diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml
index b7b56b0f..fdd1ffc9 100644
--- a/.github/workflows/e2e-tests.yaml
+++ b/.github/workflows/e2e-tests.yaml
@@ -123,7 +123,7 @@ jobs:
deploy-provider:
runs-on: ubuntu-latest
- name: Deploy Provider
+ name: Deploy Provider and Run Tests
needs: [ setup-vault , setup-cluster , build ]
env:
OCI_VAULT_ID: ${{ needs.setup-vault.outputs.OCI_VAULT_ID }}
@@ -181,87 +181,209 @@ jobs:
kubectl get daemonset --namespace oci-provider \
--selector='app.kubernetes.io/name in (oci-secrets-store-csi-driver-provider, secrets-store-csi-driver)'
- - name: update auth file with correct values
+ - name: user principal authentication - update auth file with correct values
run: |
sed -e 's/region:.*/region: ${{ env.OCI_CLI_REGION }}/' \
-e 's/tenancy:.*/tenancy: ${{ env.OCI_CLI_TENANCY }}/' \
-e 's/user:.*/user: ${{ env.OCI_CLI_USER }}/' \
- -e 's/fingerprint:.*/fingerprint: ${{ env.OCI_CLI_FINGERPRINT }}/' e2e/example/user-auth-config-example.yaml > e2e/example/user-auth-config-example.yaml.tmp
+ -e 's/fingerprint:.*/fingerprint: ${{ env.OCI_CLI_FINGERPRINT }}/' e2e/example/user-principal/user-auth-config-example.yaml > e2e/example/user-principal/user-auth-config-example.yaml.tmp
# - name: print updated yaml file
# run: cat e2e/example/user-auth-config-example.yaml.tmp
+
+ - name: user principal authentication - create namespace
+ # continue-on-error: true
+ run: kubectl create namespace app-user
- - name: delete secret if exists
+ - name: user principal authentication - delete secret if exists
continue-on-error: true
- run: kubectl delete secret oci-config
+ run: kubectl delete secret oci-config -n app-user
- - name: create kubernetes secret for user auth config
+ - name: user principal authentication - create kubernetes secret for user auth config
run: |
kubectl create secret generic oci-config \
- --from-file=config=e2e/example/user-auth-config-example.yaml.tmp \
- --from-literal=private-key="${{ env.OCI_CLI_KEY_CONTENT }}"
+ --from-file=config=e2e/example/user-principal/user-auth-config-example.yaml.tmp \
+ --from-literal=private-key="${{ env.OCI_CLI_KEY_CONTENT }}" -n app-user
- - name: update spc file with correct values
+ - name: user principal authentication - update spc file with correct values
run: |
sed -e 's/vaultId:.*/vaultId: ${{ env.OCI_VAULT_ID }}/' \
-e 's/authType:.*/authType: user/' \
- -e 's/- name:.*/- name: ${{ env.OCI_VAULT_SECRET_NAME }}/' e2e/example/secret-provider-class.yaml > e2e/example/secret-provider-class.yaml.tmp
+ -e 's/- name:.*/- name: ${{ env.OCI_VAULT_SECRET_NAME }}/' e2e/example/user-principal/secret-provider-class.yaml > e2e/example/user-principal/secret-provider-class.yaml.tmp
- - name: update deployment file with secret name
+ - name: user principal authentication - update deployment file with secret name
run: |
sed -e 's/testingSecretName:.*/testingSecretName: ${{ env.OCI_VAULT_SECRET_NAME }}/' \
- e2e/example/app.deployment.yaml > e2e/example/app.deployment.yaml.tmp
+ e2e/example/user-principal/app.deployment.yaml > e2e/example/user-principal/app.deployment.yaml.tmp
- - name: print updated yaml file
- run: cat e2e/example/secret-provider-class.yaml.tmp
+ - name: user principal authentication - print updated yaml file
+ run: cat e2e/example/user-principal/secret-provider-class.yaml.tmp
- - name: deploy spc
- run: kubectl apply -f e2e/example/secret-provider-class.yaml.tmp
+ - name: user principal authentication - deploy spc
+ run: kubectl apply -f e2e/example/user-principal/secret-provider-class.yaml.tmp -n app-user
- - name: deploy workload
- run: kubectl apply -f e2e/example/app.deployment.yaml.tmp
+ - name: user principal authentication - deploy workload
+ run: kubectl apply -f e2e/example/user-principal/app.deployment.yaml.tmp -n app-user
- - name: Wait for pod to run
- id: wait-on-pod
+ - name: user principal authentication - Wait for pod to run
+ id: wait-on-pod-user
# run: kubectl wait --for=jsonpath='{.status.phase}'=Running pods/${{ env.POD_NAME }} --timeout=90s
run: sleep 90
- - name: Verify pods are running
- id: pod-names
- run: kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers
+ - name: user principal authentication - Verify pods are running
+ id: pod-names-user
+ run: kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers -n app-user
- - name: capture pod name into env
- run: echo "POD_NAME=`kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers`" >> $GITHUB_ENV
+ - name: user principal authentication - capture pod name into env
+ run: echo "POD_NAME=`kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers -n app-user`" >> $GITHUB_ENV
- - name: print secret value
- id: print-secret-content
- run: echo "SECRET_CONTENT=`kubectl exec -it ${{ env.POD_NAME }} -- cat /mnt/secrets-store/${{ env.OCI_VAULT_SECRET_NAME }} 2> /dev/null | base64`" >> $GITHUB_ENV
+ - name: user principal authentication - print secret value
+ id: print-secret-content-user
+ run: echo "SECRET_CONTENT=`kubectl exec -n app-user -it ${{ env.POD_NAME }} -- cat /mnt/secrets-store/${{ env.OCI_VAULT_SECRET_NAME }} 2> /dev/null | base64`" >> $GITHUB_ENV
# - name: convert to base64
# id: convert-to-base64
# run: echo -n ${{ steps.print-secret-content.outputs.output }} | base64
- - name: print values
+ - name: user principal authentication - print values
run: echo "${{ env.SECRET_CONTENT }} == ${{ env.OCI_VAULT_SECRET_VALUE}}"
- - name: verify value
+ - name: user principal authentication - verify value
run: if [ "${{ env.SECRET_CONTENT }}" == "${{ env.OCI_VAULT_SECRET_VALUE}}" ]; then exit 0; else exit 1; fi
+ #
+ # End of user principal
+ #
+ - name: workload identity principal authentication - update spc file with correct values
+ run: |
+ sed -e 's/vaultId:.*/vaultId: ${{ env.OCI_VAULT_ID }}/' \
+ -e 's/authType:.*/authType: workload/' \
+ -e 's/- name:.*/- name: ${{ env.OCI_VAULT_SECRET_NAME }}/' e2e/example/workload-identity/secret-provider-class.yaml > e2e/example/workload-identity/secret-provider-class.yaml.tmp
+
+ - name: workload identity principal authentication - update deployment file with secret name
+ run: |
+ sed -e 's/testingSecretName:.*/testingSecretName: workload-${{ env.OCI_VAULT_SECRET_NAME }}/' \
+ e2e/example/workload-identity/app.deployment.yaml > e2e/example/workload-identity/app.deployment.yaml.tmp
+
+ - name: workload identity principal authentication - print updated yaml file
+ run: cat e2e/example/workload-identity/secret-provider-class.yaml.tmp
+
+ - name: workload identity principal authentication - create namespace
+ # continue-on-error: true
+ run: kubectl create namespace app-workload
+
+ - name: workload identity principal authentication - deploy namespace and service account
+ run: kubectl apply -f e2e/example/workload-identity/service-account.yaml -n app-workload
+
+ - name: workload identity principal authentication - deploy spc
+ run: kubectl apply -f e2e/example/workload-identity/secret-provider-class.yaml.tmp -n app-workload
+
+ - name: workload identity principal authentication - deploy workload
+ run: kubectl apply -f e2e/example/workload-identity/app.deployment.yaml.tmp -n app-workload
+
+ - name: workload identity principal authentication - Wait for pod to run
+ id: wait-on-pod-workload
+ # run: kubectl wait --for=jsonpath='{.status.phase}'=Running pods/${{ env.POD_NAME }} --timeout=90s
+ run: sleep 90
+
+ - name: workload identity principal authentication - Verify pods are running
+ id: pod-names-workload
+ run: kubectl get pods -l testingSecretName=workload-${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers -n app-workload
+
+ - name: workload identity principal authentication - capture pod name into env
+ run: echo "POD_NAME=`kubectl get pods -l testingSecretName=workload-${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers -n app-workload`" >> $GITHUB_ENV
+
+ - name: workload identity principal authentication - print secret value
+ id: print-secret-content-workload
+ run: echo "SECRET_CONTENT=`kubectl exec -n app-workload -it ${{ env.POD_NAME }} -- cat /mnt/secrets-store/${{ env.OCI_VAULT_SECRET_NAME }} 2> /dev/null | base64`" >> $GITHUB_ENV
+
+ - name: workload identity principal authentication - print values
+ run: echo "${{ env.SECRET_CONTENT }} == ${{ env.OCI_VAULT_SECRET_VALUE}}"
+
+ - name: workload identity principal authentication - verify value
+ run: if [ "${{ env.SECRET_CONTENT }}" == "${{ env.OCI_VAULT_SECRET_VALUE}}" ]; then exit 0; else exit 1; fi
+
+ #
+ # End of workload identity principal
+ #
+ - name: instance principal authentication - update spc file with correct values
+ run: |
+ sed -e 's/vaultId:.*/vaultId: ${{ env.OCI_VAULT_ID }}/' \
+ -e 's/authType:.*/authType: instance/' \
+ -e 's/- name:.*/- name: ${{ env.OCI_VAULT_SECRET_NAME }}/' e2e/example/instance-principal/secret-provider-class.yaml > e2e/example/instance-principal/secret-provider-class.yaml.tmp
+
+ - name: instance principal authentication - update deployment file with secret name
+ run: |
+ sed -e 's/testingSecretName:.*/testingSecretName: instance-${{ env.OCI_VAULT_SECRET_NAME }}/' \
+ e2e/example/instance-principal/app.deployment.yaml > e2e/example/instance-principal/app.deployment.yaml.tmp
+
+ - name: instance principal authentication - print updated yaml file
+ run: cat e2e/example/instance-principal/secret-provider-class.yaml.tmp
+
+ - name: instance principal authentication - create namespace
+ # continue-on-error: true
+ run: kubectl create namespace app-instance
+
+ - name: instance principal authentication - deploy spc
+ run: kubectl apply -f e2e/example/instance-principal/secret-provider-class.yaml.tmp -n app-instance
+
+ - name: instance principal authentication - deploy workload
+ run: kubectl apply -f e2e/example/instance-principal/app.deployment.yaml.tmp -n app-instance
+
+ - name: instance principal authentication - Wait for pod to run
+ id: wait-on-pod-instance
+ # run: kubectl wait --for=jsonpath='{.status.phase}'=Running pods/${{ env.POD_NAME }} --timeout=90s
+ run: sleep 90
+
+ - name: instance principal authentication - Verify pods are running
+ id: pod-names-instance
+ run: kubectl get pods -l testingSecretName=instance-${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers -n app-instance
+
+ - name: instance principal authentication - capture pod name into env
+ run: echo "POD_NAME=`kubectl get pods -l testingSecretName=instance-${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers -n app-instance`" >> $GITHUB_ENV
+
+ - name: instance principal authentication - print secret value
+ id: print-secret-content-instance
+ run: echo "SECRET_CONTENT=`kubectl exec -n app-instance -it ${{ env.POD_NAME }} -- cat /mnt/secrets-store/${{ env.OCI_VAULT_SECRET_NAME }} 2> /dev/null | base64`" >> $GITHUB_ENV
+
+ - name: instance principal authentication - print values
+ run: echo "${{ env.SECRET_CONTENT }} == ${{ env.OCI_VAULT_SECRET_VALUE}}"
+
+ - name: instance principal authentication - verify value
+ run: if [ "${{ env.SECRET_CONTENT }}" == "${{ env.OCI_VAULT_SECRET_VALUE}}" ]; then exit 0; else exit 1; fi
+
# cleanup
- - name: remove deployment
+ - name: remove deployment - user principal authentication
+ if: ${{ always() }}
+ run: |
+ kubectl delete -f e2e/example/user-principal/app.deployment.yaml.tmp \
+ -f e2e/example/user-principal/secret-provider-class.yaml.tmp -n app-user
+
+ - name: remove deployment - workload identity authentication
if: ${{ always() }}
run: |
- kubectl delete -f e2e/example/app.deployment.yaml.tmp \
- -f e2e/example/secret-provider-class.yaml.tmp
+ kubectl delete -f e2e/example/workload-identity/secret-provider-class.yaml.tmp \
+ -f e2e/example/workload-identity/app.deployment.yaml.tmp \
+ -f e2e/example/workload-identity/service-account.yaml -n app-workload
+
+ - name: remove deployment - instance principal authentication
+ if: ${{ always() }}
+ run: |
+ kubectl delete -f e2e/example/instance-principal/secret-provider-class.yaml.tmp \
+ -f e2e/example/instance-principal/app.deployment.yaml.tmp -n app-instance
- name: delete secret
if: ${{ always() }}
- run: kubectl delete secret oci-config
+ run: kubectl delete secret oci-config -n app-user
- name: uninstall provider
if: ${{ always() }}
run: helm uninstall oci-provider -n ${{ env.PROVIDER_NAMESPACE }}
+ - name: delete namespaces
+ if: ${{ always() }}
+ run: kubectl delete namespace app-user app-workload app-instance
+
cleanup:
runs-on: ubuntu-latest
needs: [deploy-provider]
diff --git a/GettingStarted.md b/GettingStarted.md
index 55eeb9c4..c52a4137 100644
--- a/GettingStarted.md
+++ b/GettingStarted.md
@@ -11,6 +11,7 @@ The provider is a gRPC server accessible via the Unix domain socket. It's interf
* [Authentication & Authorization](#authn-authz)
* [User Principal](#auth-user-principal)
* [Instance Princiapl](#auth-instance-principal)
+ * [Workload Identity](#auth-workload-identity)
* [Access Policies](#access-policies)
* [Deployment](#deployment)
* [Helm](#helm-deployment)
@@ -49,9 +50,10 @@ This section describes steps to deploy and test solution.
### Authentication and Authorization
-Currently, two modes of authentication is supported. Some AuthN modes are applicable only for a particular variant of cluster.
+Currently, three modes of authentication is supported. Some AuthN modes are applicable only for a particular variant of cluster.
* [User Principal](#auth-user-principal)
* [Instance Principal](#auth-instance-principal)
+* [Workload Identity](#auth-workload-identity)
### User Principal
@@ -73,6 +75,15 @@ kubectl create secret generic oci-config \
### Instance Principal
Instance principal would work only on OKE cluster.
Access should be granted using Access Policies(See [Access Policies](#access-polices) section).
+
+
+### Workload Identity
+Workload Identity works only in OKE Enhanced clusters.
+
+Access should be granted using Access Policies(See [Access Policies for Workloads](#access-policies-workloads) section).
+
+Workload Identity uses a Resource Principal auth, which requires settings a couple of ENV variables on the provider pod, including the region where the cluster is deployed. To achieve this, make sure to specify the `provider.oci.auth.types.workload.resourcePrincipalVersion=` and `provider.oci.auth.types.workload.resourcePrincipalRegion=` parameters in the `values.yaml` for the Helm chart deployment, or as inline parameters.
+
### Access Policies
Access to the vault and secrets should be explicity granted using Policies in case of Instance principal authencation or other users(non owner of vault) or groups of tenancy in case of user principal authentication.
@@ -103,6 +114,13 @@ It involves two steps
More information on [Policy](https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policysyntax.htm)
+
+### Access Policies for Workloads
+
+With Workload Identity authentication, only a policy is required, which defines the kubernetes workload the policy works for:
+
+`allow any-user to use secret-family in compartment where ALL {request.principal.type='workload', request.principal.namespace ='', request.principal.service_account = 'oci-secrets-store-csi-driver-provider-sa', request.principal.cluster_id = 'ocid1.cluster.oc1....'}`
+
### Deployment
Provider and Driver would be deployed as Daemonset. `kube-system` namespace is preferred, but not restricted.
@@ -132,7 +150,7 @@ Default values are provided in `charts/oci-secrets-store-csi-driver-provider/val
kubectl apply -f deploy/provider.daemonset.yaml
kubectl apply -f deploy/provider.serviceaccount.yaml
- # if user authention principal is required
+ # if user authentication principal is required
kubectl apply -f deploy/provider.roles.yaml
```
diff --git a/charts/oci-secrets-store-csi-driver-provider/Chart.yaml b/charts/oci-secrets-store-csi-driver-provider/Chart.yaml
index f11e34e8..c3d972e7 100644
--- a/charts/oci-secrets-store-csi-driver-provider/Chart.yaml
+++ b/charts/oci-secrets-store-csi-driver-provider/Chart.yaml
@@ -7,10 +7,10 @@
apiVersion: v2
name: oci-secrets-store-csi-driver-provider
description: OCI Vault provider for the Secrets Store CSI driver.
-version: 0.3.1
+version: 0.4.0
type: application
-appVersion: "0.9.5"
+appVersion: "0.10.0"
kubeVersion: ">=1.19.0-0" # CSI Driver 1.2.0 is compatible with K8S 1.19+
dependencies:
diff --git a/charts/oci-secrets-store-csi-driver-provider/templates/provider.daemonset.yaml b/charts/oci-secrets-store-csi-driver-provider/templates/provider.daemonset.yaml
index 1cef2d0a..3cc1955f 100644
--- a/charts/oci-secrets-store-csi-driver-provider/templates/provider.daemonset.yaml
+++ b/charts/oci-secrets-store-csi-driver-provider/templates/provider.daemonset.yaml
@@ -42,6 +42,13 @@ spec:
name: health-port
- containerPort: {{ .Values.provider.metricsPort }}
name: metrics-port
+ {{ if .Values.provider.oci.auth.types.workload.enabled }}
+ env:
+ - name: OCI_RESOURCE_PRINCIPAL_VERSION
+ value: {{ .Values.provider.oci.auth.types.workload.resourcePrincipalVersion | quote }}
+ - name: OCI_RESOURCE_PRINCIPAL_REGION
+ value: {{ .Values.provider.oci.auth.types.workload.resourcePrincipalRegion }}
+ {{ end }}
resources:
{{- toYaml .Values.provider.resources | nindent 12 }}
# Container should run as root to mount the hostPath volume and create Unix Domain Socket in that volume.
diff --git a/charts/oci-secrets-store-csi-driver-provider/templates/provider.roles.yaml b/charts/oci-secrets-store-csi-driver-provider/templates/provider.roles.yaml
index 2b8a98c6..0c61e497 100644
--- a/charts/oci-secrets-store-csi-driver-provider/templates/provider.roles.yaml
+++ b/charts/oci-secrets-store-csi-driver-provider/templates/provider.roles.yaml
@@ -27,4 +27,29 @@ subjects:
- kind: ServiceAccount
name: {{ .Chart.Name }}-sa
namespace: {{ .Release.Namespace }}
-{{ end }}
\ No newline at end of file
+{{ end }}
+
+{{ if .Values.provider.oci.auth.types.workload.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .Chart.Name }}-workload-identity-cluster-role
+rules:
+- apiGroups: [""]
+ resources: ["serviceaccounts/token"]
+ verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Chart.Name }}-workload-identity-cluster-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Chart.Name }}-workload-identity-cluster-role
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-sa
+ namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/oci-secrets-store-csi-driver-provider/values.schema.json b/charts/oci-secrets-store-csi-driver-provider/values.schema.json
index 704ce72a..d54a7b0c 100644
--- a/charts/oci-secrets-store-csi-driver-provider/values.schema.json
+++ b/charts/oci-secrets-store-csi-driver-provider/values.schema.json
@@ -104,6 +104,24 @@
}
}
},
+ "workload": {
+ "description": "Settings for OCI Workload authentication",
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "description": "Settings for OCI Workload authentication",
+ "type": "boolean"
+ },
+ "resourcePrincipalVersion": {
+ "description": "Settings for OCI Workload authentication",
+ "type": "string"
+ },
+ "resourcePrincipalRegion": {
+ "description": "Settings for OCI Workload authentication",
+ "type": "string"
+ }
+ }
+ },
"additionalProperties": false
}
},
diff --git a/charts/oci-secrets-store-csi-driver-provider/values.yaml b/charts/oci-secrets-store-csi-driver-provider/values.yaml
index 3e3f59ef..baa8db15 100644
--- a/charts/oci-secrets-store-csi-driver-provider/values.yaml
+++ b/charts/oci-secrets-store-csi-driver-provider/values.yaml
@@ -35,6 +35,11 @@ provider:
enabled: true
user:
enabled: true
+ workload:
+ enabled: true
+ resourcePrincipalVersion: "2.2"
+ resourcePrincipalRegion: "us-ashburn-1"
+
# socket endpoint for connections
endpoint: "unix:///opt/provider/sockets/oci.sock"
diff --git a/deploy/example/app.deployment.yaml b/deploy/example/app.deployment.yaml
index d821ca3f..f051adb4 100644
--- a/deploy/example/app.deployment.yaml
+++ b/deploy/example/app.deployment.yaml
@@ -23,6 +23,8 @@ spec:
labels:
app: nginx
spec:
+ # serviceAccountName: workload-serviceaccount
+ # automountServiceAccountToken: true
containers:
- name: nginx
image: nginx:1.21.4-alpine
diff --git a/deploy/example/secret-provider-class.yaml b/deploy/example/secret-provider-class.yaml
index ad83fd80..70b2f7ce 100644
--- a/deploy/example/secret-provider-class.yaml
+++ b/deploy/example/secret-provider-class.yaml
@@ -34,5 +34,5 @@ spec:
versionNumber: 1
fileName: src-db-password
vaultId: ocid1.vault.oc1..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- authType: instance # possible values are: user, instance
+ authType: instance # possible values are: user, instance, workload
authSecretName: oci-config # required if authType is user and this value refers secret name contains user credentials for auth against vault
diff --git a/deploy/example/workload/workload-app.deployment.yaml b/deploy/example/workload/workload-app.deployment.yaml
new file mode 100644
index 00000000..7aa23b91
--- /dev/null
+++ b/deploy/example/workload/workload-app.deployment.yaml
@@ -0,0 +1,48 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# This Deployment is used as a reference example of how to mount secrets into the pod
+# via Secrets Store CSI Driver and OCI Vault Provider.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx
+ namespace: workload
+ labels:
+ app: nginx
+spec:
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ serviceAccountName: workload-sa
+ automountServiceAccountToken: true
+ containers:
+ - name: nginx
+ image: nginx:1.21.4-alpine
+ ports:
+ - containerPort: 80
+ resources:
+ limits:
+ memory: 128Mi
+ cpu: 200m
+ volumeMounts:
+ - name: 'some-creds'
+ mountPath: '/mnt/secrets-store' # here are mounted secrets
+ readOnly: true
+ volumes:
+ - name: some-creds
+ csi:
+ driver: 'secrets-store.csi.k8s.io'
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: 'test-oci-provider-class' # here we reference particular SecretProviderClass
\ No newline at end of file
diff --git a/deploy/example/workload/workload-secret-provider-class.yaml b/deploy/example/workload/workload-secret-provider-class.yaml
new file mode 100644
index 00000000..afa75134
--- /dev/null
+++ b/deploy/example/workload/workload-secret-provider-class.yaml
@@ -0,0 +1,39 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# SecretProviderClass is a custom resource to provide driver configurations and
+# provider-specific parameters to the CSI driver.
+#
+# On pod start and restart, the driver will communicate with the provider to retrieve the secret content
+# from the external Secrets Store you have specified in the SecretProviderClass resource.
+#
+# For more information check: https://secrets-store-csi-driver.sigs.k8s.io/getting-started/usage.html
+#
+# This SecretProviderClass is used as a reference example of how to configure the OCI Vault provider.
+# Each SecretProviderClass enumerates secrets to mount into the pod.
+# So, multiple SecretProviderClass resources could exist in a single Kubernetes cluster.
+
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+ name: test-oci-provider-class # SecretProviderClass name is referenced from pod definition
+ namespace: workload
+spec:
+ provider: oci # `provider` value is used as the provider socket name, must be constant
+ parameters:
+ # Each secret could be identified with `name` and either `stage` or `versionNumber`.
+ # If both `stage` and `versionNumber` are omitted, default stage CURRENT is used.
+ # Secret names could not be duplicated, since `name` field is used as a file name during the mounting.
+ secrets: |
+ - name: Secret-1
+ stage: CURRENT
+ - name: Secret-2
+ versionNumber: 1
+ fileName: src-db-password
+ vaultId: ocid1.vault.oc1.phx.efszzxxbaabz6.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ authType: workload # possible values are: user, instance, workload
+ authSecretName: oci-config # required if authType is user and this value refers secret name contains user credentials for auth against vault
diff --git a/deploy/example/workload/workload.serviceaccount.yaml b/deploy/example/workload/workload.serviceaccount.yaml
new file mode 100644
index 00000000..d0e8bc95
--- /dev/null
+++ b/deploy/example/workload/workload.serviceaccount.yaml
@@ -0,0 +1,17 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: workload
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: workload-sa
+ namespace: workload
\ No newline at end of file
diff --git a/deploy/provider.daemonset.yaml b/deploy/provider.daemonset.yaml
index 921aed1f..51bbb697 100644
--- a/deploy/provider.daemonset.yaml
+++ b/deploy/provider.daemonset.yaml
@@ -36,6 +36,11 @@ spec:
- --metrics-port=8198
- --enable-pprof=true
- --pprof-port=6060
+ env:
+ - name: OCI_RESOURCE_PRINCIPAL_VERSION
+ value: "2.2"
+ - name: OCI_RESOURCE_PRINCIPAL_REGION
+ value: "us-ashburn-1"
resources:
requests:
cpu: 50m
diff --git a/deploy/provider.roles.yaml b/deploy/provider.roles.yaml
index 9ca605d7..c53edade 100644
--- a/deploy/provider.roles.yaml
+++ b/deploy/provider.roles.yaml
@@ -13,6 +13,9 @@ rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
+- apiGroups: [""]
+ resources: ["serviceaccounts/token"]
+ verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/e2e/example/app.deployment.yaml b/e2e/example/instance-principal/app.deployment.yaml
similarity index 100%
rename from e2e/example/app.deployment.yaml
rename to e2e/example/instance-principal/app.deployment.yaml
diff --git a/e2e/example/instance-principal/secret-provider-class.yaml b/e2e/example/instance-principal/secret-provider-class.yaml
new file mode 100644
index 00000000..b262eb58
--- /dev/null
+++ b/e2e/example/instance-principal/secret-provider-class.yaml
@@ -0,0 +1,30 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# SecretProviderClass is a custom resource to provide driver configurations and
+# provider-specific parameters to the CSI driver.
+#
+# On pod start and restart, the driver will communicate with the provider to retrieve the secret content
+# from the external Secrets Store you have specified in the SecretProviderClass resource.
+#
+# For more information check: https://secrets-store-csi-driver.sigs.k8s.io/getting-started/usage.html
+#
+# This SecretProviderClass is used as a reference example of how to configure the OCI Vault provider.
+# Each SecretProviderClass enumerates secrets to mount into the pod.
+# So, multiple SecretProviderClass resources could exist in a single Kubernetes cluster.
+
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+ name: test-oci-provider-class # SecretProviderClass name is referenced from pod definition
+spec:
+ parameters:
+ authType: instance
+ secrets: |
+ - name: test-secret-12813
+ vaultId: ocid1.vault.oc1..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ provider: oci
\ No newline at end of file
diff --git a/e2e/example/user-principal/app.deployment.yaml b/e2e/example/user-principal/app.deployment.yaml
new file mode 100644
index 00000000..453e9050
--- /dev/null
+++ b/e2e/example/user-principal/app.deployment.yaml
@@ -0,0 +1,46 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# This Deployment is used as a reference example of how to mount secrets into the pod
+# via Secrets Store CSI Driver and OCI Vault Provider.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx
+ labels:
+ app: nginx
+spec:
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ testingSecretName: abc
+ spec:
+ containers:
+ - name: nginx
+ image: nginx:1.21.4-alpine
+ ports:
+ - containerPort: 80
+ resources:
+ limits:
+ memory: 128Mi
+ cpu: 200m
+ volumeMounts:
+ - name: 'some-creds'
+ mountPath: '/mnt/secrets-store' # here are mounted secrets
+ readOnly: true
+ volumes:
+ - name: some-creds
+ csi:
+ driver: 'secrets-store.csi.k8s.io'
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: 'test-oci-provider-class' # here we reference particular SecretProviderClass
\ No newline at end of file
diff --git a/e2e/example/secret-provider-class.yaml b/e2e/example/user-principal/secret-provider-class.yaml
similarity index 100%
rename from e2e/example/secret-provider-class.yaml
rename to e2e/example/user-principal/secret-provider-class.yaml
diff --git a/e2e/example/user-auth-config-example.yaml b/e2e/example/user-principal/user-auth-config-example.yaml
similarity index 100%
rename from e2e/example/user-auth-config-example.yaml
rename to e2e/example/user-principal/user-auth-config-example.yaml
diff --git a/e2e/example/workload-identity/app.deployment.yaml b/e2e/example/workload-identity/app.deployment.yaml
new file mode 100644
index 00000000..7a9c19f6
--- /dev/null
+++ b/e2e/example/workload-identity/app.deployment.yaml
@@ -0,0 +1,48 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# This Deployment is used as a reference example of how to mount secrets into the pod
+# via Secrets Store CSI Driver and OCI Vault Provider.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx
+ labels:
+ app: nginx
+spec:
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ testingSecretName: abc
+ spec:
+ serviceAccountName: workload-sa
+ automountServiceAccountToken: true
+ containers:
+ - name: nginx
+ image: nginx:1.21.4-alpine
+ ports:
+ - containerPort: 80
+ resources:
+ limits:
+ memory: 128Mi
+ cpu: 200m
+ volumeMounts:
+ - name: 'some-creds'
+ mountPath: '/mnt/secrets-store' # here are mounted secrets
+ readOnly: true
+ volumes:
+ - name: some-creds
+ csi:
+ driver: 'secrets-store.csi.k8s.io'
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: 'test-oci-provider-class' # here we reference particular SecretProviderClass
\ No newline at end of file
diff --git a/e2e/example/workload-identity/secret-provider-class.yaml b/e2e/example/workload-identity/secret-provider-class.yaml
new file mode 100644
index 00000000..577fe3f2
--- /dev/null
+++ b/e2e/example/workload-identity/secret-provider-class.yaml
@@ -0,0 +1,34 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# SecretProviderClass is a custom resource to provide driver configurations and
+# provider-specific parameters to the CSI driver.
+#
+# On pod start and restart, the driver will communicate with the provider to retrieve the secret content
+# from the external Secrets Store you have specified in the SecretProviderClass resource.
+#
+# For more information check: https://secrets-store-csi-driver.sigs.k8s.io/getting-started/usage.html
+#
+# This SecretProviderClass is used as a reference example of how to configure the OCI Vault provider.
+# Each SecretProviderClass enumerates secrets to mount into the pod.
+# So, multiple SecretProviderClass resources could exist in a single Kubernetes cluster.
+
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+ name: test-oci-provider-class # SecretProviderClass name is referenced from pod definition
+spec:
+ provider: oci # `provider` value is used as the provider socket name, must be constant
+ parameters:
+ # Each secret could be identified with `name` and either `stage` or `versionNumber`.
+ # If both `stage` and `versionNumber` are omitted, default stage CURRENT is used.
+ # Secret names could not be duplicated, since `name` field is used as a file name during the mounting.
+ secrets: |
+ - name: test-secret-12813
+ vaultId: ocid1.vault.oc1.iad.abcd.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ authType: workload # possible values are: user, instance, workload
+ authSecretName: oci-config # required if authType is user and this value refers secret name contains user credentials for auth against vault
diff --git a/e2e/example/workload-identity/service-account.yaml b/e2e/example/workload-identity/service-account.yaml
new file mode 100644
index 00000000..e30933a7
--- /dev/null
+++ b/e2e/example/workload-identity/service-account.yaml
@@ -0,0 +1,11 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: workload-sa
\ No newline at end of file
diff --git a/go.mod b/go.mod
index 7e91a7f9..7fee1eea 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/oracle-samples/oci-secrets-store-csi-driver-provider
go 1.19
require (
- github.com/oracle/oci-go-sdk/v65 v65.3.0
+ github.com/oracle/oci-go-sdk/v65 v65.61.1
github.com/pkg/errors v0.9.1
github.com/rs/zerolog v1.26.1
go.opentelemetry.io/otel v0.20.0
@@ -51,7 +51,7 @@ require (
go.opentelemetry.io/otel/trace v0.20.0 // indirect
golang.org/x/net v0.7.0 // indirect
golang.org/x/oauth2 v0.4.0 // indirect
- golang.org/x/sys v0.5.0 // indirect
+ golang.org/x/sys v0.8.0 // indirect
golang.org/x/term v0.5.0 // indirect
golang.org/x/text v0.7.0 // indirect
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
diff --git a/go.sum b/go.sum
index 7fbeb216..56aa34d8 100644
--- a/go.sum
+++ b/go.sum
@@ -321,8 +321,8 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS
github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/oracle/oci-go-sdk/v65 v65.3.0 h1:O8QvjQHyKeIxxyLBkv0w7NAmwPSDeIg/eZCevKMNq3s=
-github.com/oracle/oci-go-sdk/v65 v65.3.0/go.mod h1:oyMrMa1vOzzKTmPN+kqrTR9y9kPA2tU1igN3NUSNTIE=
+github.com/oracle/oci-go-sdk/v65 v65.61.1 h1:5N65lmT+NAeoS69Se0TLbAcylLyZ8jR/iuo1j+exXMk=
+github.com/oracle/oci-go-sdk/v65 v65.61.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
@@ -397,15 +397,20 @@ github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3
github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
@@ -593,9 +598,8 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
diff --git a/internal/server/server.go b/internal/server/server.go
index 400dc76e..815d30a6 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -12,6 +12,7 @@ import (
"encoding/json"
"fmt"
"strconv"
+ "time"
"os"
@@ -21,8 +22,10 @@ import (
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"gopkg.in/yaml.v3"
+ authenticationv1 "k8s.io/api/authentication/v1"
core "k8s.io/api/core/v1"
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
+ apiMachineryTypes "k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
provider "sigs.k8s.io/secrets-store-csi-driver/provider/v1alpha1"
@@ -52,6 +55,8 @@ const vaultIDField = "vaultId"
const secretProviderClassField = "secretProviderClass"
const podNameField = "csi.storage.k8s.io/pod.name"
const podNamespaceField = "csi.storage.k8s.io/pod.namespace"
+const podUIDField = "csi.storage.k8s.io/pod.uid"
+const podServiceAccountField = "csi.storage.k8s.io/serviceAccount.name"
// BuildVersion set during the build with ldflags
var BuildVersion string
@@ -166,6 +171,25 @@ func (server *ProviderServer) retrieveAuthConfig(ctx context.Context,
return nil, fmt.Errorf("missing auth config data: %v", err)
}
auth.Config = *authCfg
+ } else if principalType == types.Workload {
+
+ podInfo := &types.PodInfo{
+ Name: requestAttributes[podNameField],
+ UID: apiMachineryTypes.UID(requestAttributes[podUIDField]),
+ ServiceAccountName: requestAttributes[podServiceAccountField],
+ Namespace: requestAttributes[podNamespaceField],
+ }
+ saTokenStr, err := server.getSAToken(podInfo)
+ if err != nil {
+ err := fmt.Errorf("can not generate token for service account: %s, namespace: %s, Error: %v",
+ podInfo.ServiceAccountName, podInfo.Namespace, err)
+ return nil, err
+ }
+
+ auth.WorkloadIdentityCfg = types.WorkloadIdentityConfig{
+ SaToken: []byte(saTokenStr),
+ // Region: region,
+ }
}
return auth, nil
}
@@ -195,6 +219,49 @@ func parseAuthConfig(secret *core.Secret, authConfigSecretName string) (*types.A
return authCfg, nil
}
+func (server *ProviderServer) getK8sClientSet() (*kubernetes.Clientset, error) {
+ clusterCfg, err := rest.InClusterConfig()
+ if err != nil {
+ return nil, fmt.Errorf("can not get cluster config. error: %v", err)
+ }
+
+ clientset, err := kubernetes.NewForConfig(clusterCfg)
+ if err != nil {
+ return nil, fmt.Errorf("can not initialize kubernetes client. error: %v", err)
+ }
+
+ return clientset, nil
+}
+
+func (server *ProviderServer) getSAToken(podInfo *types.PodInfo) (string, error) {
+ clientSet, err := server.getK8sClientSet()
+ if err != nil {
+ return "", fmt.Errorf("unable to get k8s client: %v", err)
+ }
+ ttl := int64((15 * time.Minute).Seconds())
+ resp, err := clientSet.CoreV1().
+ ServiceAccounts(podInfo.Namespace).
+ CreateToken(context.Background(), podInfo.ServiceAccountName,
+ &authenticationv1.TokenRequest{
+ Spec: authenticationv1.TokenRequestSpec{
+ ExpirationSeconds: &ttl,
+ Audiences: []string{},
+ BoundObjectRef: &authenticationv1.BoundObjectReference{
+ Kind: "Pod",
+ APIVersion: "v1",
+ Name: podInfo.Name,
+ UID: podInfo.UID,
+ },
+ },
+ },
+ meta.CreateOptions{},
+ )
+ if err != nil {
+ return "", fmt.Errorf("unable to fetch token from token api: %v", err)
+ }
+ return resp.Status.Token, nil
+}
+
func (server *ProviderServer) readK8sSecret(ctx context.Context, namespace string,
secretName string) (*core.Secret, error) {
clusterCfg, err := rest.InClusterConfig()
diff --git a/internal/service/secret_client_factory.go b/internal/service/secret_client_factory.go
index e7be20db..d7a21fc1 100644
--- a/internal/service/secret_client_factory.go
+++ b/internal/service/secret_client_factory.go
@@ -48,6 +48,10 @@ func (factory *OCISecretClientFactory) createConfigProvider( //nolint:ireturn //
return common.NewRawConfigurationProvider(cfg.TenancyID, cfg.UserID,
cfg.Region, cfg.Fingerprint, cfg.PrivateKey, &cfg.Passphrase), nil
+ case types.Workload:
+ return auth.OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider(
+ auth.NewSuppliedServiceAccountTokenProvider(string(authCfg.WorkloadIdentityCfg.SaToken)))
+
default:
return nil, fmt.Errorf("unable to determine OCI principal type for configuration provider")
}
diff --git a/internal/service/secret_service_test.go b/internal/service/secret_service_test.go
index 633962cd..02e766c3 100644
--- a/internal/service/secret_service_test.go
+++ b/internal/service/secret_service_test.go
@@ -15,6 +15,7 @@ import (
"github.com/oracle-samples/oci-secrets-store-csi-driver-provider/internal/testutils"
"github.com/oracle-samples/oci-secrets-store-csi-driver-provider/internal/types"
"github.com/oracle/oci-go-sdk/v65/common"
+ "github.com/oracle/oci-go-sdk/v65/common/auth"
"github.com/oracle/oci-go-sdk/v65/secrets"
)
@@ -40,6 +41,9 @@ func (factory *MockOCISecretClientFactory) createConfigProvider( //nolint:iretur
return common.NewRawConfigurationProvider("tenancy", "user", "region", "fingerprint", "privatekey", nil), nil
case types.Instance:
return common.NewRawConfigurationProvider("tenancy", "user", "region", "fingerprint", "privatekey", nil), nil
+ case types.Workload:
+ return auth.OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider(
+ auth.NewSuppliedServiceAccountTokenProvider(string(authCfg.WorkloadIdentityCfg.SaToken)))
default:
return nil, fmt.Errorf("unable to determine OCI principal type for configuration provider")
}
@@ -66,6 +70,9 @@ func (factory *MockErrorOCISecretClientFactory) createConfigProvider( //nolint:i
return common.NewRawConfigurationProvider("a", "b", "c", "d", "e", nil), nil
case types.Instance:
return common.NewRawConfigurationProvider("a", "b", "c", "d", "e", nil), nil
+ case types.Workload:
+ return auth.OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider(
+ auth.NewSuppliedServiceAccountTokenProvider(string(authCfg.WorkloadIdentityCfg.SaToken)))
default:
return nil, fmt.Errorf("unable to determine OCI principal type for configuration provider")
}
diff --git a/internal/types/types.go b/internal/types/types.go
index 0ed5dd81..603c89b3 100644
--- a/internal/types/types.go
+++ b/internal/types/types.go
@@ -13,6 +13,7 @@ import (
"strings"
"gopkg.in/yaml.v3"
+ apiMachineryTypes "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/validation/field"
)
@@ -50,6 +51,13 @@ func determineFileName(name string, alias string) string {
return fileName
}
+type PodInfo struct {
+ Namespace string
+ Name string
+ UID apiMachineryTypes.UID
+ ServiceAccountName string
+}
+
type VersionNumber int64
// UnmarshalYAML customizes unmarshaling of YAML document into VersionNumber
@@ -168,6 +176,7 @@ type OCIPrincipalType string
const (
Instance OCIPrincipalType = "instance"
User OCIPrincipalType = "user"
+ Workload OCIPrincipalType = "workload"
)
type VaultID string
@@ -178,6 +187,8 @@ func MapToPrincipalType(authType string) (OCIPrincipalType, error) {
return Instance, nil
case string(User):
return User, nil
+ case string(Workload):
+ return Workload, nil
default:
return "", fmt.Errorf("unknown OCI principal type: %v", authType)
}
@@ -191,8 +202,14 @@ type SecretServiceRequest struct {
}
type Auth struct {
- Type OCIPrincipalType
- Config AuthConfig
+ Type OCIPrincipalType
+ Config AuthConfig
+ WorkloadIdentityCfg WorkloadIdentityConfig
+}
+
+type WorkloadIdentityConfig struct {
+ // Region string
+ SaToken []byte
}
type AuthConfig struct {
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/LICENSE.txt b/vendor/github.com/oracle/oci-go-sdk/v65/LICENSE.txt
index 2b28b149..a8c31837 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/LICENSE.txt
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/LICENSE.txt
@@ -1,22 +1,42 @@
-Copyright (c) 2016, 2018, 2020, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl
or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
____________________________
+Copyright (c) 2016, 2023 Oracle and/or its affiliates.
+
The Universal Permissive License (UPL), Version 1.0
-Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
-Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this software, associated documentation and/or data (collectively the "Software"), free of charge and under any and all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or (ii) the Larger Works (as defined below), to deal in both
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
(a) the Software, and
-(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software (each a "Larger Work" to which the Software is contributed by such licensors),
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
-without restriction, including without limitation the rights to copy, create derivative works of, display, perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms.
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
This license is subject to the following condition:
-
-The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
The Apache Software License, Version 2.0
Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/certificate_retriever.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/certificate_retriever.go
index 170adf50..af3c772e 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/certificate_retriever.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/certificate_retriever.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
@@ -162,7 +162,7 @@ func (r *urlBasedX509CertificateRetriever) PrivateKey() *rsa.PrivateKey {
return &c
}
-//staticCertificateRetriever serves certificates from static data
+// staticCertificateRetriever serves certificates from static data
type staticCertificateRetriever struct {
Passphrase []byte
CertificatePem []byte
@@ -172,7 +172,7 @@ type staticCertificateRetriever struct {
mux sync.Mutex
}
-//Refresh proccess the inputs into appropiate keys and certificates
+// Refresh proccess the inputs into appropiate keys and certificates
func (r *staticCertificateRetriever) Refresh() error {
r.mux.Lock()
defer r.mux.Unlock()
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/configuration.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/configuration.go
index 257f81a4..8c3bc3f1 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/configuration.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/configuration.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
@@ -15,22 +15,22 @@ type instancePrincipalConfigurationProvider struct {
region *common.Region
}
-//InstancePrincipalConfigurationProvider returns a configuration for instance principals
+// InstancePrincipalConfigurationProvider returns a configuration for instance principals
func InstancePrincipalConfigurationProvider() (common.ConfigurationProvider, error) {
return newInstancePrincipalConfigurationProvider("", nil)
}
-//InstancePrincipalConfigurationProviderForRegion returns a configuration for instance principals with a given region
+// InstancePrincipalConfigurationProviderForRegion returns a configuration for instance principals with a given region
func InstancePrincipalConfigurationProviderForRegion(region common.Region) (common.ConfigurationProvider, error) {
return newInstancePrincipalConfigurationProvider(region, nil)
}
-//InstancePrincipalConfigurationProviderWithCustomClient returns a configuration for instance principals using a modifier function to modify the HTTPRequestDispatcher
+// InstancePrincipalConfigurationProviderWithCustomClient returns a configuration for instance principals using a modifier function to modify the HTTPRequestDispatcher
func InstancePrincipalConfigurationProviderWithCustomClient(modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) (common.ConfigurationProvider, error) {
return newInstancePrincipalConfigurationProvider("", modifier)
}
-//InstancePrincipalConfigurationForRegionWithCustomClient returns a configuration for instance principals with a given region using a modifier function to modify the HTTPRequestDispatcher
+// InstancePrincipalConfigurationForRegionWithCustomClient returns a configuration for instance principals with a given region using a modifier function to modify the HTTPRequestDispatcher
func InstancePrincipalConfigurationForRegionWithCustomClient(region common.Region, modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) (common.ConfigurationProvider, error) {
return newInstancePrincipalConfigurationProvider(region, modifier)
}
@@ -47,7 +47,7 @@ func newInstancePrincipalConfigurationProvider(region common.Region, modifier fu
return instancePrincipalConfigurationProvider{keyProvider: *keyProvider, region: nil}, nil
}
-//InstancePrincipalConfigurationWithCerts returns a configuration for instance principals with a given region and hardcoded certificates in lieu of metadata service certs
+// InstancePrincipalConfigurationWithCerts returns a configuration for instance principals with a given region and hardcoded certificates in lieu of metadata service certs
func InstancePrincipalConfigurationWithCerts(region common.Region, leafCertificate, leafPassphrase, leafPrivateKey []byte, intermediateCertificates [][]byte) (common.ConfigurationProvider, error) {
leafCertificateRetriever := staticCertificateRetriever{Passphrase: leafPassphrase, CertificatePem: leafCertificate, PrivateKeyPem: leafPrivateKey}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/dispatcher_modifier.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/dispatcher_modifier.go
index 02f81a61..c570f20a 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/dispatcher_modifier.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/dispatcher_modifier.go
@@ -1,16 +1,16 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
import "github.com/oracle/oci-go-sdk/v65/common"
-//dispatcherModifier gives ability to modify a HTTPRequestDispatcher before use.
+// dispatcherModifier gives ability to modify a HTTPRequestDispatcher before use.
type dispatcherModifier struct {
modifiers []func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)
}
-//newDispatcherModifier creates a new dispatcherModifier with optional initial modifier (may be nil).
+// newDispatcherModifier creates a new dispatcherModifier with optional initial modifier (may be nil).
func newDispatcherModifier(modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) *dispatcherModifier {
dispatcherModifier := &dispatcherModifier{
modifiers: make([]func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error), 0),
@@ -21,12 +21,12 @@ func newDispatcherModifier(modifier func(common.HTTPRequestDispatcher) (common.H
return dispatcherModifier
}
-//QueueModifier queues up a new modifier
+// QueueModifier queues up a new modifier
func (c *dispatcherModifier) QueueModifier(modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) {
c.modifiers = append(c.modifiers, modifier)
}
-//Modify the provided HTTPRequestDispatcher with this modifier, and return the result, or error if something goes wrong
+// Modify the provided HTTPRequestDispatcher with this modifier, and return the result, or error if something goes wrong
func (c *dispatcherModifier) Modify(dispatcher common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error) {
if len(c.modifiers) > 0 {
for _, modifier := range c.modifiers {
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/federation_client.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/federation_client.go
index a3d792b1..dbb74c6c 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/federation_client.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/federation_client.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Package auth provides supporting functions and structs for authentication
@@ -13,6 +13,7 @@ import (
"errors"
"fmt"
"io/ioutil"
+ "math"
"net/http"
"os"
"strings"
@@ -282,22 +283,24 @@ func (c *x509FederationClient) renewSecurityToken() (err error) {
}
func (c *x509FederationClient) getSecurityToken() (securityToken, error) {
- request := c.makeX509FederationRequest()
-
var err error
var httpRequest http.Request
- if httpRequest, err = common.MakeDefaultHTTPRequestWithTaggedStruct(http.MethodPost, "", request); err != nil {
- return nil, fmt.Errorf("failed to make http request: %s", err.Error())
- }
-
var httpResponse *http.Response
defer common.CloseBodyIfValid(httpResponse)
for retry := 0; retry < 5; retry++ {
+ request := c.makeX509FederationRequest()
+
+ if httpRequest, err = common.MakeDefaultHTTPRequestWithTaggedStruct(http.MethodPost, "", request); err != nil {
+ return nil, fmt.Errorf("failed to make http request: %s", err.Error())
+ }
+
if httpResponse, err = c.authClient.Call(context.Background(), &httpRequest); err == nil {
break
}
- time.Sleep(250 * time.Microsecond)
+
+ nextDuration := time.Duration(1000.0*(math.Pow(2.0, float64(retry)))) * time.Millisecond
+ time.Sleep(nextDuration)
}
if err != nil {
return nil, fmt.Errorf("failed to call: %s", err.Error())
@@ -373,7 +376,7 @@ type sessionKeySupplier interface {
PublicKeyPemRaw() []byte
}
-//genericKeySupplier implements sessionKeySupplier and provides an arbitrary refresh mechanism
+// genericKeySupplier implements sessionKeySupplier and provides an arbitrary refresh mechanism
type genericKeySupplier struct {
RefreshFn func() (*rsa.PrivateKey, []byte, error)
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/federation_client_oke_workload_identity.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/federation_client_oke_workload_identity.go
new file mode 100644
index 00000000..517fbce0
--- /dev/null
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/federation_client_oke_workload_identity.go
@@ -0,0 +1,215 @@
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
+// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+
+package auth
+
+import (
+ "bytes"
+ "crypto/rsa"
+ "crypto/tls"
+ "crypto/x509"
+ "encoding/base64"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/oracle/oci-go-sdk/v65/common"
+ "github.com/oracle/oci-go-sdk/v65/common/utils"
+)
+
+const (
+ rpstValidForRatio float64 = 0.5
+)
+
+// Workload RPST Issuance Service (WRIS)
+// x509FederationClientForOkeWorkloadIdentity retrieves a security token from Auth service.
+type x509FederationClientForOkeWorkloadIdentity struct {
+ tenancyID string
+ sessionKeySupplier sessionKeySupplier
+ securityToken securityToken
+ authClient *common.BaseClient
+ mux sync.Mutex
+ proxymuxEndpoint string
+ saTokenProvider ServiceAccountTokenProvider
+ kubernetesServiceAccountCert *x509.CertPool
+}
+
+func newX509FederationClientForOkeWorkloadIdentity(endpoint string, saTokenProvider ServiceAccountTokenProvider,
+ kubernetesServiceAccountCert *x509.CertPool) (federationClient, error) {
+ client := &x509FederationClientForOkeWorkloadIdentity{
+ proxymuxEndpoint: endpoint,
+ saTokenProvider: saTokenProvider,
+ kubernetesServiceAccountCert: kubernetesServiceAccountCert,
+ }
+
+ client.sessionKeySupplier = newSessionKeySupplier()
+
+ return client, nil
+}
+
+func (c *x509FederationClientForOkeWorkloadIdentity) renewSecurityToken() (err error) {
+ if err = c.sessionKeySupplier.Refresh(); err != nil {
+ return fmt.Errorf("failed to refresh session key: %s", err.Error())
+ }
+
+ common.Logf("Renewing security token at: %v\n", time.Now().Format("15:04:05.000"))
+ if c.securityToken, err = c.getSecurityToken(); err != nil {
+ return fmt.Errorf("failed to get security token: %s", err.Error())
+ }
+ common.Logf("Security token renewed at: %v\n", time.Now().Format("15:04:05.000"))
+
+ return nil
+}
+
+type workloadIdentityRequestPayload struct {
+ Podkey string `json:"podKey"`
+}
+type token struct {
+ Token string
+}
+
+// getSecurityToken get security token from Proxymux
+func (c *x509FederationClientForOkeWorkloadIdentity) getSecurityToken() (securityToken, error) {
+ client := http.Client{
+ Timeout: 30 * time.Second,
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: c.kubernetesServiceAccountCert,
+ },
+ },
+ }
+
+ publicKey := string(c.sessionKeySupplier.PublicKeyPemRaw())
+ common.Logf("Public Key for OKE Workload Identity is:", publicKey)
+ rawPayload := workloadIdentityRequestPayload{Podkey: publicKey}
+ payload, err := json.Marshal(rawPayload)
+ if err != nil {
+ return nil, fmt.Errorf("error getting security token%s", err)
+ }
+
+ common.Logf("Payload for OKE Workload Identity is:", string(payload))
+ request, err := http.NewRequest(http.MethodPost, c.proxymuxEndpoint, bytes.NewBuffer(payload))
+
+ if err != nil {
+ common.Logf("error %s", err)
+ return nil, fmt.Errorf("error getting security token %s", err)
+ }
+
+ kubernetesServiceAccountToken, err := c.saTokenProvider.ServiceAccountToken()
+ if err != nil {
+ common.Logf("error %s", err)
+ return nil, fmt.Errorf("error getting service account token %s", err)
+ }
+
+ common.Logf("Service Account Token for OKE Workload Identity is: ", kubernetesServiceAccountToken)
+ request.Header.Add("Authorization", "Bearer "+kubernetesServiceAccountToken)
+ request.Header.Set("Content-Type", "application/json")
+ opcRequestID := utils.GenerateOpcRequestID()
+ request.Header.Set("opc-request-id", opcRequestID)
+
+ response, err := client.Do(request)
+ if err != nil {
+ return nil, fmt.Errorf("error %s", err)
+ }
+
+ var body bytes.Buffer
+ defer func(body io.ReadCloser) {
+ err := body.Close()
+ if err != nil {
+ common.Logf("error %s", err)
+ }
+ }(response.Body)
+
+ statusCode := response.StatusCode
+ if statusCode != http.StatusOK {
+ return nil, fmt.Errorf("failed to get a RPST token from Proxymux: URL: %s, Status: %s, Message: %s",
+ c.proxymuxEndpoint, response.Status, body.String())
+ }
+
+ if _, err = body.ReadFrom(response.Body); err != nil {
+ return nil, fmt.Errorf("error reading body from Proxymux response: %s", err)
+ }
+
+ rawBody := body.String()
+ rawBody = rawBody[1 : len(rawBody)-1]
+ decodedBodyStr, err := base64.StdEncoding.DecodeString(rawBody)
+ if err != nil {
+ return nil, fmt.Errorf("error decoding Proxymux response using base64 scheme: %s", err)
+ }
+
+ var parsedBody token
+ err = json.Unmarshal(decodedBodyStr, &parsedBody)
+ if err != nil {
+ return nil, fmt.Errorf("error parsing Proxymux response body: %s", err)
+ }
+
+ token := parsedBody.Token
+ if len(token) == 0 {
+ return nil, fmt.Errorf("invalid (empty) token received from Proxymux")
+ }
+ if len(token) < 3 {
+ return nil, fmt.Errorf("invalid token received from Proxymux")
+ }
+
+ return newPrincipalToken(token[3:])
+}
+
+func (c *x509FederationClientForOkeWorkloadIdentity) PrivateKey() (*rsa.PrivateKey, error) {
+ c.mux.Lock()
+ defer c.mux.Unlock()
+
+ if err := c.renewSecurityTokenIfNotValid(); err != nil {
+ return nil, err
+ }
+ return c.sessionKeySupplier.PrivateKey(), nil
+}
+
+func (c *x509FederationClientForOkeWorkloadIdentity) SecurityToken() (token string, err error) {
+ c.mux.Lock()
+ defer c.mux.Unlock()
+
+ if err = c.renewSecurityTokenIfNotValid(); err != nil {
+ return "", err
+ }
+ return c.securityToken.String(), nil
+}
+
+func (c *x509FederationClientForOkeWorkloadIdentity) renewSecurityTokenIfNotValid() (err error) {
+ if c.securityToken == nil || !c.securityToken.Valid() {
+ if err = c.renewSecurityToken(); err != nil {
+ return fmt.Errorf("failed to renew security token: %s", err.Error())
+ }
+ }
+ return nil
+}
+
+type workloadIdentityPrincipalToken struct {
+ principalToken
+}
+
+func (t *workloadIdentityPrincipalToken) Valid() bool {
+ // TODO: read rpstValidForRatio from rpst token
+ issuedAt := int64(t.jwtToken.payload["iat"].(float64))
+ expiredAt := int64(t.jwtToken.payload["exp"].(float64))
+ softExpiredAt := issuedAt + int64(float64(expiredAt-issuedAt)*rpstValidForRatio)
+ softExpiredAtTime := time.Unix(softExpiredAt, 0)
+ now := time.Now().Unix() + int64(bufferTimeBeforeTokenExpiration.Seconds())
+ expired := softExpiredAt <= now
+ if expired {
+ common.Debugf("Token expired at: %v", softExpiredAtTime.Format("15:04:05.000"))
+ }
+ return !expired
+}
+
+func (c *x509FederationClientForOkeWorkloadIdentity) GetClaim(key string) (interface{}, error) {
+ c.mux.Lock()
+ defer c.mux.Unlock()
+
+ if err := c.renewSecurityTokenIfNotValid(); err != nil {
+ return nil, err
+ }
+ return c.securityToken.GetClaim(key)
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_delegation_token_provider.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_delegation_token_provider.go
index 1733097d..83130748 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_delegation_token_provider.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_delegation_token_provider.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
@@ -23,7 +23,7 @@ func (ipe instancePrincipalDelegationTokenError) Error() string {
return fmt.Sprintf("%s\nInstance principals delegation token authentication can only be used on specific OCI services. Please confirm this code is running on the correct environment", ipe.err.Error())
}
-//InstancePrincipalDelegationTokenConfigurationProvider returns a configuration for obo token instance principals
+// InstancePrincipalDelegationTokenConfigurationProvider returns a configuration for obo token instance principals
func InstancePrincipalDelegationTokenConfigurationProvider(delegationToken *string) (common.ConfigurationProvider, error) {
if delegationToken == nil || len(*delegationToken) == 0 {
return nil, instancePrincipalDelegationTokenError{err: fmt.Errorf("failed to create a delagationTokenConfigurationProvider: token is a mandatory input parameter")}
@@ -31,7 +31,7 @@ func InstancePrincipalDelegationTokenConfigurationProvider(delegationToken *stri
return newInstancePrincipalDelegationTokenConfigurationProvider(delegationToken, "", nil)
}
-//InstancePrincipalDelegationTokenConfigurationProviderForRegion returns a configuration for obo token instance principals with a given region
+// InstancePrincipalDelegationTokenConfigurationProviderForRegion returns a configuration for obo token instance principals with a given region
func InstancePrincipalDelegationTokenConfigurationProviderForRegion(delegationToken *string, region common.Region) (common.ConfigurationProvider, error) {
if delegationToken == nil || len(*delegationToken) == 0 {
return nil, instancePrincipalDelegationTokenError{err: fmt.Errorf("failed to create a delagationTokenConfigurationProvider: token is a mandatory input parameter")}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_key_provider.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_key_provider.go
index e19c20c2..a307de34 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_key_provider.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/instance_principal_key_provider.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
@@ -8,6 +8,7 @@ import (
"crypto/rsa"
"fmt"
"net/http"
+ "os"
"strings"
"time"
@@ -15,7 +16,8 @@ import (
)
const (
- metadataBaseURL = `http://169.254.169.254/opc/v2`
+ defaultMetadataBaseURL = `http://169.254.169.254/opc/v2`
+ metadataBaseURLEnvVar = `OCI_METADATA_BASE_URL`
metadataFallbackURL = `http://169.254.169.254/opc/v1`
regionPath = `/instance/region`
leafCertificatePath = `/identity/cert.pem`
@@ -59,7 +61,7 @@ func (ipe instancePrincipalError) Error() string {
// KeyID that is not expired at the moment, the PrivateRSAKey that the client acquires at a next moment could be
// invalid because the KeyID could be already expired.
func newInstancePrincipalKeyProvider(modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) (provider *instancePrincipalKeyProvider, err error) {
- updateX509CertRetrieverURLParas(metadataBaseURL)
+ updateX509CertRetrieverURLParas(getMetadataBaseURL())
clientModifier := newDispatcherModifier(modifier)
client, err := clientModifier.Modify(&http.Client{})
@@ -111,8 +113,8 @@ func getRegionForFederationClient(dispatcher common.HTTPRequestDispatcher, url s
return common.StringToRegion(body.String()), nil
}
common.Logf("Error in getting region from url: %s, Status code: %v, Error: %s", url, statusCode, err.Error())
- if statusCode == 404 && strings.Compare(url, metadataBaseURL+regionPath) == 0 {
- common.Logf("Falling back to http://169.254.169.254/opc/v1 to try again...")
+ if statusCode == 404 && strings.Compare(url, getMetadataBaseURL()+regionPath) == 0 {
+ common.Logf("Falling back to http://169.254.169.254/opc/v1 to try again...\n")
updateX509CertRetrieverURLParas(metadataFallbackURL)
url = regionURL
}
@@ -157,3 +159,12 @@ func (p *instancePrincipalKeyProvider) TenancyOCID() (string, error) {
func (p *instancePrincipalKeyProvider) Refreshable() bool {
return true
}
+
+// Gets the Meta Data Base url from the Environment variable SNTL_METADATA_BASE_URL
+// If it is not present, returns default value instead
+func getMetadataBaseURL() string {
+ if baseURL := os.Getenv(metadataBaseURLEnvVar); baseURL != "" {
+ return baseURL
+ }
+ return defaultMetadataBaseURL
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/jwt.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/jwt.go
index b522ba87..36d0631d 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/jwt.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/jwt.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_delegation_token_provider.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_delegation_token_provider.go
new file mode 100644
index 00000000..d83918fe
--- /dev/null
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_delegation_token_provider.go
@@ -0,0 +1,90 @@
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
+// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+
+package auth
+
+import (
+ "crypto/rsa"
+ "fmt"
+
+ "github.com/oracle/oci-go-sdk/v65/common"
+)
+
+type resourcePrincipalDelegationTokenConfigurationProvider struct {
+ resourcePrincipalKeyProvider ConfigurationProviderWithClaimAccess
+ delegationToken string
+ region *common.Region
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) PrivateRSAKey() (*rsa.PrivateKey, error) {
+ return r.resourcePrincipalKeyProvider.PrivateRSAKey()
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) KeyID() (string, error) {
+ return r.resourcePrincipalKeyProvider.KeyID()
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) TenancyOCID() (string, error) {
+ return r.resourcePrincipalKeyProvider.TenancyOCID()
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) UserOCID() (string, error) {
+ return "", nil
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) KeyFingerprint() (string, error) {
+ return "", nil
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) Region() (string, error) {
+ if r.region == nil {
+ common.Debugf("Region in resource principal delegation token configuration provider is nil. Returning configuration provider region: %s", r.region)
+ return r.resourcePrincipalKeyProvider.Region()
+ }
+ return string(*r.region), nil
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) AuthType() (common.AuthConfig, error) {
+ token := r.delegationToken
+ return common.AuthConfig{AuthType: common.ResourcePrincipalDelegationToken, OboToken: &token}, nil
+}
+
+func (r resourcePrincipalDelegationTokenConfigurationProvider) GetClaim(key string) (interface{}, error) {
+ return r.resourcePrincipalKeyProvider.GetClaim(key)
+}
+
+type resourcePrincipalDelegationTokenError struct {
+ err error
+}
+
+func (rpe resourcePrincipalDelegationTokenError) Error() string {
+ return fmt.Sprintf("%s\nResource principals delegation token authentication can only be used on specific OCI services. Please confirm this code is running on the correct environment", rpe.err.Error())
+}
+
+// ResourcePrincipalDelegationTokenConfigurationProvider returns a configuration for obo token resource principals
+func ResourcePrincipalDelegationTokenConfigurationProvider(delegationToken *string) (ConfigurationProviderWithClaimAccess, error) {
+ if delegationToken == nil || len(*delegationToken) == 0 {
+ return nil, resourcePrincipalDelegationTokenError{err: fmt.Errorf("failed to create a delagationTokenConfigurationProvider: token is a mandatory input parameter")}
+ }
+ return newResourcePrincipalDelegationTokenConfigurationProvider(delegationToken, "", nil)
+}
+
+// ResourcePrincipalDelegationTokenConfigurationProviderForRegion returns a configuration for obo token resource principals with a given region
+func ResourcePrincipalDelegationTokenConfigurationProviderForRegion(delegationToken *string, region common.Region) (ConfigurationProviderWithClaimAccess, error) {
+ if delegationToken == nil || len(*delegationToken) == 0 {
+ return nil, resourcePrincipalDelegationTokenError{err: fmt.Errorf("failed to create a delagationTokenConfigurationProvider: token is a mandatory input parameter")}
+ }
+ return newResourcePrincipalDelegationTokenConfigurationProvider(delegationToken, region, nil)
+}
+
+func newResourcePrincipalDelegationTokenConfigurationProvider(delegationToken *string, region common.Region, modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) (ConfigurationProviderWithClaimAccess, error) {
+
+ keyProvider, err := ResourcePrincipalConfigurationProvider()
+ if err != nil {
+ return nil, resourcePrincipalDelegationTokenError{err: fmt.Errorf("failed to create a new key provider for resource principal: %s", err.Error())}
+ }
+ if len(region) > 0 {
+ return resourcePrincipalDelegationTokenConfigurationProvider{keyProvider, *delegationToken, ®ion}, err
+ }
+ return resourcePrincipalDelegationTokenConfigurationProvider{keyProvider, *delegationToken, nil}, err
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resouce_principal_key_provider.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_key_provider.go
similarity index 63%
rename from vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resouce_principal_key_provider.go
rename to vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_key_provider.go
index 9d73eae8..b51c3490 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resouce_principal_key_provider.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_key_provider.go
@@ -1,12 +1,14 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
import (
"crypto/rsa"
+ "crypto/x509"
"errors"
"fmt"
+ "io/ioutil"
"os"
"path"
@@ -33,7 +35,16 @@ const (
ResourcePrincipalSessionTokenEndpoint = "OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT"
//ResourcePrincipalTokenEndpoint endpoint for retrieving the Resource Principal Token
ResourcePrincipalTokenEndpoint = "OCI_RESOURCE_PRINCIPAL_RPT_ENDPOINT"
-
+ // KubernetesServiceAccountTokenPath that contains cluster information
+ KubernetesServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+ // DefaultKubernetesServiceAccountCertPath that contains cluster information
+ DefaultKubernetesServiceAccountCertPath = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+ // OciKubernetesServiceAccountCertPath Environment variable for Kubernetes Service Account Cert Path
+ OciKubernetesServiceAccountCertPath = "OCI_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH"
+ // KubernetesServiceHostEnvVar environment var holding the kubernetes host
+ KubernetesServiceHostEnvVar = "KUBERNETES_SERVICE_HOST"
+ // KubernetesProxymuxServicePort environment var holding the kubernetes port
+ KubernetesProxymuxServicePort = "12250"
// TenancyOCIDClaimKey is the key used to look up the resource tenancy in an RPST
TenancyOCIDClaimKey = "res_tenant"
// CompartmentOCIDClaimKey is the key used to look up the resource compartment in an RPST
@@ -85,6 +96,100 @@ func ResourcePrincipalConfigurationProvider() (ConfigurationProviderWithClaimAcc
}
}
+// OkeWorkloadIdentityConfigurationProvider returns a resource principal configuration provider by OKE Workload Identity
+func OkeWorkloadIdentityConfigurationProvider() (ConfigurationProviderWithClaimAccess, error) {
+ return OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider(NewDefaultServiceAccountTokenProvider())
+}
+
+// OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider returns a resource principal configuration provider by OKE Workload Identity
+// with service account token provider
+func OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider(saTokenProvider ServiceAccountTokenProvider) (ConfigurationProviderWithClaimAccess, error) {
+ var version string
+ var ok bool
+ if version, ok = os.LookupEnv(ResourcePrincipalVersionEnvVar); !ok {
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, not present", ResourcePrincipalVersionEnvVar)
+ return nil, resourcePrincipalError{err: err}
+ }
+
+ if version == ResourcePrincipalVersion1_1 || version == ResourcePrincipalVersion2_2 {
+
+ saCertPath := requireEnv(OciKubernetesServiceAccountCertPath)
+
+ if saCertPath == nil {
+ tmp := DefaultKubernetesServiceAccountCertPath
+ saCertPath = &tmp
+ }
+
+ kubernetesServiceAccountCertRaw, err := ioutil.ReadFile(*saCertPath)
+ if err != nil {
+ err = fmt.Errorf("can not create resource principal, error getting Kubernetes Service Account Token at %s", *saCertPath)
+ return nil, resourcePrincipalError{err: err}
+ }
+
+ kubernetesServiceAccountCert := x509.NewCertPool()
+ kubernetesServiceAccountCert.AppendCertsFromPEM(kubernetesServiceAccountCertRaw)
+
+ region := requireEnv(ResourcePrincipalRegionEnvVar)
+ if region == nil {
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, not present",
+ ResourcePrincipalRegionEnvVar)
+ return nil, resourcePrincipalError{err: err}
+ }
+
+ k8sServiceHost := requireEnv(KubernetesServiceHostEnvVar)
+ if k8sServiceHost == nil {
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, not present",
+ KubernetesServiceHostEnvVar)
+ return nil, resourcePrincipalError{err: err}
+ }
+ proxymuxEndpoint := fmt.Sprintf("https://%s:%s/resourcePrincipalSessionTokens", *k8sServiceHost, KubernetesProxymuxServicePort)
+
+ return newOkeWorkloadIdentityProvider(proxymuxEndpoint, saTokenProvider, kubernetesServiceAccountCert, *region)
+ }
+
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, must be valid", ResourcePrincipalVersionEnvVar)
+ return nil, resourcePrincipalError{err: err}
+}
+
+// ResourcePrincipalConfigurationProviderForRegion returns a resource principal configuration provider using well known
+// environment variables to look up token information, for a given region. The environment variables can either paths or contain the material value
+// of the keys. However, in the case of the keys and tokens paths and values can not be mixed
+func ResourcePrincipalConfigurationProviderForRegion(region common.Region) (ConfigurationProviderWithClaimAccess, error) {
+ var version string
+ var ok bool
+ if version, ok = os.LookupEnv(ResourcePrincipalVersionEnvVar); !ok {
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, not present", ResourcePrincipalVersionEnvVar)
+ return nil, resourcePrincipalError{err: err}
+ }
+
+ switch version {
+ case ResourcePrincipalVersion2_2:
+ rpst := requireEnv(ResourcePrincipalRPSTEnvVar)
+ if rpst == nil {
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, not present", ResourcePrincipalVersionEnvVar)
+ return nil, resourcePrincipalError{err: err}
+ }
+ private := requireEnv(ResourcePrincipalPrivatePEMEnvVar)
+ if private == nil {
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, not present", ResourcePrincipalVersionEnvVar)
+ return nil, resourcePrincipalError{err: err}
+ }
+ passphrase := requireEnv(ResourcePrincipalPrivatePEMPassphraseEnvVar)
+ region := string(region)
+ if region == "" {
+ err := fmt.Errorf("can not create resource principal, region cannot be empty")
+ return nil, resourcePrincipalError{err: err}
+ }
+ return newResourcePrincipalKeyProvider22(
+ *rpst, *private, passphrase, region)
+ case ResourcePrincipalVersion1_1:
+ return newResourcePrincipalKeyProvider11(DefaultRptPathProvider{})
+ default:
+ err := fmt.Errorf("can not create resource principal, environment variable: %s, must be valid", ResourcePrincipalVersionEnvVar)
+ return nil, resourcePrincipalError{err: err}
+ }
+}
+
// ResourcePrincipalConfigurationProviderWithPathProvider returns a resource principal configuration provider using path provider.
func ResourcePrincipalConfigurationProviderWithPathProvider(pathProvider PathProvider) (ConfigurationProviderWithClaimAccess, error) {
var version string
@@ -140,7 +245,7 @@ type resourcePrincipalKeyProvider struct {
func newResourcePrincipalKeyProvider22(sessionTokenLocation, privatePemLocation string,
passphraseLocation *string, region string) (*resourcePrincipalKeyProvider, error) {
- //Check both the the passphrase and the key are paths
+ //Check both the passphrase and the key are paths
if passphraseLocation != nil && (!isPath(privatePemLocation) && isPath(*passphraseLocation) ||
isPath(privatePemLocation) && !isPath(*passphraseLocation)) {
err := fmt.Errorf("cant not create resource principal: both key and passphrase need to be path or none needs to be path")
@@ -175,6 +280,7 @@ func newResourcePrincipalKeyProvider22(sessionTokenLocation, privatePemLocation
fd, _ = newFileBasedFederationClient(sessionTokenLocation, supplier)
} else {
fd, err = newStaticFederationClient(sessionTokenLocation, supplier)
+
if err != nil {
err := fmt.Errorf("can not create resource principal, due to: %s ", err.Error())
return nil, resourcePrincipalError{err: err}
@@ -185,6 +291,26 @@ func newResourcePrincipalKeyProvider22(sessionTokenLocation, privatePemLocation
FederationClient: fd,
KeyProviderRegion: common.StringToRegion(region),
}
+
+ return &rs, nil
+}
+
+func newOkeWorkloadIdentityProvider(proxymuxEndpoint string, saTokenProvider ServiceAccountTokenProvider,
+ kubernetesServiceAccountCert *x509.CertPool, region string) (*resourcePrincipalKeyProvider, error) {
+ var err error
+ var fd federationClient
+ fd, err = newX509FederationClientForOkeWorkloadIdentity(proxymuxEndpoint, saTokenProvider, kubernetesServiceAccountCert)
+
+ if err != nil {
+ err := fmt.Errorf("can not create resource principal, due to: %s ", err.Error())
+ return nil, resourcePrincipalError{err: err}
+ }
+
+ rs := resourcePrincipalKeyProvider{
+ FederationClient: fd,
+ KeyProviderRegion: common.StringToRegion(region),
+ }
+
return &rs, nil
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_token_path_provider.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_token_path_provider.go
index 9e6c2115..7b52f8c7 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_token_path_provider.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principal_token_path_provider.go
@@ -1,12 +1,14 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
import (
"fmt"
+ "github.com/oracle/oci-go-sdk/v65/common"
"io/ioutil"
"net/http"
+ "time"
)
const (
@@ -77,17 +79,17 @@ func (pp EnvRptPathProvider) ResourceID() (*string, error) {
return rpID, nil
}
-//DefaultRptPathProvider path provider makes sure the behavior happens with the correct fallback.
+// DefaultRptPathProvider path provider makes sure the behavior happens with the correct fallback.
//
-//For the path,
-//Use the contents of the OCI_RESOURCE_PRINCIPAL_RPT_PATH environment variable, if set.
-//Otherwise, use the current path: "/20180711/resourcePrincipalToken/{id}"
+// For the path,
+// Use the contents of the OCI_RESOURCE_PRINCIPAL_RPT_PATH environment variable, if set.
+// Otherwise, use the current path: "/20180711/resourcePrincipalToken/{id}"
//
-//For the resource id,
-//Use the contents of the OCI_RESOURCE_PRINCIPAL_RPT_ID environment variable, if set.
-//Otherwise, use IMDS to get the instance id
+// For the resource id,
+// Use the contents of the OCI_RESOURCE_PRINCIPAL_RPT_ID environment variable, if set.
+// Otherwise, use IMDS to get the instance id
//
-//This path provider is used when the caller doesn't provide a specific path provider to the resource principals signer
+// This path provider is used when the caller doesn't provide a specific path provider to the resource principals signer
type DefaultRptPathProvider struct {
path string
resourceID string
@@ -136,3 +138,83 @@ func getInstanceIDFromMetadata() (instanceID string, err error) {
bodyString := string(bodyBytes)
return bodyString, nil
}
+
+// ServiceAccountTokenProvider comment
+type ServiceAccountTokenProvider interface {
+ ServiceAccountToken() (string, error)
+}
+
+// DefaultServiceAccountTokenProvider is supplied by user when instantiating
+// OkeWorkloadIdentityConfigurationProvider
+type DefaultServiceAccountTokenProvider struct {
+ tokenPath string `mandatory:"false"`
+}
+
+// NewDefaultServiceAccountTokenProvider returns a new instance of defaultServiceAccountTokenProvider
+func NewDefaultServiceAccountTokenProvider() DefaultServiceAccountTokenProvider {
+ return DefaultServiceAccountTokenProvider{
+ tokenPath: KubernetesServiceAccountTokenPath,
+ }
+}
+
+// WithSaTokenPath Builder method to override the to SA ken path
+func (d DefaultServiceAccountTokenProvider) WithSaTokenPath(tokenPath string) DefaultServiceAccountTokenProvider {
+ d.tokenPath = tokenPath
+ return d
+}
+
+// ServiceAccountToken returns a service account token
+func (d DefaultServiceAccountTokenProvider) ServiceAccountToken() (string, error) {
+ saTokenString, err := ioutil.ReadFile(d.tokenPath)
+ if err != nil {
+ common.Logf("error %s", err)
+ return "", fmt.Errorf("error reading service account token: %s", err)
+ }
+ isSaTokenValid, err := isValidSaToken(string(saTokenString))
+ if !isSaTokenValid {
+ common.Logf("error %s", err)
+ return "", fmt.Errorf("error validating service account token: %s", err)
+ }
+ return string(saTokenString), err
+}
+
+// SuppliedServiceAccountTokenProvider is supplied by user when instantiating
+// OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider
+type SuppliedServiceAccountTokenProvider struct {
+ tokenString string `mandatory:"false"`
+}
+
+// NewSuppliedServiceAccountTokenProvider returns a new instance of defaultServiceAccountTokenProvider
+func NewSuppliedServiceAccountTokenProvider(tokenString string) SuppliedServiceAccountTokenProvider {
+ return SuppliedServiceAccountTokenProvider{tokenString: tokenString}
+}
+
+// ServiceAccountToken returns a service account token
+func (d SuppliedServiceAccountTokenProvider) ServiceAccountToken() (string, error) {
+ isSaTokenValid, err := isValidSaToken(d.tokenString)
+ if !isSaTokenValid {
+ common.Logf("error %s", err)
+ return "", fmt.Errorf("error validating service account token %s", err)
+ }
+ return d.tokenString, nil
+}
+
+// isValidSaToken returns true is a saTokenString provides a valid service account token
+func isValidSaToken(saTokenString string) (bool, error) {
+ var jwtToken *jwtToken
+ var err error
+ if jwtToken, err = parseJwt(saTokenString); err != nil {
+ return false, fmt.Errorf("failed to parse the default service token string \"%s\": %s", saTokenString, err.Error())
+ }
+ now := time.Now().Unix() + int64(bufferTimeBeforeTokenExpiration.Seconds())
+ if jwtToken.payload["exp"] == nil {
+ return false, fmt.Errorf("service token doesn't have an `exp` field")
+ }
+ expiredAt := int64(jwtToken.payload["exp"].(float64))
+ expired := expiredAt <= now
+ if expired {
+ return false, fmt.Errorf("service token expired at: %v", time.Unix(expiredAt, 0).Format("15:04:05.000"))
+ }
+
+ return true, nil
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principals_v1.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principals_v1.go
index a60dbf31..d56b80ab 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principals_v1.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/resource_principals_v1.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
@@ -57,7 +57,7 @@ type resourcePrincipalSessionTokenRequest struct {
Body resourcePrincipalSessionTokenRequestBody `contributesTo:"body"`
}
-//acquireResourcePrincipalToken acquires the resource principal from the target service
+// acquireResourcePrincipalToken acquires the resource principal from the target service
func (c *resourcePrincipalFederationClient) acquireResourcePrincipalToken() (tokenResponse resourcePrincipalTokenResponse, err error) {
rpServiceClient := c.ResourcePrincipalTargetServiceClient
@@ -83,7 +83,7 @@ func (c *resourcePrincipalFederationClient) acquireResourcePrincipalToken() (tok
return
}
-//exchangeToken exchanges a resource principal token from the target service with a session token from identity
+// exchangeToken exchanges a resource principal token from the target service with a session token from identity
func (c *resourcePrincipalFederationClient) exchangeToken(publicKeyBase64 string, tokenResponse resourcePrincipalTokenResponse) (sessionToken string, err error) {
rpServiceClient := c.ResourcePrincipalSessionTokenClient
@@ -121,7 +121,7 @@ func (c *resourcePrincipalFederationClient) exchangeToken(publicKeyBase64 string
return
}
-//getSecurityToken makes the appropiate calls to acquire a resource principal security token
+// getSecurityToken makes the appropiate calls to acquire a resource principal security token
func (c *resourcePrincipalFederationClient) getSecurityToken() (securityToken, error) {
var err error
ipFederationClient := c.instancePrincipalKeyProvider.FederationClient
@@ -169,7 +169,7 @@ func (c *resourcePrincipalFederationClient) renewSecurityToken() (err error) {
return nil
}
-//ResourcePrincipal Key provider in charge of resource principal acquiring tokens
+// ResourcePrincipal Key provider in charge of resource principal acquiring tokens
type resourcePrincipalKeyProviderV1 struct {
ResourcePrincipalClient resourcePrincipalFederationClient
}
@@ -229,7 +229,7 @@ func (p *resourcePrincipalConfigurationProvider) GetClaim(key string) (interface
return nil, nil
}
-//Resource Principals
+// Resource Principals
type resourcePrincipalConfigurationProvider struct {
keyProvider resourcePrincipalKeyProviderV1
region *common.Region
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/utils.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/utils.go
index 8130e6d7..444f3783 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/utils.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/auth/utils.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/circuit_breaker.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/circuit_breaker.go
index 927a6b51..96e93231 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/circuit_breaker.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/circuit_breaker.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -62,7 +62,7 @@ type CircuitBreakerSetting struct {
numberOfRecordedHistoryResponse int
}
-// Convert CircuitBreakerSetting to human-readable string representation
+// String Converts CircuitBreakerSetting to human-readable string representation
func (cbst CircuitBreakerSetting) String() string {
return fmt.Sprintf("{name=%v, isEnabled=%v, closeStateWindow=%v, openStateWindow=%v, failureRateThreshold=%v, minimumRequests=%v, successStatCodeMap=%v, successStatErrCodeMap=%v, serviceName=%v, historyCount=%v}",
cbst.name, cbst.isEnabled, cbst.closeStateWindow, cbst.openStateWindow, cbst.failureRateThreshold, cbst.minimumRequests, cbst.successStatCodeMap, cbst.successStatErrCodeMap, cbst.serviceName, cbst.numberOfRecordedHistoryResponse)
@@ -77,7 +77,7 @@ type ResponseHistory struct {
statusCode int
}
-//Convert ResponseHistory to human-readable string representation
+// String Converts ResponseHistory to human-readable string representation
func (rh ResponseHistory) String() string {
return fmt.Sprintf("Opc-Req-id - %v\nErrorCode - %v - %v\nErrorMessage - %v\n\n", rh.opcReqID, rh.statusCode, rh.errorCode, rh.errorMessage)
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/client.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/client.go
index efa29557..2ee83ae5 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/client.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/client.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Package common provides supporting functions and structs used by service packages
@@ -11,15 +11,16 @@ import (
"io"
"io/ioutil"
"math/rand"
- "net"
"net/http"
"net/http/httputil"
"net/url"
"os"
"os/user"
"path"
+ "path/filepath"
"reflect"
"runtime"
+ "strconv"
"strings"
"sync"
"sync/atomic"
@@ -100,10 +101,36 @@ const (
//circuitBreakerNumberOfHistoryResponseEnv is the number of recorded history responses
circuitBreakerNumberOfHistoryResponseEnv = "OCI_SDK_CIRCUITBREAKER_NUM_HISTORY_RESPONSE"
+ // ociDefaultRefreshIntervalForCustomCerts is the env var for overriding the defaultRefreshIntervalForCustomCerts.
+ // The value represents the refresh interval in minutes and has a higher precedence than defaultRefreshIntervalForCustomCerts
+ // but has a lower precedence then the refresh interval configured via OciGlobalRefreshIntervalForCustomCerts
+ // If the value is negative, then it is assumed that this property is not configured
+ // if the value is Zero, then the refresh of custom certs will be disabled
+ ociDefaultRefreshIntervalForCustomCerts = "OCI_DEFAULT_REFRESH_INTERVAL_FOR_CUSTOM_CERTS"
+
+ // ociDefaultCertsPath is the env var for the path to the SSL cert file
+ ociDefaultCertsPath = "OCI_DEFAULT_CERTS_PATH"
+
+ // ociDefaultClientCertsPath is the env var for the path to the custom client cert
+ ociDefaultClientCertsPath = "OCI_DEFAULT_CLIENT_CERTS_PATH"
+
+ // ociDefaultClientCertsPrivateKeyPath is the env var for the path to the custom client cert private key
+ ociDefaultClientCertsPrivateKeyPath = "OCI_DEFAULT_CLIENT_CERTS_PRIVATE_KEY_PATH"
+
//maxAttemptsForRefreshableRetry is the number of retry when 401 happened on a refreshable auth type
maxAttemptsForRefreshableRetry = 3
+
+ //defaultRefreshIntervalForCustomCerts is the default refresh interval in minutes
+ defaultRefreshIntervalForCustomCerts = 30
)
+// OciGlobalRefreshIntervalForCustomCerts is the global policy for overriding the refresh interval in minutes.
+// This variable has a higher precedence than the env variable OCI_DEFAULT_REFRESH_INTERVAL_FOR_CUSTOM_CERTS
+// and the defaultRefreshIntervalForCustomCerts values.
+// If the value is negative, then it is assumed that this property is not configured
+// if the value is Zero, then the refresh of custom certs will be disabled
+var OciGlobalRefreshIntervalForCustomCerts int = -1
+
// RequestInterceptor function used to customize the request before calling the underlying service
type RequestInterceptor func(*http.Request) error
@@ -115,8 +142,9 @@ type HTTPRequestDispatcher interface {
// CustomClientConfiguration contains configurations set at client level, currently it only includes RetryPolicy
type CustomClientConfiguration struct {
- RetryPolicy *RetryPolicy
- CircuitBreaker *OciCircuitBreaker
+ RetryPolicy *RetryPolicy
+ CircuitBreaker *OciCircuitBreaker
+ RealmSpecificServiceEndpointTemplateEnabled *bool
}
// BaseClient struct implements all basic operations to call oci web services.
@@ -206,29 +234,17 @@ func newBaseClient(signer HTTPRequestSigner, dispatcher HTTPRequestDispatcher) B
func defaultHTTPDispatcher() http.Client {
var httpClient http.Client
-
- if isExpectHeaderDisabled := IsEnvVarFalse(UsingExpectHeaderEnvVar); !isExpectHeaderDisabled {
- var tp http.RoundTripper = &http.Transport{
- Proxy: http.ProxyFromEnvironment,
- DialContext: (&net.Dialer{
- Timeout: 30 * time.Second,
- KeepAlive: 30 * time.Second,
- DualStack: true,
- }).DialContext,
- ForceAttemptHTTP2: true,
- MaxIdleConns: 100,
- IdleConnTimeout: 90 * time.Second,
- TLSHandshakeTimeout: 10 * time.Second,
- ExpectContinueTimeout: 3 * time.Second,
- }
- httpClient = http.Client{
- Transport: tp,
- Timeout: defaultTimeout,
- }
- } else {
- httpClient = http.Client{
- Timeout: defaultTimeout,
- }
+ refreshInterval := getCustomCertRefreshInterval()
+ if refreshInterval <= 0 {
+ Debug("Custom cert refresh has been disabled")
+ }
+ var tp = &OciHTTPTransportWrapper{
+ RefreshRate: time.Duration(refreshInterval) * time.Minute,
+ TLSConfigProvider: GetTLSConfigTemplateForTransport(),
+ }
+ httpClient = http.Client{
+ Timeout: defaultTimeout,
+ Transport: tp,
}
return httpClient
}
@@ -239,7 +255,7 @@ func defaultBaseClient(provider KeyProvider) BaseClient {
return newBaseClient(signer, &dispatcher)
}
-//DefaultBaseClientWithSigner creates a default base client with a given signer
+// DefaultBaseClientWithSigner creates a default base client with a given signer
func DefaultBaseClientWithSigner(signer HTTPRequestSigner) BaseClient {
dispatcher := defaultHTTPDispatcher()
return newBaseClient(signer, &dispatcher)
@@ -311,7 +327,7 @@ func getHomeFolder() string {
func DefaultConfigProvider() ConfigurationProvider {
defaultConfigFile := getDefaultConfigFilePath()
homeFolder := getHomeFolder()
- secondaryConfigFile := path.Join(homeFolder, secondaryConfigDirName, defaultConfigFileName)
+ secondaryConfigFile := filepath.Join(homeFolder, secondaryConfigDirName, defaultConfigFileName)
defaultFileProvider, _ := ConfigurationProviderFromFile(defaultConfigFile, "")
secondaryFileProvider, _ := ConfigurationProviderFromFile(secondaryConfigFile, "")
@@ -322,9 +338,21 @@ func DefaultConfigProvider() ConfigurationProvider {
return provider
}
+// CustomProfileSessionTokenConfigProvider returns the session token config provider of the given profile.
+// This will look for the configuration in the given config file path.
+func CustomProfileSessionTokenConfigProvider(customConfigPath string, profile string) ConfigurationProvider {
+ if customConfigPath == "" {
+ customConfigPath = getDefaultConfigFilePath()
+ }
+
+ sessionTokenConfigurationProvider, _ := ConfigurationProviderForSessionTokenWithProfile(customConfigPath, profile, "")
+ Debugf("Configuration provided by: %s", sessionTokenConfigurationProvider)
+ return sessionTokenConfigurationProvider
+}
+
func getDefaultConfigFilePath() string {
homeFolder := getHomeFolder()
- defaultConfigFile := path.Join(homeFolder, defaultConfigDirName, defaultConfigFileName)
+ defaultConfigFile := filepath.Join(homeFolder, defaultConfigDirName, defaultConfigFileName)
if _, err := os.Stat(defaultConfigFile); err == nil {
return defaultConfigFile
}
@@ -342,13 +370,35 @@ func getDefaultConfigFilePath() string {
return fallbackConfigFile
}
+// setRawPath sets the Path and RawPath fields of the URL based on the provided
+// escaped path p. It maintains the invariant that RawPath is only specified
+// when it differs from the default encoding of the path.
+// For example:
+// - setPath("/foo/bar") will set Path="/foo/bar" and RawPath=""
+// - setPath("/foo%2fbar") will set Path="/foo/bar" and RawPath="/foo%2fbar"
+func setRawPath(u *url.URL) error {
+ oldPath := u.Path
+ path, err := url.PathUnescape(u.Path)
+ if err != nil {
+ return err
+ }
+ u.Path = path
+ if escp := u.EscapedPath(); oldPath == escp {
+ // Default encoding is fine.
+ u.RawPath = ""
+ } else {
+ u.RawPath = oldPath
+ }
+ return nil
+}
+
// CustomProfileConfigProvider returns the config provider of given profile. The custom profile config provider
// will look for configurations in 2 places: file in $HOME/.oci/config, and variables names starting with the
// string TF_VAR. If the same configuration is found in multiple places the provider will prefer the first one.
func CustomProfileConfigProvider(customConfigPath string, profile string) ConfigurationProvider {
homeFolder := getHomeFolder()
if customConfigPath == "" {
- customConfigPath = path.Join(homeFolder, defaultConfigDirName, defaultConfigFileName)
+ customConfigPath = filepath.Join(homeFolder, defaultConfigDirName, defaultConfigFileName)
}
customFileProvider, _ := ConfigurationProviderFromFileWithProfile(customConfigPath, profile, "")
defaultFileProvider, _ := ConfigurationProviderFromFileWithProfile(customConfigPath, "DEFAULT", "")
@@ -383,6 +433,10 @@ func (client *BaseClient) prepareRequest(request *http.Request) (err error) {
currentPath := request.URL.Path
if !strings.Contains(currentPath, fmt.Sprintf("/%s", client.BasePath)) {
request.URL.Path = path.Clean(fmt.Sprintf("/%s/%s", client.BasePath, currentPath))
+ err := setRawPath(request.URL)
+ if err != nil {
+ return err
+ }
}
return
}
@@ -454,10 +508,7 @@ func logResponse(response *http.Response, fn func(format string, v ...interface{
}
func checkBodyLengthExceedLimit(contentLength int64) bool {
- if contentLength > maxBodyLenForDebug {
- return true
- }
- return false
+ return contentLength > maxBodyLenForDebug
}
// OCIRequest is any request made to an OCI service.
@@ -498,7 +549,7 @@ func (rsc *OCIReadSeekCloser) Seek(offset int64, whence int) (int64, error) {
return rsc.rc.(io.Seeker).Seek(offset, whence)
}
// once the binary request body is wrapped with ioutil.NopCloser:
- if reflect.TypeOf(rsc.rc) == reflect.TypeOf(ioutil.NopCloser(nil)) {
+ if isNopCloser(rsc.rc) {
unwrappedInterface := reflect.ValueOf(rsc.rc).Field(0).Interface()
if _, ok := unwrappedInterface.(io.Seeker); ok {
return unwrappedInterface.(io.Seeker).Seek(offset, whence)
@@ -536,7 +587,7 @@ func (rsc *OCIReadSeekCloser) Seekable() bool {
return true
}
// once the binary request body is wrapped with ioutil.NopCloser:
- if reflect.TypeOf(rsc.rc) == reflect.TypeOf(ioutil.NopCloser(nil)) {
+ if isNopCloser(rsc.rc) {
if _, ok := reflect.ValueOf(rsc.rc).Field(0).Interface().(io.Seeker); ok {
return true
}
@@ -553,7 +604,7 @@ type OCIResponse interface {
// OCIOperation is the generalization of a request-response cycle undergone by an OCI service.
type OCIOperation func(context.Context, OCIRequest, *OCIReadSeekCloser, map[string]string) (OCIResponse, error)
-//ClientCallDetails a set of settings used by the a single Call operation of the http Client
+// ClientCallDetails a set of settings used by the a single Call operation of the http Client
type ClientCallDetails struct {
Signer HTTPRequestSigner
}
@@ -659,9 +710,39 @@ func (client BaseClient) httpDo(request *http.Request) (response *http.Response,
return response, err
}
-//CloseBodyIfValid closes the body of an http response if the response and the body are valid
+// CloseBodyIfValid closes the body of an http response if the response and the body are valid
func CloseBodyIfValid(httpResponse *http.Response) {
if httpResponse != nil && httpResponse.Body != nil {
+ if httpResponse.Header != nil && strings.ToLower(httpResponse.Header.Get("content-type")) == "text/event-stream" {
+ return
+ }
httpResponse.Body.Close()
}
}
+
+// IsOciRealmSpecificServiceEndpointTemplateEnabled returns true if the client is configured to use realm specific service endpoint template
+// it will first check the client configuration, if not set, it will check the environment variable
+func (client BaseClient) IsOciRealmSpecificServiceEndpointTemplateEnabled() bool {
+ if client.Configuration.RealmSpecificServiceEndpointTemplateEnabled != nil {
+ return *client.Configuration.RealmSpecificServiceEndpointTemplateEnabled
+ }
+ return IsEnvVarTrue(OciRealmSpecificServiceEndpointTemplateEnabledEnvVar)
+}
+
+func getCustomCertRefreshInterval() int {
+ if OciGlobalRefreshIntervalForCustomCerts >= 0 {
+ Debugf("Setting refresh interval as %d for custom certs via OciGlobalRefreshIntervalForCustomCerts", OciGlobalRefreshIntervalForCustomCerts)
+ return OciGlobalRefreshIntervalForCustomCerts
+ }
+ if refreshIntervalValue, ok := os.LookupEnv(ociDefaultRefreshIntervalForCustomCerts); ok {
+ refreshInterval, err := strconv.Atoi(refreshIntervalValue)
+ if err != nil || refreshInterval < 0 {
+ Debugf("The environment variable %s is not a valid int or is a negative value, skipping this configuration", ociDefaultRefreshIntervalForCustomCerts)
+ } else {
+ Debugf("Setting refresh interval as %d for custom certs via the env variable %s", refreshInterval, ociDefaultRefreshIntervalForCustomCerts)
+ return refreshInterval
+ }
+ }
+ Debugf("Setting the default refresh interval %d for custom certs", defaultRefreshIntervalForCustomCerts)
+ return defaultRefreshIntervalForCustomCerts
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/common.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/common.go
index 6b196b68..51deac4e 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/common.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/common.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -9,13 +9,13 @@ import (
"io/ioutil"
"net/http"
"os"
- "path"
+ "path/filepath"
"regexp"
"strings"
"time"
)
-//Region type for regions
+// Region type for regions
type Region string
const (
@@ -39,6 +39,9 @@ const (
realmKeyPropertyName = "realmKey" // e.g. "oc1"
realmDomainComponentPropertyName = "realmDomainComponent" // e.g. "oraclecloud.com"
regionKeyPropertyName = "regionKey" // e.g. "SYD"
+
+ // OciRealmSpecificServiceEndpointTemplateEnabledEnvVar is the environment variable name to enable the realm specific service endpoint template.
+ OciRealmSpecificServiceEndpointTemplateEnabledEnvVar = "OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED"
)
// External region metadata info flag, used to control adding these metadata region info only once.
@@ -47,8 +50,35 @@ var readCfgFile, readEnvVar, visitIMDS bool = true, true, false
// getRegionInfoFromInstanceMetadataService gets the region information
var getRegionInfoFromInstanceMetadataService = getRegionInfoFromInstanceMetadataServiceProd
+// OciRealmSpecificServiceEndpointTemplateEnabled is the flag to enable the realm specific service endpoint template. This one has higher priority than the environment variable.
+var OciRealmSpecificServiceEndpointTemplateEnabled *bool = nil
+
+// OciSdkEnabledServicesMap is a list of services that are enabled, default is an empty list which means all services are enabled
+var OciSdkEnabledServicesMap map[string]bool
+
+// OciDeveloperToolConfigurationFilePathEnvVar is the environment variable name for the OCI Developer Tool Config File Path
+const OciDeveloperToolConfigurationFilePathEnvVar = "OCI_DEVELOPER_TOOL_CONFIGURATION_FILE_PATH"
+
+// OciAllowOnlyDeveloperToolConfigurationRegionsEnvVar is the environment variable name for the OCI Allow only Dev Tool Config Regions
+const OciAllowOnlyDeveloperToolConfigurationRegionsEnvVar = "OCI_ALLOW_ONLY_DEVELOPER_TOOL_CONFIGURATION_REGIONS"
+
+// defaultRealmForUnknownDeveloperToolConfigurationRegion is the default realm for unknown Developer Tool Configuration Regions
+const defaultRealmForUnknownDeveloperToolConfigurationRegion = "oraclecloud.com"
+
+// OciDeveloperToolConfigurationProvider is the provider name for the OCI Developer Tool Configuration file
+var OciDeveloperToolConfigurationProvider string
+
+// ociAllowOnlyDeveloperToolConfigurationRegions is the flag to enable the OCI Allow Only Developer Tool Configuration Regions. This one has lower priority than the environment variable.
+var ociAllowOnlyDeveloperToolConfigurationRegions bool
+
+var ociDeveloperToolConfigurationRegionSchemaList []map[string]string
+
// Endpoint returns a endpoint for a service
func (region Region) Endpoint(service string) string {
+ // Endpoint for dotted region
+ if strings.Contains(string(region), ".") {
+ return fmt.Sprintf("%s.%s", service, region)
+ }
return fmt.Sprintf("%s.%s.%s", service, region, region.secondLevelDomain())
}
@@ -80,12 +110,22 @@ func (region Region) EndpointForTemplate(service string, serviceEndpointTemplate
return endpoint
}
-// EndpointForTemplateDottedRegion returns a endpoint for a service based on template, only unknown region name can fall back to "oc1", but not short code region name.
+// EndpointForTemplateDottedRegion returns a endpoint for a service based on the service name and EndpointTemplateForRegionWithDot template. If a service name is missing it is obtained from serviceEndpointTemplate and endpoint is constructed usingEndpointTemplateForRegionWithDot template.
func (region Region) EndpointForTemplateDottedRegion(service string, serviceEndpointTemplate string, endpointServiceName string) (string, error) {
+ if !strings.Contains(string(region), ".") {
+ var endpoint = ""
+ if serviceEndpointTemplate != "" {
+ endpoint = region.EndpointForTemplate(service, serviceEndpointTemplate)
+ return endpoint, nil
+ }
+ endpoint = region.EndpointForTemplate(service, "")
+ return endpoint, nil
+ }
+
if endpointServiceName != "" {
endpoint := strings.Replace(EndpointTemplateForRegionWithDot, "{endpoint_service_name}", endpointServiceName, 1)
endpoint = strings.Replace(endpoint, "{region}", string(region), 1)
- Debugf("Constructing endpoint from service name %s and region %s", endpointServiceName, region)
+ Debugf("Constructing endpoint from service name %s and region %s. Endpoint: %s", endpointServiceName, region, endpoint)
return endpoint, nil
}
if serviceEndpointTemplate != "" {
@@ -96,11 +136,12 @@ func (region Region) EndpointForTemplateDottedRegion(service string, serviceEndp
if len(res) > 1 {
endpoint = strings.Replace(EndpointTemplateForRegionWithDot, "{endpoint_service_name}", res[0], 1)
endpoint = strings.Replace(endpoint, "{region}", string(region), 1)
+ Debugf("Constructing endpoint from service endpoint template %s and region %s. Endpoint: %s", serviceEndpointTemplate, region, endpoint)
} else {
return endpoint, fmt.Errorf("Endpoint service name not present in endpoint template")
}
} else {
- return endpoint, fmt.Errorf("Invalid serviceEndpointTemplates. ServiceEndpointTemplate should start with https://")
+ return endpoint, fmt.Errorf("invalid serviceEndpointTemplates. ServiceEndpointTemplate should start with https://")
}
return endpoint, nil
}
@@ -117,6 +158,9 @@ func (region Region) secondLevelDomain() string {
return value
}
Debugf("cannot find realm for region : %s, return default realm value.", region)
+ if _, ok := realm["oc1"]; !ok {
+ return defaultRealmForUnknownDeveloperToolConfigurationRegion
+ }
return realm["oc1"]
}
@@ -129,9 +173,24 @@ func (region Region) RealmID() (string, error) {
return "", fmt.Errorf("cannot find realm for region : %s", region)
}
-//StringToRegion convert a string to Region type
+// StringToRegion convert a string to Region type
func StringToRegion(stringRegion string) (r Region) {
regionStr := strings.ToLower(stringRegion)
+ // check for PLC related regions
+ if checkAllowOnlyDeveloperToolConfigurationRegions() && (checkDeveloperToolConfigurationFile() || len(ociDeveloperToolConfigurationRegionSchemaList) != 0) {
+ Debugf("Developer Tool config detected and OCI_ALLOW_ONLY_DEVELOPER_TOOL_CONFIGURATION_REGIONS is set to True, SDK will only use regions defined for Developer Tool Configuration Regions")
+ setRegionMetadataFromDeveloperToolConfigurationFile(&stringRegion)
+ if len(ociDeveloperToolConfigurationRegionSchemaList) != 0 {
+ resetRegionInfo()
+ bulkAddRegionSchema(ociDeveloperToolConfigurationRegionSchemaList)
+ }
+ r = Region(stringRegion)
+ if _, ok := regionRealm[r]; !ok {
+ Logf("You're using the %s Developer Tool configuration file, the region you're targeting is not declared in this config file. Please check if this is the correct region you're targeting or contact the %s cloud provider for help. If you want to target both OCI regions and %s regions, please set the OCI_ALLOW_ONLY_DEVELOPER_TOOL_CONFIGURATION_REGIONS env var to False.", OciDeveloperToolConfigurationProvider, OciDeveloperToolConfigurationProvider, regionStr)
+ }
+ return r
+ }
+
// check if short region name provided
if region, ok := shortNameRegion[regionStr]; ok {
r = region
@@ -152,7 +211,7 @@ func StringToRegion(stringRegion string) (r Region) {
// canStringBeRegion test if the string can be a region, if it can, returns the string as is, otherwise it
// returns an error
-var blankRegex = regexp.MustCompile("\\s")
+var blankRegex = regexp.MustCompile(`\s`)
func canStringBeRegion(stringRegion string) (region string, err error) {
if blankRegex.MatchString(stringRegion) || stringRegion == "" {
@@ -185,7 +244,7 @@ func EnableInstanceMetadataServiceLookup() {
// Once successfully find the expected region(region name or short code), return true, region name will be stored in
// the input pointer.
func setRegionMetadataFromEnvVar(region *string) bool {
- if readEnvVar == false {
+ if !readEnvVar {
Debugf("metadata region env variable had already been checked, no need to check again.")
return false //no need to check it again.
}
@@ -215,19 +274,29 @@ func setRegionMetadataFromEnvVar(region *string) bool {
return false
}
+func setRegionMetadataFromCfgFile(region *string) bool {
+ if setRegionMetadataFromDeveloperToolConfigurationFile(region) {
+ return true
+ }
+ if setRegionMetadataFromRegionCfgFile(region) {
+ return true
+ }
+ return false
+}
+
// setRegionMetadataFromCfgFile checks if region metadata config file is provided, once it's there, parse and add all
// the valid regions to region map, the configuration file can only be visited once.
// Once successfully find the expected region(region name or short code), return true, region name will be stored in
// the input pointer.
-func setRegionMetadataFromCfgFile(region *string) bool {
- if readCfgFile == false {
+func setRegionMetadataFromRegionCfgFile(region *string) bool {
+ if !readCfgFile {
Debugf("metadata region config file had already been checked, no need to check again.")
return false //no need to check it again.
}
// Mark readCfgFile Flag as false since it has already been visited.
readCfgFile = false
homeFolder := getHomeFolder()
- configFile := path.Join(homeFolder, regionMetadataCfgDirName, regionMetadataCfgFileName)
+ configFile := filepath.Join(homeFolder, regionMetadataCfgDirName, regionMetadataCfgFileName)
if jsonArr, ok := readAndParseConfigFile(&configFile); ok {
added := false
for _, jsonItem := range jsonArr {
@@ -245,8 +314,46 @@ func setRegionMetadataFromCfgFile(region *string) bool {
return false
}
-func readAndParseConfigFile(configFileName *string) (fileContent []map[string]string, ok bool) {
+// setRegionMetadataFromDeveloperToolConfigurationFile checks if Developer Tool config file is provided, once it's there, parse and add all
+// The default location of the Developer Tool config file is ~/.oci/developer-tool-configuration.json. It will also check the environment variable
+// the valid regions to region map, the configuration file can only be visited once.
+// Once successfully find the expected region(region name or short code), return true, region name will be stored in
+// the input pointer.
+func setRegionMetadataFromDeveloperToolConfigurationFile(region *string) bool {
+ if jsonArr, ok := readAndParseDeveloperToolConfigurationFile(); ok {
+ added := false
+ if jsonArr["regions"] == nil {
+ return false
+ }
+ var regionJSON []map[string]string
+ originalJSONContent, err := json.Marshal(jsonArr["regions"])
+ if err != nil {
+ return false
+ }
+ err = json.Unmarshal(originalJSONContent, ®ionJSON)
+ if err != nil {
+ return false
+ }
+
+ if IsEnvVarTrue(OciAllowOnlyDeveloperToolConfigurationRegionsEnvVar) {
+ resetRegionInfo()
+ }
+ for _, jsonItem := range regionJSON {
+ if checkSchemaItems(jsonItem) {
+ addRegionSchema(jsonItem)
+ if jsonItem[regionKeyPropertyName] == *region ||
+ jsonItem[regionIdentifierPropertyName] == *region {
+ *region = jsonItem[regionIdentifierPropertyName]
+ added = true
+ }
+ }
+ }
+ return added
+ }
+ return false
+}
+func readAndParseConfigFile(configFileName *string) (fileContent []map[string]string, ok bool) {
if content, err := ioutil.ReadFile(*configFileName); err == nil {
Debugf("Raw content of region metadata config file content:", string(content[:]))
if err := json.Unmarshal(content, &fileContent); err != nil {
@@ -258,7 +365,37 @@ func readAndParseConfigFile(configFileName *string) (fileContent []map[string]st
}
Debugf("No Region Metadata Config File provided.")
return
+}
+
+func readAndParseDeveloperToolConfigurationFile() (fileContent map[string]interface{}, ok bool) {
+ homeFolder := getHomeFolder()
+ configFileName := filepath.Join(homeFolder, regionMetadataCfgDirName, "developer-tool-configuration.json")
+ if path := os.Getenv(OciDeveloperToolConfigurationFilePathEnvVar); path != "" {
+ configFileName = path
+ }
+ if content, err := ioutil.ReadFile(configFileName); err == nil {
+ Debugf("Raw content of Developer Tool config file content:", string(content[:]))
+ if err := json.Unmarshal(content, &fileContent); err != nil {
+ Debugf("Can't unmarshal env var, the error info is", err)
+ return
+ }
+ ok = true
+ return
+ }
+ Debugf("No Developer Tool Config File provided.")
+ return
+}
+func checkDeveloperToolConfigurationFile() bool {
+ homeFolder := getHomeFolder()
+ configFileName := filepath.Join(homeFolder, regionMetadataCfgDirName, "developer-tool-configuration.json")
+ if path := os.Getenv(OciDeveloperToolConfigurationFilePathEnvVar); path != "" {
+ configFileName = path
+ }
+ if _, err := os.Stat(configFileName); err == nil {
+ return true
+ }
+ return false
}
// check map regionRealm's region name, if it's already there, no need to add it.
@@ -274,6 +411,33 @@ func addRegionSchema(regionSchema map[string]string) {
Debugf("Region {} has already been added, no need to add again.", regionSchema[regionIdentifierPropertyName])
}
+// AddRegionSchemaForPlc add region schema to region map
+func AddRegionSchemaForPlc(regionSchema map[string]string) {
+ ociDeveloperToolConfigurationRegionSchemaList = append(ociDeveloperToolConfigurationRegionSchemaList, regionSchema)
+ addRegionSchema(regionSchema)
+ // if !IsEnvVarTrue(OciPlcRegionExclusiveEnvVar) {
+ // addRegionSchema(regionSchema)
+ // return
+ // }
+ // Debugf("Plc region coexist is not enabled, remove exisiting OCI region schema and add PLC region schema.")
+ // resetRegionInfo()
+ // bulkAddRegionSchema(ociPlcRegionSchemaList)
+}
+
+func resetRegionInfo() {
+ shortNameRegion = make(map[string]Region)
+ realm = make(map[string]string)
+ regionRealm = make(map[Region]string)
+}
+
+func bulkAddRegionSchema(regionSchemaList []map[string]string) {
+ for _, regionSchema := range regionSchemaList {
+ if checkSchemaItems(regionSchema) {
+ addRegionSchema(regionSchema)
+ }
+ }
+}
+
// check region schema content if all the required contents are provided
func checkSchemaItems(regionSchema map[string]string) bool {
if checkSchemaItem(regionSchema, regionIdentifierPropertyName) &&
@@ -313,7 +477,7 @@ func setRegionFromInstanceMetadataService(region *string) bool {
// "regionIdentifier" : "ca-montreal-1"
// }
// Mark visitIMDS Flag as false since it has already been visited.
- if visitIMDS == false {
+ if !visitIMDS {
Debugf("check from IMDS is disabled or IMDS had already been successfully visited, no need to check again.")
return false
}
@@ -349,7 +513,7 @@ func setRegionFromInstanceMetadataService(region *string) bool {
// getRegionInfoFromInstanceMetadataServiceProd calls instance metadata service and get the region information
func getRegionInfoFromInstanceMetadataServiceProd() ([]byte, error) {
- request, err := http.NewRequest(http.MethodGet, instanceMetadataRegionInfoURLV2, nil)
+ request, _ := http.NewRequest(http.MethodGet, instanceMetadataRegionInfoURLV2, nil)
request.Header.Add("Authorization", "Bearer Oracle")
client := &http.Client{
@@ -357,7 +521,7 @@ func getRegionInfoFromInstanceMetadataServiceProd() ([]byte, error) {
}
resp, err := client.Do(request)
if err != nil {
- return nil, fmt.Errorf("Failed to call instance metadata service. Error: %v", err)
+ return nil, fmt.Errorf("failed to call instance metadata service. Error: %v", err)
}
statusCode := resp.StatusCode
@@ -366,7 +530,7 @@ func getRegionInfoFromInstanceMetadataServiceProd() ([]byte, error) {
content, err := ioutil.ReadAll(resp.Body)
if err != nil {
- return nil, fmt.Errorf("Failed to get region information from response body. Error: %v", err)
+ return nil, fmt.Errorf("failed to get region information from response body. Error: %v", err)
}
if statusCode != http.StatusOK {
@@ -377,3 +541,85 @@ func getRegionInfoFromInstanceMetadataServiceProd() ([]byte, error) {
return content, nil
}
+
+// TemplateParamForPerRealmEndpoint is a template parameter for per-realm endpoint.
+type TemplateParamForPerRealmEndpoint struct {
+ Template string
+ EndsWithDot bool
+}
+
+// SetMissingTemplateParams function will parse the {} template in client host and replace with empty string.
+func SetMissingTemplateParams(client *BaseClient) {
+ templateRegex := regexp.MustCompile(`{.*?}`)
+ templates := templateRegex.FindAllString(client.Host, -1)
+ for _, template := range templates {
+ client.Host = strings.Replace(client.Host, template, "", -1)
+ }
+}
+
+func getOciSdkEnabledServicesMap() map[string]bool {
+ var enabledMap = make(map[string]bool)
+ if jsonArr, ok := readAndParseDeveloperToolConfigurationFile(); ok {
+ if jsonArr["provider"] != nil {
+ OciDeveloperToolConfigurationProvider = jsonArr["provider"].(string)
+ }
+ if jsonArr["allowOnlyDeveloperToolConfigurationRegions"] != nil && jsonArr["allowOnlyDeveloperToolConfigurationRegions"] == false {
+ ociAllowOnlyDeveloperToolConfigurationRegions = jsonArr["allowOnlyDeveloperToolConfigurationRegions"].(bool)
+ }
+ if jsonArr["services"] == nil {
+ return enabledMap
+ }
+ serviesJSON, ok := jsonArr["services"].([]interface{})
+ if !ok {
+ return enabledMap
+ }
+ re, _ := regexp.Compile(`[^\w]`)
+ for _, jsonItem := range serviesJSON {
+ serviceName := strings.ToLower(fmt.Sprint(jsonItem))
+ serviceName = re.ReplaceAllString(serviceName, "")
+ enabledMap[serviceName] = true
+ }
+ }
+ return enabledMap
+}
+
+// AddServiceToEnabledServicesMap adds the service to the enabledServiceMap
+// The service name will auto transit to lower case and remove all the non-word characters.
+func AddServiceToEnabledServicesMap(serviceName string) {
+ if OciSdkEnabledServicesMap == nil {
+ OciSdkEnabledServicesMap = make(map[string]bool)
+ }
+ re, _ := regexp.Compile(`[^\w]`)
+ serviceName = strings.ToLower(serviceName)
+ serviceName = re.ReplaceAllString(serviceName, "")
+ OciSdkEnabledServicesMap[serviceName] = true
+}
+
+// CheckForEnabledServices checks if the service is enabled in the enabledServiceMap.
+// It will first check if the map is initialized, if not, it will initialize the map.
+// If the map is empty, it means all the services are enabled.
+// If the map is not empty, it means only the services in the map and value is true are enabled.
+func CheckForEnabledServices(serviceName string) bool {
+ if OciSdkEnabledServicesMap == nil {
+ OciSdkEnabledServicesMap = getOciSdkEnabledServicesMap()
+ }
+ serviceName = strings.ToLower(serviceName)
+ if len(OciSdkEnabledServicesMap) == 0 {
+ return true
+ }
+ if _, ok := OciSdkEnabledServicesMap[serviceName]; !ok {
+ return false
+ }
+ return OciSdkEnabledServicesMap[serviceName]
+}
+
+// CheckAllowOnlyDeveloperToolConfigurationRegions checks if only developer tool configuration regions are allowed
+// This function will first check if the OCI_ALLOW_ONLY_DEVELOPER_TOOL_CONFIGURATION_REGIONS environment variable is set.
+// If it is set, it will return the value.
+// If it is not set, it will return the value from the ociAllowOnlyDeveloperToolConfigurationRegions variable.
+func checkAllowOnlyDeveloperToolConfigurationRegions() bool {
+ if val, ok := os.LookupEnv("OCI_ALLOW_ONLY_DEVELOPER_TOOL_CONFIGURATION_REGIONS"); ok {
+ return val == "true"
+ }
+ return ociAllowOnlyDeveloperToolConfigurationRegions
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/configuration.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/configuration.go
index c846b25d..d499523f 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/configuration.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/configuration.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -9,9 +9,10 @@ import (
"fmt"
"io/ioutil"
"os"
- "path"
+ "path/filepath"
"regexp"
"strings"
+ "sync"
)
// AuthenticationType for auth
@@ -20,10 +21,12 @@ type AuthenticationType string
const (
// UserPrincipal is default auth type
UserPrincipal AuthenticationType = "user_principal"
- // InstancePrincipal is used for instance principle auth type
+ // InstancePrincipal is used for instance principal auth type
InstancePrincipal AuthenticationType = "instance_principal"
- // InstancePrincipalDelegationToken is used for instance principle delegation token auth type
+ // InstancePrincipalDelegationToken is used for instance principal delegation token auth type
InstancePrincipalDelegationToken AuthenticationType = "instance_principle_delegation_token"
+ // ResourcePrincipalDelegationToken is used for resource principal delegation token auth type
+ ResourcePrincipalDelegationToken AuthenticationType = "resource_principle_delegation_token"
// UnknownAuthenticationType is used for none meaningful auth type
UnknownAuthenticationType AuthenticationType = "unknown_auth_type"
)
@@ -47,6 +50,33 @@ type ConfigurationProvider interface {
AuthType() (AuthConfig, error)
}
+var fileMutex = sync.Mutex{}
+var fileCache = make(map[string][]byte)
+
+// Reads the file contents from cache if present otherwise reads the file.
+// If file to be read is frequently updated/refreshed, please use readFile(filename) as readFileFromCache(filename) might return the old contents from the cache.
+func readFileFromCache(filename string) ([]byte, error) {
+ fileMutex.Lock()
+ defer fileMutex.Unlock()
+ val, ok := fileCache[filename]
+ if ok {
+ return val, nil
+ }
+ val, err := ioutil.ReadFile(filename)
+ if err == nil {
+ fileCache[filename] = val
+ }
+ return val, err
+}
+
+// Reads the file and returns the contents
+func readFile(filename string) ([]byte, error) {
+ fileMutex.Lock()
+ defer fileMutex.Unlock()
+ val, err := os.ReadFile(filename)
+ return val, err
+}
+
// IsConfigurationProviderValid Tests all parts of the configuration provider do not return an error, this method will
// not check AuthType(), since authType() is not required to be there.
func IsConfigurationProviderValid(conf ConfigurationProvider) (ok bool, err error) {
@@ -161,7 +191,7 @@ func (p environmentConfigurationProvider) PrivateRSAKey() (key *rsa.PrivateKey,
}
expandedPath := expandPath(value)
- pemFileContent, err := ioutil.ReadFile(expandedPath)
+ pemFileContent, err := readFileFromCache(expandedPath)
if err != nil {
Debugln("Can not read PrivateKey location from environment variable: " + environmentVariable)
return
@@ -195,6 +225,8 @@ func (p environmentConfigurationProvider) TenancyOCID() (value string, err error
var ok bool
if value, ok = os.LookupEnv(environmentVariable); !ok {
err = fmt.Errorf("can not read Tenancy from environment variable %s", environmentVariable)
+ } else if value == "" {
+ err = fmt.Errorf("tenancy OCID can not be empty when reading from environmental variable")
}
return
}
@@ -204,6 +236,8 @@ func (p environmentConfigurationProvider) UserOCID() (value string, err error) {
var ok bool
if value, ok = os.LookupEnv(environmentVariable); !ok {
err = fmt.Errorf("can not read user id from environment variable %s", environmentVariable)
+ } else if value == "" {
+ err = fmt.Errorf("user OCID can not be empty when reading from environmental variable")
}
return
}
@@ -213,6 +247,8 @@ func (p environmentConfigurationProvider) KeyFingerprint() (value string, err er
var ok bool
if value, ok = os.LookupEnv(environmentVariable); !ok {
err = fmt.Errorf("can not read fingerprint from environment variable %s", environmentVariable)
+ } else if value == "" {
+ err = fmt.Errorf("fingerprint can not be empty when reading from environmental variable")
}
return
}
@@ -246,6 +282,9 @@ type fileConfigurationProvider struct {
//ConfigFileInfo
FileInfo *configFileInfo
+
+ //Mutex to protect the config file
+ configMux sync.Mutex
}
type fileConfigurationProviderError struct {
@@ -266,7 +305,8 @@ func ConfigurationProviderFromFile(configFilePath, privateKeyPassword string) (C
return fileConfigurationProvider{
ConfigPath: configFilePath,
PrivateKeyPassword: privateKeyPassword,
- Profile: "DEFAULT"}, nil
+ Profile: "DEFAULT",
+ configMux: sync.Mutex{}}, nil
}
// ConfigurationProviderFromFileWithProfile creates a configuration provider from a configuration file
@@ -279,7 +319,8 @@ func ConfigurationProviderFromFileWithProfile(configFilePath, profile, privateKe
return fileConfigurationProvider{
ConfigPath: configFilePath,
PrivateKeyPassword: privateKeyPassword,
- Profile: profile}, nil
+ Profile: profile,
+ configMux: sync.Mutex{}}, nil
}
type configFileInfo struct {
@@ -314,7 +355,7 @@ func parseConfigFile(data []byte, profile string) (info *configFileInfo, err err
//Look for profile
for i, line := range splitContent {
- if match := profileRegex.FindStringSubmatch(line); match != nil && len(match) > 1 && match[1] == profile {
+ if match := profileRegex.FindStringSubmatch(line); len(match) > 1 && match[1] == profile {
start := i + 1
return parseConfigAtLine(start, splitContent)
}
@@ -374,19 +415,19 @@ func parseConfigAtLine(start int, content []string) (info *configFileInfo, err e
// cleans and expands the path if it contains a tilde , returns the expanded path or the input path as is if not expansion
// was performed
-func expandPath(filepath string) (expandedPath string) {
- cleanedPath := path.Clean(filepath)
+func expandPath(filename string) (expandedPath string) {
+ cleanedPath := filepath.Clean(filename)
expandedPath = cleanedPath
if strings.HasPrefix(cleanedPath, "~") {
rest := cleanedPath[2:]
- expandedPath = path.Join(getHomeFolder(), rest)
+ expandedPath = filepath.Join(getHomeFolder(), rest)
}
return
}
func openConfigFile(configFilePath string) (data []byte, err error) {
expandedPath := expandPath(configFilePath)
- data, err = ioutil.ReadFile(expandedPath)
+ data, err = readFileFromCache(expandedPath)
if err != nil {
err = fmt.Errorf("can not read config file: %s due to: %s", configFilePath, err.Error())
}
@@ -399,6 +440,8 @@ func (p fileConfigurationProvider) String() string {
}
func (p fileConfigurationProvider) readAndParseConfigFile() (info *configFileInfo, err error) {
+ p.configMux.Lock()
+ defer p.configMux.Unlock()
if p.FileInfo != nil {
return p.FileInfo, nil
}
@@ -432,6 +475,9 @@ func (p fileConfigurationProvider) TenancyOCID() (value string, err error) {
}
value, err = presentOrError(info.TenancyOcid, hasTenancy, info.PresentConfiguration, "tenancy")
+ if err == nil && value == "" {
+ err = fileConfigurationProviderError{err: fmt.Errorf("tenancy OCID can not be empty when reading from config file")}
+ }
return
}
@@ -459,26 +505,44 @@ func (p fileConfigurationProvider) KeyFingerprint() (value string, err error) {
return
}
value, err = presentOrError(info.Fingerprint, hasFingerprint, info.PresentConfiguration, "fingerprint")
+ if err == nil && value == "" {
+ return "", fmt.Errorf("fingerprint can not be empty when reading from config file")
+ }
return
}
func (p fileConfigurationProvider) KeyID() (keyID string, err error) {
+ tenancy, err := p.TenancyOCID()
+ if err != nil {
+ return
+ }
+
+ fingerprint, err := p.KeyFingerprint()
+ if err != nil {
+ return
+ }
+
info, err := p.readAndParseConfigFile()
if err != nil {
err = fileConfigurationProviderError{err: fmt.Errorf("can not read tenancy configuration due to: %s", err.Error())}
return
}
if info.PresentConfiguration&hasUser == hasUser {
- return fmt.Sprintf("%s/%s/%s", info.TenancyOcid, info.UserOcid, info.Fingerprint), nil
+ if info.UserOcid == "" {
+ err = fileConfigurationProviderError{err: fmt.Errorf("user cannot be empty in the config file")}
+ return
+ }
+ return fmt.Sprintf("%s/%s/%s", tenancy, info.UserOcid, fingerprint), nil
}
- if filePath, err := presentOrError(info.SecurityTokenFilePath, hasSecurityTokenFile, info.PresentConfiguration, "securityTokenFilePath"); err == nil {
+ filePath, pathErr := presentOrError(info.SecurityTokenFilePath, hasSecurityTokenFile, info.PresentConfiguration, "securityTokenFilePath")
+ if pathErr == nil {
rawString, err := getTokenContent(filePath)
if err != nil {
return "", fileConfigurationProviderError{err: err}
}
return "ST$" + rawString, nil
}
- err = fileConfigurationProviderError{err: fmt.Errorf("can not read SecurityTokenFilePath from configuration file due to: %s", err.Error())}
+ err = fileConfigurationProviderError{err: fmt.Errorf("can not read SecurityTokenFilePath from configuration file due to: %s", pathErr.Error())}
return
}
@@ -495,7 +559,7 @@ func (p fileConfigurationProvider) PrivateRSAKey() (key *rsa.PrivateKey, err err
}
expandedPath := expandPath(filePath)
- pemFileContent, err := ioutil.ReadFile(expandedPath)
+ pemFileContent, err := readFileFromCache(expandedPath)
if err != nil {
err = fileConfigurationProviderError{err: fmt.Errorf("can not read PrivateKey from configuration file due to: %s", err.Error())}
return
@@ -537,7 +601,7 @@ func (p fileConfigurationProvider) AuthType() (AuthConfig, error) {
err = fmt.Errorf("can not read tenancy configuration due to: %s", err.Error())
return AuthConfig{UnknownAuthenticationType, true, nil}, err
}
- val, err := presentOrError(info.AuthenticationType, hasAuthenticationType, info.PresentConfiguration, "authentication_type")
+ val, _ := presentOrError(info.AuthenticationType, hasAuthenticationType, info.PresentConfiguration, "authentication_type")
if val == "instance_principal" {
if filePath, err := presentOrError(info.DelegationTokenFilePath, hasDelegationTokenFile, info.PresentConfiguration, "delegationTokenFilePath"); err == nil {
@@ -558,12 +622,12 @@ func (p fileConfigurationProvider) AuthType() (AuthConfig, error) {
func getTokenContent(filePath string) (string, error) {
expandedPath := expandPath(filePath)
- tokenFileContent, err := ioutil.ReadFile(expandedPath)
+ tokenFileContent, err := readFile(expandedPath)
if err != nil {
err = fileConfigurationProviderError{err: fmt.Errorf("can not read token content from configuration file due to: %s", err.Error())}
return "", err
}
- return fmt.Sprintf("%s", tokenFileContent), nil
+ return string(tokenFileContent), nil
}
// A configuration provider that look for information in multiple configuration providers
@@ -593,6 +657,7 @@ func (c composingConfigurationProvider) TenancyOCID() (string, error) {
if err == nil {
return val, nil
}
+ Debugf("did not find a proper configuration for tenancy, err: %v", err)
}
return "", fmt.Errorf("did not find a proper configuration for tenancy")
}
@@ -603,6 +668,7 @@ func (c composingConfigurationProvider) UserOCID() (string, error) {
if err == nil {
return val, nil
}
+ Debugf("did not find a proper configuration for keyFingerprint, err: %v", err)
}
return "", fmt.Errorf("did not find a proper configuration for user")
}
@@ -666,6 +732,88 @@ func getRegionFromEnvVar() (string, error) {
return "", fmt.Errorf("did not find OCI_REGION env var")
}
+type sessionTokenConfigurationProvider struct {
+ fileConfigurationProvider
+}
+
+func (p sessionTokenConfigurationProvider) UserOCID() (value string, err error) {
+ info, err := p.readAndParseConfigFile()
+ if err != nil {
+ err = fileConfigurationProviderError{err: fmt.Errorf("can not read the configuration due to: %s", err.Error())}
+ return
+ }
+ // In case of session token-based authentication, userOCID will not be present
+ // need to check if session token path is provided in the configuration
+ if _, stErr := presentOrError(info.SecurityTokenFilePath, hasSecurityTokenFile, info.PresentConfiguration,
+ "securityTokenPath"); stErr == nil {
+ err = nil
+ }
+ return
+}
+
+func (p sessionTokenConfigurationProvider) KeyID() (keyID string, err error) {
+ _, err = p.TenancyOCID()
+ if err != nil {
+ return
+ }
+
+ _, err = p.KeyFingerprint()
+ if err != nil {
+ return
+ }
+
+ info, err := p.readAndParseConfigFile()
+ if err != nil {
+ err = fileConfigurationProviderError{err: fmt.Errorf("can not read SessionTokenFilePath configuration due to: %s", err.Error())}
+ return
+ }
+
+ filePath, pathErr := presentOrError(info.SecurityTokenFilePath, hasSecurityTokenFile, info.PresentConfiguration, "securityTokenFilePath")
+ if pathErr == nil {
+ rawString, err := getTokenContent(filePath)
+ if err != nil {
+ return "", fileConfigurationProviderError{err: err}
+ }
+ return "ST$" + rawString, nil
+ }
+ err = fileConfigurationProviderError{err: fmt.Errorf("can not read SessionTokenFilePath from configuration file due to: %s", pathErr.Error())}
+ return
+}
+
+// ConfigurationProviderForSessionToken creates a session token configuration provider from a configuration file
+// by reading the "DEFAULT" profile
+func ConfigurationProviderForSessionToken(configFilePath, privateKeyPassword string) (ConfigurationProvider, error) {
+ if configFilePath == "" {
+ return nil, fileConfigurationProviderError{err: fmt.Errorf("config file path can not be empty")}
+ }
+
+ return sessionTokenConfigurationProvider{
+ fileConfigurationProvider{
+ ConfigPath: configFilePath,
+ PrivateKeyPassword: privateKeyPassword,
+ Profile: "DEFAULT",
+ configMux: sync.Mutex{}}}, nil
+}
+
+// ConfigurationProviderForSessionTokenWithProfile creates a session token configuration provider from a configuration file
+// by reading the given profile
+func ConfigurationProviderForSessionTokenWithProfile(configFilePath, profile, privateKeyPassword string) (ConfigurationProvider, error) {
+ if configFilePath == "" {
+ return nil, fileConfigurationProviderError{err: fmt.Errorf("config file path can not be empty")}
+ }
+
+ return sessionTokenConfigurationProvider{
+ fileConfigurationProvider{
+ ConfigPath: configFilePath,
+ PrivateKeyPassword: privateKeyPassword,
+ Profile: profile,
+ configMux: sync.Mutex{}}}, nil
+}
+
+func (p sessionTokenConfigurationProvider) Refreshable() bool {
+ return true
+}
+
// RefreshableConfigurationProvider the interface to identity if the config provider is refreshable
type RefreshableConfigurationProvider interface {
Refreshable() bool
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/errors.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/errors.go
index cfb1d497..26692c09 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/errors.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/errors.go
@@ -1,15 +1,17 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
import (
"encoding/json"
+ "errors"
"fmt"
"io/ioutil"
"net"
"net/http"
"strings"
+ "syscall"
"github.com/sony/gobreaker"
)
@@ -56,11 +58,27 @@ type ServiceErrorRichInfo interface {
GetErrorTroubleshootingLink() string
}
+// ServiceErrorLocalizationMessage models all potential errors generated the service call and has localized error message info
+type ServiceErrorLocalizationMessage interface {
+ ServiceErrorRichInfo
+ // The original error message string as sent by the service
+ GetOriginalMessage() string
+
+ // The values to be substituted into the originalMessageTemplate, expressed as a string-to-string map.
+ GetMessageArgument() map[string]string
+
+ // Template in ICU MessageFormat for the human-readable error string in English, but without the values replaced
+ GetOriginalMessageTemplate() string
+}
+
type servicefailure struct {
- StatusCode int
- Code string `json:"code,omitempty"`
- Message string `json:"message,omitempty"`
- OpcRequestID string `json:"opc-request-id"`
+ StatusCode int
+ Code string `json:"code,omitempty"`
+ Message string `json:"message,omitempty"`
+ OriginalMessage string `json:"originalMessage"`
+ OriginalMessageTemplate string `json:"originalMessageTemplate"`
+ MessageArgument map[string]string `json:"messageArguments"`
+ OpcRequestID string `json:"opc-request-id"`
// debugging information
TargetService string `json:"target-service"`
OperationName string `json:"operation-name"`
@@ -151,6 +169,18 @@ func (se servicefailure) GetMessage() string {
return se.Message
}
+func (se servicefailure) GetOriginalMessage() string {
+ return se.OriginalMessage
+}
+
+func (se servicefailure) GetOriginalMessageTemplate() string {
+ return se.OriginalMessageTemplate
+}
+
+func (se servicefailure) GetMessageArgument() map[string]string {
+ return se.MessageArgument
+}
+
func (se servicefailure) GetCode() string {
return se.Code
}
@@ -201,6 +231,13 @@ func IsServiceErrorRichInfo(err error) (failure ServiceErrorRichInfo, ok bool) {
return
}
+// IsServiceErrorLocalizationMessage returns false if the error is not service side, otherwise true
+// additionally it returns an interface representing the ServiceErrorOriginalMessage
+func IsServiceErrorLocalizationMessage(err error) (failure ServiceErrorLocalizationMessage, ok bool) {
+ failure, ok = err.(ServiceErrorLocalizationMessage)
+ return
+}
+
type deadlineExceededByBackoffError struct{}
func (deadlineExceededByBackoffError) Error() string {
@@ -220,21 +257,34 @@ type NonSeekableRequestRetryFailure struct {
func (ne NonSeekableRequestRetryFailure) Error() string {
if ne.err == nil {
- return fmt.Sprintf("Unable to perform Retry on this request body type, which did not implement seek() interface")
+ return "Unable to perform Retry on this request body type, which did not implement seek() interface"
}
return fmt.Sprintf("%s. Unable to perform Retry on this request body type, which did not implement seek() interface", ne.err.Error())
}
// IsNetworkError validates if an error is a net.Error and check if it's temporary or timeout
func IsNetworkError(err error) bool {
- if r, ok := err.(net.Error); ok && (r.Temporary() || r.Timeout()) {
+ if err == nil {
+ return false
+ }
+
+ if errors.Is(err, syscall.ECONNRESET) {
+ return true
+ }
+
+ if r, ok := err.(net.Error); ok && (r.Timeout() || strings.Contains(err.Error(), "net/http: HTTP/1.x transport connection broken")) {
return true
}
+
return false
}
// IsCircuitBreakerError validates if an error's text is Open state ErrOpenState or HalfOpen state ErrTooManyRequests
func IsCircuitBreakerError(err error) bool {
+ if err == nil {
+ return false
+ }
+
if err.Error() == gobreaker.ErrOpenState.Error() || err.Error() == gobreaker.ErrTooManyRequests.Error() {
return true
}
@@ -244,7 +294,7 @@ func IsCircuitBreakerError(err error) bool {
func getCircuitBreakerError(request *http.Request, err error, cbr *OciCircuitBreaker) error {
cbErr := fmt.Errorf("%s, so this request was not sent to the %s service.\n\n The circuit breaker was opened because the %s service failed too many times recently. "+
"Because the circuit breaker has been opened, requests within a %.2f second window of when the circuit breaker opened will not be sent to the %s service.\n\n"+
- "URL which circuit breaker prevented request to - %s \n Circuit Breaker Info \n Name - %s \n State - %s \n\n Errors from %s service which opened the circuit breaker:\n\n%s \n",
+ "URL which circuit breaker prevented request to - %s \n Circuit Breaker Info \n Name - %s \n State - %s \n\n Errors from %s service which opened the circuit breaker:\n\n%s",
err, cbr.Cbst.serviceName, cbr.Cbst.serviceName, cbr.Cbst.openStateWindow.Seconds(), cbr.Cbst.serviceName, request.URL.Host+request.URL.Path, cbr.Cbst.name, cbr.Cb.State().String(), cbr.Cbst.serviceName, cbr.GetHistory())
return cbErr
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/eventual_consistency.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/eventual_consistency.go
index 6b63b8bb..39d25df0 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/eventual_consistency.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/eventual_consistency.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -7,7 +7,6 @@ import (
"bytes"
"errors"
"fmt"
- "github.com/gofrs/flock"
"os"
"runtime"
"strconv"
@@ -15,6 +14,8 @@ import (
"sync"
"sync/atomic"
"time"
+
+ "github.com/gofrs/flock"
)
const (
@@ -50,7 +51,9 @@ var (
{400, "RelatedResourceNotAuthorizedOrNotFound"}: true,
{404, "NotAuthorizedOrNotFound"}: true,
{409, "NotAuthorizedOrResourceAlreadyExists"}: true,
+ {409, "ResourceAlreadyExists"}: true,
{400, "InsufficientServicePermissions"}: true,
+ {400, "ResourceDisabled"}: true,
}
)
@@ -391,8 +394,8 @@ func getGID() uint64 {
// initialized yet.
func initLogIfNecessary() {
if defaultLogger == nil {
- l, _ := newSDKLogger()
- setSDKLogger(l)
+ l, _ := NewSDKLogger()
+ SetSDKLogger(l)
}
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/helpers.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/helpers.go
index 6a868e7a..0b091693 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/helpers.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/helpers.go
@@ -1,6 +1,8 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+//lint:file-ignore SA1019 older versions of staticcheck (those compatible with Golang 1.17) falsely flag x509.IsEncryptedPEMBlock and x509.DecryptPEMBlock.
+
package common
import (
@@ -37,24 +39,24 @@ func Uint(value uint) *uint {
return &value
}
-//Float32 returns a pointer to the provided float32
+// Float32 returns a pointer to the provided float32
func Float32(value float32) *float32 {
return &value
}
-//Float64 returns a pointer to the provided float64
+// Float64 returns a pointer to the provided float64
func Float64(value float64) *float64 {
return &value
}
-//Bool returns a pointer to the provided bool
+// Bool returns a pointer to the provided bool
func Bool(value bool) *bool {
return &value
}
-//PointerString prints the values of pointers in a struct
-//Producing a human friendly string for an struct with pointers.
-//useful when debugging the values of a struct
+// PointerString prints the values of pointers in a struct
+// Producing a human friendly string for an struct with pointers.
+// useful when debugging the values of a struct
func PointerString(datastruct interface{}) (representation string) {
val := reflect.ValueOf(datastruct)
typ := reflect.TypeOf(datastruct)
@@ -123,7 +125,7 @@ var timeTypePtr = reflect.TypeOf(&SDKTime{})
var sdkDateType = reflect.TypeOf(SDKDate{})
var sdkDateTypePtr = reflect.TypeOf(&SDKDate{})
-//Formats for sdk supported time representations
+// Formats for sdk supported time representations
const sdkTimeFormat = time.RFC3339Nano
const rfc1123OptionalLeadingDigitsInDay = "Mon, _2 Jan 2006 15:04:05 MST"
const sdkDateFormat = "2006-01-02"
@@ -148,7 +150,7 @@ func tryParsing(data []byte, layouts ...string) (tm time.Time, err error) {
return
}
}
- err = fmt.Errorf("Could not parse time: %s with formats: %s", datestring, layouts[:])
+ err = fmt.Errorf("could not parse time: %s with formats: %s", datestring, layouts[:])
return
}
@@ -286,7 +288,6 @@ func makeACopy(original []string) []string {
// IsEnvVarFalse is used for checking if an environment variable is explicitly set to false, otherwise would set it true by default
func IsEnvVarFalse(envVarKey string) bool {
- return false
val, existed := os.LookupEnv(envVarKey)
return existed && strings.ToLower(val) == "false"
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/http.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/http.go
index db353400..1f57b3a6 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/http.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/http.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -296,7 +296,7 @@ func addToBody(request *http.Request, value reflect.Value, field reflect.StructF
}
func checkBinaryBodyLength(request *http.Request) (contentLen int64, err error) {
- if reflect.TypeOf(request.Body) == reflect.TypeOf(ioutil.NopCloser(nil)) {
+ if isNopCloser(request.Body) {
ioReader := reflect.ValueOf(request.Body).Field(0).Interface().(io.Reader)
switch t := ioReader.(type) {
case *bytes.Reader:
@@ -319,10 +319,34 @@ func checkBinaryBodyLength(request *http.Request) (contentLen int64, err error)
return getNormalBinaryBodyLength(request)
}
+// Helper function to judge if this struct is a nopCloser or nopCloserWriterTo
+func isNopCloser(readCloser io.ReadCloser) bool {
+ if reflect.TypeOf(readCloser) == reflect.TypeOf(io.NopCloser(nil)) || reflect.TypeOf(readCloser) == reflect.TypeOf(io.NopCloser(struct {
+ io.Reader
+ io.WriterTo
+ }{})) {
+ return true
+ }
+ return false
+}
+
func getNormalBinaryBodyLength(request *http.Request) (contentLen int64, err error) {
- dumpRequestBody := ioutil.NopCloser(bytes.NewBuffer(nil))
+ // If binary body is seekable
+ seeker := getSeeker(request.Body)
+ if seeker != nil {
+ // save the current position, calculate the unread body length and seek it back to current position
+ if curPos, err := seeker.Seek(0, io.SeekCurrent); err == nil {
+ if endPos, err := seeker.Seek(0, io.SeekEnd); err == nil {
+ contentLen = endPos - curPos
+ if _, err = seeker.Seek(curPos, io.SeekStart); err == nil {
+ return contentLen, nil
+ }
+ }
+ }
+ }
+
+ var dumpRequestBody io.ReadCloser
if dumpRequestBody, request.Body, err = drainBody(request.Body); err != nil {
- dumpRequestBody = ioutil.NopCloser(bytes.NewBuffer(nil))
return contentLen, err
}
contentBody, err := ioutil.ReadAll(dumpRequestBody)
@@ -332,6 +356,19 @@ func getNormalBinaryBodyLength(request *http.Request) (contentLen int64, err err
return int64(len(contentBody)), nil
}
+func getSeeker(readCloser io.ReadCloser) (seeker io.Seeker) {
+ if seeker, ok := readCloser.(io.Seeker); ok {
+ return seeker
+ }
+ // the binary body is wrapped with io.NopCloser
+ if isNopCloser(readCloser) {
+ if seeker, ok := reflect.ValueOf(readCloser).Field(0).Interface().(io.Seeker); ok {
+ return seeker
+ }
+ }
+ return seeker
+}
+
func addToQuery(request *http.Request, value reflect.Value, field reflect.StructField) (e error) {
Debugln("Marshaling to query from field: ", field.Name)
if request.URL == nil {
@@ -639,10 +676,12 @@ func structToRequestPart(request *http.Request, val reflect.Value) (err error) {
// HTTPRequestMarshaller marshals a structure to an http request using tag values in the struct
// The marshaller tag should like the following
-// type A struct {
-// ANumber string `contributesTo="query" name="number"`
-// TheBody `contributesTo="body"`
-// }
+//
+// type A struct {
+// ANumber string `contributesTo="query" name="number"`
+// TheBody `contributesTo="body"`
+// }
+//
// where the contributesTo tag can be: header, path, query, body
// and the 'name' tag is the name of the value used in the http request(not applicable for path)
// If path is specified as part of the tag, the values are appened to the url path
@@ -970,7 +1009,7 @@ func addFromHeaderCollection(response *http.Response, value *reflect.Value, fiel
Debugln("Unmarshaling from header-collection to field:", field.Name)
var headerPrefix string
if headerPrefix = field.Tag.Get("prefix"); headerPrefix == "" {
- return fmt.Errorf("Unmarshaling response to a header-collection requires the 'prefix' tag for field: %s", field.Name)
+ return fmt.Errorf("unmarshaling response to a header-collection requires the 'prefix' tag for field: %s", field.Name)
}
mapCollection := make(map[string]string)
@@ -1022,12 +1061,18 @@ func responseToStruct(response *http.Response, val *reflect.Value, unmarshaler P
// UnmarshalResponse hydrates the fields of a struct with the values of a http response, guided
// by the field tags. The directive tag is "presentIn" and it can be either
-// - "header": Will look for the header tagged as "name" in the headers of the struct and set it value to that
-// - "body": It will try to marshal the body from a json string to a struct tagged with 'presentIn: "body"'.
+// - "header": Will look for the header tagged as "name" in the headers of the struct and set it value to that
+// - "body": It will try to marshal the body from a json string to a struct tagged with 'presentIn: "body"'.
+//
// Further this method will consume the body it should be safe to close it after this function
// Notice the current implementation only supports native types:int, strings, floats, bool as the field types
func UnmarshalResponse(httpResponse *http.Response, responseStruct interface{}) (err error) {
+ // Check for text/event-stream content type, and return without unmarshalling
+ if httpResponse != nil && httpResponse.Header != nil && strings.ToLower(httpResponse.Header.Get("content-type")) == "text/event-stream" {
+ return
+ }
+
var val *reflect.Value
if val, err = checkForValidResponseStruct(responseStruct); err != nil {
return
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/http_signer.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/http_signer.go
index 0c8a2619..d27d4e42 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/http_signer.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/http_signer.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -197,7 +197,7 @@ func GetBodyHash(request *http.Request) (hashString string, err error) {
}
var data []byte
- bReader := request.Body
+ var bReader io.Reader
bReader, request.Body, err = drainBody(request.Body)
if err != nil {
return "", fmt.Errorf("can not read body of request while calculating body hash: %s", err.Error())
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/log.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/log.go
index 857ab8b8..ea3c496c 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/log.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/log.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -14,7 +14,7 @@ import (
"time"
)
-//sdkLogger an interface for logging in the SDK
+// sdkLogger an interface for logging in the SDK
type sdkLogger interface {
//LogLevel returns the log level of sdkLogger
LogLevel() int
@@ -23,20 +23,20 @@ type sdkLogger interface {
Log(logLevel int, format string, v ...interface{}) error
}
-//noLogging no logging messages
+// noLogging no logging messages
const noLogging = 0
-//infoLogging minimal logging messages
+// infoLogging minimal logging messages
const infoLogging = 1
-//debugLogging some logging messages
+// debugLogging some logging messages
const debugLogging = 2
-//verboseLogging all logging messages
+// verboseLogging all logging messages
const verboseLogging = 3
-//defaultSDKLogger the default implementation of the sdkLogger
-type defaultSDKLogger struct {
+// DefaultSDKLogger the default implementation of the sdkLogger
+type DefaultSDKLogger struct {
currentLoggingLevel int
verboseLogger *log.Logger
debugLogger *log.Logger
@@ -44,33 +44,33 @@ type defaultSDKLogger struct {
nullLogger *log.Logger
}
-//defaultLogger is the defaultLogger in the SDK
+// defaultLogger is the defaultLogger in the SDK
var defaultLogger sdkLogger
var loggerLock sync.Mutex
var file *os.File
-//initializes the SDK defaultLogger as a defaultLogger
+// initializes the SDK defaultLogger as a defaultLogger
func init() {
- l, _ := newSDKLogger()
- setSDKLogger(l)
+ l, _ := NewSDKLogger()
+ SetSDKLogger(l)
}
-//setSDKLogger sets the logger used by the sdk
-func setSDKLogger(logger sdkLogger) {
+// SetSDKLogger sets the logger used by the sdk
+func SetSDKLogger(logger sdkLogger) {
loggerLock.Lock()
defaultLogger = logger
loggerLock.Unlock()
}
-// newSDKLogger creates a defaultSDKLogger
+// NewSDKLogger creates a defaultSDKLogger
// Debug logging is turned on/off by the presence of the environment variable "OCI_GO_SDK_DEBUG"
// The value of the "OCI_GO_SDK_DEBUG" environment variable controls the logging level.
// "null" outputs no log messages
// "i" or "info" outputs minimal log messages
// "d" or "debug" outputs some logs messages
// "v" or "verbose" outputs all logs messages, including body of requests
-func newSDKLogger() (defaultSDKLogger, error) {
- logger := defaultSDKLogger{}
+func NewSDKLogger() (DefaultSDKLogger, error) {
+ logger := DefaultSDKLogger{}
logger.currentLoggingLevel = noLogging
logger.verboseLogger = log.New(os.Stderr, "VERBOSE ", log.Ldate|log.Lmicroseconds|log.Lshortfile)
@@ -109,7 +109,7 @@ func newSDKLogger() (defaultSDKLogger, error) {
return logger, nil
}
-func (l defaultSDKLogger) getLoggerForLevel(logLevel int) *log.Logger {
+func (l DefaultSDKLogger) getLoggerForLevel(logLevel int) *log.Logger {
if logLevel > l.currentLoggingLevel {
return l.nullLogger
}
@@ -135,7 +135,7 @@ func (l defaultSDKLogger) getLoggerForLevel(logLevel int) *log.Logger {
// other unsupported value outputs log to stderr
// output file can be set via environment variable "OCI_GO_SDK_LOG_FILE"
// if this environment variable is not set, a default log file will be created under project root path
-func logOutputModeConfig(logger defaultSDKLogger) {
+func logOutputModeConfig(logger DefaultSDKLogger) {
logMode, isLogOutputModeEnabled := os.LookupEnv("OCI_GO_SDK_LOG_OUTPUT_MODE")
if !isLogOutputModeEnabled {
return
@@ -163,7 +163,7 @@ func logOutputModeConfig(logger defaultSDKLogger) {
}
}
-func openLogOutputFile(logger defaultSDKLogger, fileName string) *os.File {
+func openLogOutputFile(logger DefaultSDKLogger, fileName string) *os.File {
file, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
if err != nil {
logger.verboseLogger.Fatal(err)
@@ -171,24 +171,25 @@ func openLogOutputFile(logger defaultSDKLogger, fileName string) *os.File {
return file
}
-//CloseLogFile close the logging file and return error
+// CloseLogFile close the logging file and return error
func CloseLogFile() error {
return file.Close()
}
-//LogLevel returns the current debug level
-func (l defaultSDKLogger) LogLevel() int {
+// LogLevel returns the current debug level
+func (l DefaultSDKLogger) LogLevel() int {
return l.currentLoggingLevel
}
-func (l defaultSDKLogger) Log(logLevel int, format string, v ...interface{}) error {
+// Log logs v with the provided format if the current log level is loglevel
+func (l DefaultSDKLogger) Log(logLevel int, format string, v ...interface{}) error {
logger := l.getLoggerForLevel(logLevel)
logger.Output(4, fmt.Sprintf(format, v...))
return nil
}
-//Logln logs v appending a new line at the end
-//Deprecated
+// Logln logs v appending a new line at the end
+// Deprecated
func Logln(v ...interface{}) {
defaultLogger.Log(infoLogging, "%v\n", v...)
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/oci_http_transport_wrapper.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/oci_http_transport_wrapper.go
new file mode 100644
index 00000000..b589aca0
--- /dev/null
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/oci_http_transport_wrapper.go
@@ -0,0 +1,120 @@
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
+// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+
+package common
+
+import (
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+)
+
+// OciHTTPTransportWrapper is a http.RoundTripper that periodically refreshes
+// the underlying http.Transport according to its templates.
+// Upon the first use (or once the RefreshRate duration is elapsed),
+// a new transport will be created from the TransportTemplate (if set).
+type OciHTTPTransportWrapper struct {
+ // RefreshRate specifies the duration at which http.Transport
+ // (with its tls.Config) must be refreshed.
+ // Defaults to 5 minutes.
+ RefreshRate time.Duration
+
+ // TLSConfigProvider creates a new tls.Config.
+ // If not set, nil tls.Config is returned.
+ TLSConfigProvider TLSConfigProvider
+
+ // ClientTemplate is responsible for creating a new http.Client with
+ // a given tls.Config.
+ //
+ // If not set, a new http.Client with a cloned http.DefaultTransport is returned.
+ TransportTemplate TransportTemplateProvider
+
+ // mutable properties
+ mux sync.RWMutex
+ lastRefreshedAt time.Time
+ delegate http.RoundTripper
+}
+
+// RoundTrip implements http.RoundTripper.
+func (t *OciHTTPTransportWrapper) RoundTrip(req *http.Request) (*http.Response, error) {
+ delegate, err := t.refreshDelegate(false /* force */)
+ if err != nil {
+ return nil, err
+ }
+
+ return delegate.RoundTrip(req)
+}
+
+// Refresh forces refresh of the underlying delegate.
+func (t *OciHTTPTransportWrapper) Refresh(force bool) error {
+ _, err := t.refreshDelegate(force)
+ return err
+}
+
+// Delegate returns the currently active http.RoundTripper.
+// Might be nil.
+func (t *OciHTTPTransportWrapper) Delegate() http.RoundTripper {
+ t.mux.RLock()
+ defer t.mux.RUnlock()
+
+ return t.delegate
+}
+
+// refreshDelegate refreshes the delegate (and its TLS config) if:
+// - force is true
+// - it's been more than RefreshRate since the last time the client was refreshed.
+func (t *OciHTTPTransportWrapper) refreshDelegate(force bool) (http.RoundTripper, error) {
+ // read-lock first, since it's cheaper than write lock
+ t.mux.RLock()
+ if !t.shouldRefreshLocked(force) {
+ delegate := t.delegate
+ t.mux.RUnlock()
+
+ return delegate, nil
+ }
+
+ // upgrade to write-lock, and we'll need to check again for the same condition as above
+ // to avoid multiple initializations by multiple "refresher" goroutines
+ t.mux.RUnlock()
+ t.mux.Lock()
+ defer t.mux.Unlock()
+ if !t.shouldRefreshLocked(force) {
+ return t.delegate, nil
+ }
+
+ // For this check we need the delegate to be set once before we check for change in cert files
+ if t.delegate != nil && !t.TLSConfigProvider.WatchedFilesModified() {
+ Debug("No modification in custom certs or ca bundle skipping refresh")
+ // Updating the last refresh time to make sure the next check is only done after the refresh interval has passed
+ t.lastRefreshedAt = time.Now()
+ return t.delegate, nil
+ }
+
+ Logf("Loading tls config from TLSConfigProvider")
+ tlsConfig, err := t.TLSConfigProvider.NewOrDefault()
+ if err != nil {
+ return nil, fmt.Errorf("refreshing tls.Config from template: %w", err)
+ }
+
+ t.delegate, err = t.TransportTemplate.NewOrDefault(tlsConfig)
+ if err != nil {
+ return nil, fmt.Errorf("refreshing http.RoundTripper from template: %w", err)
+ }
+
+ t.lastRefreshedAt = time.Now()
+ return t.delegate, nil
+}
+
+// shouldRefreshLocked returns whether the client (and its TLS config)
+// needs to be refreshed.
+func (t *OciHTTPTransportWrapper) shouldRefreshLocked(force bool) bool {
+ if force || t.delegate == nil {
+ return true
+ }
+ return t.refreshRate() > 0 && time.Since(t.lastRefreshedAt) > t.refreshRate()
+}
+
+func (t *OciHTTPTransportWrapper) refreshRate() time.Duration {
+ return t.RefreshRate
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.go
index a28c6aeb..a123335c 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -64,6 +64,22 @@ const (
RegionEUStockholm1 Region = "eu-stockholm-1"
//RegionAFJohannesburg1 region Johannesburg
RegionAFJohannesburg1 Region = "af-johannesburg-1"
+ //RegionEUParis1 region Paris
+ RegionEUParis1 Region = "eu-paris-1"
+ //RegionMXQueretaro1 region Queretaro
+ RegionMXQueretaro1 Region = "mx-queretaro-1"
+ //RegionEUMadrid1 region Madrid
+ RegionEUMadrid1 Region = "eu-madrid-1"
+ //RegionUSChicago1 region Chicago
+ RegionUSChicago1 Region = "us-chicago-1"
+ //RegionMXMonterrey1 region Monterrey
+ RegionMXMonterrey1 Region = "mx-monterrey-1"
+ //RegionUSSaltlake2 region Saltlake
+ RegionUSSaltlake2 Region = "us-saltlake-2"
+ //RegionSABogota1 region Bogota
+ RegionSABogota1 Region = "sa-bogota-1"
+ //RegionSAValparaiso1 region Valparaiso
+ RegionSAValparaiso1 Region = "sa-valparaiso-1"
//RegionUSLangley1 region Langley
RegionUSLangley1 Region = "us-langley-1"
//RegionUSLuke1 region Luke
@@ -86,6 +102,28 @@ const (
RegionMEDccMuscat1 Region = "me-dcc-muscat-1"
//RegionAPDccCanberra1 region Canberra
RegionAPDccCanberra1 Region = "ap-dcc-canberra-1"
+ //RegionEUDccMilan1 region Milan
+ RegionEUDccMilan1 Region = "eu-dcc-milan-1"
+ //RegionEUDccMilan2 region Milan
+ RegionEUDccMilan2 Region = "eu-dcc-milan-2"
+ //RegionEUDccDublin2 region Dublin
+ RegionEUDccDublin2 Region = "eu-dcc-dublin-2"
+ //RegionEUDccRating2 region Rating
+ RegionEUDccRating2 Region = "eu-dcc-rating-2"
+ //RegionEUDccRating1 region Rating
+ RegionEUDccRating1 Region = "eu-dcc-rating-1"
+ //RegionEUDccDublin1 region Dublin
+ RegionEUDccDublin1 Region = "eu-dcc-dublin-1"
+ //RegionEUMadrid2 region Madrid
+ RegionEUMadrid2 Region = "eu-madrid-2"
+ //RegionEUFrankfurt2 region Frankfurt
+ RegionEUFrankfurt2 Region = "eu-frankfurt-2"
+ //RegionEUJovanovac1 region Jovanovac
+ RegionEUJovanovac1 Region = "eu-jovanovac-1"
+ //RegionMEDccDoha1 region Doha
+ RegionMEDccDoha1 Region = "me-dcc-doha-1"
+ //RegionEUDccZurich1 region Zurich
+ RegionEUDccZurich1 Region = "eu-dcc-zurich-1"
)
var shortNameRegion = map[string]Region{
@@ -119,6 +157,14 @@ var shortNameRegion = map[string]Region{
"lin": RegionEUMilan1,
"arn": RegionEUStockholm1,
"jnb": RegionAFJohannesburg1,
+ "cdg": RegionEUParis1,
+ "qro": RegionMXQueretaro1,
+ "mad": RegionEUMadrid1,
+ "ord": RegionUSChicago1,
+ "mty": RegionMXMonterrey1,
+ "aga": RegionUSSaltlake2,
+ "bog": RegionSABogota1,
+ "vap": RegionSAValparaiso1,
"lfi": RegionUSLangley1,
"luf": RegionUSLuke1,
"ric": RegionUSGovAshburn1,
@@ -130,6 +176,17 @@ var shortNameRegion = map[string]Region{
"ukb": RegionAPIbaraki1,
"mct": RegionMEDccMuscat1,
"wga": RegionAPDccCanberra1,
+ "bgy": RegionEUDccMilan1,
+ "mxp": RegionEUDccMilan2,
+ "snn": RegionEUDccDublin2,
+ "dtm": RegionEUDccRating2,
+ "dus": RegionEUDccRating1,
+ "ork": RegionEUDccDublin1,
+ "vll": RegionEUMadrid2,
+ "str": RegionEUFrankfurt2,
+ "beg": RegionEUJovanovac1,
+ "doh": RegionMEDccDoha1,
+ "avz": RegionEUDccZurich1,
}
var realm = map[string]string{
@@ -140,6 +197,11 @@ var realm = map[string]string{
"oc8": "oraclecloud8.com",
"oc9": "oraclecloud9.com",
"oc10": "oraclecloud10.com",
+ "oc14": "oraclecloud14.com",
+ "oc19": "oraclecloud.eu",
+ "oc20": "oraclecloud20.com",
+ "oc21": "oraclecloud21.com",
+ "oc24": "oraclecloud24.com",
}
var regionRealm = map[Region]string{
@@ -173,6 +235,14 @@ var regionRealm = map[Region]string{
RegionEUMilan1: "oc1",
RegionEUStockholm1: "oc1",
RegionAFJohannesburg1: "oc1",
+ RegionEUParis1: "oc1",
+ RegionMXQueretaro1: "oc1",
+ RegionEUMadrid1: "oc1",
+ RegionUSChicago1: "oc1",
+ RegionMXMonterrey1: "oc1",
+ RegionUSSaltlake2: "oc1",
+ RegionSABogota1: "oc1",
+ RegionSAValparaiso1: "oc1",
RegionUSLangley1: "oc2",
RegionUSLuke1: "oc2",
@@ -190,4 +260,20 @@ var regionRealm = map[Region]string{
RegionMEDccMuscat1: "oc9",
RegionAPDccCanberra1: "oc10",
+
+ RegionEUDccMilan1: "oc14",
+ RegionEUDccMilan2: "oc14",
+ RegionEUDccDublin2: "oc14",
+ RegionEUDccRating2: "oc14",
+ RegionEUDccRating1: "oc14",
+ RegionEUDccDublin1: "oc14",
+
+ RegionEUMadrid2: "oc19",
+ RegionEUFrankfurt2: "oc19",
+
+ RegionEUJovanovac1: "oc20",
+
+ RegionMEDccDoha1: "oc21",
+
+ RegionEUDccZurich1: "oc24",
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.json b/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.json
index 52af80b1..6351a1d9 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.json
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/regions.json
@@ -1,248 +1,362 @@
[
{
- "regionKey": "yny",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-chuncheon-1",
+ "regionKey": "yny",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-chuncheon-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "hyd",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-hyderabad-1",
+ "regionKey": "hyd",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-hyderabad-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "mel",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-melbourne-1",
+ "regionKey": "mel",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-melbourne-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "bom",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-mumbai-1",
+ "regionKey": "bom",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-mumbai-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "kix",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-osaka-1",
+ "regionKey": "kix",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-osaka-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "icn",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-seoul-1",
+ "regionKey": "icn",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-seoul-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "syd",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-sydney-1",
+ "regionKey": "syd",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-sydney-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "nrt",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-tokyo-1",
+ "regionKey": "nrt",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-tokyo-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "yul",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ca-montreal-1",
+ "regionKey": "yul",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ca-montreal-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "yyz",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ca-toronto-1",
+ "regionKey": "yyz",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ca-toronto-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "ams",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "eu-amsterdam-1",
+ "regionKey": "ams",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-amsterdam-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "fra",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "eu-frankfurt-1",
+ "regionKey": "fra",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-frankfurt-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "zrh",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "eu-zurich-1",
+ "regionKey": "zrh",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-zurich-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "jed",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "me-jeddah-1",
+ "regionKey": "jed",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "me-jeddah-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "dxb",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "me-dubai-1",
+ "regionKey": "dxb",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "me-dubai-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "gru",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "sa-saopaulo-1",
+ "regionKey": "gru",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "sa-saopaulo-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "cwl",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "uk-cardiff-1",
+ "regionKey": "cwl",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "uk-cardiff-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "lhr",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "uk-london-1",
+ "regionKey": "lhr",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "uk-london-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "iad",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "us-ashburn-1",
+ "regionKey": "iad",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "us-ashburn-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "phx",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "us-phoenix-1",
+ "regionKey": "phx",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "us-phoenix-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "sjc",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "us-sanjose-1",
+ "regionKey": "sjc",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "us-sanjose-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "vcp",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "sa-vinhedo-1",
+ "regionKey": "vcp",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "sa-vinhedo-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "scl",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "sa-santiago-1",
+ "regionKey": "scl",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "sa-santiago-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "lfi",
- "realmDomainComponent": "oraclegovcloud.com",
- "regionIdentifier": "us-langley-1",
+ "regionKey": "lfi",
+ "realmDomainComponent": "oraclegovcloud.com",
+ "regionIdentifier": "us-langley-1",
"realmKey": "oc2"
- },
+ },
{
- "regionKey": "luf",
- "realmDomainComponent": "oraclegovcloud.com",
- "regionIdentifier": "us-luke-1",
+ "regionKey": "luf",
+ "realmDomainComponent": "oraclegovcloud.com",
+ "regionIdentifier": "us-luke-1",
"realmKey": "oc2"
- },
+ },
{
- "regionKey": "ric",
- "realmDomainComponent": "oraclegovcloud.com",
- "regionIdentifier": "us-gov-ashburn-1",
+ "regionKey": "ric",
+ "realmDomainComponent": "oraclegovcloud.com",
+ "regionIdentifier": "us-gov-ashburn-1",
"realmKey": "oc3"
- },
+ },
{
- "regionKey": "pia",
- "realmDomainComponent": "oraclegovcloud.com",
- "regionIdentifier": "us-gov-chicago-1",
+ "regionKey": "pia",
+ "realmDomainComponent": "oraclegovcloud.com",
+ "regionIdentifier": "us-gov-chicago-1",
"realmKey": "oc3"
- },
+ },
{
- "regionKey": "tus",
- "realmDomainComponent": "oraclegovcloud.com",
- "regionIdentifier": "us-gov-phoenix-1",
+ "regionKey": "tus",
+ "realmDomainComponent": "oraclegovcloud.com",
+ "regionIdentifier": "us-gov-phoenix-1",
"realmKey": "oc3"
- },
+ },
{
- "regionKey": "ltn",
- "realmDomainComponent": "oraclegovcloud.uk",
- "regionIdentifier": "uk-gov-london-1",
+ "regionKey": "ltn",
+ "realmDomainComponent": "oraclegovcloud.uk",
+ "regionIdentifier": "uk-gov-london-1",
"realmKey": "oc4"
- },
+ },
{
- "regionKey": "brs",
- "realmDomainComponent": "oraclegovcloud.uk",
- "regionIdentifier": "uk-gov-cardiff-1",
+ "regionKey": "brs",
+ "realmDomainComponent": "oraclegovcloud.uk",
+ "regionIdentifier": "uk-gov-cardiff-1",
"realmKey": "oc4"
- },
+ },
{
- "regionKey": "nja",
- "realmDomainComponent": "oraclecloud8.com",
- "regionIdentifier": "ap-chiyoda-1",
+ "regionKey": "nja",
+ "realmDomainComponent": "oraclecloud8.com",
+ "regionIdentifier": "ap-chiyoda-1",
"realmKey": "oc8"
- },
+ },
{
- "regionKey": "ukb",
- "realmDomainComponent": "oraclecloud8.com",
- "regionIdentifier": "ap-ibaraki-1",
+ "regionKey": "ukb",
+ "realmDomainComponent": "oraclecloud8.com",
+ "regionIdentifier": "ap-ibaraki-1",
"realmKey": "oc8"
- },
+ },
{
- "regionKey": "mtz",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "il-jerusalem-1",
+ "regionKey": "mtz",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "il-jerusalem-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "mrs",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "eu-marseille-1",
+ "regionKey": "mrs",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-marseille-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "sin",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "ap-singapore-1",
+ "regionKey": "sin",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "ap-singapore-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "auh",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "me-abudhabi-1",
+ "regionKey": "auh",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "me-abudhabi-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "lin",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "eu-milan-1",
+ "regionKey": "lin",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-milan-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "arn",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "eu-stockholm-1",
+ "regionKey": "arn",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-stockholm-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "jnb",
- "realmDomainComponent": "oraclecloud.com",
- "regionIdentifier": "af-johannesburg-1",
+ "regionKey": "jnb",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "af-johannesburg-1",
"realmKey": "oc1"
- },
+ },
{
- "regionKey": "mct",
- "realmDomainComponent": "oraclecloud9.com",
- "regionIdentifier": "me-dcc-muscat-1",
+ "regionKey": "mct",
+ "realmDomainComponent": "oraclecloud9.com",
+ "regionIdentifier": "me-dcc-muscat-1",
"realmKey": "oc9"
- },
+ },
{
- "regionKey": "wga",
- "realmDomainComponent": "oraclecloud10.com",
- "regionIdentifier": "ap-dcc-canberra-1",
+ "regionKey": "wga",
+ "realmDomainComponent": "oraclecloud10.com",
+ "regionIdentifier": "ap-dcc-canberra-1",
"realmKey": "oc10"
+ },
+ {
+ "regionKey": "cdg",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-paris-1",
+ "realmKey": "oc1"
+ },
+ {
+ "regionKey": "qro",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "mx-queretaro-1",
+ "realmKey": "oc1"
+ },
+ {
+ "regionKey": "mad",
+ "realmDomainComponent": "oraclecloud.com",
+ "regionIdentifier": "eu-madrid-1",
+ "realmKey": "oc1"
+ },
+ {
+ "regionKey": "bgy",
+ "realmDomainComponent": "oraclecloud14.com",
+ "regionIdentifier": "eu-dcc-milan-1",
+ "realmKey": "oc14"
+ },
+ {
+ "regionKey": "ord",
+ "realmKey": "oc1",
+ "regionIdentifier": "us-chicago-1",
+ "realmDomainComponent": "oraclecloud.com"
+ },
+ {
+ "regionKey": "mxp",
+ "realmKey": "oc14",
+ "regionIdentifier": "eu-dcc-milan-2",
+ "realmDomainComponent": "oraclecloud14.com"
+ },
+ {
+ "regionKey": "snn",
+ "realmKey": "oc14",
+ "regionIdentifier": "eu-dcc-dublin-2",
+ "realmDomainComponent": "oraclecloud14.com"
+ },
+ {
+ "regionKey": "dtm",
+ "realmKey": "oc14",
+ "regionIdentifier": "eu-dcc-rating-2",
+ "realmDomainComponent": "oraclecloud14.com"
+ },
+ {
+ "regionKey": "dus",
+ "realmKey": "oc14",
+ "regionIdentifier": "eu-dcc-rating-1",
+ "realmDomainComponent": "oraclecloud14.com"
+ },
+ {
+ "regionKey": "ork",
+ "realmKey": "oc14",
+ "regionIdentifier": "eu-dcc-dublin-1",
+ "realmDomainComponent": "oraclecloud14.com"
+ },
+ {
+ "regionKey": "beg",
+ "realmKey": "oc20",
+ "regionIdentifier": "eu-jovanovac-1",
+ "realmDomainComponent": "oraclecloud20.com"
+ },
+ {
+ "regionKey": "vll",
+ "realmKey": "oc19",
+ "regionIdentifier": "eu-madrid-2",
+ "realmDomainComponent": "oraclecloud.eu"
+ },
+ {
+ "regionKey": "str",
+ "realmKey": "oc19",
+ "regionIdentifier": "eu-frankfurt-2",
+ "realmDomainComponent": "oraclecloud.eu"
+ },
+ {
+ "regionKey": "mty",
+ "realmKey": "oc1",
+ "regionIdentifier": "mx-monterrey-1",
+ "realmDomainComponent": "oraclecloud.com"
+ },
+ {
+ "regionKey": "aga",
+ "realmKey": "oc1",
+ "regionIdentifier": "us-saltlake-2",
+ "realmDomainComponent": "oraclecloud.com"
+ },
+ {
+ "regionKey": "avz",
+ "realmKey": "oc24",
+ "regionIdentifier": "eu-dcc-zurich-1",
+ "realmDomainComponent": "oraclecloud24.com"
+ },
+ {
+ "regionKey": "bog",
+ "realmKey": "oc1",
+ "regionIdentifier": "sa-bogota-1",
+ "realmDomainComponent": "oraclecloud.com"
+ },
+ {
+ "regionKey": "vap",
+ "realmKey": "oc1",
+ "regionIdentifier": "sa-valparaiso-1",
+ "realmDomainComponent": "oraclecloud.com"
+ },
+ {
+ "regionKey": "doh",
+ "realmKey": "oc21",
+ "regionIdentifier": "me-dcc-doha-1",
+ "realmDomainComponent": "oraclecloud21.com"
}
]
\ No newline at end of file
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/retry.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/retry.go
index a2d26435..b9ee0946 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/retry.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/retry.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package common
@@ -81,16 +81,20 @@ var (
)
// IsErrorRetryableByDefault returns true if the error is retryable by OCI default retry policy
-func IsErrorRetryableByDefault(Error error) bool {
- if Error == nil {
+func IsErrorRetryableByDefault(err error) bool {
+ if err == nil {
return false
}
- if IsNetworkError(Error) {
+ if IsNetworkError(err) {
return true
}
- if err, ok := IsServiceError(Error); ok {
+ if err == io.EOF {
+ return true
+ }
+
+ if err, ok := IsServiceError(err); ok {
if shouldRetry, ok := defaultRetryStatusCodeMap[StatErrCode{err.GetHTTPStatusCode(), err.GetCode()}]; ok {
return shouldRetry
}
@@ -180,7 +184,7 @@ var GlobalRetry *RetryPolicy = nil
// RetryPolicyOption is the type of the options for NewRetryPolicy.
type RetryPolicyOption func(rp *RetryPolicy)
-// Convert retry policy to human-readable string representation
+// String Converts retry policy to human-readable string representation
func (rp RetryPolicy) String() string {
return fmt.Sprintf("{MaximumNumberAttempts=%v, MinSleepBetween=%v, MaxSleepBetween=%v, ExponentialBackoffBase=%v, NonEventuallyConsistentPolicy=%v}",
rp.MaximumNumberAttempts, rp.MinSleepBetween, rp.MaxSleepBetween, rp.ExponentialBackoffBase, rp.NonEventuallyConsistentPolicy)
@@ -464,19 +468,26 @@ func EventuallyConsistentRetryPolicy(nonEventuallyConsistentPolicy RetryPolicy)
// NewRetryPolicy is a helper method for assembling a Retry Policy object. It does not handle eventual consistency, so as to not break existing code.
// If you want to handle eventual consistency, the simplest way to do that is to replace the code
-// NewRetryPolicy(a, r, n)
+//
+// NewRetryPolicy(a, r, n)
+//
// with the code
-// NewRetryPolicyWithOptions(
-// WithMaximumNumberAttempts(a),
-// WithFixedBackoff(fb) // fb is the fixed backoff duration
-// WithShouldRetryOperation(r))
+//
+// NewRetryPolicyWithOptions(
+// WithMaximumNumberAttempts(a),
+// WithFixedBackoff(fb) // fb is the fixed backoff duration
+// WithShouldRetryOperation(r))
+//
// or
-// NewRetryPolicyWithOptions(
-// WithMaximumNumberAttempts(a),
-// WithExponentialBackoff(mb, e) // mb is the maximum backoff duration, and e is the base for exponential backoff, e.g. 2.0
-// WithShouldRetryOperation(r))
+//
+// NewRetryPolicyWithOptions(
+// WithMaximumNumberAttempts(a),
+// WithExponentialBackoff(mb, e) // mb is the maximum backoff duration, and e is the base for exponential backoff, e.g. 2.0
+// WithShouldRetryOperation(r))
+//
// or, if a == 0 (the maximum number of attempts is unlimited)
-// NewRetryPolicyWithEventualConsistencyUnlimitedAttempts(a, r, n, mcb) // mcb is the maximum cumulative backoff duration without jitter
+//
+// NewRetryPolicyWithEventualConsistencyUnlimitedAttempts(a, r, n, mcb) // mcb is the maximum cumulative backoff duration without jitter
func NewRetryPolicy(attempts uint, retryOperation func(OCIOperationResponse) bool, nextDuration func(OCIOperationResponse) time.Duration) RetryPolicy {
return NewRetryPolicyWithOptions(
ReplaceWithValuesFromRetryPolicy(DefaultRetryPolicyWithoutEventualConsistency()),
@@ -742,7 +753,7 @@ func determinePolicyToUse(policy RetryPolicy) (RetryPolicy, *time.Time, float64)
var useDefaultTimingInstead = true
var endOfWindowTime = (*time.Time)(nil)
var backoffScalingFactor = 1.0
- var policyToUse RetryPolicy = policy
+ var policyToUse = policy
eowt := EcContext.GetEndOfWindow()
if eowt != nil {
@@ -763,17 +774,17 @@ func determinePolicyToUse(policy RetryPolicy) (RetryPolicy, *time.Time, float64)
Debugln(fmt.Sprintf("Use eventually consistent timing, durationToEndOfWindow = %v, maximumCumulativeBackoffWithoutJitter = %v, backoffScalingFactor = %.2f",
durationToEndOfWindow, maximumCumulativeBackoffWithoutJitter, backoffScalingFactor))
} else {
- Debugln(fmt.Sprintf("Use default timing, end of EC window is sooner than default retries"))
+ Debugln("Use default timing, end of EC window is sooner than default retries")
}
} else {
useDefaultTimingInstead = false
policyToUse = *policy.NonEventuallyConsistentPolicy
- Debugln(fmt.Sprintf("Use default timing and strategy, end of EC window is in the past"))
+ Debugln("Use default timing and strategy, end of EC window is in the past")
}
} else {
useDefaultTimingInstead = false
policyToUse = *policy.NonEventuallyConsistentPolicy
- Debugln(fmt.Sprintf("Use default timing and strategy, no EC window set"))
+ Debugln("Use default timing and strategy, no EC window set")
}
if useDefaultTimingInstead {
@@ -795,7 +806,7 @@ func Retry(ctx context.Context, request OCIRetryableRequest, operation OCIOperat
var response OCIResponse
var err error
- retrierChannel := make(chan retrierResult)
+ retrierChannel := make(chan retrierResult, 1)
validated, validateError := policy.validate()
if !validated {
@@ -805,7 +816,6 @@ func Retry(ctx context.Context, request OCIRetryableRequest, operation OCIOperat
initialAttemptTime := time.Now()
go func() {
-
// Deal with panics more graciously
defer func() {
if r := recover(); r != nil {
@@ -817,7 +827,6 @@ func Retry(ctx context.Context, request OCIRetryableRequest, operation OCIOperat
retrierChannel <- retrierResult{nil, error}
}
}()
-
// if request body is binary request body and seekable, save the current position
var curPos int64 = 0
isSeekable := false
@@ -842,7 +851,7 @@ func Retry(ctx context.Context, request OCIRetryableRequest, operation OCIOperat
// scaling factor should be
policyToUse, endOfWindowTime, backoffScalingFactor := policy.DeterminePolicyToUse(policy)
Debugln(fmt.Sprintf("Retry policy to use: %v", policyToUse))
-
+ retryStartTime := time.Now()
extraHeaders := make(map[string]string)
if policy.MaximumNumberAttempts == 1 {
@@ -866,7 +875,6 @@ func Retry(ctx context.Context, request OCIRetryableRequest, operation OCIOperat
if !policyToUse.ShouldRetryOperation(operationResponse) {
// we should NOT retry operation based on response and/or error => return
retrierChannel <- retrierResult{response, err}
- // Debugln(fmt.Sprintf("Http Status Code: %v. Not Matching retry policy", operationResponse.Response.HTTPResponse().StatusCode))
return
}
@@ -885,12 +893,12 @@ func Retry(ctx context.Context, request OCIRetryableRequest, operation OCIOperat
retrierChannel <- retrierResult{response, DeadlineExceededByBackoff}
return
}
- // Debugln(fmt.Sprintf("Http Status Code: %v. Matching retry policy", operationResponse.Response.HTTPResponse().StatusCode))
Debugln(fmt.Sprintf("waiting %v before retrying operation", duration))
// sleep before retrying the operation
<-time.After(duration)
}
-
+ retryEndTime := time.Now()
+ Debugln(fmt.Sprintf("Total Latency for this API call is: %v ms", retryEndTime.Sub(retryStartTime).Milliseconds()))
retrierChannel <- retrierResult{response, err}
}()
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/sseReader.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/sseReader.go
new file mode 100644
index 00000000..45e224b4
--- /dev/null
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/sseReader.go
@@ -0,0 +1,92 @@
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
+// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+
+package common
+
+import (
+ "bufio"
+ "bytes"
+ "context"
+ "io"
+ "net/http"
+)
+
+type SseReader struct {
+ HttpBody io.ReadCloser
+ eventScanner bufio.Scanner
+ OnClose func(r *SseReader)
+}
+
+// InvalidSSEResponseError returned in the case that a nil response body was given
+// to NewSSEReader()
+type InvalidSSEResponseError struct {
+}
+
+const InvalidResponseErrorMessage = "invalid response struct given to NewSSEReader"
+
+func (e InvalidSSEResponseError) Error() string {
+ return InvalidResponseErrorMessage
+}
+
+// NewSSEReader returns an SSE Reader given an sse response
+func NewSSEReader(response *http.Response) (*SseReader, error) {
+
+ if response == nil || response.Body == nil {
+ return nil, InvalidSSEResponseError{}
+ }
+
+ reader := &SseReader{
+ HttpBody: response.Body,
+ eventScanner: *bufio.NewScanner(response.Body),
+ OnClose: func(r *SseReader) { r.HttpBody.Close() }, // Default on close function, ensures body is closed after use
+ }
+ return reader, nil
+}
+
+// Take the response in bytes and trim it if necessary
+func processEvent(e []byte) []byte {
+ e = bytes.TrimPrefix(e, []byte("data: ")) // Text/event-stream always prefixed with 'data: '
+ return e
+}
+
+// ReadNextEvent reads the next event in the stream, return it unmarshalled
+func (r *SseReader) ReadNextEvent() (event []byte, err error) {
+ if r.eventScanner.Scan() {
+ eventBytes := r.eventScanner.Bytes()
+ return processEvent(eventBytes), nil
+ } else {
+
+ // Close out the stream since we are finished reading from it
+ if r.OnClose != nil {
+ r.OnClose(r)
+ }
+
+ err := r.eventScanner.Err()
+ if err == context.Canceled || err == nil {
+ err = io.EOF
+ }
+ return nil, err
+ }
+
+}
+
+// ReadAllEvents reads all events from the response stream, and processes each with given event handler
+func (r *SseReader) ReadAllEvents(eventHandler func(e []byte)) error {
+ for {
+
+ event, err := r.ReadNextEvent()
+
+ if err != nil {
+
+ if err == io.EOF {
+ err = nil
+ }
+ return err
+ }
+
+ // Ignore empty events
+ if len(event) > 0 {
+ eventHandler(event)
+ }
+ }
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/tls_config_provider.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/tls_config_provider.go
new file mode 100644
index 00000000..13dc76f1
--- /dev/null
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/tls_config_provider.go
@@ -0,0 +1,156 @@
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
+// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+
+package common
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "fmt"
+ "os"
+ "sync"
+)
+
+// GetTLSConfigTemplateForTransport returns the TLSConfigTemplate to used depending on whether any additional
+// CA Bundle or client side certs have been configured
+func GetTLSConfigTemplateForTransport() TLSConfigProvider {
+ certPath := os.Getenv(ociDefaultClientCertsPath)
+ keyPath := os.Getenv(ociDefaultClientCertsPrivateKeyPath)
+ caBundlePath := os.Getenv(ociDefaultCertsPath)
+ if certPath != "" && keyPath != "" {
+ return &DefaultMTLSConfigProvider{
+ caBundlePath: caBundlePath,
+ clientCertPath: certPath,
+ clientKeyPath: keyPath,
+ watchedFilesStatsMap: make(map[string]os.FileInfo),
+ }
+ }
+ return &DefaultTLSConfigProvider{
+ caBundlePath: caBundlePath,
+ }
+}
+
+// TLSConfigProvider is an interface the defines a function that creates a new *tls.Config.
+type TLSConfigProvider interface {
+ NewOrDefault() (*tls.Config, error)
+ WatchedFilesModified() bool
+}
+
+// DefaultTLSConfigProvider is a provider that provides a TLS tls.config for the HTTPTransport
+type DefaultTLSConfigProvider struct {
+ caBundlePath string
+ mux sync.Mutex
+ currentStat os.FileInfo
+}
+
+// NewOrDefault returns a default tls.Config which
+// sets its RootCAs to be a *x509.CertPool from caBundlePath.
+func (t *DefaultTLSConfigProvider) NewOrDefault() (*tls.Config, error) {
+ if t.caBundlePath == "" {
+ return &tls.Config{}, nil
+ }
+
+ // Keep the current Stat info from the ca bundle in a map
+ Debugf("Getting Initial Stats for file: %s", t.caBundlePath)
+ caBundleStat, err := os.Stat(t.caBundlePath)
+ if err != nil {
+ return nil, err
+ }
+ t.mux.Lock()
+ defer t.mux.Unlock()
+ t.currentStat = caBundleStat
+
+ rootCAs, err := CertPoolFrom(t.caBundlePath)
+ if err != nil {
+ return nil, err
+ }
+ return &tls.Config{
+ RootCAs: rootCAs,
+ }, nil
+}
+
+// WatchedFilesModified returns true if any files in the watchedFilesStatsMap has been modified else returns false
+func (t *DefaultTLSConfigProvider) WatchedFilesModified() bool {
+ modified := false
+ if t.caBundlePath != "" {
+ newStat, err := os.Stat(t.caBundlePath)
+ if err == nil && (t.currentStat.Size() != newStat.Size() || t.currentStat.ModTime() != newStat.ModTime()) {
+ Logf("Modification detected in cert/ca-bundle file: %s", t.caBundlePath)
+ modified = true
+ t.mux.Lock()
+ defer t.mux.Unlock()
+ t.currentStat = newStat
+ }
+ }
+ return modified
+}
+
+// DefaultMTLSConfigProvider is a provider that provides a MTLS tls.config for the HTTPTransport
+type DefaultMTLSConfigProvider struct {
+ caBundlePath string
+ clientCertPath string
+ clientKeyPath string
+ mux sync.Mutex
+ watchedFilesStatsMap map[string]os.FileInfo
+}
+
+// NewOrDefault returns a default tls.Config which sets its RootCAs
+// to be a *x509.CertPool from caBundlePath and calls
+// tls.LoadX509KeyPair(clientCertPath, clientKeyPath) to set mtls client certs.
+func (t *DefaultMTLSConfigProvider) NewOrDefault() (*tls.Config, error) {
+ rootCAs, err := CertPoolFrom(t.caBundlePath)
+ if err != nil {
+ return nil, err
+ }
+ cert, err := tls.LoadX509KeyPair(t.clientCertPath, t.clientKeyPath)
+ if err != nil {
+ return nil, err
+ }
+
+ // Configure the initial certs file stats, error skipped because we error out before this if the files don't exist
+ t.mux.Lock()
+ defer t.mux.Unlock()
+ t.watchedFilesStatsMap[t.caBundlePath], _ = os.Stat(t.caBundlePath)
+ t.watchedFilesStatsMap[t.clientCertPath], _ = os.Stat(t.clientCertPath)
+ t.watchedFilesStatsMap[t.clientKeyPath], _ = os.Stat(t.clientKeyPath)
+
+ return &tls.Config{
+ RootCAs: rootCAs,
+ Certificates: []tls.Certificate{cert},
+ }, nil
+}
+
+// WatchedFilesModified returns true if any files in the watchedFilesStatsMap has been modified else returns false
+func (t *DefaultMTLSConfigProvider) WatchedFilesModified() bool {
+ modified := false
+
+ t.mux.Lock()
+ defer t.mux.Unlock()
+ for k, v := range t.watchedFilesStatsMap {
+ if k != "" {
+ currentStat, err := os.Stat(k)
+ if err == nil && (v.Size() != currentStat.Size() || v.ModTime() != currentStat.ModTime()) {
+ modified = true
+ Logf("Modification detected in cert/ca-bundle file: %s", k)
+ t.watchedFilesStatsMap[k] = currentStat
+ }
+ }
+ }
+
+ return modified
+}
+
+// CertPoolFrom creates a new x509.CertPool from a given file.
+func CertPoolFrom(caBundleFile string) (*x509.CertPool, error) {
+ pemCerts, err := os.ReadFile(caBundleFile)
+ if err != nil {
+ return nil, err
+ }
+
+ trust := x509.NewCertPool()
+ if !trust.AppendCertsFromPEM(pemCerts) {
+ return nil, fmt.Errorf("creating a new x509.CertPool from %s: no certs added", caBundleFile)
+ }
+
+ return trust, nil
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/transport_template_provider.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/transport_template_provider.go
new file mode 100644
index 00000000..260c1ef8
--- /dev/null
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/transport_template_provider.go
@@ -0,0 +1,53 @@
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
+// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+
+package common
+
+import (
+ "crypto/tls"
+ "net"
+ "net/http"
+ "time"
+)
+
+// TransportTemplateProvider defines a function that creates a new http transport
+// from a given TLS client config.
+type TransportTemplateProvider func(tlsClientConfig *tls.Config) (http.RoundTripper, error)
+
+// NewOrDefault creates a new TransportTemplate
+// If t is nil, then DefaultTransport is returned
+func (t TransportTemplateProvider) NewOrDefault(tlsClientConfig *tls.Config) (http.RoundTripper, error) {
+ if t == nil {
+ return DefaultTransport(tlsClientConfig)
+ }
+ return t(tlsClientConfig)
+}
+
+// DefaultTransport creates a clone of http.DefaultTransport
+// and applies the tlsClientConfig on top of it.
+// The result is never nil, to prevent panics in client code.
+// Never returns any errors, but needs to return an error
+// to adhere to TransportTemplate interface.
+func DefaultTransport(tlsClientConfig *tls.Config) (*http.Transport, error) {
+ transport := CloneHTTPDefaultTransport()
+ if isExpectHeaderDisabled := IsEnvVarFalse(UsingExpectHeaderEnvVar); !isExpectHeaderDisabled {
+ transport.Proxy = http.ProxyFromEnvironment
+ transport.DialContext = (&net.Dialer{
+ Timeout: 30 * time.Second,
+ KeepAlive: 30 * time.Second,
+ DualStack: true,
+ }).DialContext
+ transport.ForceAttemptHTTP2 = true
+ transport.MaxIdleConns = 100
+ transport.IdleConnTimeout = 90 * time.Second
+ transport.TLSHandshakeTimeout = 10 * time.Second
+ transport.ExpectContinueTimeout = 3 * time.Second
+ }
+ transport.TLSClientConfig = tlsClientConfig
+ return transport, nil
+}
+
+// CloneHTTPDefaultTransport returns a clone of http.DefaultTransport.
+func CloneHTTPDefaultTransport() *http.Transport {
+ return http.DefaultTransport.(*http.Transport).Clone()
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/utils/opc_request_id.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/utils/opc_request_id.go
new file mode 100644
index 00000000..d82f0bf5
--- /dev/null
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/utils/opc_request_id.go
@@ -0,0 +1,30 @@
+package utils
+
+import (
+ "crypto/rand"
+ "encoding/hex"
+ "fmt"
+)
+
+// GenerateOpcRequestID - Reference: https://confluence.oci.oraclecorp.com/display/DEX/Request+IDs
+// Maximum segment length: 32 characters
+// Allowed segment contents: regular expression pattern /^[a-zA-Z0-9]{0,32}$/
+func GenerateOpcRequestID() string {
+ clientId := generateUniqueID()
+ stackId := generateUniqueID()
+ individualId := generateUniqueID()
+
+ opcRequestId := fmt.Sprintf("%s/%s/%s", clientId, stackId, individualId)
+
+ return opcRequestId
+}
+
+func generateUniqueID() string {
+ b := make([]byte, 16)
+ _, err := rand.Read(b)
+ if err != nil {
+ return ""
+ }
+
+ return hex.EncodeToString(b)
+}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/common/version.go b/vendor/github.com/oracle/oci-go-sdk/v65/common/version.go
index 5c4c3ccd..e3447dde 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/common/version.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/common/version.go
@@ -12,8 +12,8 @@ import (
const (
major = "65"
- minor = "3"
- patch = "0"
+ minor = "61"
+ patch = "1"
tag = ""
)
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/base64_secret_bundle_content_details.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/base64_secret_bundle_content_details.go
index 09efab56..cbe8ffb7 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/base64_secret_bundle_content_details.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/base64_secret_bundle_content_details.go
@@ -1,10 +1,10 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
-// Vault Service Secret Retrieval API
+// Vault Secret Retrieval API
//
-// API for retrieving secrets from vaults.
+// Use the Secret Retrieval API to retrieve secrets and secret versions from vaults. For more information, see Managing Secrets (https://docs.cloud.oracle.com/Content/KeyManagement/Tasks/managingsecrets.htm).
//
package secrets
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_by_name_request_response.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_by_name_request_response.go
index cc73329f..e032f7e6 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_by_name_request_response.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_by_name_request_response.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
@@ -13,7 +13,7 @@ import (
// GetSecretBundleByNameRequest wrapper for the GetSecretBundleByName operation
//
-// See also
+// # See also
//
// Click https://docs.cloud.oracle.com/en-us/iaas/tools/go-sdk-examples/latest/secrets/GetSecretBundleByName.go.html to see an example of how to use GetSecretBundleByNameRequest.
type GetSecretBundleByNameRequest struct {
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_request_response.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_request_response.go
index 1d4c1ab6..36068b3c 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_request_response.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/get_secret_bundle_request_response.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
@@ -13,7 +13,7 @@ import (
// GetSecretBundleRequest wrapper for the GetSecretBundle operation
//
-// See also
+// # See also
//
// Click https://docs.cloud.oracle.com/en-us/iaas/tools/go-sdk-examples/latest/secrets/GetSecretBundle.go.html to see an example of how to use GetSecretBundleRequest.
type GetSecretBundleRequest struct {
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/list_secret_bundle_versions_request_response.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/list_secret_bundle_versions_request_response.go
index 9e9b9fb7..0e9b0a28 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/list_secret_bundle_versions_request_response.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/list_secret_bundle_versions_request_response.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
@@ -13,7 +13,7 @@ import (
// ListSecretBundleVersionsRequest wrapper for the ListSecretBundleVersions operation
//
-// See also
+// # See also
//
// Click https://docs.cloud.oracle.com/en-us/iaas/tools/go-sdk-examples/latest/secrets/ListSecretBundleVersions.go.html to see an example of how to use ListSecretBundleVersionsRequest.
type ListSecretBundleVersionsRequest struct {
@@ -33,7 +33,7 @@ type ListSecretBundleVersionsRequest struct {
Page *string `mandatory:"false" contributesTo:"query" name:"page"`
// The field to sort by. You can specify only one sort order. The default
- // order for `VERSION_NUMBER` is ascending.
+ // order for `VERSION_NUMBER` is descending.
SortBy ListSecretBundleVersionsSortByEnum `mandatory:"false" contributesTo:"query" name:"sortBy" omitEmpty:"true"`
// The sort order to use, either ascending (`ASC`) or descending (`DESC`).
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle.go
index 23f4f68d..92a6e69b 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle.go
@@ -1,10 +1,10 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
-// Vault Service Secret Retrieval API
+// Vault Secret Retrieval API
//
-// API for retrieving secrets from vaults.
+// Use the Secret Retrieval API to retrieve secrets and secret versions from vaults. For more information, see Managing Secrets (https://docs.cloud.oracle.com/Content/KeyManagement/Tasks/managingsecrets.htm).
//
package secrets
@@ -108,10 +108,7 @@ func (m *SecretBundle) UnmarshalJSON(data []byte) (e error) {
m.TimeOfExpiry = model.TimeOfExpiry
m.Stages = make([]SecretBundleStagesEnum, len(model.Stages))
- for i, n := range model.Stages {
- m.Stages[i] = n
- }
-
+ copy(m.Stages, model.Stages)
m.Metadata = model.Metadata
m.SecretId = model.SecretId
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_content_details.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_content_details.go
index d328b910..26b1b87f 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_content_details.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_content_details.go
@@ -1,10 +1,10 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
-// Vault Service Secret Retrieval API
+// Vault Secret Retrieval API
//
-// API for retrieving secrets from vaults.
+// Use the Secret Retrieval API to retrieve secrets and secret versions from vaults. For more information, see Managing Secrets (https://docs.cloud.oracle.com/Content/KeyManagement/Tasks/managingsecrets.htm).
//
package secrets
@@ -55,6 +55,7 @@ func (m *secretbundlecontentdetails) UnmarshalPolymorphicJSON(data []byte) (inte
err = json.Unmarshal(data, &mm)
return mm, err
default:
+ common.Logf("Recieved unsupported enum value for SecretBundleContentDetails: %s.", m.ContentType)
return *m, nil
}
}
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_version_summary.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_version_summary.go
index 75a57d30..e20b1ba5 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_version_summary.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secret_bundle_version_summary.go
@@ -1,10 +1,10 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
-// Vault Service Secret Retrieval API
+// Vault Secret Retrieval API
//
-// API for retrieving secrets from vaults.
+// Use the Secret Retrieval API to retrieve secrets and secret versions from vaults. For more information, see Managing Secrets (https://docs.cloud.oracle.com/Content/KeyManagement/Tasks/managingsecrets.htm).
//
package secrets
diff --git a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secrets_client.go b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secrets_client.go
index 2f3a0493..896fad5c 100644
--- a/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secrets_client.go
+++ b/vendor/github.com/oracle/oci-go-sdk/v65/secrets/secrets_client.go
@@ -1,10 +1,10 @@
-// Copyright (c) 2016, 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, 2024, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
-// Vault Service Secret Retrieval API
+// Vault Secret Retrieval API
//
-// API for retrieving secrets from vaults.
+// Use the Secret Retrieval API to retrieve secrets and secret versions from vaults. For more information, see Managing Secrets (https://docs.cloud.oracle.com/Content/KeyManagement/Tasks/managingsecrets.htm).
//
package secrets
@@ -17,7 +17,7 @@ import (
"net/http"
)
-//SecretsClient a client for Secrets
+// SecretsClient a client for Secrets
type SecretsClient struct {
common.BaseClient
config *common.ConfigurationProvider
@@ -26,6 +26,9 @@ type SecretsClient struct {
// NewSecretsClientWithConfigurationProvider Creates a new default Secrets client with the given configuration provider.
// the configuration provider will be used for the default signer as well as reading the region
func NewSecretsClientWithConfigurationProvider(configProvider common.ConfigurationProvider) (client SecretsClient, err error) {
+ if enabled := common.CheckForEnabledServices("secrets"); !enabled {
+ return client, fmt.Errorf("the Developer Tool configuration disabled this service, this behavior is controlled by OciSdkEnabledServicesMap variables. Please check if your local developer-tool-configuration.json file configured the service you're targeting or contact the cloud provider on the availability of this service")
+ }
provider, err := auth.GetGenericConfigurationProvider(configProvider)
if err != nil {
return client, err
@@ -39,7 +42,8 @@ func NewSecretsClientWithConfigurationProvider(configProvider common.Configurati
// NewSecretsClientWithOboToken Creates a new default Secrets client with the given configuration provider.
// The obotoken will be added to default headers and signed; the configuration provider will be used for the signer
-// as well as reading the region
+//
+// as well as reading the region
func NewSecretsClientWithOboToken(configProvider common.ConfigurationProvider, oboToken string) (client SecretsClient, err error) {
baseClient, err := common.NewClientWithOboToken(configProvider, oboToken)
if err != nil {
@@ -76,7 +80,7 @@ func (client *SecretsClient) setConfigurationProvider(configProvider common.Conf
region, _ := configProvider.Region()
client.SetRegion(region)
if client.Host == "" {
- return fmt.Errorf("Invalid region or Host. Endpoint cannot be constructed without endpointServiceName or serviceEndpointTemplate for a dotted region")
+ return fmt.Errorf("invalid region or Host. Endpoint cannot be constructed without endpointServiceName or serviceEndpointTemplate for a dotted region")
}
client.config = &configProvider
return nil
@@ -90,12 +94,13 @@ func (client *SecretsClient) ConfigurationProvider() *common.ConfigurationProvid
// GetSecretBundle Gets a secret bundle that matches either the specified `stage`, `secretVersionName`, or `versionNumber` parameter.
// If none of these parameters are provided, the bundle for the secret version marked as `CURRENT` will be returned.
//
-// See also
+// # See also
//
// Click https://docs.cloud.oracle.com/en-us/iaas/tools/go-sdk-examples/latest/secrets/GetSecretBundle.go.html to see an example of how to use GetSecretBundle API.
+// A default retry strategy applies to this operation GetSecretBundle()
func (client SecretsClient) GetSecretBundle(ctx context.Context, request GetSecretBundleRequest) (response GetSecretBundleResponse, err error) {
var ociResponse common.OCIResponse
- policy := common.NoRetryPolicy()
+ policy := common.DefaultRetryPolicy()
if client.RetryPolicy() != nil {
policy = *client.RetryPolicy()
}
@@ -136,7 +141,7 @@ func (client SecretsClient) getSecretBundle(ctx context.Context, request common.
defer common.CloseBodyIfValid(httpResponse)
response.RawResponse = httpResponse
if err != nil {
- apiReferenceLink := ""
+ apiReferenceLink := "https://docs.oracle.com/iaas/api/#/en/secretretrieval/20190301/SecretBundle/GetSecretBundle"
err = common.PostProcessServiceError(err, "Secrets", "GetSecretBundle", apiReferenceLink)
return response, err
}
@@ -148,12 +153,13 @@ func (client SecretsClient) getSecretBundle(ctx context.Context, request common.
// GetSecretBundleByName Gets a secret bundle by secret name and vault ID, and secret version that matches either the specified `stage`, `secretVersionName`, or `versionNumber` parameter.
// If none of these parameters are provided, the bundle for the secret version marked as `CURRENT` is returned.
//
-// See also
+// # See also
//
// Click https://docs.cloud.oracle.com/en-us/iaas/tools/go-sdk-examples/latest/secrets/GetSecretBundleByName.go.html to see an example of how to use GetSecretBundleByName API.
+// A default retry strategy applies to this operation GetSecretBundleByName()
func (client SecretsClient) GetSecretBundleByName(ctx context.Context, request GetSecretBundleByNameRequest) (response GetSecretBundleByNameResponse, err error) {
var ociResponse common.OCIResponse
- policy := common.NoRetryPolicy()
+ policy := common.DefaultRetryPolicy()
if client.RetryPolicy() != nil {
policy = *client.RetryPolicy()
}
@@ -194,7 +200,7 @@ func (client SecretsClient) getSecretBundleByName(ctx context.Context, request c
defer common.CloseBodyIfValid(httpResponse)
response.RawResponse = httpResponse
if err != nil {
- apiReferenceLink := ""
+ apiReferenceLink := "https://docs.oracle.com/iaas/api/#/en/secretretrieval/20190301/SecretBundle/GetSecretBundleByName"
err = common.PostProcessServiceError(err, "Secrets", "GetSecretBundleByName", apiReferenceLink)
return response, err
}
@@ -205,12 +211,13 @@ func (client SecretsClient) getSecretBundleByName(ctx context.Context, request c
// ListSecretBundleVersions Lists all secret bundle versions for the specified secret.
//
-// See also
+// # See also
//
// Click https://docs.cloud.oracle.com/en-us/iaas/tools/go-sdk-examples/latest/secrets/ListSecretBundleVersions.go.html to see an example of how to use ListSecretBundleVersions API.
+// A default retry strategy applies to this operation ListSecretBundleVersions()
func (client SecretsClient) ListSecretBundleVersions(ctx context.Context, request ListSecretBundleVersionsRequest) (response ListSecretBundleVersionsResponse, err error) {
var ociResponse common.OCIResponse
- policy := common.NoRetryPolicy()
+ policy := common.DefaultRetryPolicy()
if client.RetryPolicy() != nil {
policy = *client.RetryPolicy()
}
@@ -251,7 +258,7 @@ func (client SecretsClient) listSecretBundleVersions(ctx context.Context, reques
defer common.CloseBodyIfValid(httpResponse)
response.RawResponse = httpResponse
if err != nil {
- apiReferenceLink := ""
+ apiReferenceLink := "https://docs.oracle.com/iaas/api/#/en/secretretrieval/20190301/SecretBundleVersionSummary/ListSecretBundleVersions"
err = common.PostProcessServiceError(err, "Secrets", "ListSecretBundleVersions", apiReferenceLink)
return response, err
}
diff --git a/vendor/golang.org/x/sys/unix/ioctl_signed.go b/vendor/golang.org/x/sys/unix/ioctl_signed.go
new file mode 100644
index 00000000..7def9580
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ioctl_signed.go
@@ -0,0 +1,70 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || solaris
+// +build aix solaris
+
+package unix
+
+import (
+ "unsafe"
+)
+
+// ioctl itself should not be exposed directly, but additional get/set
+// functions for specific types are permissible.
+
+// IoctlSetInt performs an ioctl operation which sets an integer value
+// on fd, using the specified request number.
+func IoctlSetInt(fd int, req int, value int) error {
+ return ioctl(fd, req, uintptr(value))
+}
+
+// IoctlSetPointerInt performs an ioctl operation which sets an
+// integer value on fd, using the specified request number. The ioctl
+// argument is called with a pointer to the integer value, rather than
+// passing the integer value directly.
+func IoctlSetPointerInt(fd int, req int, value int) error {
+ v := int32(value)
+ return ioctlPtr(fd, req, unsafe.Pointer(&v))
+}
+
+// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
+//
+// To change fd's window size, the req argument should be TIOCSWINSZ.
+func IoctlSetWinsize(fd int, req int, value *Winsize) error {
+ // TODO: if we get the chance, remove the req parameter and
+ // hardcode TIOCSWINSZ.
+ return ioctlPtr(fd, req, unsafe.Pointer(value))
+}
+
+// IoctlSetTermios performs an ioctl on fd with a *Termios.
+//
+// The req value will usually be TCSETA or TIOCSETA.
+func IoctlSetTermios(fd int, req int, value *Termios) error {
+ // TODO: if we get the chance, remove the req parameter.
+ return ioctlPtr(fd, req, unsafe.Pointer(value))
+}
+
+// IoctlGetInt performs an ioctl operation which gets an integer value
+// from fd, using the specified request number.
+//
+// A few ioctl requests use the return value as an output parameter;
+// for those, IoctlRetInt should be used instead of this function.
+func IoctlGetInt(fd int, req int) (int, error) {
+ var value int
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
+ return value, err
+}
+
+func IoctlGetWinsize(fd int, req int) (*Winsize, error) {
+ var value Winsize
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
+ return &value, err
+}
+
+func IoctlGetTermios(fd int, req int) (*Termios, error) {
+ var value Termios
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
+ return &value, err
+}
diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
similarity index 76%
rename from vendor/golang.org/x/sys/unix/ioctl.go
rename to vendor/golang.org/x/sys/unix/ioctl_unsigned.go
index 1c51b0ec..649913d1 100644
--- a/vendor/golang.org/x/sys/unix/ioctl.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
@@ -2,13 +2,12 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build aix || darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd hurd linux netbsd openbsd solaris
+//go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
+// +build darwin dragonfly freebsd hurd linux netbsd openbsd
package unix
import (
- "runtime"
"unsafe"
)
@@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error {
// passing the integer value directly.
func IoctlSetPointerInt(fd int, req uint, value int) error {
v := int32(value)
- return ioctl(fd, req, uintptr(unsafe.Pointer(&v)))
+ return ioctlPtr(fd, req, unsafe.Pointer(&v))
}
// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
@@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error {
func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
// TODO: if we get the chance, remove the req parameter and
// hardcode TIOCSWINSZ.
- err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
- runtime.KeepAlive(value)
- return err
+ return ioctlPtr(fd, req, unsafe.Pointer(value))
}
// IoctlSetTermios performs an ioctl on fd with a *Termios.
@@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
// The req value will usually be TCSETA or TIOCSETA.
func IoctlSetTermios(fd int, req uint, value *Termios) error {
// TODO: if we get the chance, remove the req parameter.
- err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
- runtime.KeepAlive(value)
- return err
+ return ioctlPtr(fd, req, unsafe.Pointer(value))
}
// IoctlGetInt performs an ioctl operation which gets an integer value
@@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
// for those, IoctlRetInt should be used instead of this function.
func IoctlGetInt(fd int, req uint) (int, error) {
var value int
- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
return value, err
}
func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
var value Winsize
- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
return &value, err
}
func IoctlGetTermios(fd int, req uint) (*Termios, error) {
var value Termios
- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
return &value, err
}
diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go
index 5384e7d9..cdc21bf7 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -17,25 +17,23 @@ import (
// IoctlSetInt performs an ioctl operation which sets an integer value
// on fd, using the specified request number.
-func IoctlSetInt(fd int, req uint, value int) error {
+func IoctlSetInt(fd int, req int, value int) error {
return ioctl(fd, req, uintptr(value))
}
// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
//
// To change fd's window size, the req argument should be TIOCSWINSZ.
-func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
+func IoctlSetWinsize(fd int, req int, value *Winsize) error {
// TODO: if we get the chance, remove the req parameter and
// hardcode TIOCSWINSZ.
- err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
- runtime.KeepAlive(value)
- return err
+ return ioctlPtr(fd, req, unsafe.Pointer(value))
}
// IoctlSetTermios performs an ioctl on fd with a *Termios.
//
// The req value is expected to be TCSETS, TCSETSW, or TCSETSF
-func IoctlSetTermios(fd int, req uint, value *Termios) error {
+func IoctlSetTermios(fd int, req int, value *Termios) error {
if (req != TCSETS) && (req != TCSETSW) && (req != TCSETSF) {
return ENOSYS
}
@@ -49,22 +47,22 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
//
// A few ioctl requests use the return value as an output parameter;
// for those, IoctlRetInt should be used instead of this function.
-func IoctlGetInt(fd int, req uint) (int, error) {
+func IoctlGetInt(fd int, req int) (int, error) {
var value int
- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
return value, err
}
-func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
+func IoctlGetWinsize(fd int, req int) (*Winsize, error) {
var value Winsize
- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+ err := ioctlPtr(fd, req, unsafe.Pointer(&value))
return &value, err
}
// IoctlGetTermios performs an ioctl on fd with a *Termios.
//
// The req value is expected to be TCGETS
-func IoctlGetTermios(fd int, req uint) (*Termios, error) {
+func IoctlGetTermios(fd int, req int) (*Termios, error) {
var value Termios
if req != TCGETS {
return &value, ENOSYS
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 7456d9dd..be0423e6 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -66,6 +66,7 @@ includes_Darwin='
#include
#include
#include
+#include
#include
#include
#include
@@ -203,6 +204,7 @@ struct ltchars {
#include
#include
#include
+#include
#include
#include
#include
@@ -517,10 +519,11 @@ ccflags="$@"
$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
- $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT)_/ ||
+ $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ ||
$2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ ||
$2 ~ /^NFC_.*_(MAX)?SIZE$/ ||
$2 ~ /^RAW_PAYLOAD_/ ||
+ $2 ~ /^[US]F_/ ||
$2 ~ /^TP_STATUS_/ ||
$2 ~ /^FALLOC_/ ||
$2 ~ /^ICMPV?6?_(FILTER|SEC)/ ||
diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff..39dba6ca 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -7,6 +7,12 @@
package unix
+import "unsafe"
+
func ptrace(request int, pid int, addr uintptr, data uintptr) error {
return ptrace1(request, pid, addr, data)
}
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error {
+ return ptrace1Ptr(request, pid, addr, data)
+}
diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a0..9ea66330 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -7,6 +7,12 @@
package unix
+import "unsafe"
+
func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
return ENOTSUP
}
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+ return ENOTSUP
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index 2db1b51e..c406ae00 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
break
}
}
-
- bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
- sa.Name = string(bytes)
+ sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
return sa, nil
case AF_INET:
@@ -410,7 +408,8 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 }
func (w WaitStatus) TrapCause() int { return -1 }
-//sys ioctl(fd int, req uint, arg uintptr) (err error)
+//sys ioctl(fd int, req int, arg uintptr) (err error)
+//sys ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = ioctl
// fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX
// There is no way to create a custom fcntl and to keep //sys fcntl easily,
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
index e92a0be1..f2871fa9 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -8,7 +8,6 @@
package unix
//sysnb Getrlimit(resource int, rlim *Rlimit) (err error) = getrlimit64
-//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) = setrlimit64
//sys Seek(fd int, offset int64, whence int) (off int64, err error) = lseek64
//sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
index 16eed170..75718ec0 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -8,7 +8,6 @@
package unix
//sysnb Getrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb Setrlimit(resource int, rlim *Rlimit) (err error)
//sys Seek(fd int, offset int64, whence int) (off int64, err error) = lseek
//sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) = mmap64
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index eda42671..7705c327 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
break
}
}
- bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
- sa.Name = string(bytes)
+ sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
return sa, nil
case AF_INET:
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 192b071b..20692150 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -14,7 +14,6 @@ package unix
import (
"fmt"
- "runtime"
"syscall"
"unsafe"
)
@@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) {
func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) }
//sys ioctl(fd int, req uint, arg uintptr) (err error)
+//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error {
- err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo)))
- runtime.KeepAlive(ctlInfo)
- return err
+ return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo))
}
// IfreqMTU is struct ifreq used to get or set a network device's MTU.
@@ -394,16 +392,14 @@ type IfreqMTU struct {
func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) {
var ifreq IfreqMTU
copy(ifreq.Name[:], ifname)
- err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq)))
+ err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq))
return &ifreq, err
}
// IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU
// of the network device specified by ifreq.Name.
func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error {
- err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq)))
- runtime.KeepAlive(ifreq)
- return err
+ return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq))
}
//sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
@@ -617,6 +613,7 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
//sys Rmdir(path string) (err error)
//sys Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
//sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sys Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error)
//sys Setegid(egid int) (err error)
//sysnb Seteuid(euid int) (err error)
//sysnb Setgid(gid int) (err error)
@@ -626,7 +623,6 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
//sys Setprivexec(flag int) (err error)
//sysnb Setregid(rgid int, egid int) (err error)
//sysnb Setreuid(ruid int, euid int) (err error)
-//sysnb Setrlimit(which int, lim *Rlimit) (err error)
//sysnb Setsid() (pid int, err error)
//sysnb Settimeofday(tp *Timeval) (err error)
//sysnb Setuid(uid int) (err error)
@@ -680,7 +676,6 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
// Kqueue_from_portset_np
// Kqueue_portset
// Getattrlist
-// Setattrlist
// Getdirentriesattr
// Searchfs
// Delete
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce..9fa87980 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
//sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
//sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
//sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
//sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
//sys Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec996..f17b8c52 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
//sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT
//sys Lstat(path string, stat *Stat_t) (err error)
//sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
//sys Stat(path string, stat *Stat_t) (err error)
//sys Statfs(path string, stat *Statfs_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index a41111a7..d4ce988e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
}
//sys ioctl(fd int, req uint, arg uintptr) (err error)
+//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
//sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
@@ -325,7 +326,6 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
//sysnb Setreuid(ruid int, euid int) (err error)
//sysnb Setresgid(rgid int, egid int, sgid int) (err error)
//sysnb Setresuid(ruid int, euid int, suid int) (err error)
-//sysnb Setrlimit(which int, lim *Rlimit) (err error)
//sysnb Setsid() (pid int, err error)
//sysnb Settimeofday(tp *Timeval) (err error)
//sysnb Setuid(uid int) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index d50b9dc2..afb10106 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
return
}
-//sys ioctl(fd int, req uint, arg uintptr) (err error)
+//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
//sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
@@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
}
//sys ptrace(request int, pid int, addr uintptr, data int) (err error)
+//sys ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE
func PtraceAttach(pid int) (err error) {
return ptrace(PT_ATTACH, pid, 0, 0)
@@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) {
}
func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
- return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
+ return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0)
}
func PtraceGetRegs(pid int, regsout *Reg) (err error) {
- return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
+ return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0)
+}
+
+func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
+ ioDesc := PtraceIoDesc{
+ Op: int32(req),
+ Offs: offs,
+ }
+ if countin > 0 {
+ _ = out[:countin] // check bounds
+ ioDesc.Addr = &out[0]
+ } else if out != nil {
+ ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero))
+ }
+ ioDesc.SetLen(countin)
+
+ err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0)
+ return int(ioDesc.Len), err
}
func PtraceLwpEvents(pid int, enable int) (err error) {
return ptrace(PT_LWP_EVENTS, pid, 0, enable)
}
-func PtraceLwpInfo(pid int, info uintptr) (err error) {
- return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{})))
+func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) {
+ return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info)))
}
func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) {
@@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) {
}
func PtraceSetRegs(pid int, regs *Reg) (err error) {
- return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0)
+ return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0)
}
func PtraceSingleStep(pid int) (err error) {
return ptrace(PT_STEP, pid, 1, 0)
}
+func Dup3(oldfd, newfd, flags int) error {
+ if oldfd == newfd || flags&^O_CLOEXEC != 0 {
+ return EINVAL
+ }
+ how := F_DUP2FD
+ if flags&O_CLOEXEC != 0 {
+ how = F_DUP2FD_CLOEXEC
+ }
+ _, err := fcntl(oldfd, how, newfd)
+ return err
+}
+
/*
* Exposed directly
*/
@@ -402,7 +433,6 @@ func PtraceSingleStep(pid int) (err error) {
//sysnb Setreuid(ruid int, euid int) (err error)
//sysnb Setresgid(rgid int, egid int, sgid int) (err error)
//sysnb Setresuid(ruid int, euid int, suid int) (err error)
-//sysnb Setrlimit(which int, lim *Rlimit) (err error)
//sysnb Setsid() (pid int, err error)
//sysnb Settimeofday(tp *Timeval) (err error)
//sysnb Setuid(uid int) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index 6a91d471..b8da5100 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
cmsg.Len = uint32(length)
}
+func (d *PtraceIoDesc) SetLen(length int) {
+ d.Len = uint32(length)
+}
+
func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
var writtenOut uint64 = 0
_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
- return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
- ioDesc := PtraceIoDesc{
- Op: int32(req),
- Offs: offs,
- Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
- Len: uint32(countin),
- }
- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
- return int(ioDesc.Len), err
+ return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 48110a0a..47155c48 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
cmsg.Len = uint32(length)
}
+func (d *PtraceIoDesc) SetLen(length int) {
+ d.Len = uint64(length)
+}
+
func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
var writtenOut uint64 = 0
_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
- return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
- ioDesc := PtraceIoDesc{
- Op: int32(req),
- Offs: offs,
- Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
- Len: uint64(countin),
- }
- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
- return int(ioDesc.Len), err
+ return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 52f1d4b7..08932093 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
cmsg.Len = uint32(length)
}
+func (d *PtraceIoDesc) SetLen(length int) {
+ d.Len = uint32(length)
+}
+
func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
var writtenOut uint64 = 0
_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
}
func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
- ioDesc := PtraceIoDesc{
- Op: int32(req),
- Offs: offs,
- Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
- Len: uint32(countin),
- }
- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
- return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index 5537ee4f..d151a0d0 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
cmsg.Len = uint32(length)
}
+func (d *PtraceIoDesc) SetLen(length int) {
+ d.Len = uint64(length)
+}
+
func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
var writtenOut uint64 = 0
_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
}
func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
- ioDesc := PtraceIoDesc{
- Op: int32(req),
- Offs: offs,
- Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
- Len: uint64(countin),
- }
- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
- return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index 164abd5d..d5cd64b3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
cmsg.Len = uint32(length)
}
+func (d *PtraceIoDesc) SetLen(length int) {
+ d.Len = uint64(length)
+}
+
func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
var writtenOut uint64 = 0
_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
}
func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
- ioDesc := PtraceIoDesc{
- Op: int32(req),
- Offs: offs,
- Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
- Len: uint64(countin),
- }
- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
- return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 4ffb6480..381fd467 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
}
return
}
+
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg)))
+ if r0 == -1 && er != nil {
+ err = er
+ }
+ return
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 5443dddd..fbaeb5ff 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
for n < len(pp.Path) && pp.Path[n] != 0 {
n++
}
- bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
- sa.Name = string(bytes)
+ sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
return sa, nil
case AF_INET:
@@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) {
return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o)))
}
+func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error {
+ return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s))
+}
+
// Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html)
// KeyctlInt calls keyctl commands in which each argument is an int.
@@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) {
}
//sys ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+//sys ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE
func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) {
// The peek requests are machine-size oriented, so we wrap it
@@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
// boundary.
n := 0
if addr%SizeofPtr != 0 {
- err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+ err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
if err != nil {
return 0, err
}
@@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
for len(out) > 0 {
// We use an internal buffer to guarantee alignment.
// It's not documented if this is necessary, but we're paranoid.
- err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+ err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
if err != nil {
return n, err
}
@@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
n := 0
if addr%SizeofPtr != 0 {
var buf [SizeofPtr]byte
- err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+ err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
if err != nil {
return 0, err
}
@@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
// Trailing edge.
if len(data) > 0 {
var buf [SizeofPtr]byte
- err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+ err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
if err != nil {
return n, err
}
@@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) {
}
func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) {
- return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+ return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
}
func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) {
- return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+ return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
}
func PtraceSetOptions(pid int, options int) (err error) {
@@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) {
func PtraceGetEventMsg(pid int) (msg uint, err error) {
var data _C_long
- err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data)))
+ err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data))
msg = uint(data)
return
}
@@ -1869,7 +1873,6 @@ func Getpgrp() (pid int) {
//sys OpenTree(dfd int, fileName string, flags uint) (r int, err error)
//sys PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error)
//sys PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT
-//sysnb Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64
//sys Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error)
//sys Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) = SYS_PSELECT6
//sys read(fd int, p []byte) (n int, err error)
@@ -1883,6 +1886,15 @@ func Getpgrp() (pid int) {
//sysnb Settimeofday(tv *Timeval) (err error)
//sys Setns(fd int, nstype int) (err error)
+//go:linkname syscall_prlimit syscall.prlimit
+func syscall_prlimit(pid, resource int, newlimit, old *syscall.Rlimit) error
+
+func Prlimit(pid, resource int, newlimit, old *Rlimit) error {
+ // Just call the syscall version, because as of Go 1.21
+ // it will affect starting a new process.
+ return syscall_prlimit(pid, resource, (*syscall.Rlimit)(newlimit), (*syscall.Rlimit)(old))
+}
+
// PrctlRetInt performs a prctl operation specified by option and further
// optional arguments arg2 through arg5 depending on option. It returns a
// non-negative integer that is returned by the prctl syscall.
@@ -2154,6 +2166,14 @@ func isGroupMember(gid int) bool {
return false
}
+func isCapDacOverrideSet() bool {
+ hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3}
+ data := [2]CapUserData{}
+ err := Capget(&hdr, &data[0])
+
+ return err == nil && data[0].Effective&(1< 0 {
+ _p1 = unsafe.Pointer(&attrBuf[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(attrlist)), uintptr(_p1), uintptr(len(attrBuf)), uintptr(options), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_setattrlist_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Setegid(egid int) (err error) {
_, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
if e1 != 0 {
@@ -2115,20 +2148,6 @@ var libc_setreuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
pid = int(r0)
@@ -2502,6 +2521,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
return
}
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ptrace_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
index 95fe4c0e..4baaed0b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -705,6 +705,11 @@ TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8
DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB)
+TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_setattrlist(SB)
+GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8
+DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB)
+
TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setegid(SB)
@@ -759,12 +764,6 @@ TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8
DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8
-DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setsid(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 26a0fdc5..51d6f3fb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
@@ -1984,6 +1992,31 @@ var libc_select_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(attrBuf) > 0 {
+ _p1 = unsafe.Pointer(&attrBuf[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(attrlist)), uintptr(_p1), uintptr(len(attrBuf)), uintptr(options), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_setattrlist_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Setegid(egid int) (err error) {
_, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
if e1 != 0 {
@@ -2115,20 +2148,6 @@ var libc_setreuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
pid = int(r0)
@@ -2502,6 +2521,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
return
}
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ptrace_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
index efa5b4c9..c3b82c03 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -705,6 +705,11 @@ TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8
DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB)
+TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_setattrlist(SB)
+GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8
+DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB)
+
TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setegid(SB)
@@ -759,12 +764,6 @@ TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8
DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8
-DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setsid(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 54749f9c..0eabac7a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -436,6 +436,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -1400,16 +1410,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index 77479d45..ee313eb0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Access(path string, mode uint32) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
@@ -1625,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 2e966d4d..4c986e44 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Access(path string, mode uint32) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
@@ -1625,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index d65a7c0f..55521694 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Access(path string, mode uint32) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
@@ -1625,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index 6f0b97c6..67a226fb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Access(path string, mode uint32) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
@@ -1625,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index e1c23b52..f0b9ddaa 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Access(path string, mode uint32) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
@@ -1625,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 36ea3a55..da63d9d7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(arg)
@@ -1336,16 +1346,6 @@ func PivotRoot(newroot string, putold string) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
- _, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index c81b0ad4..07b549cc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -411,16 +411,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func setrlimit(resource int, rlim *rlimit32) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 2206bce7..5f481bf8 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -334,16 +334,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index edf6b39f..824cd52c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -578,16 +578,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func setrlimit(resource int, rlim *rlimit32) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func armSyncFileRange(fd int, flags int, off int64, n int64) (err error) {
_, _, e1 := Syscall6(SYS_ARM_SYNC_FILE_RANGE, uintptr(fd), uintptr(flags), uintptr(off), uintptr(off>>32), uintptr(n), uintptr(n>>32))
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index 190609f2..e77aecfe 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -289,16 +289,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index 5f984cbb..961a3afb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -644,16 +644,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func setrlimit(resource int, rlim *rlimit32) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Alarm(seconds uint) (remaining uint, err error) {
r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
remaining = uint(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index 46fc380a..ed05005e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -278,16 +278,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index cbd0d4da..d365b718 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -278,16 +278,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index 0c13d15f..c3f1b8bb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -644,16 +644,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func setrlimit(resource int, rlim *rlimit32) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Alarm(seconds uint) (remaining uint, err error) {
r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
remaining = uint(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index e01432ae..a6574cf9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -624,16 +624,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func setrlimit(resource int, rlim *rlimit32) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off>>32), uintptr(off), uintptr(n>>32), uintptr(n))
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index 13c7ee7b..f4099026 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -349,16 +349,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index 02d0c0fd..9dfcc299 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -349,16 +349,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 9fee3b1d..0b292395 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -269,16 +269,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 647bbfec..6cde3223 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -319,16 +319,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
n = int64(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index ada057f8..5253d65b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -329,16 +329,6 @@ func setfsuid(uid int) (prev int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Shutdown(fd int, how int) (err error) {
_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 79f73899..cdb2af5a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -1597,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index fb161f3a..9d25f76b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -1597,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 4c8ac993..d3f80351 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -1597,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 76dd8ec4..887188a5 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -1597,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index caeb807b..6699a783 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
@@ -1886,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setrtable(rtable int) (err error) {
_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 08744425..04f0de34 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4
DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4
-DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setrtable(SB)
GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index a05e5f4f..1e775fe0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
@@ -1886,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setrtable(rtable int) (err error) {
_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 5782cd10..27b6f4df 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8
DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8
-DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setrtable(SB)
GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index b2da8e50..7f642789 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
@@ -1886,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setrtable(rtable int) (err error) {
_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index cf310420..b797045f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4
DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4
-DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setrtable(SB)
GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index 048b2655..756ef7b1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
@@ -1886,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setrtable(rtable int) (err error) {
_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index 484bb42e..a8712662 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8
DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8
-DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setrtable(SB)
GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index 6f33e37e..7bc2e24e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
@@ -1886,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setrtable(rtable int) (err error) {
_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index 55af2726..05d4bffd 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8
DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8
-DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setrtable(SB)
GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 330cf7f7..739be621 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
@@ -1886,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setrtable(rtable int) (err error) {
_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index 4028255b..74a25f8d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -687,12 +687,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8
DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- CALL libc_setrlimit(SB)
- RET
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8
-DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
CALL libc_setrtable(SB)
RET
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 5f24de0d..7d95a197 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
return
}
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
var libc_ioctl_trampoline_addr uintptr
//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
@@ -1886,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-var libc_setrlimit_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setrtable(rtable int) (err error) {
_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index e1fbd4df..990be245 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8
DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB)
-TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
- JMP libc_setrlimit(SB)
-GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8
-DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
-
TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_setrtable(SB)
GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index 78d4a424..609d1c59 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -110,7 +110,6 @@ import (
//go:cgo_import_dynamic libc_setpriority setpriority "libc.so"
//go:cgo_import_dynamic libc_setregid setregid "libc.so"
//go:cgo_import_dynamic libc_setreuid setreuid "libc.so"
-//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
//go:cgo_import_dynamic libc_setsid setsid "libc.so"
//go:cgo_import_dynamic libc_setuid setuid "libc.so"
//go:cgo_import_dynamic libc_shutdown shutdown "libsocket.so"
@@ -250,7 +249,6 @@ import (
//go:linkname procSetpriority libc_setpriority
//go:linkname procSetregid libc_setregid
//go:linkname procSetreuid libc_setreuid
-//go:linkname procSetrlimit libc_setrlimit
//go:linkname procSetsid libc_setsid
//go:linkname procSetuid libc_setuid
//go:linkname procshutdown libc_shutdown
@@ -391,7 +389,6 @@ var (
procSetpriority,
procSetregid,
procSetreuid,
- procSetrlimit,
procSetsid,
procSetuid,
procshutdown,
@@ -646,7 +643,18 @@ func __minor(version int, dev uint64) (val uint) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) {
+func ioctlRet(fd int, req int, arg uintptr) (ret int, err error) {
+ r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+ ret = int(r0)
+ if e1 != 0 {
+ err = e1
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctlPtrRet(fd int, req int, arg unsafe.Pointer) (ret int, err error) {
r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
ret = int(r0)
if e1 != 0 {
@@ -1639,16 +1647,6 @@ func Setreuid(ruid int, euid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Setrlimit(which int, lim *Rlimit) (err error) {
- _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0)
- if e1 != 0 {
- err = e1
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Setsid() (pid int, err error) {
r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetsid)), 0, 0, 0, 0, 0, 0, 0)
pid = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index f2079457..c3168174 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -257,7 +257,17 @@ func munmap(addr uintptr, length uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func ioctl(fd int, req uint, arg uintptr) (err error) {
+func ioctl(fd int, req int, arg uintptr) (err error) {
+ _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) {
_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
if e1 != 0 {
err = errnoErr(e1)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index e2a64f09..690cefc3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -151,6 +151,16 @@ type Dirent struct {
_ [3]byte
}
+type Attrlist struct {
+ Bitmapcount uint16
+ Reserved uint16
+ Commonattr uint32
+ Volattr uint32
+ Dirattr uint32
+ Fileattr uint32
+ Forkattr uint32
+}
+
const (
PathMax = 0x400
)
@@ -610,6 +620,7 @@ const (
AT_REMOVEDIR = 0x80
AT_SYMLINK_FOLLOW = 0x40
AT_SYMLINK_NOFOLLOW = 0x20
+ AT_EACCESS = 0x10
)
type PollFd struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 34aa7752..5bffc10e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -151,6 +151,16 @@ type Dirent struct {
_ [3]byte
}
+type Attrlist struct {
+ Bitmapcount uint16
+ Reserved uint16
+ Commonattr uint32
+ Volattr uint32
+ Dirattr uint32
+ Fileattr uint32
+ Forkattr uint32
+}
+
const (
PathMax = 0x400
)
@@ -610,6 +620,7 @@ const (
AT_REMOVEDIR = 0x80
AT_SYMLINK_FOLLOW = 0x40
AT_SYMLINK_NOFOLLOW = 0x20
+ AT_EACCESS = 0x10
)
type PollFd struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index d9c78cdc..29dc4833 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -362,7 +362,7 @@ type FpExtendedPrecision struct{}
type PtraceIoDesc struct {
Op int32
Offs uintptr
- Addr uintptr
+ Addr *byte
Len uint32
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 26991b16..0a89b289 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -367,7 +367,7 @@ type FpExtendedPrecision struct{}
type PtraceIoDesc struct {
Op int32
Offs uintptr
- Addr uintptr
+ Addr *byte
Len uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index f8324e7e..c8666bb1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -350,7 +350,7 @@ type FpExtendedPrecision struct {
type PtraceIoDesc struct {
Op int32
Offs uintptr
- Addr uintptr
+ Addr *byte
Len uint32
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 4220411f..88fb48a8 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -347,7 +347,7 @@ type FpExtendedPrecision struct{}
type PtraceIoDesc struct {
Op int32
Offs uintptr
- Addr uintptr
+ Addr *byte
Len uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 0660fd45..698dc975 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -348,7 +348,7 @@ type FpExtendedPrecision struct{}
type PtraceIoDesc struct {
Op int32
Offs uintptr
- Addr uintptr
+ Addr *byte
Len uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 7d9fc8f1..ca84727c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -456,36 +456,60 @@ type Ucred struct {
}
type TCPInfo struct {
- State uint8
- Ca_state uint8
- Retransmits uint8
- Probes uint8
- Backoff uint8
- Options uint8
- Rto uint32
- Ato uint32
- Snd_mss uint32
- Rcv_mss uint32
- Unacked uint32
- Sacked uint32
- Lost uint32
- Retrans uint32
- Fackets uint32
- Last_data_sent uint32
- Last_ack_sent uint32
- Last_data_recv uint32
- Last_ack_recv uint32
- Pmtu uint32
- Rcv_ssthresh uint32
- Rtt uint32
- Rttvar uint32
- Snd_ssthresh uint32
- Snd_cwnd uint32
- Advmss uint32
- Reordering uint32
- Rcv_rtt uint32
- Rcv_space uint32
- Total_retrans uint32
+ State uint8
+ Ca_state uint8
+ Retransmits uint8
+ Probes uint8
+ Backoff uint8
+ Options uint8
+ Rto uint32
+ Ato uint32
+ Snd_mss uint32
+ Rcv_mss uint32
+ Unacked uint32
+ Sacked uint32
+ Lost uint32
+ Retrans uint32
+ Fackets uint32
+ Last_data_sent uint32
+ Last_ack_sent uint32
+ Last_data_recv uint32
+ Last_ack_recv uint32
+ Pmtu uint32
+ Rcv_ssthresh uint32
+ Rtt uint32
+ Rttvar uint32
+ Snd_ssthresh uint32
+ Snd_cwnd uint32
+ Advmss uint32
+ Reordering uint32
+ Rcv_rtt uint32
+ Rcv_space uint32
+ Total_retrans uint32
+ Pacing_rate uint64
+ Max_pacing_rate uint64
+ Bytes_acked uint64
+ Bytes_received uint64
+ Segs_out uint32
+ Segs_in uint32
+ Notsent_bytes uint32
+ Min_rtt uint32
+ Data_segs_in uint32
+ Data_segs_out uint32
+ Delivery_rate uint64
+ Busy_time uint64
+ Rwnd_limited uint64
+ Sndbuf_limited uint64
+ Delivered uint32
+ Delivered_ce uint32
+ Bytes_sent uint64
+ Bytes_retrans uint64
+ Dsack_dups uint32
+ Reord_seen uint32
+ Rcv_ooopack uint32
+ Snd_wnd uint32
+ Rcv_wnd uint32
+ Rehash uint32
}
type CanFilter struct {
@@ -528,7 +552,7 @@ const (
SizeofIPv6MTUInfo = 0x20
SizeofICMPv6Filter = 0x20
SizeofUcred = 0xc
- SizeofTCPInfo = 0x68
+ SizeofTCPInfo = 0xf0
SizeofCanFilter = 0x8
SizeofTCPRepairOpt = 0x8
)
@@ -1043,6 +1067,7 @@ const (
PerfBitCommExec = CBitFieldMaskBit24
PerfBitUseClockID = CBitFieldMaskBit25
PerfBitContextSwitch = CBitFieldMaskBit26
+ PerfBitWriteBackward = CBitFieldMaskBit27
)
const (
@@ -1239,7 +1264,7 @@ type TCPMD5Sig struct {
Flags uint8
Prefixlen uint8
Keylen uint16
- _ uint32
+ Ifindex int32
Key [80]uint8
}
@@ -1939,7 +1964,11 @@ const (
NFT_MSG_GETOBJ = 0x13
NFT_MSG_DELOBJ = 0x14
NFT_MSG_GETOBJ_RESET = 0x15
- NFT_MSG_MAX = 0x19
+ NFT_MSG_NEWFLOWTABLE = 0x16
+ NFT_MSG_GETFLOWTABLE = 0x17
+ NFT_MSG_DELFLOWTABLE = 0x18
+ NFT_MSG_GETRULE_RESET = 0x19
+ NFT_MSG_MAX = 0x1a
NFTA_LIST_UNSPEC = 0x0
NFTA_LIST_ELEM = 0x1
NFTA_HOOK_UNSPEC = 0x0
@@ -2443,9 +2472,11 @@ const (
SOF_TIMESTAMPING_OPT_STATS = 0x1000
SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000
SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000
+ SOF_TIMESTAMPING_BIND_PHC = 0x8000
+ SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000
- SOF_TIMESTAMPING_LAST = 0x8000
- SOF_TIMESTAMPING_MASK = 0xffff
+ SOF_TIMESTAMPING_LAST = 0x10000
+ SOF_TIMESTAMPING_MASK = 0x1ffff
SCM_TSTAMP_SND = 0x0
SCM_TSTAMP_SCHED = 0x1
@@ -3265,7 +3296,7 @@ const (
DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES = 0xae
DEVLINK_ATTR_NESTED_DEVLINK = 0xaf
DEVLINK_ATTR_SELFTESTS = 0xb0
- DEVLINK_ATTR_MAX = 0xb0
+ DEVLINK_ATTR_MAX = 0xb3
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1
DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0
@@ -3281,7 +3312,8 @@ const (
DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR = 0x1
DEVLINK_PORT_FN_ATTR_STATE = 0x2
DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3
- DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x3
+ DEVLINK_PORT_FN_ATTR_CAPS = 0x4
+ DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4
)
type FsverityDigest struct {
@@ -3572,7 +3604,8 @@ const (
ETHTOOL_MSG_MODULE_SET = 0x23
ETHTOOL_MSG_PSE_GET = 0x24
ETHTOOL_MSG_PSE_SET = 0x25
- ETHTOOL_MSG_USER_MAX = 0x25
+ ETHTOOL_MSG_RSS_GET = 0x26
+ ETHTOOL_MSG_USER_MAX = 0x26
ETHTOOL_MSG_KERNEL_NONE = 0x0
ETHTOOL_MSG_STRSET_GET_REPLY = 0x1
ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2
@@ -3611,7 +3644,8 @@ const (
ETHTOOL_MSG_MODULE_GET_REPLY = 0x23
ETHTOOL_MSG_MODULE_NTF = 0x24
ETHTOOL_MSG_PSE_GET_REPLY = 0x25
- ETHTOOL_MSG_KERNEL_MAX = 0x25
+ ETHTOOL_MSG_RSS_GET_REPLY = 0x26
+ ETHTOOL_MSG_KERNEL_MAX = 0x26
ETHTOOL_A_HEADER_UNSPEC = 0x0
ETHTOOL_A_HEADER_DEV_INDEX = 0x1
ETHTOOL_A_HEADER_DEV_NAME = 0x2
@@ -3679,7 +3713,8 @@ const (
ETHTOOL_A_LINKSTATE_SQI_MAX = 0x4
ETHTOOL_A_LINKSTATE_EXT_STATE = 0x5
ETHTOOL_A_LINKSTATE_EXT_SUBSTATE = 0x6
- ETHTOOL_A_LINKSTATE_MAX = 0x6
+ ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT = 0x7
+ ETHTOOL_A_LINKSTATE_MAX = 0x7
ETHTOOL_A_DEBUG_UNSPEC = 0x0
ETHTOOL_A_DEBUG_HEADER = 0x1
ETHTOOL_A_DEBUG_MSGMASK = 0x2
@@ -4409,7 +4444,7 @@ const (
NL80211_ATTR_MAC_HINT = 0xc8
NL80211_ATTR_MAC_MASK = 0xd7
NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca
- NL80211_ATTR_MAX = 0x140
+ NL80211_ATTR_MAX = 0x141
NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4
NL80211_ATTR_MAX_CSA_COUNTERS = 0xce
NL80211_ATTR_MAX_MATCH_SETS = 0x85
@@ -4552,6 +4587,7 @@ const (
NL80211_ATTR_SUPPORT_MESH_AUTH = 0x73
NL80211_ATTR_SURVEY_INFO = 0x54
NL80211_ATTR_SURVEY_RADIO_STATS = 0xda
+ NL80211_ATTR_TD_BITMAP = 0x141
NL80211_ATTR_TDLS_ACTION = 0x88
NL80211_ATTR_TDLS_DIALOG_TOKEN = 0x89
NL80211_ATTR_TDLS_EXTERNAL_SETUP = 0x8c
@@ -5752,3 +5788,25 @@ const (
AUDIT_NLGRP_NONE = 0x0
AUDIT_NLGRP_READLOG = 0x1
)
+
+const (
+ TUN_F_CSUM = 0x1
+ TUN_F_TSO4 = 0x2
+ TUN_F_TSO6 = 0x4
+ TUN_F_TSO_ECN = 0x8
+ TUN_F_UFO = 0x10
+)
+
+const (
+ VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1
+ VIRTIO_NET_HDR_F_DATA_VALID = 0x2
+ VIRTIO_NET_HDR_F_RSC_INFO = 0x4
+)
+
+const (
+ VIRTIO_NET_HDR_GSO_NONE = 0x0
+ VIRTIO_NET_HDR_GSO_TCPV4 = 0x1
+ VIRTIO_NET_HDR_GSO_UDP = 0x3
+ VIRTIO_NET_HDR_GSO_TCPV6 = 0x4
+ VIRTIO_NET_HDR_GSO_ECN = 0x80
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 89c516a2..4ecc1495 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -414,7 +414,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [122]int8
+ Data [122]byte
_ uint32
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 62b4fb26..34fddff9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -427,7 +427,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]int8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index e86b3589..3b14a603 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -405,7 +405,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [122]uint8
+ Data [122]byte
_ uint32
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6c6be4c9..0517651a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -406,7 +406,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]int8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 4982ea35..3b0c5181 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -407,7 +407,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]int8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 173141a6..fccdf4dd 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -410,7 +410,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [122]int8
+ Data [122]byte
_ uint32
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index 93ae4c51..500de8fc 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -409,7 +409,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]int8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 4e4e510c..d0434cd2 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -409,7 +409,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]int8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index 3f5ba013..84206ba5 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -410,7 +410,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [122]int8
+ Data [122]byte
_ uint32
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 71dfe7cd..ab078cf1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -417,7 +417,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [122]uint8
+ Data [122]byte
_ uint32
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 3a2b7f0a..42eb2c4c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -416,7 +416,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]uint8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index a52d6275..31304a4e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -416,7 +416,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]uint8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index dfc007d8..c311f961 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -434,7 +434,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]uint8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index b53cb910..bba3cefa 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -429,7 +429,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]int8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index fe0aa354..ad8a0138 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -411,7 +411,7 @@ const (
type SockaddrStorage struct {
Family uint16
- _ [118]int8
+ Data [118]byte
_ uint64
}
diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go
index 92ac05ff..b8ad1925 100644
--- a/vendor/golang.org/x/sys/windows/env_windows.go
+++ b/vendor/golang.org/x/sys/windows/env_windows.go
@@ -37,14 +37,14 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) {
return nil, err
}
defer DestroyEnvironmentBlock(block)
- blockp := uintptr(unsafe.Pointer(block))
+ blockp := unsafe.Pointer(block)
for {
- entry := UTF16PtrToString((*uint16)(unsafe.Pointer(blockp)))
+ entry := UTF16PtrToString((*uint16)(blockp))
if len(entry) == 0 {
break
}
env = append(env, entry)
- blockp += 2 * (uintptr(len(entry)) + 1)
+ blockp = unsafe.Add(blockp, 2*(len(entry)+1))
}
return env, nil
}
diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go
index 75980fd4..a52e0331 100644
--- a/vendor/golang.org/x/sys/windows/exec_windows.go
+++ b/vendor/golang.org/x/sys/windows/exec_windows.go
@@ -95,12 +95,17 @@ func ComposeCommandLine(args []string) string {
// DecomposeCommandLine breaks apart its argument command line into unescaped parts using CommandLineToArgv,
// as gathered from GetCommandLine, QUERY_SERVICE_CONFIG's BinaryPathName argument, or elsewhere that
// command lines are passed around.
+// DecomposeCommandLine returns error if commandLine contains NUL.
func DecomposeCommandLine(commandLine string) ([]string, error) {
if len(commandLine) == 0 {
return []string{}, nil
}
+ utf16CommandLine, err := UTF16FromString(commandLine)
+ if err != nil {
+ return nil, errorspkg.New("string with NUL passed to DecomposeCommandLine")
+ }
var argc int32
- argv, err := CommandLineToArgv(StringToUTF16Ptr(commandLine), &argc)
+ argv, err := CommandLineToArgv(&utf16CommandLine[0], &argc)
if err != nil {
return nil, err
}
diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go
index f8deca83..c964b684 100644
--- a/vendor/golang.org/x/sys/windows/service.go
+++ b/vendor/golang.org/x/sys/windows/service.go
@@ -141,6 +141,12 @@ const (
SERVICE_DYNAMIC_INFORMATION_LEVEL_START_REASON = 1
)
+type ENUM_SERVICE_STATUS struct {
+ ServiceName *uint16
+ DisplayName *uint16
+ ServiceStatus SERVICE_STATUS
+}
+
type SERVICE_STATUS struct {
ServiceType uint32
CurrentState uint32
@@ -245,3 +251,4 @@ type QUERY_SERVICE_LOCK_STATUS struct {
//sys UnsubscribeServiceChangeNotifications(subscription uintptr) = sechost.UnsubscribeServiceChangeNotifications?
//sys RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, context uintptr) (handle Handle, err error) = advapi32.RegisterServiceCtrlHandlerExW
//sys QueryServiceDynamicInformation(service Handle, infoLevel uint32, dynamicInfo unsafe.Pointer) (err error) = advapi32.QueryServiceDynamicInformation?
+//sys EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) = advapi32.EnumDependentServicesW
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 41cb3c01..3723b2c2 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0))
//sys WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup
//sys WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup
//sys WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl
+//sys WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW
+//sys WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW
+//sys WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd
//sys socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket
//sys sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto
//sys recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom
@@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
for n < len(pp.Path) && pp.Path[n] != 0 {
n++
}
- bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
- sa.Name = string(bytes)
+ sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
return sa, nil
case AF_INET:
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 0c4add97..88e62a63 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1243,6 +1243,51 @@ const (
DnsSectionAdditional = 0x0003
)
+const (
+ // flags of WSALookupService
+ LUP_DEEP = 0x0001
+ LUP_CONTAINERS = 0x0002
+ LUP_NOCONTAINERS = 0x0004
+ LUP_NEAREST = 0x0008
+ LUP_RETURN_NAME = 0x0010
+ LUP_RETURN_TYPE = 0x0020
+ LUP_RETURN_VERSION = 0x0040
+ LUP_RETURN_COMMENT = 0x0080
+ LUP_RETURN_ADDR = 0x0100
+ LUP_RETURN_BLOB = 0x0200
+ LUP_RETURN_ALIASES = 0x0400
+ LUP_RETURN_QUERY_STRING = 0x0800
+ LUP_RETURN_ALL = 0x0FF0
+ LUP_RES_SERVICE = 0x8000
+
+ LUP_FLUSHCACHE = 0x1000
+ LUP_FLUSHPREVIOUS = 0x2000
+
+ LUP_NON_AUTHORITATIVE = 0x4000
+ LUP_SECURE = 0x8000
+ LUP_RETURN_PREFERRED_NAMES = 0x10000
+ LUP_DNS_ONLY = 0x20000
+
+ LUP_ADDRCONFIG = 0x100000
+ LUP_DUAL_ADDR = 0x200000
+ LUP_FILESERVER = 0x400000
+ LUP_DISABLE_IDN_ENCODING = 0x00800000
+ LUP_API_ANSI = 0x01000000
+
+ LUP_RESOLUTION_HANDLE = 0x80000000
+)
+
+const (
+ // values of WSAQUERYSET's namespace
+ NS_ALL = 0
+ NS_DNS = 12
+ NS_NLA = 15
+ NS_BTH = 16
+ NS_EMAIL = 37
+ NS_PNRPNAME = 38
+ NS_PNRPCLOUD = 39
+)
+
type DNSSRVData struct {
Target *uint16
Priority uint16
@@ -2175,19 +2220,23 @@ type JOBOBJECT_BASIC_UI_RESTRICTIONS struct {
}
const (
- // JobObjectInformationClass
+ // JobObjectInformationClass for QueryInformationJobObject and SetInformationJobObject
JobObjectAssociateCompletionPortInformation = 7
+ JobObjectBasicAccountingInformation = 1
+ JobObjectBasicAndIoAccountingInformation = 8
JobObjectBasicLimitInformation = 2
+ JobObjectBasicProcessIdList = 3
JobObjectBasicUIRestrictions = 4
JobObjectCpuRateControlInformation = 15
JobObjectEndOfJobTimeInformation = 6
JobObjectExtendedLimitInformation = 9
JobObjectGroupInformation = 11
JobObjectGroupInformationEx = 14
- JobObjectLimitViolationInformation2 = 35
+ JobObjectLimitViolationInformation = 13
+ JobObjectLimitViolationInformation2 = 34
JobObjectNetRateControlInformation = 32
JobObjectNotificationLimitInformation = 12
- JobObjectNotificationLimitInformation2 = 34
+ JobObjectNotificationLimitInformation2 = 33
JobObjectSecurityLimitInformation = 5
)
@@ -3258,3 +3307,43 @@ const (
DWMWA_TEXT_COLOR = 36
DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37
)
+
+type WSAQUERYSET struct {
+ Size uint32
+ ServiceInstanceName *uint16
+ ServiceClassId *GUID
+ Version *WSAVersion
+ Comment *uint16
+ NameSpace uint32
+ NSProviderId *GUID
+ Context *uint16
+ NumberOfProtocols uint32
+ AfpProtocols *AFProtocols
+ QueryString *uint16
+ NumberOfCsAddrs uint32
+ SaBuffer *CSAddrInfo
+ OutputFlags uint32
+ Blob *BLOB
+}
+
+type WSAVersion struct {
+ Version uint32
+ EnumerationOfComparison int32
+}
+
+type AFProtocols struct {
+ AddressFamily int32
+ Protocol int32
+}
+
+type CSAddrInfo struct {
+ LocalAddr SocketAddress
+ RemoteAddr SocketAddress
+ SocketType int32
+ Protocol int32
+}
+
+type BLOB struct {
+ Size uint32
+ BlobData *byte
+}
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index ac60052e..a81ea2c7 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -86,6 +86,7 @@ var (
procDeleteService = modadvapi32.NewProc("DeleteService")
procDeregisterEventSource = modadvapi32.NewProc("DeregisterEventSource")
procDuplicateTokenEx = modadvapi32.NewProc("DuplicateTokenEx")
+ procEnumDependentServicesW = modadvapi32.NewProc("EnumDependentServicesW")
procEnumServicesStatusExW = modadvapi32.NewProc("EnumServicesStatusExW")
procEqualSid = modadvapi32.NewProc("EqualSid")
procFreeSid = modadvapi32.NewProc("FreeSid")
@@ -474,6 +475,9 @@ var (
procWSAEnumProtocolsW = modws2_32.NewProc("WSAEnumProtocolsW")
procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult")
procWSAIoctl = modws2_32.NewProc("WSAIoctl")
+ procWSALookupServiceBeginW = modws2_32.NewProc("WSALookupServiceBeginW")
+ procWSALookupServiceEnd = modws2_32.NewProc("WSALookupServiceEnd")
+ procWSALookupServiceNextW = modws2_32.NewProc("WSALookupServiceNextW")
procWSARecv = modws2_32.NewProc("WSARecv")
procWSARecvFrom = modws2_32.NewProc("WSARecvFrom")
procWSASend = modws2_32.NewProc("WSASend")
@@ -731,6 +735,14 @@ func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes
return
}
+func EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procEnumDependentServicesW.Addr(), 6, uintptr(service), uintptr(activityState), uintptr(unsafe.Pointer(services)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) {
r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0)
if r1 == 0 {
@@ -4067,6 +4079,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo
return
}
+func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) {
+ r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle)))
+ if r1 == socket_error {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func WSALookupServiceEnd(handle Handle) (err error) {
+ r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0)
+ if r1 == socket_error {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) {
+ r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0)
+ if r1 == socket_error {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) {
r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
if r1 == socket_error {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index a0c4845e..9e420242 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -78,10 +78,11 @@ github.com/modern-go/reflect2
# github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
## explicit
github.com/munnerz/goautoneg
-# github.com/oracle/oci-go-sdk/v65 v65.3.0
+# github.com/oracle/oci-go-sdk/v65 v65.61.1
## explicit; go 1.13
github.com/oracle/oci-go-sdk/v65/common
github.com/oracle/oci-go-sdk/v65/common/auth
+github.com/oracle/oci-go-sdk/v65/common/utils
github.com/oracle/oci-go-sdk/v65/secrets
# github.com/pkg/errors v0.9.1
## explicit
@@ -173,7 +174,7 @@ golang.org/x/net/trace
## explicit; go 1.17
golang.org/x/oauth2
golang.org/x/oauth2/internal
-# golang.org/x/sys v0.5.0
+# golang.org/x/sys v0.8.0
## explicit; go 1.17
golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/plan9