: 'PG003I', } as const; /** @@ -1693,6 +1696,18 @@ export type RawEvents = { typeof eventCodes.USER_TASK_DELETE, HasName >; + [eventCodes.PLUGIN_CREATE]: RawEvent< + typeof eventCodes.PLUGIN_CREATE, + Merge + >; + [eventCodes.PLUGIN_UPDATE]: RawEvent< + typeof eventCodes.PLUGIN_UPDATE, + Merge + >; + [eventCodes.PLUGIN_DELETE]: RawEvent< + typeof eventCodes.PLUGIN_DELETE, + Merge + >; [eventCodes.SFTP_SUMMARY]: RawEvent< typeof eventCodes.SFTP_SUMMARY, {